diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index 936f980494f..bdb69391b7f 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -166,6 +166,10 @@ type HeaderSettings struct {
//
// +optional
LateResponseHeaders *HTTPHeaderFilter `json:"lateResponseHeaders,omitempty"`
+ // RequestIDExtension defines configuration for Envoy's request ID extension.
+ //
+ // +optional
+ RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty"`
}
// WithUnderscoresAction configures the action to take when an HTTP header with underscores
@@ -403,6 +407,34 @@ type ProxyProtocolSettings struct {
Optional *bool `json:"optional,omitempty"`
}
+// RequestIDExtension defines configuration for the UUID request ID extension.
+type RequestIDExtensionSettings struct {
+ // PackTraceReason indicates whether the implementation alters the UUID
+ // to contain the trace sampling decision as per the UuidRequestIdConfig
+ // message documentation.
+ //
+ // Defaults to true. If disabled, no modification to the UUID will be
+ // performed. Note that if disabled, stable sampling of traces, access logs,
+ // etc. will no longer work and only random sampling will be possible.
+ //
+ // Corresponds to Envoy’s `pack_trace_reason`.
+ //
+ // +kubebuilder:default=true
+ // +optional
+ PackTraceReason *bool `json:"packTraceReason,omitempty"`
+
+ // UseRequestIDForTraceSampling sets whether to use x-request-id for
+ // sampling decisions. Defaults to true.
+ //
+ // See the Envoy context propagation overview for more information.
+ //
+ // Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ //
+ // +kubebuilder:default=true
+ // +optional
+ UseRequestIDForTraceSampling *bool `json:"useRequestIDForTraceSampling,omitempty"`
+}
+
//+kubebuilder:object:root=true
// ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 25e96d84308..2ba7d16fec7 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -3892,6 +3892,11 @@ func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings) {
*out = new(HTTPHeaderFilter)
(*in).DeepCopyInto(*out)
}
+ if in.RequestIDExtension != nil {
+ in, out := &in.RequestIDExtension, &out.RequestIDExtension
+ *out = new(RequestIDExtensionSettings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.
@@ -6347,6 +6352,31 @@ func (in *RequestHeaderCustomTag) DeepCopy() *RequestHeaderCustomTag {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestIDExtensionSettings) DeepCopyInto(out *RequestIDExtensionSettings) {
+ *out = *in
+ if in.PackTraceReason != nil {
+ in, out := &in.PackTraceReason, &out.PackTraceReason
+ *out = new(bool)
+ **out = **in
+ }
+ if in.UseRequestIDForTraceSampling != nil {
+ in, out := &in.UseRequestIDForTraceSampling, &out.UseRequestIDForTraceSampling
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestIDExtensionSettings.
+func (in *RequestIDExtensionSettings) DeepCopy() *RequestIDExtensionSettings {
+ if in == nil {
+ return nil
+ }
+ out := new(RequestIDExtensionSettings)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResponseOverride) DeepCopyInto(out *ResponseOverride) {
*out = *in
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index a39f6c4819b..31570f523b2 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -506,6 +506,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 5e0a5d12df9..fe6fec5a8ac 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -505,6 +505,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go
index 9d50b627285..bb49b0bb708 100644
--- a/internal/gatewayapi/clienttrafficpolicy.go
+++ b/internal/gatewayapi/clienttrafficpolicy.go
@@ -646,6 +646,7 @@ func translateListenerHeaderSettings(headerSettings *egv1a1.HeaderSettings, http
EnableEnvoyHeaders: ptr.Deref(headerSettings.EnableEnvoyHeaders, false),
DisableRateLimitHeaders: ptr.Deref(headerSettings.DisableRateLimitHeaders, false),
WithUnderscoresAction: ir.WithUnderscoresAction(ptr.Deref(headerSettings.WithUnderscoresAction, egv1a1.WithUnderscoresActionRejectRequest)),
+ RequestIDExtension: (*ir.RequestIDExtensionSettings)(headerSettings.RequestIDExtension),
}
if headerSettings.RequestID != nil {
httpIR.Headers.RequestID = (*ir.RequestIDAction)(headerSettings.RequestID)
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
index e726a53ba94..ceecdaedbb3 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.in.yaml
@@ -41,6 +41,9 @@ clientTrafficPolicies:
remove:
- "my-removed-response-header"
- "my-removed-response-header"
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
index 961a570959c..4fed9112e33 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
@@ -40,6 +40,9 @@ clientTrafficPolicies:
- name: my-multi-set-response-header
value: value1,value2
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
targetRef:
group: gateway.networking.k8s.io
@@ -215,6 +218,9 @@ xdsIR:
lateRemoveResponseHeaders:
- my-removed-response-header
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
hostnames:
- '*'
@@ -264,6 +270,9 @@ xdsIR:
lateRemoveResponseHeaders:
- my-removed-response-header
requestID: PreserveOrGenerate
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
withUnderscoresAction: Allow
hostnames:
- '*'
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index bc4f6175a30..01b5b53095d 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -687,6 +687,10 @@ func (c *CredentialInjection) Validate() error {
// +k8s:deepcopy-gen=true
type HealthCheckSettings egv1a1.HealthCheckSettings
+// RequestIDExtension defines configuration for the UUID request ID extension.
