如何从 istio 入口网关中删除或修改 header

Question

Chrome 浏览器将我所有的域和子域请求重定向到 HTTPS，这对我来说是不受欢迎的行为。 根据 https://www.chromium.org/hsts，这是添加到 chrome 浏览器到域和所有子域的 HSTS 策略。

我正在使用 Istio 版本 1.7.4 并注意到 Istio 入口网关添加了导致此问题的 header strict-transport-security。

strict-transport-security: max-age=15552000; includeSubDomains

如何从入口网关中删除此 header？

Answer 1

您可以使用 VirtualService 添加或删除某些 headers。

官方 Istio 文档中的示例显示了如何删除它的方法：

Headers

Message headers can be manipulated when Envoy forwards requests to, or responses from, a destination service. Header manipulation rules can be specified for a specific route destination or for all destinations. The following VirtualService adds a test header with the value true to requests that are routed to any reviews service destination. It also removes the foo response header, but only from responses coming from the v1 subset (version) of the reviews service.

• v1alpha3

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews-route
spec:
  hosts:
  - reviews.prod.svc.cluster.local
  http:
  - headers:
      request:
        set:
          test: true
    route:
    - destination:
        host: reviews.prod.svc.cluster.local
        subset: v2
      weight: 25
    - destination:
        host: reviews.prod.svc.cluster.local
        subset: v1
      headers:
        response:
          remove:
          - foo # <-- HERE!
      weight: 75

• Istio.io: Latest: Docs: Reference: Config: Networking: Virtual service: Headers

---

其他资源：

• Istio.io: Latest: Docs