Is there an example or instructions for (1) multi-port scenario, (2) gRPC support, and (3) with ACLs enabled? For ACLs, one would have to create servicedefault + intentions. For the mult-port scenario, this turns of transparent-proxy, so in order to use the proxy, the ingress-controller cannot route to the service endpoint, it will have to go through localhost at the target port set in the upstream annotation on the ingress-controller. Is there a way to configure traefik to route traffic through the tunnel at localhost, rather than the service endpoint? Note that with multi-port enabled (thus transparent proxy disabled), anything connecting to the service-endpoint won't be through the mesh and will be insecure. ACLs will no longer be applied through using the service endpoint.