[09:27:55] <btullis>	 I suspect that we would need a tcproute to be added to our virtualservice. https://istio.io/latest/docs/reference/config/networking/virtual-service/#TCPRoute
[10:06:46] <brouberol>	 Yep, that’d work. What I was wondering was whether the ingress gateways we run are configured to handle unencrypted TCP 
[13:45:30] <cdanis>	 brouberol: if it's just for testing you could open a nodeport but skip the LVS part 
[13:45:47] <cdanis>	 just give several of the nodes to pgbouncer or something
[13:46:35] <cdanis>	 if you wind up productionizing it, no wasted work, but still minimal to begin
[13:47:08] <cdanis>	 another alternative -- our pod IP space is reachable from production (firewalls and networkpolicies aside)
[13:47:40] <cdanis>	 could expose the DNS of a headless service as well
[17:07:29] <brouberol>	 Oooh that’s right. That might just be enough! Thanks