2
apiVersion: apiextensions.k8s.io/v1
3
kind: CustomResourceDefinition
6
controller-gen.kubebuilder.io/version: v0.14.0
7
name: meshcircuitbreakers.kuma.io
13
kind: MeshCircuitBreaker
14
listKind: MeshCircuitBreakerList
15
plural: meshcircuitbreakers
16
singular: meshcircuitbreaker
19
- additionalPrinterColumns:
20
- jsonPath: .spec.targetRef.kind
23
- jsonPath: .spec.targetRef.name
32
APIVersion defines the versioned schema of this representation of an object.
33
Servers should convert recognized schemas to the latest internal value, and
34
may reject unrecognized values.
35
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
39
Kind is a string value representing the REST resource this object represents.
40
Servers may infer this from the endpoint the client submits requests to.
43
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
48
description: Spec is the specification of the Kuma MeshCircuitBreaker
52
description: From list makes a match between clients and corresponding
58
Default is a configuration specific to the group of destinations
59
referenced in 'targetRef'
63
ConnectionLimits contains configuration of each circuit breaking limit,
64
which when exceeded makes the circuit breaker to become open (no traffic
65
is allowed like no current is allowed in the circuits when physical
66
circuit breaker ir open)
70
The maximum number of connection pools per cluster that are concurrently
71
supported at once. Set this for clusters which create a large number of
77
The maximum number of connections allowed to be made to the upstream
83
The maximum number of pending requests that are allowed to the upstream
84
cluster. This limit is applied as a connection limit for non-HTTP
90
The maximum number of parallel requests that are allowed to be made
91
to the upstream cluster. This limit does not apply to non-HTTP traffic.
96
The maximum number of parallel retries that will be allowed to
103
OutlierDetection contains the configuration of the process of dynamically
104
determining whether some number of hosts in an upstream cluster are
105
performing unlike the others and removing them from the healthy load
106
balancing set. Performance might be along different axes such as
107
consecutive failures, temporal success rate, temporal latency, etc.
108
Outlier detection is a form of passive health checking.
112
The base time that a host is ejected for. The real time is equal to
113
the base time multiplied by the number of times the host has been
117
description: Contains configuration for supported outlier
122
Failure Percentage based outlier detection functions similarly to success
123
rate detection, in that it relies on success rate data from each host in
124
a cluster. However, rather than compare those values to the mean success
125
rate of the cluster as a whole, they are compared to a flat
126
user-configured threshold. This threshold is configured via the
127
outlierDetection.failurePercentageThreshold field.
128
The other configuration fields for failure percentage based detection are
129
similar to the fields for success rate detection. As with success rate
130
detection, detection will not be performed for a host if its request
131
volume over the aggregation interval is less than the
132
outlierDetection.detectors.failurePercentage.requestVolume value.
133
Detection also will not be performed for a cluster if the number of hosts
134
with the minimum required request volume in an interval is less than the
135
outlierDetection.detectors.failurePercentage.minimumHosts value.
139
The minimum number of hosts in a cluster in order to perform failure
140
percentage-based ejection. If the total number of hosts in the cluster is
141
less than this value, failure percentage-based ejection will not be
147
The minimum number of total requests that must be collected in one
148
interval (as defined by the interval duration above) to perform failure
149
percentage-based ejection for this host. If the volume is lower than this
150
setting, failure percentage-based ejection will not be performed for this
156
The failure percentage to use when determining failure percentage-based
157
outlier detection. If the failure percentage of a given host is greater
158
than or equal to this value, it will be ejected.
164
In the default mode (outlierDetection.splitExternalLocalOriginErrors is
165
false) this detection type takes into account a subset of 5xx errors,
166
called "gateway errors" (502, 503 or 504 status code) and local origin
167
failures, such as timeout, TCP reset etc.
168
In split mode (outlierDetection.splitExternalLocalOriginErrors is true)
169
this detection type takes into account a subset of 5xx errors, called
170
"gateway errors" (502, 503 or 504 status code) and is supported only by
175
The number of consecutive gateway failures (502, 503, 504 status codes)
176
before a consecutive gateway failure ejection occurs.
