Istio Ambient mode - Routing egress traffic to wildcard destinations

### Is this the right place to submit this?

- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio

### Bug Description

Hi Team,

We are planing to use istio ambient mode to route egress traffic to wild-card domains from our EKS cluster, but traffic is not getting routed to wild card domains. 

Mesh egress traffic follow :- 

For normal domains = pod --> ztunnel --> waypoint  ( working fine)
For wild card domains = pod --> ztunnel --> not getting routed to waypoint as there is no SE for wildcard domains. 

We can't set resolution mode to DNS for wild-card domains it has to be FQDN. 

```
apiVersion: networking.istio.io/v1
kind: ServiceEntry
metadata:
  name: wildcard
  namespace: common-infrastructure
spec:
  hosts:
    - "*.com"
    - "*.net"
    - "*.org"
    - "*.io"
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: DNS
```
--> Error from server: error when creating "wse.yml": admission webhook "validation.istio.io" denied the request: configuration is invalid: hosts must be FQDN if no endpoints are provided for resolution mode DNS.
--> we have fixed the same issue using sidecar approach by referring to https://istio.io/latest/blog/2023/egress-sni/. 

Any inputs to fix this in ambient mode ? 



### Version

```Text
% istioctl version                                                                                  
client version: 1.24.2
control plane version: 1.24.2
data plane version: 1.24.2 (5 proxies)
```


### Additional Information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Istio Ambient mode - Routing egress traffic to wildcard destinations #54540

Is this the right place to submit this?

Bug Description

Version

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development