Envoy Stripping Custom Headers

Jonathan_H · February 19, 2019, 2:44pm

We’re running into an issue where if we configure our kubernetes service for HTTP, Envoy will begin stripping our custom headers. As soon as we move it back to a Layer4 proxy (changing the service name prefix to something else), our headers pass into the mesh correctly. I’ve traced the network and looked into the logs - whenever Envoy determines that it needs to add the x-request-id and all the external tracing, is when it drops our headers.

The documentation for Istio/Envoy states that it’ll sanitize headers with the x- prefix, but doesn’t say anything about removing custom headers. Is this expected or is there an easy way to keep Envoy as a layer 7 proxy while being able to maintain our headers?

Our headers are prefixed with ‘wt-’ which has no value and we could change to something else if it would help.

ed.snible · February 19, 2019, 3:04pm

I’m using Istio 1.1 prerelease. I deployed the httpbin sample:

kubectl apply -f samples/httpbin/httpbin.yaml
kubectl apply -f samples/httpbin/httpbin-gateway.yaml

I did curl -H "wt-abc: def" -H "wt-123: 456" <my-public-ip>:31380/headers and verified that headers beginning with wt- are making it through:

{
  "headers": {
    "Accept": "*/*", 
   ...
    "Wt-123": "456", 
    "Wt-Abc": "def", 
    "X-B3-Parentspanid": "a3ee2ed5318e6539", 
    ...
  }
}

Jonathan_H · February 19, 2019, 3:55pm

Thanks, Ed! I should’ve mentioned we’re running Istio 1.0.5 - I haven’t run a test against a plain vanilla httpbin sample for our version. I’ll do that now and compare to our prod environment.

Sourabh_Wadhwa · February 19, 2019, 11:26pm

Hi,

My query is simialr to what was asked by OP.

I am using Istio 1.0.6. We have one of the headers “x-correlation-id”. I want to get this header in Jaeger. How is that possible ? Will it work in 1.1 ?

Also, If I want to have this header “x-correlation-id” as one of the prometheus metric, how is it possible ??

Sourabh_Wadhwa · February 20, 2019, 12:07am

Can you lease send me the URL where this is documented ? I couldnt find it anywhere

Jonathan_H · February 20, 2019, 12:59am

Hey Sourabh - This is the link I was referring to: https://www.envoyproxy.io/docs/envoy/latest/configuration/http_conn_man/header_sanitizing

douglas-reid · February 20, 2019, 6:06pm

Header sanitation issues aside: If you want to use direct integration (envoy → jaeger) for tracing, you will need to provide updates to the Envoy tracing functionality itself to customize. I’m not sure what the best way would be to accomplish that. If you want to use Mixer to generate your tracespans before sending to Jaeger, you can update your template to include a label with an expression that looks something like request.headers["x-correlation-id"].

You can add headers to prometheus metrics by altering the instances involved (and the prom configuration) just as for the tracespan template. However, adding correlation ids to metrics isn’t advised at any scale, due to cardinality concerns. Please see: Metric and label naming | Prometheus

CAUTION: Remember that every unique combination of key-value label pairs represents a new time series, which can dramatically increase the amount of data stored. Do not use labels to store dimensions with high cardinality (many different label values), such as user IDs, email addresses, or other unbounded sets of values

Sourabh_Wadhwa · February 22, 2019, 1:31am

Hello Douglas,

Thanks for your reply.

What do you mean by when you say “update your template”. Which template are we talking about here. Is there any reference somewhere which I can use to do my desired configuration.

douglas-reid · February 23, 2019, 1:27am

The following config artifacts:

Sourabh_Wadhwa · February 26, 2019, 8:48pm

Hello @douglas-reid,

Thanks for the reply. I can see a lot of CRDs there in the config. yaml.

to change data what jaeger is receiving, what all CRDs I have to modify ?

douglas-reid · February 27, 2019, 6:20pm

@Sourabh_Wadhwa the links i sent were links to metrics definitions that show exactly which pieces of config you would need to modify to add labels to metrics exposed via Prometheus. There is nothing there about changing the data jaeger is receiving.

Sourabh_Wadhwa · March 1, 2019, 12:39am

I tried fetching custom header in Prometheus with the changes you suggested:

I added following line in “metric” named “requestcount”:

correlation_id: request.headers[“x-correlation-id”] | “unknown”

I also added the name to "handler named "prometheus:

metrics:
- name: requests_total
  instance_name: requestcount.metric.{{ .Release.Namespace }}
  kind: COUNTER
  label_names:
  - reporter
  - correlation_id

I can see the metric “correlation_id” appearing in prometheus but not able to see any value to it. Its all “unknown”

Sourabh_Wadhwa · March 5, 2019, 8:23pm

I looked at the metrics collected by prometheus today and I am now able to get the values of custom headers in prometheus.

Thanks @douglas-reid

Topic		Replies	Views
Removing the x-envoy-peer-metadata header Config	0	1311	May 15, 2023
Overridding VS rules Networking	2	467	January 23, 2020
Istio 1.5 EnvoyFilter Request Header Removal Not Working Networking	0	746	May 18, 2020
Ability to drop x-envoy-* headers	0	355	April 6, 2021
Is there any documentation or code location for the header injected by istio envoy? Networking	1	1973	November 10, 2020

Envoy Stripping Custom Headers

Related Topics