182
This detection type is enabled only when
183
outlierDetection.splitExternalLocalOriginErrors is true and takes into
184
account only locally originated errors (timeout, reset, etc).
185
If Envoy repeatedly cannot connect to an upstream host or communication
186
with the upstream host is repeatedly interrupted, it will be ejected.
187
Various locally originated problems are detected: timeout, TCP reset,
188
ICMP errors, etc. This detection type is supported by http router and
193
The number of consecutive locally originated failures before ejection
194
occurs. Parameter takes effect only when splitExternalAndLocalErrors
201
Success Rate based outlier detection aggregates success rate data from
202
every host in a cluster. Then at given intervals ejects hosts based on
203
statistical outlier detection. Success Rate outlier detection will not be
204
calculated for a host if its request volume over the aggregation interval
205
is less than the outlierDetection.detectors.successRate.requestVolume
207
Moreover, detection will not be performed for a cluster if the number of
208
hosts with the minimum required request volume in an interval is less
209
than the outlierDetection.detectors.successRate.minimumHosts value.
210
In the default configuration mode
211
(outlierDetection.splitExternalLocalOriginErrors is false) this detection
212
type takes into account all types of errors: locally and externally
214
In split mode (outlierDetection.splitExternalLocalOriginErrors is true),
215
locally originated errors and externally originated (transaction) errors
216
are counted and treated separately.
220
The number of hosts in a cluster that must have enough request volume to
221
detect success rate outliers. If the number of hosts is less than this
222
setting, outlier detection via success rate statistics is not performed
223
for any host in the cluster.
228
The minimum number of total requests that must be collected in one
229
interval (as defined by the interval duration configured in
230
outlierDetection section) to include this host in success rate based
231
outlier detection. If the volume is lower than this setting, outlier
232
detection via success rate statistics is not performed for that host.
235
standardDeviationFactor:
240
This factor is used to determine the ejection threshold for success rate
241
outlier ejection. The ejection threshold is the difference between
242
the mean success rate, and the product of this factor and the standard
243
deviation of the mean success rate: mean - (standard_deviation *
244
success_rate_standard_deviation_factor).
245
Either int or decimal represented as string.
246
x-kubernetes-int-or-string: true
250
In the default mode (outlierDetection.splitExternalAndLocalErrors is
251
false) this detection type takes into account all generated errors:
252
locally originated and externally originated (transaction) errors.
253
In split mode (outlierDetection.splitExternalLocalOriginErrors is true)
254
this detection type takes into account only externally originated
255
(transaction) errors, ignoring locally originated errors.
256
If an upstream host is an HTTP-server, only 5xx types of error are taken
257
into account (see Consecutive Gateway Failure for exceptions).
258
Properly formatted responses, even when they carry an operational error
259
(like index not found, access denied) are not taken into account.
263
The number of consecutive server-side error responses (for HTTP traffic,
264
5xx responses; for TCP traffic, connection failures; for Redis, failure
265
to respond PONG; etc.) before a consecutive total failure ejection
272
description: When set to true, outlierDetection configuration
273
won't take any effect
277
The time interval between ejection analysis sweeps. This can result in
278
both new ejections and hosts being returned to service.
282
The maximum % of an upstream cluster that can be ejected due to outlier
283
detection. Defaults to 10% but will eject at least one host regardless of
287
splitExternalAndLocalErrors:
289
Determines whether to distinguish local origin failures from external
290
errors. If set to true the following configuration parameters are taken
291
into account: detectors.localOriginFailures.consecutive
297
TargetRef is a reference to the resource that represents a group of
301
description: Kind of the referenced resource
311
description: Mesh is reserved for future use to identify
312
cross mesh resources.
316
Name of the referenced resource. Can only be used with kinds: `MeshService`,
317
`MeshServiceSubset` and `MeshGatewayRoute`
321
ProxyTypes specifies the data plane types that are subject to the policy. When not specified,
322
all data plane types are targeted by the policy.
