If I enable Istio on some of my apps (but not all of them) using Manual sidecar injection, can I route traffic between non-based-Istio apps and Istio-based apps? If yes, is it still true if I enable Citadel? I'm wondering because I'd like to slowly enable the sidecar injection on my apps and migrate over. Do both Istio-based-apps and non-Istio-based apps still talk to each other (within cluster) via the normal Kubernetes service objects? Is there anything else I need to do in order to allow Istio and regular services to talk to each other?
I'm new to Istio, so any context is helpful.
To highlight the proper solution to achieve your goal, as @Vadim Eisenberg mentioned:
You should set PERMISSIVE policy and set a destination rule for each non-istio service with tls mode "NONE".