Azure API Gateway with AKS Istio Service Mesh demonstrates a production-grade microservices architecture combining API Management, Application Gateway with WAF, and Kubernetes-native service mesh for traffic control and observability. User requests flow through WAF Policy and Application Gateway for edge protection, then through API Management for API governance, before reaching the Istio Ingress Gateway in AKS where Service A, B, and C communicate via Istio sidecar proxies managed by Istiod. This layered approach enforces defense-in-depth security, centralized API versioning and throttling, and fine-grained service-to-service traffic policies without application code changes. Fork this diagram on Diagrams.so to customize subnets, add traffic policies, or integrate additional observability tools like Application Insights. The architecture demonstrates Azure best practices for zero-trust networking across presentation, API, and compute layers within a single VNet.