Secure Cookie Created by Destination Rule

Hi,

I need to set cookies generated by a DestinationRule as secure, I checked out the docs and there’s no way to configure this via the DR and I don’t have access to the cookie value in the Virtual Service that covers the specific route, here’s my config:

  • Destination Rule:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: auth-server-sticky-session
  namespace: l2p-stg
spec:
  host: auth-server.l2p-stg.svc.cluster.local
  trafficPolicy:
    loadBalancer:
      consistentHash:
        httpCookie:
          name: SESSION-STG
          path: /
          ttl: 60m
  • Virtual Service:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: auth-server
  namespace: l2p-stg
spec:
  gateways:
  - istio-system/public-gateway
  hosts:
  - {REDACTED}
  http:
  - match:
    - uri:
        prefix: /transfers/auth-service/
    route:
    - destination:
        host: auth-server.l2p-stg.svc.cluster.local
        port:
          number: 8088
      headers:
        response:
          set:
            path: /transfers/auth-service

Adding the “Set-Cookie” header in the Virtual Service isn’t possible because the header needs the value of the cookie (not just the name) to set the header correctly, I’m guessing this can be done with an EnvoyFilter but I don’t know to which workload should it apply if the cookie is generated by the DR instead of by any application.

Can anyone shed some on light on what I can do?