clarify ambient mode installation required for dns-proxy

[ilrudie]

Description

Reviewers

• Ambient
• Docs
• Installation
• Networking
• Performance and Scalability
• Extensions and Telemetry
• Security
• Test and Release
• User Experience
• Developer Infrastructure
• Localization/Translation

[istio-policy-bot]

😊 Welcome! This is either your first contribution to the Istio documentation repo, or
it's been a while since you've been here. A few things you should know:

• You can learn about how we write and maintain documentation, our style guidelines,
  and the available web site features by visiting Contributing to the Docs.

• In the next few minutes, an automatic preview of your change will be built with
  a full copy of the istio.io website. You can find this preview by clicking on
  the Details link next to the deploy/netlify entry in the status section of this
  page.

• We care about quality, so we've put in place a number of checks to ensure our documentation
  is top-notch. We do spell checking, sanitize the Markdown, ensure all hyperlinks point to a
  valid location, and more. If your PR doesn't pass one of these checks, you'll see a red X in the
  lint_istio.io entry in the status section. Click on the Details link to get a list of the
  problems with your PR. Fix those problems and push an update; this will automatically re-run the
  tests. Hopefully this time everything will be perfect!

• Once your changes are accepted and merged into the repository, they will initially show up
  on https://preliminary.istio.io. The changes will be published to https://istio.io
  the next time we do a major release (which typically happens every 3 months or so).
  To publish them sooner, add a cherrypick/release-x.xx label, where x.xx is the current
  release of Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

[craigbox]

PTAL at https://deploy-preview-16230--preliminary-istio.netlify.app/latest/docs/ops/configuration/traffic-management/dns-proxy/

It says "This isn't enabled by default, here's how you enable it"

and now has a tip that says "this isn't enabled by default in 1.24 or earlier in ambient mode"

(a) is this now on by default for everyone in 1.25? or only for ambient mode?
(b) can we reformat the instructions to say "Sidecar mode enablement", "Ambient mode enablement" etc
(c) can the sidecar mode enablement be as simple as the ambient mode enablement?

[ilrudie]

(a) In 1.25 the cni dns redirect is enabled in the ambient profile as well as the auto-ip controller. IIRC the ztunnel dns proxy just always runs but whether or not it is used depends on the cni redirection. TL;DR These instructions are basically irrelevant for ambient SE functionality in 1.25 ambient.
(b) Maybe, I'm not sure how to do that exactly. Can we get /some/ useful tip up so users don't continue to struggle and take on a wider refresh as a follow up? See above re: whether or not special ambient instructions might be helpful. Maybe we just add a disclaimer/note/section/tip/? at the top that this page isn't really relevant for ambient 1.25+ instead?
(c) For HTTP traffic sidecar sort of already is as easy as ambient 1.25+. We read the headers and can route accordingly. This becomes critical path for some basic Istio functionality in Ambient though when we can't just read headers in ztunnel to figure it out which is why we enable out of the box for Ambient but not for Sidecar (at the moment)