I am trying to send a custom header from the virtualservice to my destination service using the appendheaders field (https://archive.istio.io/v1.0/docs/reference/config/istio.networking.v1alpha3/#HTTPRoute) in the virtualservice manifest yaml but that does not seem to work in Istio 1.0.6.
Is there a workaround to send custom headers to the destination service?
More details below:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-vs-https
namespace: myns
spec:
gateways:
- gateway-mygw
hosts:
- host.custom.net
http:
- appendHeaders:
my-custom-header: "true"
match:
- port: 443
route:
- destination:
host: test-service
port:
number: 443
Gateway manifest below:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway-v2deployme
namespace: v2deployme
spec:
selector:
istio: my-ilbgateway
servers:
- hosts:
- host.custom.net
port:
name: http
number: 80
protocol: HTTP
- hosts:
- host.custom.net
port:
name: https
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
privateKey: /etc/istio/my-ilbgateway-certs/tls.key
serverCertificate: /etc/istio/my-ilbgateway-certs/tls.crt
The secret was created as a self signed certificate generated from the mtls-go-example (https://archive.istio.io/v1.0/docs/tasks/traffic-management/secure-ingress/#configure-a-mutual-tls-ingress-gateway) using command:
kubectl create -n istio-system secret tls my-ilbgateway-certs --key host.custom.net/3_application/private/host.custom.net.key.pem --cert host.custom.net/3_application/certs/host.custom.net.cert.pem
And I have verified that the ilbgateway service deployment has the right volumes mounted and the secret name matches my-ilbgateway-certs
The destination service does not receive the custom header (verified from tcp dump).