Automator: update istio.io@ reference docs (#10405)

content/en/docs/reference/commands/pilot-discovery/index.html

@@ -358,8 +358,8 @@ $ pilot-discovery completion zsh > /usr/local/share/zsh/site-functions/_pilot
 <td><code>--tls-cipher-suites &lt;stringSlice&gt;</code></td>
 <td></td>
 <td>Comma-separated list of cipher suites for istiod TLS server. If omitted, the default Go cipher suites will be used. 
-Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384. 
-Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA.  (default `[]`)</td>
+Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384. 
+Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA.  (default `[]`)</td>
 </tr>
 <tr>
 <td><code>--tlsCertFile &lt;string&gt;</code></td>

content/en/docs/reference/config/networking/service-entry/index.html

@@ -1056,13 +1056,29 @@ backing instances associated with the service.</p>
 <td><code>DNS</code></td>
 <td>
 <p>Attempt to resolve the IP address by querying the ambient DNS,
-during request processing. If no endpoints are specified, the proxy
+asynchronously. If no endpoints are specified, the proxy
 will resolve the DNS address specified in the hosts field, if
 wildcards are not used. If endpoints are specified, the DNS
 addresses specified in the endpoints will be resolved to determine
 the destination IP address.  DNS resolution cannot be used with Unix
 domain socket endpoints.</p>
 
+</td>
+</tr>
+<tr id="ServiceEntry-Resolution-DNS_ROUND_ROBIN">
+<td><code>DNS_ROUND_ROBIN</code></td>
+<td>
+<p>Attempt to resolve the IP address by querying the ambient DNS,
+asynchronously. Unlike DNS, DNS<em>ROUND</em>ROBIN only uses the
+first IP address returned when a new connection needs to be initiated
+without relying on complete results of DNS resolution and connections
+made to hosts will be retained even if DNS records change frequently
+eliminating draining connection pools and connection cycling.
+This is best suited for large web scale services that
+must be accessed via DNS. The proxy will resolve the DNS address
+specified in the hosts field, if wildcards are not used. DNS resolution
+cannot be used with Unix domain socket endpoints.</p>
+
 </td>
 </tr>
 </tbody>