Description:
After updating to version v1.7.0, we are observing missing X-ENVOY-ORIGINAL-HOST header, even when enableEnvoyHeaders is set to True in the clientTrafficPolicy. This does not affect X-ENVOY-ORIGINAL-PATH, which remains available. This bug was not present in previous versions (e.g. v1.6.4).
This bug leaves no way to log the original host of a request in case the hostname is rewritten.
Repro steps:
- Install envoyproxy gateway with
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.7.0 -n envoy-gateway-system --create-namespace
- Deploy the following gateway and route configuration
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: eg
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
spec:
gatewayClassName: eg
infrastructure:
parametersRef:
group: gateway.envoyproxy.io
kind: EnvoyProxy
name: proxy-config
listeners:
- name: http
protocol: HTTP
port: 80
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: proxy-config
spec:
telemetry:
accessLog:
settings:
- format:
type: JSON
json:
method: "%REQ(:METHOD)%"
http.host: "%REQ(HOST)%"
http.path: "%REQ(:PATH)%"
http.original_host: "%REQ(X-ENVOY-ORIGINAL-HOST)%"
http.original_path: "%REQ(X-ENVOY-ORIGINAL-PATH)%"
"protocol": "%PROTOCOL%"
"response_code": "%RESPONSE_CODE%"
"response_code_details": "%RESPONSE_CODE_DETAILS%"
sinks:
- type: File
file:
path: /dev/stdout
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: ClientTrafficPolicy
metadata:
name: eg
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: eg
headers:
enableEnvoyHeaders: true
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: backend-dynamic-resolver
spec:
type: DynamicResolver
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-filter-url-rewrite
spec:
parentRefs:
- name: eg
hostnames:
- www.example.com
rules:
- matches:
- path:
value: "/get"
filters:
- type: URLRewrite
urlRewrite:
hostname: www.google.com
path:
type: ReplacePrefixMatch
replacePrefixMatch: /replace
backendRefs:
- group: gateway.envoyproxy.io
kind: Backend
name: backend-dynamic-resolver
export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8888:80 &
curl --verbose --header "Host: www.example.com" http://localhost:8888/get
Environment:
Gateway version v1.7.0
Logs:
- Logs from gateway version v1.7.0
{"http.host":"www.google.com","http.original_host":null,"http.original_path":"/get","http.path":"/replace","method":"GET","protocol":"HTTP/1.1","response_code":404,"response_code_details":"via_upstream"}
- Logs from gateway version v1.6.3 (expected behavior)
{"http.host":"www.google.com","http.original_host":"www.example.com","http.original_path":"/get","http.path":"/replace","method":"GET","protocol":"HTTP/1.1","response_code":404,"response_code_details":"via_upstream"}
Description:
After updating to version v1.7.0, we are observing missing
X-ENVOY-ORIGINAL-HOSTheader, even whenenableEnvoyHeadersis set to True in the clientTrafficPolicy. This does not affectX-ENVOY-ORIGINAL-PATH, which remains available. This bug was not present in previous versions (e.g. v1.6.4).This bug leaves no way to log the original host of a request in case the hostname is rewritten.
Repro steps:
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.7.0 -n envoy-gateway-system --create-namespaceEnvironment:
Gateway version v1.7.0
Logs: