Istio virtualservice appendHeaders field in HTTPRoute not working (Istio v1.0.6)

#1

I am trying to send a custom header from the virtualservice to my destination service using the appendheaders field (https://archive.istio.io/v1.0/docs/reference/config/istio.networking.v1alpha3/#HTTPRoute) in the virtualservice manifest yaml but that does not seem to work in Istio 1.0.6.

Is there a workaround to send custom headers to the destination service?

More details below:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-vs-https
  namespace: myns
spec:
  gateways:
  - gateway-mygw
  hosts:
  - host.custom.net
  http:
  - appendHeaders:
      my-custom-header: "true"
    match:
    - port: 443
    route:
    - destination:
        host: test-service
        port:
          number: 443

Gateway manifest below:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway-v2deployme
  namespace: v2deployme
spec:
  selector:
    istio: my-ilbgateway
  servers:
  - hosts:
    - host.custom.net
    port:
      name: http
      number: 80
      protocol: HTTP
  - hosts:
    - host.custom.net
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      mode: SIMPLE
      privateKey: /etc/istio/my-ilbgateway-certs/tls.key
      serverCertificate: /etc/istio/my-ilbgateway-certs/tls.crt

The secret was created as a self signed certificate generated from the mtls-go-example (https://archive.istio.io/v1.0/docs/tasks/traffic-management/secure-ingress/#configure-a-mutual-tls-ingress-gateway) using command:

kubectl create -n istio-system secret tls my-ilbgateway-certs --key host.custom.net/3_application/private/host.custom.net.key.pem --cert host.custom.net/3_application/certs/host.custom.net.cert.pem

And I have verified that the ilbgateway service deployment has the right volumes mounted and the secret name matches my-ilbgateway-certs

The destination service does not receive the custom header (verified from tcp dump).

0 Likes

#2

It appears that the main issue was that the https virtualservice was not getting invoked at all. The appendHeaders does work from the http virtualservice.

0 Likes