[paultyng]

I think the answer is yes and no depending on your needs. I don't have a lot of experience with the Kubernetes NetworkPolicy which does support selector based allow/block of communication between pods, but I believe it does not encrypt the traffic itself (although you could always do so on top of the network layer). It also is constrained to only controlling communications within Kubernetes and requires an actual controller to implement the networking. Consul Connect does use a sidecar proxy for intra cluster communication, but in addition to just the authorization it also does a mutual TLS and can allow that secure communication to endpoints outside the cluster. It now occupies a space very similar to Istio: https://www.consul.io/intro/vs/istio.html

Disclaimer: I work for HC but not on Consul