Hi,
I need to set cookies generated by a DestinationRule as secure, I checked out the docs and there’s no way to configure this via the DR and I don’t have access to the cookie value in the Virtual Service that covers the specific route, here’s my config:
- Destination Rule:
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: auth-server-sticky-session namespace: l2p-stg spec: host: auth-server.l2p-stg.svc.cluster.local trafficPolicy: loadBalancer: consistentHash: httpCookie: name: SESSION-STG path: / ttl: 60m
- Virtual Service:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: auth-server namespace: l2p-stg spec: gateways: - istio-system/public-gateway hosts: - {REDACTED} http: - match: - uri: prefix: /transfers/auth-service/ route: - destination: host: auth-server.l2p-stg.svc.cluster.local port: number: 8088 headers: response: set: path: /transfers/auth-service
Adding the “Set-Cookie” header in the Virtual Service isn’t possible because the header needs the value of the cookie (not just the name) to set the header correctly, I’m guessing this can be done with an EnvoyFilter but I don’t know to which workload should it apply if the cookie is generated by the DR instead of by any application.
Can anyone shed some on light on what I can do?