Couple of questions:

a) When we have a GKE-on prem deployment scenario is it possible to have the GKE cluster span across DMZ and MZ - wherein some of the APIGEE components likes Ingress/istio are located within the DMZ while rest of the components are sitting within the MZ. This is similar to aligning the pods across web/app tiers where web tier sits in DMZ for the traditional application. Is this technical possible ?

b) if the above is possible - since there needs to be a contiguous internal network for pods is this approach recommended? Even if we apply n/w policies - i assume still there needs to be connectivity between ingress/istio pods and synchronizer and monitoring/metrics pods - which are within MZ across non http/https ports?