GetPolicy returns a policy with the specified name.
GetPolicy returns a policy with the specified name.
Path Parameters
- name string required
- 200
- default
A successful response.
- application/json
- Schema
- Example (from schema)
Schema
policy object
Policy expresses observability-driven control logic.
infoSee also Policy overview.
Policy specification contains a circuit that defines the controller logic and resources that need to be setup.
circuit object
Defines the control-loop logic of the policy.
components object[]
Defines a signal processing graph as a list of components.
Array [alerter object
Alerter reacts to a signal and generates alert to send to alert manager.
in_ports object
Input ports for the Alerter component.
signal object
Signal which Alerter is monitoring. If the signal greater than 0, Alerter generates an alert.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
parameters object required
Alerter Parameters configure parameters such as alert name, severity, resolve timeout, alert channels and labels.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
and object
Logical AND.
in_ports object
Input ports for the And component.
inputs object[]
Array of input signals.
Array [constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
]out_ports object
Output ports for the And component.
output object
Result of logical AND of all the input signals.
Will always be 0 (false), 1 (true) or invalid (unknown).
signal_name stringName of the outgoing Signal on the OutPort.
arithmetic_combinator object
Applies the given operator on input operands (signals) and emits the result.
in_ports object
Input ports for the Arithmetic Combinator component.
lhs object
Left hand side of the arithmetic operation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
rhs object
Right hand side of the arithmetic operation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
operator stringPossible values: [
add
,sub
,mul
,div
,xor
,lshift
,rshift
]Operator of the arithmetic operation.
The arithmetic operation can be addition, subtraction, multiplication, division, XOR, right bit shift or left bit shift. In case of XOR and bit shifts, value of signals is cast to integers before performing the operation.
out_ports object
Output ports for the Arithmetic Combinator component.
output object
Result of arithmetic operation.
signal_name stringName of the outgoing Signal on the OutPort.
auto_scale object
AutoScale components are used to scale the service.
auto_scaler object
AutoScaler provides auto-scaling functionality for any scalable resource.
dry_run booleanDry run mode ensures that no scaling is invoked by this auto scaler. This is useful for observing the behavior of auto scaler without disrupting any real deployment. This parameter sets the default value of dry run setting which can be overridden at runtime using dynamic configuration.
dry_run_config_key stringConfiguration key for overriding dry run setting through dynamic configuration.
scale_in_controllers object[]
List of Controllers for scaling in.
Array [alerter object required
Configuration for embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
controller object required
gradient object
Decreasing Gradient defines a controller for scaling in based on Gradient Controller.
in_ports object
Input ports for the Gradient.
setpoint object
The setpoint to use for scale-in.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object
The signal to use for scale-in.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
parameters object
This allows subset of parameters with constrained values compared to a regular gradient controller. For full documentation of these parameters, refer to the GradientControllerParameters.
min_gradient doubleDefault value:
-1.7976931348623157e+308
slope doubleDefault value:
1
periodic object
PeriodicDecrease defines a controller for scaling in based on a periodic timer.
period string requiredThe period of the timer. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
scale_in_percentage double requiredPossible values:
<= 100
The percentage of scale to reduce.
]scale_out_controllers object[]
List of Controllers for scaling out.
Array [alerter object required
Configuration for embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
controller object required
gradient object
Increasing Gradient defines a controller for scaling out based on Gradient Controller.
in_ports object
Input ports for the Gradient.
setpoint object
The setpoint to use for scale-out.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object
The signal to use for scale-out.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
parameters object
This allows subset of parameters with constrained values compared to a regular gradient controller. For full documentation of these parameters, refer to the GradientControllerParameters.
max_gradient doubleDefault value:
1.7976931348623157e+308
slope doubleDefault value:
1
]scaling_backend object required
kubernetes_replicas object
KubernetesReplicas defines a horizontal pod scaler for Kubernetes.
