Skip to content

Migrate peer_metadata HTTP filter from istio/proxy to contrib #2169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Migrate peer_metadata HTTP filter from istio/proxy to contrib #2169

Copilot wants to merge 5 commits into from
+1,697 −0

Conversation

Copy link

Copilot AI commented Dec 27, 2025
edited
Loading

Migrates the peer_metadata HTTP filter extension from istio/proxy to Envoy's contrib extensions, enabling peer telemetry attribute discovery and propagation for service mesh observability.

Components Added

Proto API (api/contrib/envoy/extensions/filters/http/peer_metadata/v3alpha/)

  • Configuration for discovery methods: XDS workload discovery, Istio header exchange
  • Propagation methods for upstream/downstream metadata injection
  • Namespace: envoy.extensions.filters.http.peer_metadata.v3alpha

Common Libraries (contrib/common/)

  • metadata_object - Workload metadata serialization/deserialization, protocol buffer conversion
  • workload_discovery - Stub API for XDS-based metadata provider (extensible)

Filter Implementation (contrib/peer_metadata/filters/http/source/)

  • Discovery: Derives peer metadata from XDS or Istio headers (x-envoy-peer-metadata)
  • Propagation: Injects metadata into request/response headers with external cluster filtering
  • Caching: LRU cache (500 entries) for decoded metadata
  • Filter state integration: Stores metadata for downstream consumer filters

Tests (contrib/peer_metadata/filters/http/test/)

  • Discovery methods (XDS, Istio headers, fallback chains)
  • Propagation with skip rules for external clusters
  • Cache behavior and metadata parsing

Key Adaptations

  • Updated proto namespace from io.istio.http.peer_metadata to Envoy's v3alpha convention
  • Stubbed XDS workload discovery (returns null provider, can be enhanced with full implementation)
  • Preserved Istio metadata exchange protocol compatibility
  • Registered in contrib build system with proper metadata annotations

Example Configuration

downstream_discovery:
  - workload_discovery: {}  # XDS-based discovery
  - istio_headers: {}       # Fallback to header exchange
upstream_propagation:
  - istio_headers:
      skip_external_clusters: true  # Don't leak metadata outside mesh

The filter discovers peer metadata during request processing and stores it in filter state as downstream_peer/upstream_peer for telemetry filters to consume.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • dl.google.com
    • Triggering command: /build/bazel_root/install/fb2a7f6d344d2f4e335882534df59296/embedded_tools/jdk/bin/java bazel(envoy) --add-opens=java.base/java.lang=ALL-UNNAMED -Xverify:none -Djava.util.logging.config.file=/build/bazel_root/base/javalog.properties -Dcom.google.devtools.build.lib.util.LogHandlerQuerier.class=com.google.devtools.build.lib.util.SimpleLogHandler$HandlerQuerier -XX:-MaxFDLimit -Djava.library.path=/build/bazel_root/install/fb2a7f6d344d2f4e335882534df59296/embedded_tools/jdk/lib:/build/bazel_root/install/fb2a7f6d344d2f4e335882534df59296/embedded_tools/jdk/lib/server:/build/bazel_root/install/fb2a7f6d344d2f4e335882534df59296/ -Dfile.encoding=ISO-8859-1 -Duser.country= -Duser.language= -Duser.variant= -Xmx3g -DBAZEL_TRACK_SOURCE_DIRECTORIES=1 -Djavax.net.ssl.trustStore=/tmp/custom-cacerts -Djavax.net.ssl.trustStorePassword=changeit -jar /build/bazel_root/install/fb2a7f6d344d2f4e335882534df59296/A-server.jar --max_idle_secs=10800 --noshutdown_on_low_sys_mem --connect_timeout_secs=30 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

migrate the peer_metadata extension from the istio/proxy to the wbpcode/envoy's contrib extensions. You can find the peer_metadata from https://github.com/istio/proxy and the main code in the https://github.com/istio/proxy/tree/master/source/extensions/filters/http/peer_metadata.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Migrate peer_metadata extension to wbpcode/envoy's contrib extensions Migrate peer_metadata HTTP filter from istio/proxy to contrib Dec 27, 2025
Copilot AI requested a review from wbpcode December 27, 2025 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wbpcode wbpcode Awaiting requested review from wbpcode

Assignees

@wbpcode wbpcode

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wbpcode