apiVersion: config.istio.io/v1alpha2
kind: instance
metadata:
  name: requested-server-name
  namespace: istio-system
spec:
  compiledTemplate: listentry
  params:
    value: connection.requested_server_name
---
apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: us-wikipedia-checker
  namespace: istio-system
spec:
  compiledAdapter: listchecker
  params:
    overrides: ["en.wikipedia.org", "es.wikipedia.org"]
    blacklist: false
---
# Rule to check access to *.wikipedia.org
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: check-us-wikipedia-access
  namespace: istio-system
spec:
  match: source.labels["app"] == "istio-egressgateway-with-sni-proxy" && destination.labels["app"] == "" && source.principal == "cluster.local/ns/default/sa/sleep-us"
  actions:
  - handler: us-wikipedia-checker
    instances: [ requested-server-name ]
---
apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: canada-wikipedia-checker
  namespace: istio-system
spec:
  compiledAdapter: listchecker
  params:
    overrides: ["en.wikipedia.org", "fr.wikipedia.org"]
    blacklist: false
---
# Rule to check access to *.wikipedia.org
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
  name: check-canada-wikipedia-access
  namespace: istio-system
spec:
  match: source.labels["app"] == "istio-egressgateway-with-sni-proxy" && destination.labels["app"] == "" && source.principal == "cluster.local/ns/default/sa/sleep-canada"
  actions:
  - handler: canada-wikipedia-checker
    instances: [ requested-server-name ]