Skip to content

Commit 1c4de2c

Browse files
lhite8041claude
andcommitted
Document DNS capture configuration for ServiceEntry resources
Added new module documenting the requirement to explicitly configure DNS capture when migrating from Service Mesh 2.6 to 3.0 if using ServiceEntry resources for external services. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent abb4fe0 commit 1c4de2c

4 files changed

Lines changed: 24 additions & 0 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,4 @@ commercial_package
1919
.vale/styles/AsciiDocDITA
2020
.vale/styles/OpenShiftAsciiDoc
2121
.vale/styles/RedHat
22+
migrating/JIRA-9894-dns-capture-documentation-plan.md

migrating/checklists/ossm-migrating-read-me.adoc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ include::modules/ossm-migrating-read-me-kubernetes-network-policy-management.ado
3838

3939
include::modules/ossm-migrating-read-me-tls-configuration-change.adoc[leveloffset=+1]
4040

41+
include::modules/ossm-migrating-read-me-dns-capture-configuration.adoc[leveloffset=+1]
42+
4143
[role="_additional-resources"]
4244
[id="additional-resources_{context}"]
4345
== Additional resources

modules/ossm-migrating-2-and-3-differences.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,6 @@ If you are a current {SMProductName} user, there are several important differenc
2323
* Support for Istioctl
2424
* Change to Kubernetes network policy management
2525
* Transport layer security (TLS) configuration change
26+
* DNS capture configuration for ServiceEntry resources
2627
2728
You must be using {SMProduct} 2.6 to migrate to {SMProduct} 3.
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * service-mesh-docs-main/migrating/checklists/ossm-migrating-read-me.adoc
4+
5+
:_mod-docs-content-type: CONCEPT
6+
[id="ossm-migrating-read-me-dns-capture-configuration_{context}"]
7+
= DNS capture configuration for ServiceEntry resources
8+
9+
[role="_abstract"]
10+
11+
If your workloads use `ServiceEntry` resources to access external services through DNS names, you must explicitly configure DNS capture in the proxy metadata settings when migrating to {SMProductName} 3.0. Without DNS capture enabled, applications encounter DNS resolution failures with errors such as `Name or service not known`.
12+
13+
{SMProduct} 2.6 enabled DNS capture by default to support federation, which did not align with the upstream {istio} project. {SMProduct} 3.0 removes this default configuration and aligns with the upstream project's multicluster topologies.
14+
15+
To configure DNS capture in {SMProduct} 3.0, set the `ISTIO_META_DNS_AUTO_ALLOCATE` and `ISTIO_META_DNS_CAPTURE` fields to `true` in the `spec.values.meshConfig.defaultConfig.proxyMetadata` path of your `{istio}` resource.
16+
17+
[NOTE]
18+
====
19+
The equivalent of `spec.values.meshConfig.defaultConfig.proxyMetadata` in {SMProduct} 2.6 was `spec.proxy.runtime.container.env`.
20+
====

0 commit comments

Comments
 (0)