+// +k8s:deepcopy-gen=true
+type RequestIDExtensionSettings egv1a1.RequestIDExtensionSettings
+
// HeaderSettings provides configuration related to header processing on the listener.
// +k8s:deepcopy-gen=true
type HeaderSettings struct {
@@ -725,6 +729,9 @@ type HeaderSettings struct {
// LateRemoveResponseHeaders defines headers that would be removed after envoy response processing.
LateRemoveResponseHeaders []string `json:"lateRemoveResponseHeaders,omitempty" yaml:"earlyRemoveRequestHeaders,omitempty"`
+
+ // RequestIDExtension defines configuration for the UUID request ID extension.
+ RequestIDExtension *RequestIDExtensionSettings `json:"requestIdExtension,omitempty" yaml:"requestIdExtension,omitempty"`
}
// ClientTimeout sets the timeout configuration for downstream connections
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index 8870551a593..b5aee538fa1 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -2077,6 +2077,11 @@ func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings) {
*out = make([]string, len(*in))
copy(*out, *in)
}
+ if in.RequestIDExtension != nil {
+ in, out := &in.RequestIDExtension, &out.RequestIDExtension
+ *out = new(RequestIDExtensionSettings)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.
@@ -3249,6 +3254,31 @@ func (in *RequestBuffer) DeepCopy() *RequestBuffer {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestIDExtensionSettings) DeepCopyInto(out *RequestIDExtensionSettings) {
+ *out = *in
+ if in.PackTraceReason != nil {
+ in, out := &in.PackTraceReason, &out.PackTraceReason
+ *out = new(bool)
+ **out = **in
+ }
+ if in.UseRequestIDForTraceSampling != nil {
+ in, out := &in.UseRequestIDForTraceSampling, &out.UseRequestIDForTraceSampling
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestIDExtensionSettings.
+func (in *RequestIDExtensionSettings) DeepCopy() *RequestIDExtensionSettings {
+ if in == nil {
+ return nil
+ }
+ out := new(RequestIDExtensionSettings)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceMetadata) DeepCopyInto(out *ResourceMetadata) {
*out = *in
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index 896306b5dea..c228f19e1e5 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -25,6 +25,7 @@ import (
preservecasev3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3"
customheaderv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3"
xffv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3"
+ uuidv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3"
quicv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3"
tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
@@ -371,6 +372,7 @@ func (t *Translator) addHCMToXDSListener(
Tracing: hcmTracing,
ForwardClientCertDetails: buildForwardClientCertDetailsAction(irListener.Headers),
EarlyHeaderMutationExtensions: buildEarlyHeaderMutation(irListener.Headers),
+ RequestIdExtension: buildRequestIDExtension(irListener.Headers),
}
if requestID := ptr.Deref(irListener.Headers, ir.HeaderSettings{}).RequestID; requestID != nil {
@@ -1203,3 +1205,26 @@ func buildSetCurrentClientCertDetails(in *ir.HeaderSettings) *hcmv3.HttpConnecti
return clientCertDetails
}
+
+func buildRequestIDExtension(headers *ir.HeaderSettings) *hcmv3.RequestIDExtension {
+ if headers == nil || headers.RequestIDExtension == nil {
+ return nil
+ }
+
+ ridExt := headers.RequestIDExtension
+ cfg := &uuidv3.UuidRequestIdConfig{}
+
+ if ridExt.PackTraceReason != nil {
+ cfg.PackTraceReason = wrapperspb.Bool(*ridExt.PackTraceReason)
+ }
+
+ if ridExt.UseRequestIDForTraceSampling != nil {
+ cfg.UseRequestIdForTraceSampling = wrapperspb.Bool(*ridExt.UseRequestIDForTraceSampling)
+ }
+
+ requestIDConfig, _ := proto.ToAnyWithValidation(cfg)
+
+ return &hcmv3.RequestIDExtension{
+ TypedConfig: requestIDConfig,
+ }
+}
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml b/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
index 2dee99d1d6a..44cf3ad42c2 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-late-header-mutation.yaml
@@ -48,6 +48,9 @@ http:
lateRemoveResponseHeaders:
- "some-header5"
- "some-header6"
+ requestIdExtension:
+ packTraceReason: false
+ useRequestIDForTraceSampling: false
routes:
- name: "second-route"
