Cannot resolve non-kubernetes Istio Entities

[wirtsi]

Describe the bug

I am trying to make Telepresence work with a cluster-mesh (Gloo Mesh) that uses Istio with mTLS under the hood.

So I managed to intercept traffic in plaintext (so incoming requests hit the istio-sidecar and then the intercept) but am now struggling with DNS resolution

From my local machine, I can access any K8S service running in the cluster. Where this fails is for any CRD that istio manages (VirtualDestination, ServiceEntry).

To my understanding this is because of istio intercepting DNS queries. The sidecar checks if a DNS query can be resolved from the internal definitions of Istio and serves those instead.

Is it possible to get this to work with telepresence?

To Reproduce Steps to reproduce the behavior:

1. Telepresence connect
2. I can intercept traffic and send out calls to K8S services
3. Querying eg. a ServiceEntry that has host: foobar.api cannot be called from my machine but is resolvable from within a pod that runs the sidecar. Also adding .api to the include-suffixes in the kubeconfig did not help

Expected behavior I can also speak to non-k8s entities for outgoing and intercepted traffic.

Versions (please complete the following information):

• Output of telepresence version 2.6.8
• Operating system of workstation running telepresence commands Linux denis-vms-perf-1 5.11.0-1020-gcp #22~20.04.1-Ubuntu SMP Tue Sep 21 10:54:26 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
• Kubernetes environment and Version [e.g. Minikube, bare metal, Google Kubernetes Engine] Kind cluster mesh with Gloo Mesh 2.0

[cindymullins-dw]

HI @wirtsi , at present I don't believe you can reach a non-Kubernetes service with Telepresence. I'll mark this as a feature request.