Skip to content

OSSM 9894_DNS capture #110676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
briandooley merged 1 commit into from
Apr 24, 2026
+26 −0
Merged

OSSM 9894_DNS capture #110676

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ commercial_package
.vale/styles/AsciiDocDITA
.vale/styles/OpenShiftAsciiDoc
.vale/styles/RedHat
migrating/JIRA-9894-dns-capture-documentation-plan.md
2 changes: 2 additions & 0 deletions migrating/checklists/ossm-migrating-read-me.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ include::modules/ossm-migrating-read-me-kubernetes-network-policy-management.ado

include::modules/ossm-migrating-read-me-tls-configuration-change.adoc[leveloffset=+1]

include::modules/ossm-migrating-read-me-dns-capture-configuration.adoc[leveloffset=+1]

[role="_additional-resources"]
[id="additional-resources_{context}"]
== Additional resources
Expand Down
1 change: 1 addition & 0 deletions modules/ossm-migrating-2-and-3-differences.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ If you are a current {SMProductName} user, there are several important differenc
* Support for Istioctl
* Change to Kubernetes network policy management
* Transport layer security (TLS) configuration change
* DNS capture configuration for ServiceEntry resources
You must be using {SMProduct} 2.6 to migrate to {SMProduct} 3.
22 changes: 22 additions & 0 deletions modules/ossm-migrating-read-me-dns-capture-configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
// Module included in the following assemblies:
//
// * service-mesh-docs-main/migrating/checklists/ossm-migrating-read-me.adoc

:_mod-docs-content-type: CONCEPT
[id="ossm-migrating-read-me-dns-capture-configuration_{context}"]
= DNS capture configuration for ServiceEntry resources

[role="_abstract"]

To maintain access to external services when migrating to {SMProductName} 3.0, you must explicitly enable DNS capture in the proxy metadata settings.

This is required for any `ServiceEntry` resources that rely on DNS resolution. Failure to enable this feature results in application errors such as `Name or service not known`.

{SMProduct} 2.6 enabled DNS capture by default to support federation, which did not align with the upstream {istio} project. {SMProduct} 3.0 removes this default configuration and aligns with the upstream project's multicluster topologies.

To configure DNS capture in {SMProduct} 3.0, set the `ISTIO_META_DNS_AUTO_ALLOCATE` and `ISTIO_META_DNS_CAPTURE` fields to `true` in the `spec.values.meshConfig.defaultConfig.proxyMetadata` path of your `{istio}` resource.

[NOTE]
====
The equivalent of `spec.values.meshConfig.defaultConfig.proxyMetadata` in {SMProduct} 2.6 was `spec.proxy.runtime.container.env`.
====