istio改写server响应头部

istio 作为web服务器,默认会有个server: istio-envoy响应头部,如下:

# curl  -I localhost
HTTP/1.1 404 Not Found
date: Sat, 27 Aug 2022 09:17:01 GMT
server: istio-envoy
transfer-encoding: chunked

作为一名轻度强迫症者,总有将这个头部动手术的想法。比如:istio-envoy这个值更新成其它的值。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  namespace: istio-system
  name: replace-server-name
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
    - applyTo: NETWORK_FILTER
      match:
        context: GATEWAY
        listener:
          filterChain:
            filter:
              name: envoy.http_connection_manager
      patch:
        operation: MERGE
        value:
          typed_config:
            '@type': type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
            server_name: 'undefined'

此时再次访问,发现它已经变成我们想要的值了。

# curl  -I localhost
HTTP/1.1 404 Not Found
date: Sat, 27 Aug 2022 09:17:01 GMT
server: undefined
transfer-encoding: chunked

我们也可以通过如下方法直接将这个头部进行移除掉。

kind: EnvoyFilter
metadata:
  name: gateway-response-remove-headers
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: "envoy.filters.network.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
          server_header_transformation: PASS_THROUGH
  - applyTo: ROUTE_CONFIGURATION
    match:
      context: GATEWAY
    patch:
      operation: MERGE
      value:
        response_headers_to_remove:
        - "x-envoy-upstream-service-time"
        - "server"

测试下一看,果然啥都没有了。

# curl localhost -I
HTTP/1.1 404 Not Found
date: Sat, 27 Aug 2022 09:13:31 GMT
transfer-encoding: chunked