4

I have a working installation of Kong on a Kubernetes cluster, using kubernetes-ingress-controller functionality (https://github.com/Kong/kubernetes-ingress-controller).

I would like to remove the following Kong's related headers:

  • "X-Kong-Upstream-Latency"
  • "X-Kong-Proxy-Latency"
  • "Via"
  • "Server"

I tried by using the response-transformer plugin by applying the following KongPlugin resource:

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: kong-response-transformer
config:
  remove:
    headers:
    - "X-Kong-Upstream-Latency"
    - "X-Kong-Proxy-Latency"
    - "Via"
    - "Server"
plugin: response-transformer

But only the "Server" header is removed from responses. Is there a way to remove such headers from response in a "kubernetes-ingress-controller" way by using some custom resources?

I found several GitHub issues related to this problem (1, 2) but all of them refers to the possibility to update the Kong configuration file (/etc/kong/kong.yml) and I honestly don't know how to apply such changes in my Kubernetes environment. Passing the following lines into a ConfigMap does not fix the problem:

# Add additional response headers
header_filter_by_lua_block {
    kong.header_filter()
    ngx.header["Server"] = nil
    ngx.header["Via"] = nil
    ngx.header["X-Kong-Proxy-Latency"] = nil
    ngx.header["X-Kong-Upstream-Latency"] = nil
}

Any help on this? Thank you...

Edit: Kong version is 2.0.3, kong-ingress-controller version is 0.8.1.

Marco
  • 700
  • 1
  • 14
  • 26

3 Answers3

10

You can disable these headers via the headers configuration property. Also noted on the same page is the fact that configuration properties can also be specified as environment variables.

You can thus update your Deployment to specify the headers = off property as an environment variable. Something similar to:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-kong
  namespace: kong
spec:
  template:
    spec:
      containers:
        name: proxy
        image: kong:2.0.3
        env:
        - name: KONG_HEADERS
          value: off
thibaultcha
  • 1,320
  • 2
  • 15
  • 27
1

I had the exact problem and fixed it after finding this thread. As I'm directly building Docker image of kong, I added below step in Docker file to inject the to inject the environment variable

ENV KONG_HEADERS='off'
Ajanthan
  • 198
  • 2
  • 10
0

@thibaultcha is right. looking at the https://github.com/Kong/kong/blob/9f2b1d984057336cc6075c287ec38ad59323fe6e/kong.conf.default#L656 We can see the definition of the headers. the headers environment is changed to KONG_HEADERS

all that needs to be done when using Helm is to add to the values.yaml file the headers with "off"

env:
  headers: 'off'
Yossi Cohn
  • 11
  • 2