-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Closed
Labels
Description
What is the issue?
When using HTTPS with an injected ingress controller, it is possible for internal cluster details to leak via headers.
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 500
< date: Fri, 29 Mar 2019 17:51:31 GMT
< l5d-remote-ip: 10.4.0.17
< l5d-server-id: linkerd-web.linkerd.serviceaccount.identity.linkerd.cluster.local
< vary: Accept-Encoding
How can it be reproduced?
I injected Traefik, had it terminate TLS and curl'd.
Environment
- Linkerd version: edge-19.3.3
Reactions are currently unavailable