This update reflects a broader trend in service mesh evolution: balancing security with usability. The shift from egress gateways to direct sidecar routing addresses a real pain point—managing dynamic external services—but raises questions about trade-offs. While the new approach reduces complexity, it relies heavily on SNI inspection, which assumes TLS handshakes are unobstructed and hostnames are accurately transmitted. What happens if applications use IP addresses or non-standard TLS implemen...