envoyproxy · Inode1 · Nov 3, 2025
@@ -164,6 +164,10 @@ type HeaderSettings struct {
 	//
 	// +optional
 	LateResponseHeaders *HTTPHeaderFilter `json:"lateResponseHeaders,omitempty"`
+	// RequestIDExtension defines configuration for Envoy's request ID extension.
+	//
+	// +optional
+	RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty"`
 }
 
 // WithUnderscoresAction configures the action to take when an HTTP header with underscores
@@ -393,6 +397,34 @@ type ProxyProtocolSettings struct {
 	Optional *bool `json:"optional,omitempty"`
 }
 
+// RequestIDExtension defines configuration for the UUID request ID extension.
+type RequestIDExtensionSettings struct {
+	// PackTraceReason indicates whether the implementation alters the UUID
+	// to contain the trace sampling decision as per the UuidRequestIdConfig
+	// message documentation.
+	//
+	// Defaults to true. If disabled, no modification to the UUID will be
+	// performed. Note that if disabled, stable sampling of traces, access logs,
+	// etc. will no longer work and only random sampling will be possible.
+	//
+	// Corresponds to Envoy’s `pack_trace_reason`.
+	//
+	// +kubebuilder:default=true
+	// +optional
+	PackTraceReason *bool `json:"packTraceReason,omitempty"`
+
+	// UseRequestIDForTraceSampling sets whether to use x-request-id for
+	// sampling decisions. Defaults to true.
+	//
+	// See the Envoy context propagation overview for more information.
+	//
+	// Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+	//
+	// +kubebuilder:default=true
+	// +optional
+	UseRequestIDForTraceSampling *bool `json:"useRequestIDForTraceSampling,omitempty"`
+}
+
 //+kubebuilder:object:root=true
 
 // ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.

@@ -506,6 +506,34 @@ spec:
                     - Generate
                     - Disable
                     type: string
+                  requestIdExtension:
+                    description: RequestIDExtension defines configuration for Envoy's
+                      request ID extension.
+                    properties:
+                      packTraceReason:
+                        default: true
+                        description: |-
+                          PackTraceReason indicates whether the implementation alters the UUID
+                          to contain the trace sampling decision as per the UuidRequestIdConfig
+                          message documentation.
+
+                          Defaults to true. If disabled, no modification to the UUID will be
+                          performed. Note that if disabled, stable sampling of traces, access logs,
+                          etc. will no longer work and only random sampling will be possible.
+
+                          Corresponds to Envoy’s `pack_trace_reason`.
+                        type: boolean
+                      useRequestIDForTraceSampling:
+                        default: true
+                        description: |-
+                          UseRequestIDForTraceSampling sets whether to use x-request-id for
+                          sampling decisions. Defaults to true.
+
+                          See the Envoy context propagation overview for more information.
+
+                          Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+                        type: boolean
+                    type: object
                   withUnderscoresAction:
                     description: |-
                       WithUnderscoresAction configures the action to take when an HTTP header with underscores

@@ -505,6 +505,34 @@ spec:
                     - Generate
                     - Disable
                     type: string
+                  requestIdExtension:
+                    description: RequestIDExtension defines configuration for Envoy's
+                      request ID extension.
+                    properties:
+                      packTraceReason:
+                        default: true
+                        description: |-
+                          PackTraceReason indicates whether the implementation alters the UUID
+                          to contain the trace sampling decision as per the UuidRequestIdConfig
+                          message documentation.
+
+                          Defaults to true. If disabled, no modification to the UUID will be
+                          performed. Note that if disabled, stable sampling of traces, access logs,
+                          etc. will no longer work and only random sampling will be possible.
+
+                          Corresponds to Envoy’s `pack_trace_reason`.
+                        type: boolean
+                      useRequestIDForTraceSampling:
+                        default: true
+                        description: |-
+                          UseRequestIDForTraceSampling sets whether to use x-request-id for
+                          sampling decisions. Defaults to true.
+
+                          See the Envoy context propagation overview for more information.
+
+                          Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+                        type: boolean
+                    type: object
                   withUnderscoresAction:
                     description: |-
                       WithUnderscoresAction configures the action to take when an HTTP header with underscores