hostname: "*"
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
index d3deba7aa1a..801e18b6ae8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-late-header-mutation.listeners.yaml
@@ -95,6 +95,11 @@
ads: {}
resourceApiVersion: V3
routeConfigName: second-listener
+ requestIdExtension:
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig
+ packTraceReason: false
+ useRequestIdForTraceSampling: false
serverHeaderTransformation: PASS_THROUGH
statPrefix: http-10081
useRemoteAddress: true
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 6e96acef55f..729b2b45ec2 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -2624,6 +2624,7 @@ _Appears in:_
| `requestID` | _[RequestIDAction](#requestidaction)_ | false | | RequestID configures Envoy's behavior for handling the `X-Request-ID` header.
When omitted default behavior is `Generate` which builds the `X-Request-ID` for every request
and ignores pre-existing values from the edge.
(An "edge request" refers to a request from an external client to the Envoy entrypoint.) |
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
| `lateResponseHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | | LateResponseHeaders defines settings for global response header modification. |
+| `requestIdExtension` | _[RequestIDExtensionSettings](#requestidextensionsettings)_ | false | | RequestIDExtension defines configuration for Envoy's request ID extension. |
#### HealthCheck
@@ -4555,6 +4556,21 @@ _Appears in:_
| `Disable` | Do not preserve or generate `X-Request-ID` header
|
+#### RequestIDExtensionSettings
+
+
+
+RequestIDExtension defines configuration for the UUID request ID extension.
+
+_Appears in:_
+- [HeaderSettings](#headersettings)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `packTraceReason` | _boolean_ | false | true | PackTraceReason indicates whether the implementation alters the UUID
to contain the trace sampling decision as per the UuidRequestIdConfig
message documentation.
Defaults to true. If disabled, no modification to the UUID will be
performed. Note that if disabled, stable sampling of traces, access logs,
etc. will no longer work and only random sampling will be possible.
Corresponds to Envoy’s `pack_trace_reason`. |
+| `useRequestIDForTraceSampling` | _boolean_ | false | true | UseRequestIDForTraceSampling sets whether to use x-request-id for
sampling decisions. Defaults to true.
See the Envoy context propagation overview for more information.
Corresponds to Envoy’s `use_request_id_for_trace_sampling`. |
+
+
#### ResourceProviderType
_Underlying type:_ _string_
diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml
index cf3f3fd51c6..34713af45f5 100644
--- a/test/helm/gateway-crds-helm/all.out.yaml
+++ b/test/helm/gateway-crds-helm/all.out.yaml
@@ -24424,6 +24424,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores
diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
index 54655a99357..a0b2e5b278d 100644
--- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
+++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
@@ -3768,6 +3768,34 @@ spec:
- Generate
- Disable
type: string
+ requestIdExtension:
+ description: RequestIDExtension defines configuration for Envoy's
+ request ID extension.
+ properties:
+ packTraceReason:
+ default: true
+ description: |-
+ PackTraceReason indicates whether the implementation alters the UUID
+ to contain the trace sampling decision as per the UuidRequestIdConfig
+ message documentation.
+
+ Defaults to true. If disabled, no modification to the UUID will be
+ performed. Note that if disabled, stable sampling of traces, access logs,
+ etc. will no longer work and only random sampling will be possible.
+
+ Corresponds to Envoy’s `pack_trace_reason`.
+ type: boolean
+ useRequestIDForTraceSampling:
+ default: true
+ description: |-
+ UseRequestIDForTraceSampling sets whether to use x-request-id for
+ sampling decisions. Defaults to true.
+
+ See the Envoy context propagation overview for more information.
+
+ Corresponds to Envoy’s `use_request_id_for_trace_sampling`.
+ type: boolean
+ type: object
withUnderscoresAction:
description: |-
WithUnderscoresAction configures the action to take when an HTTP header with underscores