EnvoyFilter inject header for VS routing

tomhawk · April 8, 2021, 1:12pm

So I have a custom istio gateway I generated with my iop. it works great.
I also have my (custom) Istio gateway (v1.8.4).
one a request comes into my mesh , I want to inject an HTTP header which tells the final POD which istio-ingressingress K8s service was selected for processing. ( I got 3)
actually not the final POD: I want to create a virtual service that will do header-based-matching and send the request to different destination based on that header.

$ kubectl get svc -A | grep custo
istio-system                       dl10-public-custom-ingressgateway                 LoadBalancer   172.21.149.11    x.y.z.a    15021:31650/TCP,80:32035/TCP,443:31067/TCP,15443:31250/TCP                   37d
istio-system                       dl12-public-custom-ingressgateway                 LoadBalancer   172.21.121.178   x.y.z.b    15021:32392/TCP,80:30682/TCP,443:30298/TCP,15443:32174/TCP                   37d
istio-system                       dl13-public-custom-ingressgateway                 LoadBalancer   172.21.111.16    x.y.z.c    15021:32397/TCP,80:30358/TCP,443:31251/TCP,15443:31699/TCP                   37d

so I need to know if the request passed through dl10,dl12 or dl13 .

so I tried using HTTP_FILTER with INSERT_BEFORE at context: GATEWAY.
but printing the headers at that point: it seems I placed the filter too early in the filter chain.
using INSERT_AFTER didn’t work at all.

any advice ?

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: custom-http-hdr-inject
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: custom-ingressgateway
  configPatches:
    - applyTo: HTTP_FILTER
      match:
        context: GATEWAY
        listener:
          filterChain:
            filter:
              name: "envoy.http_connection_manager"
              subFilter:
                name: "envoy.router"
      patch:
        operation: INSERT_AFTER
        value: # lua filter specification
          name: envoy.filters.http.lua
          typed_config:
            "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
            inlineCode: |
              function envoy_on_request(request_handle)
                  -- printing the http headers just to debug stuff...
                  for key, value in pairs(request_handle:headers()) do
                    print(key ,"=",value)
                  end
                  local region=request_handle:headers():get(":x-envoy-peer-metadata-id")
                  request_handle:headers():add("region", region)
              end

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-health-dal10
  namespace: custom-gateways #  istio-system
spec:
  gateways:
    - custom-gateways/a-istio-gateway
  hosts:
    - "*"
  http:
    - name: "dl10-case"
      match:
        - method:
            exact: GET
          headers:
            name: region
              exact-match: dl10
          uri:
            exact: /healthz/ready
      route:
        - destination:
            host: some-service-A.svc.cluster.local
            port:
              number: 6547

is there any way to inject an HTTP hint of what istio-ingress-gateway pod was selected (I got 6 pods in my cluster) before the request is matched with a specific destination rule ?

Topic		Replies	Views
Adding custom response headers using Istio's (1.6.0) envoy lua filter	5	9365	November 5, 2020
Envoy filter not working on specific gateway	1	1614	March 5, 2023
Injecting headers for outbound traffic on all requests ( HTTP and HTTPS) Networking	1	2865	September 26, 2023
Forward headers with EnvoyFilters Security	3	5319	May 14, 2020
Envoy Filter does not work in Istio 1.5.2 Networking	1	1260	June 12, 2020

EnvoyFilter inject header for VS routing

Related Topics