@@ -644,6 +644,7 @@ func translateListenerHeaderSettings(headerSettings *egv1a1.HeaderSettings, http
 		EnableEnvoyHeaders:      ptr.Deref(headerSettings.EnableEnvoyHeaders, false),
 		DisableRateLimitHeaders: ptr.Deref(headerSettings.DisableRateLimitHeaders, false),
 		WithUnderscoresAction:   ir.WithUnderscoresAction(ptr.Deref(headerSettings.WithUnderscoresAction, egv1a1.WithUnderscoresActionRejectRequest)),
+		RequestIDExtension:      (*ir.RequestIDExtensionSettings)(headerSettings.RequestIDExtension),
 	}
 	if headerSettings.RequestID != nil {
 		httpIR.Headers.RequestID = (*ir.RequestIDAction)(headerSettings.RequestID)

@@ -37,6 +37,9 @@ clientTrafficPolicies:
         remove:
         - "my-removed-response-header"
         - "my-removed-response-header"
+      requestIdExtension:
+        packTraceReason: false
+        useRequestIDForTraceSampling: false
     targetRef:
       group: gateway.networking.k8s.io
       kind: Gateway

@@ -36,6 +36,9 @@ clientTrafficPolicies:
         - name: my-set-response-header
           value: my-set-response-header-value
       requestID: PreserveOrGenerate
+      requestIdExtension:
+        packTraceReason: false
+        useRequestIDForTraceSampling: false
       withUnderscoresAction: Allow
     targetRef:
       group: gateway.networking.k8s.io
@@ -203,6 +206,9 @@ xdsIR:
         lateRemoveResponseHeaders:
         - my-removed-response-header
         requestID: PreserveOrGenerate
+        requestIdExtension:
+          packTraceReason: false
+          useRequestIDForTraceSampling: false
         withUnderscoresAction: Allow
       hostnames:
       - '*'
@@ -244,6 +250,9 @@ xdsIR:
         lateRemoveResponseHeaders:
         - my-removed-response-header
         requestID: PreserveOrGenerate
+        requestIdExtension:
+          packTraceReason: false
+          useRequestIDForTraceSampling: false
         withUnderscoresAction: Allow
       hostnames:
       - '*'

@@ -687,6 +687,10 @@ func (c *CredentialInjection) Validate() error {
 // +k8s:deepcopy-gen=true
 type HealthCheckSettings egv1a1.HealthCheckSettings
 
+// RequestIDExtension defines configuration for the UUID request ID extension.
+// +k8s:deepcopy-gen=true
+type RequestIDExtensionSettings egv1a1.RequestIDExtensionSettings
+
 // HeaderSettings provides configuration related to header processing on the listener.
 // +k8s:deepcopy-gen=true
 type HeaderSettings struct {
@@ -725,6 +729,9 @@ type HeaderSettings struct {
 
 	// LateRemoveResponseHeaders defines headers that would be removed after envoy response processing.
 	LateRemoveResponseHeaders []string `json:"lateRemoveResponseHeaders,omitempty" yaml:"earlyRemoveRequestHeaders,omitempty"`
+
+	// RequestIDExtension defines configuration for the UUID request ID extension.
+	RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty" yaml:"requestIdExtension,omitempty"`
 }
 
 // ClientTimeout sets the timeout configuration for downstream connections

@@ -25,6 +25,7 @@ import (
 	preservecasev3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3"
 	customheaderv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3"
 	xffv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3"
+	uuidv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3"
 	quicv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3"
 	tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
@@ -371,6 +372,7 @@ func (t *Translator) addHCMToXDSListener(
 		Tracing:                       hcmTracing,
 		ForwardClientCertDetails:      buildForwardClientCertDetailsAction(irListener.Headers),
 		EarlyHeaderMutationExtensions: buildEarlyHeaderMutation(irListener.Headers),
+		RequestIdExtension:            buildRequestIDExtension(irListener.Headers),
 	}
 
