Moving this to "In Progress" as we do have an engineer staffed to own this experience all the way through.
However, it's going to take some time. (I know y'all have been waiting long enough already.) In the meantime, we would appreciate any comments on how you would expect this feature to work. (Subnets? Static IPs? Something like GCP Private Network?)
The workaround as of date is to set up a Tailscale sidecar in your service Dockerfile for network isolation.