Envoy Filter to increase max header size does not work

Hello,

Situation:

Istio 1.6.8

there are two services A and B in default namespace. All of them are with injected sidecard istio-proxy and etc. When A sends request to B, request URL can be up to 80KiB. Which leads to 431 response.

I’m trying to increase max header size by applying following envoy filter:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: max-request-headers
  namespace: istio-system
spec:
  configPatches:
  - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
    match:
      listener:
        filterChain:
          filter:
            name: "envoy.filters.network.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
          max_request_headers_kb: 81

but to no availability.

Filter was tested within default, istio-config and as in example istio-system namespaces.

As of that have following questions:

1. How to verify that envoy filter was applied?
2. Does istio apply Filter configuration on the fly if not, which services needs to be restarted? only sidecarts? istiod?
3. What is wrong with envoy filter provided in example?

Istio applies filter dynamically - no need to restart any services. My guess is that the filter names are not compatible “type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager” - as 1.6.8 might not be using v3. Try with v2 filters and “envoy.filters.network.http_connection_manager” name (use old name). BTW, 1.6.8 is Eoled, please consider moving to latest version to get better support.

Thank you for help. It seems that indeed that was a problem. While we are still looking to ensure that filter was applied, at least it seems that 431 is gone.

We are planning to migrate to 1.7 istio asap.