Hi there,
Is it possible to configure append_forward instead of sanitize_set for Ingress Gateway? It would be nice to reduce number of details provided.
I found relevant topic in github.
I checked the code https://github.com/istio/istio/blob/49296bc2556e1f1770ac7a46bdf980e1d0713a37/pilot/pkg/networking/core/v1alpha3/gateway.go. It uses HttpConnectionManager_SANITIZE_SET there but I don’t see any way to provide configuration on top of it.
I found the way, may be it was too obvious for the others but not for me. I used EnvoyFilter. Here is the example that I used. Now it works as expected:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: xffc-forward-protocol
namespace: mynamespace # as defined in meshConfig resource.
spec:
workloadSelector:
labels:
rbliznet: ingressgateway
istio: custom-ingressgateway
app: custom-ingressgateway
configPatches:
- applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
match:
# context applyed only to gateway
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
patch:
operation: MERGE
value:
typed_config:
"@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
forward_client_cert_details: FORWARD_ONLY