I have set up an istio-enabled microservices architecture on a kubernetes cluster.
My istio-ingressgateway is proxied by Cloudflare.
The later, generates a of specific header, namely cf-ray to support troubleshooting cloudflare-related issues.
My question is how to enable my service mesh i.e. both in the edge (the istio-ingressgateway that is) and all sidecars to propagate the cf-ray id header.
istio's documentation on VirtualService resource, in the section about HeaderOperations, lists 3 available actions, namely set, add and remove.
add and remove seem to be the more unrelated to the action I want to perform, however set also seems to ask for a specific value to be set.
I just want a passthrough/propagation type of operation where istio upon seeing a cf-ray header, will pass it
a) in the cluster (when its about the ingress gateway)
b) from each sidecar to the main container (it goes without saying that in this case, it then becomes a responsibility of the main container's app to continue propagation from that point on)
You don't have the problem of the sidecars propagating the headers, because the sidecars do it by default. It's like when you have to configure tracing in Istio. You just generate and propagate some headers, and no need to do anything with the sidecars.
About the generation part, actually the field you want to use is add. set will change the header value by something else (e.g. you have a set for foo: bar, if you get a request with foo: baz, it will set to foo: bar). add, on the other hand, will add cf-ray to your requests.
About the part of how to get the request into the cluster, there should be no problems as at the edge, through Gateway you don't configure headers. So, it will just pass through to the service.
EXAMPLE
...
spec:
hosts:
- service.namespace.svc.cluster.local
http:
- headers:
request:
add:
key: "value"
route:
- destination:
host: service.namespace.svc.cluster.local
...