kubernetes_object_selector object required
The Kubernetes object on which horizontal scaling is applied.
api_version API version of Kubernetes resource requiredkind string requiredKubernetes resource type.
name string requiredKubernetes resource name.
namespace string requiredKubernetes namespace that the resource belongs to.
max_replicas int64Possible values:
non-empty
Default value:
9223372036854775807
The maximum replicas to which the AutoScaler can scale-out.
min_replicas int64Default value:
0
The minimum replicas to which the AutoScaler can scale-in.
out_ports object
Output ports for Kubernetes Replicas.
actual_replicas object
signal_name stringName of the outgoing Signal on the OutPort.
configured_replicas object
signal_name stringName of the outgoing Signal on the OutPort.
desired_replicas object
signal_name stringName of the outgoing Signal on the OutPort.
scaling_parameters object required
Parameters that define the scaling behavior.
cooldown_override_percentage doubleDefault value:
50
Cooldown override percentage defines a threshold change in scale-out beyond which previous cooldown is overridden. For example, if the cooldown is 5 minutes and the cooldown override percentage is 10%, then if the scale-increases by 10% or more, the previous cooldown is canceled. Defaults to 50%.
max_scale_in_percentage doubleDefault value:
1
The maximum decrease of scale (for example, pods) at one time. Defined as percentage of current scale value. Can never go below one even if percentage computation is less than one. Defaults to 1% of current scale value.
max_scale_out_percentage doubleDefault value:
10
The maximum increase of scale (for example, pods) at one time. Defined as percentage of current scale value. Can never go below one even if percentage computation is less than one. Defaults to 10% of current scale value.
scale_in_alerter object required
Configuration for scale-in Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
scale_in_cooldown stringDefault value:
120s
The amount of time to wait after a scale-in operation for another scale-in operation. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
scale_out_alerter object required
Configuration for scale-out Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
scale_out_cooldown stringDefault value:
30s
The amount of time to wait after a scale-out operation for another scale-out or scale-in operation. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
pod_scaler object
PodScaler provides pod horizontal scaling functionality for scalable Kubernetes resources.
dry_run booleanDry run mode ensures that no scaling is invoked by this pod scaler. This is useful for observing the behavior of pod scaler without disrupting any real deployment. This parameter sets the default value of dry run setting which can be overridden at runtime using dynamic configuration.
dry_run_config_key stringConfiguration key for overriding dry run setting through dynamic configuration.
in_ports object
Input ports for the PodScaler component.
replicas object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
kubernetes_object_selector object required
The Kubernetes object to which this pod scaler applies.
api_version API version of Kubernetes resource requiredkind string requiredKubernetes resource type.
name string requiredKubernetes resource name.
namespace string requiredKubernetes namespace that the resource belongs to.
out_ports object
Output ports for the PodScaler component.
actual_replicas object
The number of replicas that are currently running.
signal_name stringName of the outgoing Signal on the OutPort.
configured_replicas object
The number of replicas that are desired.
signal_name stringName of the outgoing Signal on the OutPort.
bool_variable object
BoolVariable emits a constant Boolean signal which can be changed at runtime through dynamic configuration.
config_key stringConfiguration key for overriding value setting through dynamic configuration.
constant_output booleanThe constant Boolean signal emitted by this component. The value of the constant Boolean signal can be overridden at runtime through dynamic configuration.
out_ports object
Output ports for the BoolVariable component.
output object
The value is emitted to the output port.
signal_name stringName of the outgoing Signal on the OutPort.
decider object
Decider emits the binary result of comparison operator on two operands.
false_for stringDefault value:
0s
Duration of time to wait before changing to false state. If the duration is zero, the change will happen instantaneously. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
in_ports object
Input ports for the Decider component.
lhs object
Left hand side input signal for the comparison operation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
rhs object
Right hand side input signal for the comparison operation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
operator stringPossible values: [
gt
,lt
,gte
,lte
,eq
,neq
]Comparison operator that computes operation on LHS and RHS input signals.
