I have a basic Kubernetes setup with Istio/Sidecar to encrypt the communication with mtls. I found out that by default I cannot send network requests between the pods with duplicated headers. Duplicated header keys are filtered/deleted. I tried to apply this configuration in order to disable this functionality:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: auth-header-filter
spec:
workloadSelector:
labels:
app: received_pod_name
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: "envoy.filters.network.http_connection_manager"
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
http_protocol_options:
allow_duplicate_authorization_header: true
But again the second request header is removed. Any idea how to fix this?
I don't think allow_duplicate_authorization_header is a valid field in the code. This is not going to work.