MeshFaultInjection

With the MeshFaultInjection policy you can easily test your microservices against resiliency.

This policy uses a new policy matching algorithm. Do not combine with FaultInjection.

`targetRef` support matrix

`targetRef`	Allowed kinds
`targetRef.kind`	`Mesh`, `Dataplane`
`from[].targetRef.kind`	`Mesh`, `MeshSubset`, `MeshServiceSubset`

`targetRef`	Allowed kinds
`targetRef.kind`	`Mesh`, `MeshGateway`, `MeshGateway` with listener `tags`
`to[].targetRef.kind`	`Mesh`

To learn more about the information in this table, see the matching docs.

Configuration

MeshFaultInjection allows configuring a list of HTTP faults. They execute in the same order as they were defined.

default:
  http:
    - abort:
        httpStatus: 500
        percentage: "2.5"
      delay:
        value: 5s
        percentage: 5
      responseBandwidth:
        limit: "50Mbps"
        percentage: 50
    - abort:
        httpStatus: 500
        percentage: 10
    - delay:
        value: 5s
        percentage: 5

It’s worth mentioning that percentage of the next filter depends on the percentage of previous ones.

http:
  - abort:
      httpStatus: 500
      percentage: 70
  - abort:
      httpStatus: 503
      percentage: 50

That means that for 70% of requests, it returns 500 and for 50% of the 30% that passed it returns 503.

Abort

Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination data plane by predefined status code.

httpStatus - HTTP status code which will be returned to source side, has to be in [100 - 599] range
percentage - a percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range. If the value is a double number, put it in quotes.

Delay

Delay defines a configuration of delaying a response from a destination.

value - the duration during which the response will be delayed
percentage - a percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range. If the value is a double number, put it in quotes.

ResponseBandwidth limit

ResponseBandwidth defines a configuration to limit the speed of responding to requests.

limit - represented by value measure in Gbps, Mbps, kbps, or bps, for example 10kbps
percentage - a percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range. If the value is a double number, put it in quotes.

Examples

Service backend returns 500 for 50% of requests from frontend service

        
          Kubernetes
        
      

        
          Universal
        
      

    
      apiVersion: kuma.io/v1alpha1
kind: MeshFaultInjection
metadata:
  name: default-fault-injection
  namespace: kuma-demo
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: MeshSubset
      tags:
        kuma.io/service: frontend
    default:
      http:
      - abort:
          httpStatus: 500
          percentage: 50

    
      type: MeshFaultInjection
mesh: default
name: default-fault-injection
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: MeshSubset
      tags:
        kuma.io/service: frontend
    default:
      http:
      - abort:
          httpStatus: 500
          percentage: 50

    
  

50.5% of requests to service backend from any service is going to be delayed by 5 seconds

        
          Kubernetes
        
      

        
          Universal
        
      

    
      apiVersion: kuma.io/v1alpha1
kind: MeshFaultInjection
metadata:
  name: default-fault-injection
  namespace: kuma-demo
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: Mesh
      name: default
    default:
      http:
      - delay:
          percentage: '50.5'
          value: 5s

    
      type: MeshFaultInjection
mesh: default
name: default-fault-injection
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: Mesh
      name: default
    default:
      http:
      - delay:
          percentage: '50.5'
          value: 5s

    
  

Backend service with a list of faults that are applied for frontend service

        
          Kubernetes
        
      

        
          Universal
        
      

    
      apiVersion: kuma.io/v1alpha1
kind: MeshFaultInjection
metadata:
  name: default-fault-injection
  namespace: kuma-demo
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: MeshSubset
      tags:
        kuma.io/service: frontend
    default:
      http:
      - abort:
          httpStatus: 500
          percentage: '2.5'
      - abort:
          httpStatus: 500
          percentage: 10
      - delay:
          value: 5s
          percentage: 5

    
      type: MeshFaultInjection
mesh: default
name: default-fault-injection
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: backend
  from:
  - targetRef:
      kind: MeshSubset
      tags:
        kuma.io/service: frontend
    default:
      http:
      - abort:
          httpStatus: 500
          percentage: '2.5'
      - abort:
          httpStatus: 500
          percentage: 10
      - delay:
          value: 5s
          percentage: 5

    
  

All policy options

Spec is the specification of the Kuma MeshFaultInjection resource.

