Sidecar.IstioEgressListener limit external access

Is it possible to limit the egress to external services using the resources Sidecar.

In my example I have a ServiceEntry in the namespace istio-system for and I only want to give the pod egress access to the ServiceEntry mentioned above using the Sidecar.IstioEgressListener configuration. Is this possible and if so, how is this concretely configured in the Sidecar resource.

There are other ways to limit only one pod’s access to external resources.

We have open-sourced an example repository which demonstrates how this can be done with the Sidecar resource. For more details, check out the related blog post.