diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index a416e5487fd..16a6b41d2c4 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -164,6 +164,10 @@ type HeaderSettings struct {
//
// +optional
LateResponseHeaders *HTTPHeaderFilter `json:"lateResponseHeaders,omitempty"`
+ // RequestIDExtension defines configuration for Envoy's request ID extension.
+ //
+ // +optional
+ RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty"`
}
// WithUnderscoresAction configures the action to take when an HTTP header with underscores
@@ -393,6 +397,34 @@ type ProxyProtocolSettings struct {
Optional *bool `json:"optional,omitempty"`
}
+// RequestIDExtension defines configuration for the UUID request ID extension.
+type RequestIDExtensionSettings struct {
+ // PackTraceReason indicates whether the implementation alters the UUID
+ // to contain the trace sampling decision as per the UuidRequestIdConfig
+ // message documentation.
+ //
+ // Defaults to true. If disabled, no modification to the UUID will be
+ // performed. Note that if disabled, stable sampling of traces, access logs,
+ // etc. will no longer work and only random sampling will be possible.
+ //
+ // Corresponds to Envoy’s `pack_trace_reason`.
+ //
+ // +kubebuilder:default=true
+ // +optional
+ PackTraceReason *bool `json:"packTraceReason,omitempty"`
+
+ // UseRequestIDForTraceSampling sets whether to use x-request-id for
+ // sampling decisions. Defaults to true.
+ //
+ // See the Envoy context propagation overview for more information.
+ //
+ // Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ //
+ // +kubebuilder:default=true
+ // +optional
+ UseRequestIDForTraceSampling *bool `json:"useRequestIDForTraceSampling,omitempty"`
+}
+
//+kubebuilder:object:root=true
// ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index e8c1089d5b1..e7a458a9a10 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -3862,6 +3862,11 @@ func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings) {
*out = new(HTTPHeaderFilter)
(*in).DeepCopyInto(*out)
}
+ if in.RequestIDExtension != nil {
+ in, out := &in.RequestIDExtension, &out.RequestIDExtension
+ *out = new(RequestIDExtensionSettings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.
@@ -6312,6 +6317,31 @@ func (in *RequestHeaderCustomTag) DeepCopy() *RequestHeaderCustomTag {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestIDExtensionSettings) DeepCopyInto(out *RequestIDExtensionSettings) {
+ *out = *in
+ if in.PackTraceReason != nil {
+ in, out := &in.PackTraceReason, &out.PackTraceReason
+ *out = new(bool)
+ **out = **in
+ }
+ if in.UseRequestIDForTraceSampling != nil {
+ in, out := &in.UseRequestIDForTraceSampling, &out.UseRequestIDForTraceSampling
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestIDExtensionSettings.
+func (in *RequestIDExtensionSettings) DeepCopy() *RequestIDExtensionSettings {
+ if in == nil {
+ return nil
+ }
+ out := new(RequestIDExtensionSettings)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResponseOverride) DeepCopyInto(out *ResponseOverride) {
*out = *in
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index e5aade44ea1..db2c79107ac 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -506,6 +506,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 56ec55970fe..5be524294b4 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -505,6 +505,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go
index 1577c846117..b48a4084ebf 100644
--- a/internal/gatewayapi/clienttrafficpolicy.go
+++ b/internal/gatewayapi/clienttrafficpolicy.go
