KMesh support for ServiceEntry virtural domain resolution and traffic interception, similar to Sidecar DNS capture

[zhangxiaowei1225]

What would you like to be added:

KMesh should support:

1. Resolving virtual domain names defined in ServiceEntry (e.g., external-service.nacos.test);
2. Intercepting traffic to those virtual IPs and routing through Waypoint for mesh governance.

This should work similarly to Istio Sidecar DNS capture, but implemented in the KMesh dataplane.

Why is this needed:

We are building a hybrid mesh to connect Kubernetes and VM workloads. Without domain resolution and traffic interception for ServiceEntry, Kubernetes workloads cannot access VM services using mesh-defined hostnames. This limits service discovery and traffic control across environments.

Example:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: external-service
  namespace: vm-services
  labels:
    istio.io/use-waypoint: waypoint
spec:
  hosts:
  - external-service.nacos.test
  ports:
  - number: 7000
    name: http
    protocol: HTTP
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: 192.168.5.27
    ports:
      http: 7000

Expectation:

curl http://external-service.nacos.test

1. should resolve to a virtual IP (e.g., 240.x.x.x);
2. traffic should be routed through Waypoint for policy enforcement.

[adity1raut]

/assign

[adity1raut]

/unassign

[hzxuzhonghu]

@Kuromesi is working on this

[Kuromesi]

/assign