The service mesh leaks x-envoy* headers outside of the mesh. To prevent this I’m trying to apply this filter:
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: egress-filter namespace: istio-system spec: workloadSelector: labels: app: istio-egressgateway configPatches: - applyTo: HTTP_FILTER match: context: GATEWAY listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: MERGE value: name: "envoy.router" typed_config: "@type": "type.googleapis.com/envoy.config.filter.http.router.v2.Router" suppress_envoy_headers: true
This doesn’t seem to work though as proxy-config reports the same filter chain configuration before and after applying the filter. However, if I change the workloadSelector so that the label is
app: istio-ingressgateway, I do see a change in the configuration for the ingress gateway so I have no reason to believe there is a problem with the filter specification as such.
Does anyone know what might be happening here?