You are browsing documentation for a version of Kuma that is not the latest release.
Looking for even older versions? Learn more.
This policy uses new policy matching algorithm. Do not combine with CircuitBreaker.
This policy will look for errors in the live traffic being exchanged between our data plane proxies. It will mark a data proxy as unhealthy if certain conditions are met. The policy will ensure that no additional traffic can reach an unhealthy data plane proxy until it is healthy again.
Circuit breakers - unlike active MeshHealthChecks - do not send additional traffic to our data plane proxies but they rather inspect the existing service traffic. They are also commonly used to prevent cascading failures.
Like a real-world circuit breaker when the circuit is closed then traffic between a source and destination data plane proxy is allowed to freely flow through it. When it is open then the traffic is interrupted.
The conditions that determine when a circuit breaker is closed or open are being configured on connection limits or outlier detection basis. For outlier detection to open circuit breaker you can configure what we call “detectors”. This policy provides 5 different types of detectors, and they are triggered on some deviations in the upstream service behavior. All detectors could coexist on the same outbound interface.
Once one of the detectors has been triggered the corresponding data plane proxy is ejected from the set of the load
balancer for a period equal to baseEjectionTime. Every further ejection of the same data plane
proxy will further extend the baseEjectionTime multiplied by the number of ejections: for example
the 4th ejection will be lasting for a period of time of
4 * baseEjectionTime.
This policy provides passive checks. If you want to configure active checks, please utilize the MeshHealthCheck policy. Data plane proxies with passive checks won’t explicitly send requests to other data plane proxies to determine if target proxies are healthy or not.
TargetRef support matrix
|TargetRef type||top level||to||from|
To learn more about the information in this table, see the matching docs.
maxConnections- (optional) The maximum number of connections allowed to be made to the upstream Envoy Cluster. If not specified then equal to “1024”.
maxConnectionPools- (optional) The maximum number of connection pools per Envoy Cluster that are concurrently supported at once. Set this for Envoy Clusters which create a large number of connection pools. If not specified, the default is unlimited.
maxPendingRequests- (optional) The maximum number of pending requests that are allowed to the upstream Envoy Cluster. This limit is applied as a connection limit for non-HTTP traffic. If not specified then equal to “1024”.
maxRetries- (optional) The maximum number of parallel retries that will be allowed to the upstream Envoy Cluster. If not specified then equal to “3”.
maxRequests- (optional) The maximum number of parallel requests that are allowed to be made to the upstream Envoy Cluster. This limit does not apply to non-HTTP traffic. If not specified then equal to “1024”.
Outlier detection can be configured for HTTP, TCP or gRPC traffic.
For gRPC requests, the outlier detection will use the HTTP status mapped from the
grpc-status response header.
disabled- (optional) When set to true, outlierDetection configuration won’t take any effect.
interval- (optional) The time interval between ejection analysis sweeps. This can result in both new ejections and hosts being returned to service.
baseEjectionTime- (optional) The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected.
maxEjectionPercent- (optional) The maximum % of an upstream Envoy Clusters that can be ejected due to outlier detection. Defaults to 10% but will eject at least one host regardless of the value.
splitExternalAndLocalErrors- (optional) Determines whether to distinguish local origin failures from external errors. If set to true the following configuration parameters are taken into account:
detectors- Contains configuration for supported outlier detectors. At least one detector needs to be configured when policy is configured for outlier detection.
Configuration for supported outlier detectors. At least one detector needs to be configured when policy is configured for outlier detection.
Depending on mode the outlier detection can take into account all or externally originated (transaction) errors only.
Default mode is when
splitExternalAndLocalErrors is not set or equal
This detection type takes into account all generated errors: locally originated and externally originated (transaction) errors.
totalFailures.consecutive- The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; etc.) before a consecutive total failure ejection occurs.
type: MeshCircuitBreaker mesh: default name: circuit-breaker spec: targetRef: kind: Mesh to: - targetRef: kind: Mesh default: outlierDetection: detectors: totalFailures: consecutive: 10
Basic circuit breaker for outbound traffic from web, to backend service
apiVersion: kuma.io/v1alpha1 kind: MeshCircuitBreaker metadata: name: web-to-backend-circuit-breaker namespace: kuma-system labels: kuma.io/mesh: default spec: targetRef: kind: MeshService name: web_kuma-demo_svc_8080 to: - targetRef: kind: MeshService name: backend_kuma-demo_svc_8080 default: connectionLimits: maxConnections: 2 maxPendingRequests: 8 maxRetries: 2 maxRequests: 2
Outlier detection for inbound traffic to backend service
apiVersion: kuma.io/v1alpha1 kind: MeshCircuitBreaker metadata: name: backend-inbound-outlier-detection namespace: kuma-system labels: kuma.io/mesh: default spec: targetRef: kind: MeshService name: web_kuma-demo_svc_8080 from: - targetRef: kind: Mesh default: outlierDetection: interval: 5s baseEjectionTime: 30s maxEjectionPercent: 20 splitExternalAndLocalErrors: true detectors: totalFailures: consecutive: 10 gatewayFailures: consecutive: 10 localOriginFailures: consecutive: 10 successRate: minimumHosts: 5 requestVolume: 10 standardDeviationFactor: 1.9 failurePercentage: requestVolume: 10 minimumHosts: 5 threshold: 85