331
additionalProperties:
334
Tags used to select a subset of proxies by tags. Can only be used with kinds
335
`MeshSubset` and `MeshServiceSubset`
344
TargetRef is a reference to the resource the policy takes an effect on.
345
The resource could be either a real store object or virtual resource
349
description: Kind of the referenced resource
359
description: Mesh is reserved for future use to identify cross
364
Name of the referenced resource. Can only be used with kinds: `MeshService`,
365
`MeshServiceSubset` and `MeshGatewayRoute`
369
ProxyTypes specifies the data plane types that are subject to the policy. When not specified,
370
all data plane types are targeted by the policy.
379
additionalProperties:
382
Tags used to select a subset of proxies by tags. Can only be used with kinds
383
`MeshSubset` and `MeshServiceSubset`
388
To list makes a match between the consumed services and corresponding
394
Default is a configuration specific to the group of destinations
395
referenced in 'targetRef'
399
ConnectionLimits contains configuration of each circuit breaking limit,
400
which when exceeded makes the circuit breaker to become open (no traffic
401
is allowed like no current is allowed in the circuits when physical
402
circuit breaker ir open)
406
The maximum number of connection pools per cluster that are concurrently
407
supported at once. Set this for clusters which create a large number of
413
The maximum number of connections allowed to be made to the upstream
419
The maximum number of pending requests that are allowed to the upstream
420
cluster. This limit is applied as a connection limit for non-HTTP
426
The maximum number of parallel requests that are allowed to be made
427
to the upstream cluster. This limit does not apply to non-HTTP traffic.
432
The maximum number of parallel retries that will be allowed to
433
the upstream cluster.
439
OutlierDetection contains the configuration of the process of dynamically
440
determining whether some number of hosts in an upstream cluster are
441
performing unlike the others and removing them from the healthy load
442
balancing set. Performance might be along different axes such as
443
consecutive failures, temporal success rate, temporal latency, etc.
444
Outlier detection is a form of passive health checking.
448
The base time that a host is ejected for. The real time is equal to
449
the base time multiplied by the number of times the host has been
453
description: Contains configuration for supported outlier
458
Failure Percentage based outlier detection functions similarly to success
459
rate detection, in that it relies on success rate data from each host in
460
a cluster. However, rather than compare those values to the mean success
461
rate of the cluster as a whole, they are compared to a flat
462
user-configured threshold. This threshold is configured via the
463
outlierDetection.failurePercentageThreshold field.
464
The other configuration fields for failure percentage based detection are
465
similar to the fields for success rate detection. As with success rate
466
detection, detection will not be performed for a host if its request
467
volume over the aggregation interval is less than the
468
outlierDetection.detectors.failurePercentage.requestVolume value.
469
Detection also will not be performed for a cluster if the number of hosts
470
with the minimum required request volume in an interval is less than the
471
outlierDetection.detectors.failurePercentage.minimumHosts value.
475
The minimum number of hosts in a cluster in order to perform failure
476
percentage-based ejection. If the total number of hosts in the cluster is
477
less than this value, failure percentage-based ejection will not be
483
The minimum number of total requests that must be collected in one
484
interval (as defined by the interval duration above) to perform failure
485
percentage-based ejection for this host. If the volume is lower than this
486
setting, failure percentage-based ejection will not be performed for this
492
The failure percentage to use when determining failure percentage-based
493
outlier detection. If the failure percentage of a given host is greater
494
than or equal to this value, it will be ejected.
500
In the default mode (outlierDetection.splitExternalLocalOriginErrors is
501
false) this detection type takes into account a subset of 5xx errors,
502
called "gateway errors" (502, 503 or 504 status code) and local origin
503
failures, such as timeout, TCP reset etc.
504
In split mode (outlierDetection.splitExternalLocalOriginErrors is true)
505
this detection type takes into account a subset of 5xx errors, called
506
"gateway errors" (502, 503 or 504 status code) and is supported only by
511
The number of consecutive gateway failures (502, 503, 504 status codes)
512
before a consecutive gateway failure ejection occurs.
