I have to use multiple gateways which are namespace wise where as, every namespace has its own AuthorizationPolicy either to allow the traffic or DENY the traffic on IP based block
e.g
my default gateway from istio-system namespace should not have any ip blocklist, it should be open to *.xyz.xyz domain:
apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: labels: argocd.argoproj.io/instance: istio-ingressgateway name: istio-gateway namespace: istio-system spec: selector: istio: gateway servers: - hosts: - *.xyz.xyz port: name: http number: 80 protocol: HTTP tls: httpsRedirect: true - hosts: - *.xyz.xyz port: name: https number: 443 protocol: HTTPS tls: credentialName: tls-wildcard-cert2 mode: SIMPLE