Type: object

Properties

from
- From list makes a match between clients and corresponding configurations
- Type: array
  - Items
  - Type: object
  - Properties
    - default
      - Default is a configuration specific to the group of destinations referenced in'targetRef'
      - Type: object
      - Properties
        
        http
        
        Http allows to define list of Http faults between dataplanes.
        
        Type: array
        
        Items
        
        FaultInjection defines the configuration of faults between dataplanes.
        
        Type: object
        
        Properties
        
        abort
        
        Abort defines a configuration of not delivering requests to destinationservice and replacing the responses from destination dataplane bypredefined status code
        
        Type: object
        
        Properties
        
        httpStatus required
        
        HTTP status code which will be returned to source side
        
        Type: integer
        
        percentage required
        
        Percentage of requests on which abort will be injected, has to beeither int or decimal represented as string.
        
        delay
        
        Delay defines configuration of delaying a response from a destination
        
        Type: object
        
        Properties
        
        percentage required
        
        Percentage of requests on which delay will be injected, has to beeither int or decimal represented as string.
        
        value required
        
        The duration during which the response will be delayed
        
        Type: string
        
        responseBandwidth
        
        ResponseBandwidth defines a configuration to limit the speed ofresponding to the requests
        
        Type: object
        
        Properties
        
        limit required
        
        Limit is represented by value measure in Gbps, Mbps, kbps, e.g.10kbps
        
        Type: string
        
        percentage required
        
        Percentage of requests on which response bandwidth limit will beeither int or decimal represented as string.
    - targetRef required
      - TargetRef is a reference to the resource that represents a group ofdestinations.
      - Type: object
      - Properties
        
        kind required
        
        Kind of the referenced resource
        
        Type: string
        
        The value is restricted to the following:
        
        "Mesh"
        
        "MeshSubset"
        
        "MeshGateway"
        
        "MeshService"
        
        "MeshExternalService"
        
        "MeshMultiZoneService"
        
        "MeshServiceSubset"
        
        "MeshHTTPRoute"
        
        "Dataplane"
        
        labels
        
        Labels are used to select group of MeshServices that match labels. Either Labels orName and Namespace can be used.
        
        Type: object
        
        This schema accepts additional properties.
        
        Properties
        
        mesh
        
        Mesh is reserved for future use to identify cross mesh resources.
        
        Type: string
        
        name
        
        Name of the referenced resource. Can only be used with kinds: MeshService,MeshServiceSubset and MeshGatewayRoute
        
        Type: string
        
        namespace
        
        Namespace specifies the namespace of target resource. If empty only resources in policy namespacewill be targeted.
        
        Type: string
        
        proxyTypes
        
        ProxyTypes specifies the data plane types that are subject to the policy. When not specified,all data plane types are targeted by the policy.
        
        Type: array
        
        Items
        
        Type: string
        
        The value is restricted to the following:
        
        "Sidecar"
        
        "Gateway"
        
        sectionName
        
        SectionName is used to target specific section of resource.For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected.
        
        Type: string
        
        tags
        
        Tags used to select a subset of proxies by tags. Can only be used with kindsMeshSubset and MeshServiceSubset
        
        Type: object
        
        This schema accepts additional properties.
        
        Properties
targetRef
- TargetRef is a reference to the resource the policy takes an effect on.The resource could be either a real store object or virtual resourcedefined inplace.
- Type: object
- Properties
  - kind required
    - Kind of the referenced resource
    - Type: string
    - The value is restricted to the following:
      1. "Mesh"
      2. "MeshSubset"
      3. "MeshGateway"
      4. "MeshService"
      5. "MeshExternalService"
      6. "MeshMultiZoneService"
      7. "MeshServiceSubset"
      8. "MeshHTTPRoute"
      9. "Dataplane"
  - labels
    - Labels are used to select group of MeshServices that match labels. Either Labels orName and Namespace can be used.
    - Type: object
    - This schema accepts additional properties.
    - Properties
  - mesh
    - Mesh is reserved for future use to identify cross mesh resources.
    - Type: string
  - name
    - Name of the referenced resource. Can only be used with kinds: MeshService,MeshServiceSubset and MeshGatewayRoute
    - Type: string
  - namespace
    - Namespace specifies the namespace of target resource. If empty only resources in policy namespacewill be targeted.
    - Type: string
  - proxyTypes
    - ProxyTypes specifies the data plane types that are subject to the policy. When not specified,all data plane types are targeted by the policy.
    - Type: array
      - Items
      - Type: string
      - The value is restricted to the following:
        
