I want to set is to
SANITIZE for sidecars for intra-cluster traffic.
I have tried using the following
EnvoyFilter, which I would expect to over-ride Istio’s envoy configuration, but It does not seem to be being applied as expected:
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: forward-client-cert namespace: istio-system spec: configPatches: - applyTo: NETWORK_FILTER match: listener: filterChain: filter: name: "envoy.http_connection_manager" patch: operation: MERGE value: typed_config: "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" forward_client_cert_details: SANITIZE max_request_headers_kb: 89
(Note: Running a config dump on Envoy within the sidecar, I can see that the
max_request_headers_kb is being set to
89 as expected, but the
forward_client_cert_details are having no effect, and is not changed from
Is there any way to do what I am trying to do?