REGISTRY_ONLY policy blocks access to the kube api-server


I don’t know if this was intentional but setting the outboundTrafficPolicy to REGISTRY_ONLY with the intention of directing all egress traffic through our gateway has the unintended consequence of blocking traffic from pods to the kube API server on kubernetes.default.svc:443. This is fixable with an appropriate ServiceEntry but I thought I’d check if this block to a kubernetes system process was intentional.