 	if requestID := ptr.Deref(irListener.Headers, ir.HeaderSettings{}).RequestID; requestID != nil {
@@ -1200,3 +1202,26 @@ func buildSetCurrentClientCertDetails(in *ir.HeaderSettings) *hcmv3.HttpConnecti
 
 	return clientCertDetails
 }
+
+func buildRequestIDExtension(headers *ir.HeaderSettings) *hcmv3.RequestIDExtension {
+	if headers == nil || headers.RequestIDExtension == nil {
+		return nil
+	}
+
+	ridExt := headers.RequestIDExtension
+	cfg := &uuidv3.UuidRequestIdConfig{}
+
+	if ridExt.PackTraceReason != nil {
+		cfg.PackTraceReason = wrapperspb.Bool(*ridExt.PackTraceReason)
+	}
+
+	if ridExt.UseRequestIDForTraceSampling != nil {
+		cfg.UseRequestIdForTraceSampling = wrapperspb.Bool(*ridExt.UseRequestIDForTraceSampling)
+	}
+
+	requestIDConfig, _ := proto.ToAnyWithValidation(cfg)
+
+	return &hcmv3.RequestIDExtension{
+		TypedConfig: requestIDConfig,
+	}
+}
@@ -49,6 +49,9 @@ http:
     lateRemoveResponseHeaders:
     - "some-header5"
     - "some-header6"
+    requestIdExtension:
+      packTraceReason: false
+      useRequestIDForTraceSampling: false
   routes:
   - name: "second-route"
     hostname: "*"

@@ -99,6 +99,11 @@
             ads: {}
             resourceApiVersion: V3
           routeConfigName: second-listener
+        requestIdExtension:
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig
+            packTraceReason: false
+            useRequestIdForTraceSampling: false
         serverHeaderTransformation: PASS_THROUGH
         statPrefix: http-10081
         useRemoteAddress: true

@@ -2593,6 +2593,7 @@ _Appears in:_
 | `requestID` | _[RequestIDAction](#requestidaction)_ |  false  |  | RequestID configures Envoy's behavior for handling the `X-Request-ID` header.<br />When omitted default behavior is `Generate` which builds the `X-Request-ID` for every request<br /> and ignores pre-existing values from the edge.<br />(An "edge request" refers to a request from an external client to the Envoy entrypoint.) |
 | `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ |  false  |  | EarlyRequestHeaders defines settings for early request header modification, before envoy performs<br />routing, tracing and built-in header manipulation. |
 | `lateResponseHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ |  false  |  | LateResponseHeaders defines settings for global response header modification. |
+| `requestIdExtension` | _[RequestIDExtensionSettings](#requestidextensionsettings)_ |  false  |  | RequestIDExtension defines configuration for Envoy's request ID extension. |
 
 
 #### HealthCheck
@@ -4524,6 +4525,21 @@ _Appears in:_
 | `Disable` | Do not preserve or generate `X-Request-ID` header<br /> | 
 
 
+#### RequestIDExtensionSettings
+
+
+
+RequestIDExtension defines configuration for the UUID request ID extension.
+
+_Appears in:_
+- [HeaderSettings](#headersettings)
+
+| Field | Type | Required | Default | Description |
+| ---   | ---  | ---      | ---     | ---         |
+| `packTraceReason` | _boolean_ |  false  | true | PackTraceReason indicates whether the implementation alters the UUID<br />to contain the trace sampling decision as per the UuidRequestIdConfig<br />message documentation.<br />Defaults to true. If disabled, no modification to the UUID will be<br />performed. Note that if disabled, stable sampling of traces, access logs,<br />etc. will no longer work and only random sampling will be possible.<br />Corresponds to Envoy’s `pack_trace_reason`. |
+| `useRequestIDForTraceSampling` | _boolean_ |  false  | true | UseRequestIDForTraceSampling sets whether to use x-request-id for<br />sampling decisions. Defaults to true.<br />See the Envoy context propagation overview for more information.<br />Corresponds to Envoy’s `use_request_id_for_trace_sampling`. |
+
+
 #### ResourceProviderType
 
 _Underlying type:_ _string_