        "Sidecar"
        
        "Gateway"
  - sectionName
    - SectionName is used to target specific section of resource.For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected.
    - Type: string
  - tags
    - Tags used to select a subset of proxies by tags. Can only be used with kindsMeshSubset and MeshServiceSubset
    - Type: object
    - This schema accepts additional properties.
    - Properties
to
- To list makes a match between clients and corresponding configurations
- Type: array
  - Items
  - Type: object
  - Properties
    - default
      - Default is a configuration specific to the group of destinations referenced in'targetRef'
      - Type: object
      - Properties
        
        http
        
        Http allows to define list of Http faults between dataplanes.
        
        Type: array
        
        Items
        
        FaultInjection defines the configuration of faults between dataplanes.
        
        Type: object
        
        Properties
        
        abort
        
        Abort defines a configuration of not delivering requests to destinationservice and replacing the responses from destination dataplane bypredefined status code
        
        Type: object
        
        Properties
        
        httpStatus required
        
        HTTP status code which will be returned to source side
        
        Type: integer
        
        percentage required
        
        Percentage of requests on which abort will be injected, has to beeither int or decimal represented as string.
        
        delay
        
        Delay defines configuration of delaying a response from a destination
        
        Type: object
        
        Properties
        
        percentage required
        
        Percentage of requests on which delay will be injected, has to beeither int or decimal represented as string.
        
        value required
        
        The duration during which the response will be delayed
        
        Type: string
        
        responseBandwidth
        
        ResponseBandwidth defines a configuration to limit the speed ofresponding to the requests
        
        Type: object
        
        Properties
        
        limit required
        
        Limit is represented by value measure in Gbps, Mbps, kbps, e.g.10kbps
        
        Type: string
        
        percentage required
        
        Percentage of requests on which response bandwidth limit will beeither int or decimal represented as string.
    - targetRef required
      - TargetRef is a reference to the resource that represents a group ofdestinations.
      - Type: object
      - Properties
        
        kind required
        
        Kind of the referenced resource
        
        Type: string
        
        The value is restricted to the following:
        
        "Mesh"
        
        "MeshSubset"
        
        "MeshGateway"
        
        "MeshService"
        
        "MeshExternalService"
        
        "MeshMultiZoneService"
        
        "MeshServiceSubset"
        
        "MeshHTTPRoute"
        
        "Dataplane"
        
        labels
        
        Labels are used to select group of MeshServices that match labels. Either Labels orName and Namespace can be used.
        
        Type: object
        
        This schema accepts additional properties.
        
        Properties
        
        mesh
        
        Mesh is reserved for future use to identify cross mesh resources.
        
        Type: string
        
        name
        
        Name of the referenced resource. Can only be used with kinds: MeshService,MeshServiceSubset and MeshGatewayRoute
        
        Type: string
        
        namespace
        
        Namespace specifies the namespace of target resource. If empty only resources in policy namespacewill be targeted.
        
        Type: string
        
        proxyTypes
        
        ProxyTypes specifies the data plane types that are subject to the policy. When not specified,all data plane types are targeted by the policy.
        
        Type: array
        
        Items
        
        Type: string
        
        The value is restricted to the following:
        
        "Sidecar"
        
        "Gateway"
        
        sectionName
        
        SectionName is used to target specific section of resource.For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected.
        
        Type: string
        
        tags
        
        Tags used to select a subset of proxies by tags. Can only be used with kindsMeshSubset and MeshServiceSubset
        
        Type: object
        
        This schema accepts additional properties.
        
        Properties

Generated with json-schema-md-doc Wed Mar 26 2025 09:41:36 GMT+0000 (Coordinated Universal Time)