out_ports object
Output ports for the Decider component.
output object
Selected signal (1.0 or 0.0).
signal_name stringName of the outgoing Signal on the OutPort.
true_for stringDefault value:
0s
Duration of time to wait before changing to true state. If the duration is zero, the change will happen instantaneously.``` This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
differentiator object
Differentiator calculates rate of change per tick. Deprecated: v3.0.0. Use
PIDController
instead.in_ports object
Input ports for the Differentiator component.
input object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Differentiator component.
output object
signal_name stringName of the outgoing Signal on the OutPort.
window stringDefault value:
5s
The window of time over which differentiator operates. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
ema object
Exponential Moving Average filter.
in_ports object
Input ports for the EMA component.
input object
Input signal to be used for the EMA computation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
max_envelope object
Upper bound of the moving average.
When the signal exceeds
max_envelope
it is multiplied bycorrection_factor_on_max_envelope_violation
once per tick.noteIf the signal deviates from
max_envelope
faster than the correction faster, it might end up exceeding the envelope.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
min_envelope object
Lower bound of the moving average.
Behavior is similar to
max_envelope
.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the EMA component.
output object
Exponential moving average of the series of reading as an output signal.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the EMA component.
correction_factor_on_max_envelope_violation doubleDefault value:
1
Correction factor to apply on the output value if its in violation of the max envelope.
correction_factor_on_min_envelope_violation doubleDefault value:
1
Correction factor to apply on the output value if its in violation of the min envelope.
ema_window string requiredEMA window duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
valid_during_warmup booleanDefault value:
false
Whether the output is valid during the warm-up stage.
warmup_window string requiredDuration of EMA warming up window.
The initial value of the EMA is the average of signal readings received during the warm up window. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
extrapolator object
Takes an input signal and emits the extrapolated value; either mirroring the input value or repeating the last known value up to the maximum extrapolation interval.
in_ports object
Input ports for the Extrapolator component.
input object
Input signal for the Extrapolator component.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Extrapolator component.
output object
Extrapolated signal.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Extrapolator component.
max_extrapolation_interval string requiredMaximum time interval to repeat the last valid value of input signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
first_valid object
Picks the first valid input signal and emits it.
in_ports object
Input ports for the FirstValid component.
inputs object[]
Array of input signals.
Array [constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
]out_ports object
Output ports for the FirstValid component.
output object
First valid input signal as an output signal.
signal_name stringName of the outgoing Signal on the OutPort.
flow_control object
FlowControl components are used to regulate requests flow.
adaptive_load_scheduler object
Adaptive Load Scheduler component does additive increase of load multiplier during non-overload state. During overload, the load multiplier is throttled based on the provided strategy. Deprecated: v3.0.0. Use
AIMDLoadScheduler
instead.dry_run booleanDecides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.
dry_run_config_key stringConfiguration key for setting dry run mode through dynamic configuration.
in_ports object required
Collection of input ports for the Adaptive Load Scheduler component.
overload_confirmation object
The
overload_confirmation
port provides additional criteria to determine overload state which results in Flow throttling at the service.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
setpoint object required
The setpoint input to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object required
The input signal to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Collection of output ports for the Adaptive Load Scheduler component.
desired_load_multiplier object
Desired Load multiplier is the ratio of desired token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
is_overload object
A Boolean signal that indicates whether the service is in overload state.
signal_name stringName of the outgoing Signal on the OutPort.
observed_load_multiplier object
Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Adaptive Load Scheduler component.
alerter object required
Configuration parameters for the embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
gradient object required
Parameters for the Gradient Controller.
max_gradient doubleDefault value:
1.7976931348623157e+308
Maximum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.min_gradient doubleDefault value:
-1.7976931348623157e+308
Minimum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.slope double requiredSlope controls the aggressiveness and direction of the Gradient Controller.
Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:
- $\text{slope} = 1$: when signal is too high, increase control variable,
- $\text{slope} = -1$: when signal is too high, decrease control variable,
- $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.
The sign of slope depends on correlation between the signal and control variable:
- Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
- Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).
:::note
You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.
:::
The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.
Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.
:::note
Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.
:::
load_multiplier_linear_increment doubleDefault value:
0.0025
Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the
max_load_multiplier
is reached.load_scheduler object required
Parameters for the Load Scheduler.
scheduler object
Configuration of Weighted Fair Queuing-based workload scheduler.
Contains configuration of per-agent scheduler
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]workload_latency_based_tokens booleanDefault value:
false
Automatically estimate the size of flows within each workload, based on historical latency. Each workload's
tokens
will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as(avg. latency \* in-flight flows)
(Little's Law).The value of tokens estimated takes a lower precedence than the value of
tokens
specified in the workload definition andtokens
explicitly specified in the flow labels.max_load_multiplier doubleDefault value:
2
The maximum load multiplier that can be reached during recovery from an overload state.
- Helps protect the service from request bursts while the system is still recovering.
- Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
- The pass-through mode gets disabled if the system enters the overload state again.
aiad_load_scheduler object
AIAD Load Scheduler.
dry_run booleanDecides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.
dry_run_config_key stringConfiguration key for setting dry run mode through dynamic configuration.
in_ports object
Input ports for the AIAD Load Scheduler.
overload_confirmation object
The
overload_confirmation
port provides additional criteria to determine overload state which results in Flow throttling at the service.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
setpoint object required
The setpoint input to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object required
The input signal to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the AIAD Load Scheduler.
desired_load_multiplier object
Desired Load multiplier is the ratio of desired token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
is_overload object
A Boolean signal that indicates whether the service is in overload state.
signal_name stringName of the outgoing Signal on the OutPort.
observed_load_multiplier object
Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
overload_condition Overload condition determines the criteria to determine overload state. The default condition is "gt", that is, when the signal is greater than the setpoint. The condition must be one of: <!-- vale off --> - "gt": greater than - "lt": less than - "gte": greater than or equal to - "lte": less than or equal to <!-- vale on --> requiredPossible values: [
gt
,lt
,gte
,lte
]Default value:
gt
parameters object required
Parameters for the AIAD Load Scheduler.
alerter object required
Configuration parameters for the embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
load_multiplier_linear_decrement doubleDefault value:
0.05
Linear decrement to load multiplier every 10 seconds while the system is in the overloaded state, up until the
min_load_multiplier
is reached.load_multiplier_linear_increment doubleDefault value:
0.025
Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the
max_load_multiplier
is reached.load_scheduler object required
Parameters for the Load Scheduler.
scheduler object
Configuration of Weighted Fair Queuing-based workload scheduler.
Contains configuration of per-agent scheduler
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]workload_latency_based_tokens booleanDefault value:
false
Automatically estimate the size of flows within each workload, based on historical latency. Each workload's
tokens
will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as(avg. latency \* in-flight flows)
(Little's Law).The value of tokens estimated takes a lower precedence than the value of
tokens
specified in the workload definition andtokens
explicitly specified in the flow labels.max_load_multiplier doubleDefault value:
2
The maximum load multiplier that can be reached during recovery from an overload state.
- Helps protect the service from request bursts while the system is still recovering.
- Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
- The pass-through mode gets disabled if the system enters the overload state again.
min_load_multiplier doubleDefault value:
0
The minimum load multiplier that can be reached during an overload state.
aimd_load_scheduler object
AIMD Load Scheduler.
dry_run booleanDecides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.
dry_run_config_key stringConfiguration key for setting dry run mode through dynamic configuration.
in_ports object
Input ports for the AIMD Load Scheduler.
overload_confirmation object
The
overload_confirmation
port provides additional criteria to determine overload state which results in Flow throttling at the service.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
setpoint object required
The setpoint input to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object required
The input signal to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the AIMD Load Scheduler.
desired_load_multiplier object
Desired Load multiplier is the ratio of desired token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
is_overload object
A Boolean signal that indicates whether the service is in overload state.
signal_name stringName of the outgoing Signal on the OutPort.
observed_load_multiplier object
Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the AIMD Load Scheduler.
alerter object required
Configuration parameters for the embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
gradient object required
Parameters for the Gradient Controller.
max_gradient doubleDefault value:
1.7976931348623157e+308
Maximum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.min_gradient doubleDefault value:
-1.7976931348623157e+308
Minimum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.slope double requiredSlope controls the aggressiveness and direction of the Gradient Controller.
Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:
- $\text{slope} = 1$: when signal is too high, increase control variable,
- $\text{slope} = -1$: when signal is too high, decrease control variable,
- $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.
The sign of slope depends on correlation between the signal and control variable:
- Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
- Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).
:::note
You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.
:::
The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.
Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.
:::note
Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.
:::
load_multiplier_linear_increment doubleDefault value:
0.025
Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the
max_load_multiplier
is reached.load_scheduler object required
Parameters for the Load Scheduler.
scheduler object
Configuration of Weighted Fair Queuing-based workload scheduler.
Contains configuration of per-agent scheduler
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]workload_latency_based_tokens booleanDefault value:
false
Automatically estimate the size of flows within each workload, based on historical latency. Each workload's
tokens
will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as(avg. latency \* in-flight flows)
(Little's Law).The value of tokens estimated takes a lower precedence than the value of
tokens
specified in the workload definition andtokens
explicitly specified in the flow labels.max_load_multiplier doubleDefault value:
2
The maximum load multiplier that can be reached during recovery from an overload state.
- Helps protect the service from request bursts while the system is still recovering.
- Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
- The pass-through mode gets disabled if the system enters the overload state again.
concurrency_limiter object
in_ports object required
Input ports for the Concurrency Limiter component.
max_concurrency object required
The maximum number of concurrent requests to be allowed.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
pass_through object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Concurrency Limiter component.
accept_percentage object
The percentage of flows being accepted by the Concurrency Limiter.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Concurrency Limiter component.
limit_by_label_key stringSpecifies which label the concurrency calculation should be keyed by.
Concurrency limiting is done independently for each value of the label with given key. For example, to give each API Key a separate limit, assuming you have a
api_key
flow label set up, setlimit_by_label_key: "api_key"
. If no label key is specified, then all requests matching the selectors will be concurrency limited based on the global concurrency count.max_idle_time stringDefault value:
7200s
Max idle time before concurrency count for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
max_inflight_duration string requiredThe time duration after which flow is assumed to have ended in case the end call gets missed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
request_parameters object
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
429 Too Many Requests
) that is returned when a request is denied.tokens_label_key stringFlow label key that will be used to override the number of tokens for this request. This is an optional parameter and takes highest precedence when assigning tokens to a request. The label value must be a valid number.
selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]concurrency_scheduler object
Schedules the traffic based on in-flight request concurrency.
concurrency_limiter object required
Parameter to configure concurrency limiting.
limit_by_label_key stringSpecifies which label the concurrency calculation should be keyed by.
Concurrency limiting is done independently for each value of the label with given key. For example, to give each API Key a separate limit, assuming you have a
api_key
flow label set up, setlimit_by_label_key: "api_key"
. If no label key is specified, then all requests matching the selectors will be concurrency limited based on the global concurrency count.max_idle_time stringDefault value:
7200s
Max idle time before concurrency count for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
max_inflight_duration string requiredThe time duration after which flow is assumed to have ended in case the end call gets missed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
in_ports object required
max_concurrency object required
The maximum number of concurrent requests to be allowed.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
pass_through object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Concurrency Scheduler component.
accept_percentage object
The percentage of flows being accepted by the Concurrency Limiter.
signal_name stringName of the outgoing Signal on the OutPort.
scheduler object
Scheduler is used to schedule the requests when the concurrency limit is reached.
