istio · rshriram · Apr 23, 2019 · Apr 18, 2019 · Apr 23, 2019 · Apr 23, 2019
diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go
diff --git a/networking/v1alpha3/sidecar.pb.html b/networking/v1alpha3/sidecar.pb.html
diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto
@@ -289,14 +289,23 @@ message IstioEgressListener {
   // The `dnsName` should be specified using FQDN format, optionally including
   // a wildcard character in the left-most component (e.g., `prod/*.example.com`).
   // Set the `dnsName` to `*` to select all services from the specified namespace
-  // (e.g.,`prod/*`). The `namespace` can also be set to `*` to select a particular
-  // service from any available namespace (e.g., "*/foo.example.com").
+  // (e.g., `prod/*`). The `namespace` can also be set to `*` to select a particular
+  // service from any available namespace (e.g., `*/foo.example.com`).
   //
   // NOTE: Only services and configuration artifacts exported to the sidecar's
   // namespace (e.g., `exportTo` value of `*`) can be referenced.
   // Private configurations (e.g., `exportTo` set to `.`) will
   // not be available. Refer to the `exportTo` setting in `VirtualService`,
   // `DestinationRule`, and `ServiceEntry` configurations for details.
+  //
+  // **WARNING:** The list of egress hosts in a `Sidecar` must also include
+  // the Mixer control plane services if they are enabled. Envoy will not
+  // be able to reach them otherwise. For example, add host
+  // `istio-system/istio-telemetry.istio-system.svc.cluster.local` if telemetry
+  // is enabled, `istio-system/istio-policy.istio-system.svc.cluster.local` if
+  // policy is enabled, or add `istio-system/*` to allow all services in the
+  // `istio-system` namespace. This requirement is temporary and will be removed
+  // in a future Istio release.
   repeated string hosts = 4;
 }