Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to add server_header_transformation in kind: EnvoyProxy #4324

Open
meektechie opened this issue Sep 24, 2024 · 6 comments
Open

How to add server_header_transformation in kind: EnvoyProxy #4324

meektechie opened this issue Sep 24, 2024 · 6 comments
Labels
stale triage

Comments

@meektechie
Copy link

Description:

Describe the desired behavior, what scenario it enables and how it
would be used.
I want to remove server: nginx/1.27.1 header on on my response header. I am using envoy-gateway. I want server_header_transformation this to be applied globally.
[optional Relevant Links:]
Any extra documentation required to understand the issue.

Below i have attached my configuration. It did't works but need some experts guidelines.

apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: external-proxy-config namespace: gateway spec: bootstrap: type: Merge value: | static_resources: listeners: - name: listener_0 address: socket_address: address: 0.0.0.0 port_value: 8080 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http server_header_transformation: PASS_THROUGH server_name: none route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: - match: prefix: "/" route: cluster: some_service_cluster clusters: - name: some_service_cluster connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: some_service_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 19000 provider: type: Kubernetes kubernetes: envoyDeployment: replicas: 1 container: resources: requests: cpu: 150m memory: 640Mi limits: cpu: 500m memory: 1Gi envoyHpa: minReplicas: 1 maxReplicas: 3 metrics: - resource: name: cpu target: averageUtilization: 30 type: Utilization type: Resource envoyService: externalTrafficPolicy: Local type: LoadBalancer annotations: service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
@meektechie
Copy link
Author

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: external-proxy-config
namespace: gateway
spec:
bootstrap:
type: Merge
value: |
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
server_header_transformation: PASS_THROUGH
server_name: none
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: some_service_cluster
clusters:
- name: some_service_cluster
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: some_service_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 19000
provider:
type: Kubernetes
kubernetes:
envoyDeployment:
replicas: 1
container:
resources:
requests:
cpu: 150m
memory: 640Mi
limits:
cpu: 500m
memory: 1Gi
envoyHpa:
minReplicas: 1
maxReplicas: 3
metrics:
- resource:
name: cpu
target:
averageUtilization: 30
type: Utilization
type: Resource
envoyService:
externalTrafficPolicy: Local
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"

@arkodg
Copy link
Contributor

arkodg commented Sep 24, 2024
edited
Loading

@meektechie its PASS_THROUGH by default https://github.com/envoyproxy/gateway/pull/2585/files
are you on v1.1 ?

@meektechie
Copy link
Author

@arkodg Yes it is v1.1.1. I followed the doc https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto.html#envoy-v3-api-enum-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-serverheadertransformation. there it is mentioned default is OVERWRITE. I am new to it. I want to remove the "Server" header globally for all the HTTPRoutes. Pls suggest how can i proceed.

@arkodg
Copy link
Contributor

arkodg commented Sep 25, 2024

@meektechie Envoy Proxy sets the default to OvERWRITE but Envoy Gateway sets the default to PASSTHROUGH

@meektechie
Copy link
Author

Great, but still i could see the server header. Am i missing something?

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

@github-actions github-actions bot added the stale label Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arkodg @meektechie