@@ -644,6 +644,7 @@ func translateListenerHeaderSettings(headerSettings *egv1a1.HeaderSettings, http
EnableEnvoyHeaders: ptr.Deref(headerSettings.EnableEnvoyHeaders, false),
DisableRateLimitHeaders: ptr.Deref(headerSettings.DisableRateLimitHeaders, false),
WithUnderscoresAction: ir.WithUnderscoresAction(ptr.Deref(headerSettings.WithUnderscoresAction, egv1a1.WithUnderscoresActionRejectRequest)),
+ RequestIDExtension: (*ir.RequestIDExtensionSettings)(headerSettings.RequestIDExtension),
}
if headerSettings.RequestID != nil {
httpIR.Headers.RequestID = (*ir.RequestIDAction)(headerSettings.RequestID)
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
index 24ecb52f8d8..03c5bb6352d 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
@@ -37,6 +37,9 @@ clientTrafficPolicies:
remove:
- "my-removed-response-header"
- "my-removed-response-header"
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
index bda78989029..623ab39e659 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
@@ -36,6 +36,9 @@ clientTrafficPolicies:
- name: my-set-response-header
value: my-set-response-header-value
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
targetRef:
group: gateway.networking.k8s.io
@@ -203,6 +206,9 @@ xdsIR:
lateRemoveResponseHeaders:
- my-removed-response-header
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
hostnames:
- '*'
@@ -244,6 +250,9 @@ xdsIR:
lateRemoveResponseHeaders:
- my-removed-response-header
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
hostnames:
- '*'
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 2e9db1e3cb5..75dc6c32b7e 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -687,6 +687,10 @@ func (c *CredentialInjection) Validate() error {
// +k8s:deepcopy-gen=true
type HealthCheckSettings egv1a1.HealthCheckSettings
+// RequestIDExtension defines configuration for the UUID request ID extension.
+// +k8s:deepcopy-gen=true
+type RequestIDExtensionSettings egv1a1.RequestIDExtensionSettings
+
// HeaderSettings provides configuration related to header processing on the listener.
// +k8s:deepcopy-gen=true
type HeaderSettings struct {
@@ -725,6 +729,9 @@ type HeaderSettings struct {
// LateRemoveResponseHeaders defines headers that would be removed after envoy response processing.
LateRemoveResponseHeaders []string `json:"lateRemoveResponseHeaders,omitempty" yaml:"earlyRemoveRequestHeaders,omitempty"`
+
+ // RequestIDExtension defines configuration for the UUID request ID extension.
+ RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty" yaml:"requestIdExtension,omitempty"`
}
// ClientTimeout sets the timeout configuration for downstream connections
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index f1e4d5addca..e847c2f474a 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -2072,6 +2072,11 @@ func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings) {
*out = make([]string, len(*in))
copy(*out, *in)
}
+ if in.RequestIDExtension != nil {
+ in, out := &in.RequestIDExtension, &out.RequestIDExtension
+ *out = new(RequestIDExtensionSettings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.
@@ -3244,6 +3249,31 @@ func (in *RequestBuffer) DeepCopy() *RequestBuffer {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestIDExtensionSettings) DeepCopyInto(out *RequestIDExtensionSettings) {
+ *out = *in
+ if in.PackTraceReason != nil {
+ in, out := &in.PackTraceReason, &out.PackTraceReason
+ *out = new(bool)
+ **out = **in
+ }
+ if in.UseRequestIDForTraceSampling != nil {
+ in, out := &in.UseRequestIDForTraceSampling, &out.UseRequestIDForTraceSampling
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestIDExtensionSettings.
