The counterparty we connect to does not allow/handle that the x-envoy-peer-metadata is as big as what the istio-sidecar envoyproxy adds. (about 390 characters)
Is it possible to disable the x-envoy-peer-metadata and possible as well x-envoy-peer-metadata-id?
Searched for it and only found that it's recommended to disable it for security reason. but not found how.
After some digging I found that you can remove headers like this:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
labels:
app.kubernetes.io/part-of: my-namespace
name: my-namespace-google-remove-header
namespace: my-namespace
spec:
hosts:
- www.google.com
http:
- route:
- destination:
host: www.google.com
headers:
request:
remove:
- x-forwarded-proto
- x-envoy-decorator-operation
- x-envoy-peer-metadata-id
- x-envoy-peer-metadata
- x-envoy-attempt-count
Then in a ServiceEntry you say that www.google.com is an external entity.
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: mesh-external-www-google-com
spec:
hosts:
- www.google.com
location: MESH_EXTERNAL
ports:
- number: 80
name: http
protocol: HTTP
resolution: NONE