Dear team,

I'd like to report possible bug in OpenShift ServiceMesh. This is related to

https://access.redhat.com/support/cases/#/case/03071511 support case.

It looks OpenShift ServiceMesh is not compatible with OpenShift 4.8 egressIP feature.

We use egressIP for one of our projects, after OpenShift cluster has been upgraded to version 4.8 this feature stopped working. During troubleshooting I discovered that it might be because network traffic is blocked by NetworkPolicy that is created in project namespace when project is added to ServiceMesh via ServiceMeshMember resource.

Only workaround I was able to find is to "open" ingress for all cluster namespaces via following NetworkPolicy

# FIXME: Allow ingress from all namespaces
# This is a workaround to allow egressIP feature
# See https://access.redhat.com/support/cases/#/case/03071511
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: istio-allow-egressip
spec:
  ingress:
    - from:
        - namespaceSelector: {}
  podSelector: {}

Is it possible that OpenShift egressIP and Openshift ServiceMesh have some conflicts that acutally blocks egressIP feature to work? Would you propose another workaround?