My case is a bit more complex: Restrict pod access to specific internal endpoints (VPC), services (K8s), and the entire internet.
But the idea is similar, block access from one service to another. I could do something similar with NetworkPolicy, but with istio it’s not clear how it can be accomplished without using jwt token, just service labels, hosts (Only used in gateways).