518
This detection type is enabled only when
519
outlierDetection.splitExternalLocalOriginErrors is true and takes into
520
account only locally originated errors (timeout, reset, etc).
521
If Envoy repeatedly cannot connect to an upstream host or communication
522
with the upstream host is repeatedly interrupted, it will be ejected.
523
Various locally originated problems are detected: timeout, TCP reset,
524
ICMP errors, etc. This detection type is supported by http router and
529
The number of consecutive locally originated failures before ejection
530
occurs. Parameter takes effect only when splitExternalAndLocalErrors
537
Success Rate based outlier detection aggregates success rate data from
538
every host in a cluster. Then at given intervals ejects hosts based on
539
statistical outlier detection. Success Rate outlier detection will not be
540
calculated for a host if its request volume over the aggregation interval
541
is less than the outlierDetection.detectors.successRate.requestVolume
543
Moreover, detection will not be performed for a cluster if the number of
544
hosts with the minimum required request volume in an interval is less
545
than the outlierDetection.detectors.successRate.minimumHosts value.
546
In the default configuration mode
547
(outlierDetection.splitExternalLocalOriginErrors is false) this detection
548
type takes into account all types of errors: locally and externally
550
In split mode (outlierDetection.splitExternalLocalOriginErrors is true),
551
locally originated errors and externally originated (transaction) errors
552
are counted and treated separately.
556
The number of hosts in a cluster that must have enough request volume to
557
detect success rate outliers. If the number of hosts is less than this
558
setting, outlier detection via success rate statistics is not performed
559
for any host in the cluster.
564
The minimum number of total requests that must be collected in one
565
interval (as defined by the interval duration configured in
566
outlierDetection section) to include this host in success rate based
567
outlier detection. If the volume is lower than this setting, outlier
568
detection via success rate statistics is not performed for that host.
571
standardDeviationFactor:
576
This factor is used to determine the ejection threshold for success rate
577
outlier ejection. The ejection threshold is the difference between
578
the mean success rate, and the product of this factor and the standard
579
deviation of the mean success rate: mean - (standard_deviation *
580
success_rate_standard_deviation_factor).
581
Either int or decimal represented as string.
582
x-kubernetes-int-or-string: true
586
In the default mode (outlierDetection.splitExternalAndLocalErrors is
587
false) this detection type takes into account all generated errors:
588
locally originated and externally originated (transaction) errors.
589
In split mode (outlierDetection.splitExternalLocalOriginErrors is true)
590
this detection type takes into account only externally originated
591
(transaction) errors, ignoring locally originated errors.
592
If an upstream host is an HTTP-server, only 5xx types of error are taken
593
into account (see Consecutive Gateway Failure for exceptions).
594
Properly formatted responses, even when they carry an operational error
595
(like index not found, access denied) are not taken into account.
599
The number of consecutive server-side error responses (for HTTP traffic,
600
5xx responses; for TCP traffic, connection failures; for Redis, failure
601
to respond PONG; etc.) before a consecutive total failure ejection
608
description: When set to true, outlierDetection configuration
609
won't take any effect
613
The time interval between ejection analysis sweeps. This can result in
614
both new ejections and hosts being returned to service.
618
The maximum % of an upstream cluster that can be ejected due to outlier
619
detection. Defaults to 10% but will eject at least one host regardless of
623
splitExternalAndLocalErrors:
625
Determines whether to distinguish local origin failures from external
626
errors. If set to true the following configuration parameters are taken
627
into account: detectors.localOriginFailures.consecutive
633
TargetRef is a reference to the resource that represents a group of
637
description: Kind of the referenced resource
647
description: Mesh is reserved for future use to identify
648
cross mesh resources.
652
Name of the referenced resource. Can only be used with kinds: `MeshService`,
653
`MeshServiceSubset` and `MeshGatewayRoute`
657
ProxyTypes specifies the data plane types that are subject to the policy. When not specified,
658
all data plane types are targeted by the policy.
667
additionalProperties:
670
Tags used to select a subset of proxies by tags. Can only be used with kinds
671
`MeshSubset` and `MeshServiceSubset`