+func (in *RequestIDExtensionSettings) DeepCopy() *RequestIDExtensionSettings {
+ if in == nil {
+ return nil
+ }
+ out := new(RequestIDExtensionSettings)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceMetadata) DeepCopyInto(out *ResourceMetadata) {
*out = *in
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index 9ace0038c41..e9031335aba 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -25,6 +25,7 @@ import (
preservecasev3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3"
customheaderv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3"
xffv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3"
+ uuidv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3"
quicv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3"
tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
@@ -371,6 +372,7 @@ func (t *Translator) addHCMToXDSListener(
Tracing: hcmTracing,
ForwardClientCertDetails: buildForwardClientCertDetailsAction(irListener.Headers),
EarlyHeaderMutationExtensions: buildEarlyHeaderMutation(irListener.Headers),
+ RequestIdExtension: buildRequestIDExtension(irListener.Headers),
}
if requestID := ptr.Deref(irListener.Headers, ir.HeaderSettings{}).RequestID; requestID != nil {
@@ -1200,3 +1202,26 @@ func buildSetCurrentClientCertDetails(in *ir.HeaderSettings) *hcmv3.HttpConnecti
return clientCertDetails
}
+
+func buildRequestIDExtension(headers *ir.HeaderSettings) *hcmv3.RequestIDExtension {
+ if headers == nil || headers.RequestIDExtension == nil {
+ return nil
+ }
+
+ ridExt := headers.RequestIDExtension
+ cfg := &uuidv3.UuidRequestIdConfig{}
+
+ if ridExt.PackTraceReason != nil {
+ cfg.PackTraceReason = wrapperspb.Bool(*ridExt.PackTraceReason)
+ }
+
+ if ridExt.UseRequestIDForTraceSampling != nil {
+ cfg.UseRequestIdForTraceSampling = wrapperspb.Bool(*ridExt.UseRequestIDForTraceSampling)
+ }
+
+ requestIDConfig, _ := proto.ToAnyWithValidation(cfg)
+
+ return &hcmv3.RequestIDExtension{
+ TypedConfig: requestIDConfig,
+ }
+}
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml b/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
index a9699d95df5..951221f2b8d 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
@@ -49,6 +49,9 @@ http:
lateRemoveResponseHeaders:
- "some-header5"
- "some-header6"
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
routes:
- name: "second-route"
hostname: "*"
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
index 7997ce45829..6d1fae3e4b1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
@@ -99,6 +99,11 @@
ads: {}
resourceApiVersion: V3
routeConfigName: second-listener
+ requestIdExtension:
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig
+ packTraceReason: false
+ useRequestIdForTraceSampling: false
serverHeaderTransformation: PASS_THROUGH
statPrefix: http-10081
useRemoteAddress: true
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 405b316db6b..c69bf767c3d 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -2593,6 +2593,7 @@ _Appears in:_
| `requestID` | _[RequestIDAction](#requestidaction)_ | false | | RequestID configures Envoy's behavior for handling the `X-Request-ID` header.
When omitted default behavior is `Generate` which builds the `X-Request-ID` for every request
and ignores pre-existing values from the edge.
(An "edge request" refers to a request from an external client to the Envoy entrypoint.) |
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
| `lateResponseHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | | LateResponseHeaders defines settings for global response header modification. |
+| `requestIdExtension` | _[RequestIDExtensionSettings](#requestidextensionsettings)_ | false | | RequestIDExtension defines configuration for Envoy's request ID extension. |
#### HealthCheck
@@ -4524,6 +4525,21 @@ _Appears in:_
| `Disable` | Do not preserve or generate `X-Request-ID` header
|
+#### RequestIDExtensionSettings
+
+
+
+RequestIDExtension defines configuration for the UUID request ID extension.
+
+_Appears in:_
+- [HeaderSettings](#headersettings)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `packTraceReason` | _boolean_ | false | true | PackTraceReason indicates whether the implementation alters the UUID
to contain the trace sampling decision as per the UuidRequestIdConfig
message documentation.
Defaults to true. If disabled, no modification to the UUID will be
performed. Note that if disabled, stable sampling of traces, access logs,
etc. will no longer work and only random sampling will be possible.
Corresponds to Envoy’s `pack_trace_reason`. |
+| `useRequestIDForTraceSampling` | _boolean_ | false | true | UseRequestIDForTraceSampling sets whether to use x-request-id for
sampling decisions. Defaults to true.
See the Envoy context propagation overview for more information.
Corresponds to Envoy’s `use_request_id_for_trace_sampling`. |
+
+
#### ResourceProviderType
_Underlying type:_ _string_
diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml
index 6602b87b5f4..008fa1460ae 100644
--- a/test/helm/gateway-crds-helm/all.out.yaml
+++ b/test/helm/gateway-crds-helm/all.out.yaml
@@ -24407,6 +24407,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
index 377be517e3c..d7fe6868c60 100644
--- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
+++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
@@ -3751,6 +3751,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores