Bind external egress filtering rules to a specific application

[j-zimnowoda]

Is your feature request related to a problem? Please describe.

Currently, external egress filtering rules are namespace wide, but it should bind to workloads of a specific service.

Describe the solution you'd like Leverage Istio Authorization Policy to control Pods that can access a given public host. Select workloads by specific matchLabels object:

spec:
  selector:
    matchLabels:
      app: <svc-name>

Describe alternatives you've considered Leverage Istio Sidecar egress but then you need to whitelist all possibilities for internal traffic - not feasible

Additional context Add any other context or screenshots about the feature request here.

[j-zimnowoda]

This will be automatically resolve one we move apps to their own namespaces