What is the issue?

When using HTTPS with an injected ingress controller, it is possible for internal cluster details to leak via headers.

* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 500
< date: Fri, 29 Mar 2019 17:51:31 GMT
< l5d-remote-ip: 10.4.0.17
< l5d-server-id: linkerd-web.linkerd.serviceaccount.identity.linkerd.cluster.local
< vary: Accept-Encoding

How can it be reproduced?

I injected Traefik, had it terminate TLS and curl'd.

Environment

• Linkerd version: edge-19.3.3