Istio internal routing with global endpoints

Hey, fellow istio users, I have a pretty specific question. The basic question is how do you set up namespace independent internal endpoints with workload discovery using istio? More details are below.

We are trying to set up internal DNS entries for each service (different than the <app-name>.<namespace>.svc.cluster.local) which we can use to route traffic to and make it easier to migrate services between namespaces. I was looking at using a ServiceEntry with a workload selector to discover deployments based on pod labels but am unable to get that to work. When I specify the service IP directly it works fine, but when I use the workloadSelector the DNS entry is no longer available. I was following this guide for setting up DNS with istio Istio / DNS Proxying and then this doc for the workload discovery service entry Istio / Service Entry specifically this snippet:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: details-svc
spec:
  hosts:
  - details.bookinfo.com
  location: MESH_INTERNAL
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: STATIC
  workloadSelector:
    labels:
      app: details

has anyone attempted this, or is there a better way?

I think I found the solution. I was applying the DNS settings for istio in the proxy config like so

spec:
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
        proxy.istio.io/config: |
          proxyMetadata:
            ISTIO_META_DNS_CAPTURE: "true"
            ISTIO_META_DNS_AUTO_ALLOCATE: "true"

However, this did not work, so I needed to enable it globally on the Istio Operator. If anyone knows why this didn’t work with the annotation I would be interested in that.

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  meshConfig:
      proxyMetadata:
        ISTIO_META_DNS_CAPTURE: "true"
        ISTIO_META_DNS_AUTO_ALLOCATE: "true" # <-- specifically this option