Upstreaming envoy changes #142
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
rgarcia
approved these changes
Feb 4, 2026
Contributor
rgarcia
left a comment
rgarcia
left a comment
There was a problem hiding this comment.
TestPlaywrightDaemonRecovery failing ... might be flaky but worth double checking
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
High Risk
Adds an in-container Envoy proxy with dynamic xDS config, new external apt repo install, and runtime certificate trust-store/NSS DB modifications; misconfig or package issues can break container startup or alter outbound traffic behavior.
Overview
Adds an optional Envoy forward-proxy to both
chromium-headfulandchromium-headlessimages, managed bysupervisordand initialized during container startup.The images now install Envoy from
apt.envoyproxy.io, ship an xDSbootstrap.yamltemplate, and runinit-envoy.sh(triggered fromwrapper.sh) to render config fromINST_NAME/METRO_NAME/XDS_SERVER/XDS_JWT, generate and trust a self-signed proxy cert (system + Chromium NSS DB), start theenvoysupervisor program, and validate proxy readiness on127.0.0.1:3128.Written by Cursor Bugbot for commit e2c0df4. This will update automatically on new commits. Configure here.