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Flow selection criteria.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]load_ramp object
Load Ramp smoothly regulates the flow of requests over specified steps.
in_ports object
Inputs for the Load Ramp component.
backward object
Whether to progress the Load Ramp towards the previous step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
forward object
Whether to progress the Load Ramp towards the next step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
reset object
Whether to reset the Load Ramp to the first step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Outputs for the Load Ramp component.
accept_percentage object
The percentage of flows being accepted by the Load Ramp.
signal_name stringName of the outgoing Signal on the OutPort.
at_end object
A Boolean signal indicating whether the Load Ramp is at the end of signal generation.
signal_name stringName of the outgoing Signal on the OutPort.
at_start object
A Boolean signal indicating whether the Load Ramp is at the start of signal generation.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Load Ramp component.
sampler object required
Parameters for the Sampler.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
403 Forbidden
) that is returned when a request is denied.ramp_mode booleanDefault value:
false
Ramp component can accept flows with
ramp_mode
flag set.selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]session_label_key stringThe flow label key for identifying sessions.
- When label key is specified, Sampler acts as a sticky filter.
The series of flows with the same value of label key get the same
decision provided that the
accept_percentage
is same or higher. - When label key is not specified, Sampler acts as a stateless filter. Percentage of flows are selected randomly for rejection.
steps object[] required
Possible values:
>= 1
Array [duration string requiredDuration for which the step is active. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
target_accept_percentage doublePossible values:
<= 100
The value of the step.
]pass_through_label_values string[]Specify certain label values to be always accepted by the Sampler regardless of accept percentage.
pass_through_label_values_config_key stringConfiguration key for setting pass through label values through dynamic configuration.
load_scheduler object
Load Scheduler provides service protection by creating a prioritized workload queue in front of the service using Weighted Fair Queuing.
dry_run booleanDecides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.
dry_run_config_key stringConfiguration key for setting dry run mode through dynamic configuration.
in_ports object required
Input ports for the LoadScheduler component.
load_multiplier object
Load multiplier is proportion of incoming token rate that needs to be accepted. The signal gets updated once every 10 seconds.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the LoadScheduler component.
observed_load_multiplier object
Observed load multiplier is the proportion of incoming token rate that is being accepted. The signal gets updated once every 10 seconds.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
scheduler object
Configuration of Weighted Fair Queuing-based workload scheduler.
Contains configuration of per-agent scheduler
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]workload_latency_based_tokens booleanDefault value:
false
Automatically estimate the size of flows within each workload, based on historical latency. Each workload's
tokens
will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as(avg. latency \* in-flight flows)
(Little's Law).The value of tokens estimated takes a lower precedence than the value of
tokens
specified in the workload definition andtokens
explicitly specified in the flow labels.quota_scheduler object
Schedules the traffic based on token-bucket based quotas.
in_ports object required
bucket_capacity object required
Capacity of the bucket to allow for bursty traffic.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
fill_amount object required
Number of tokens to fill within an
interval
.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
pass_through object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Quota Scheduler component.
accept_percentage object
The percentage of flows being accepted.
signal_name stringName of the outgoing Signal on the OutPort.
rate_limiter object required
Parameter to configure rate limiting quotas.
continuous_fill booleanDefault value:
true
Continuous fill determines whether the token bucket should be filled continuously or only on discrete intervals.
delay_initial_fill booleanDefault value:
false
Delays the initial filling of the token bucket. If set to false, the token bucket will start filling immediately after the first request is received. This can potentially lead to more requests being accepted than the specified rate limit during the first interval. When set to true, the token bucket will be given a chance to empty out before the filling starts. The delay is equal to the time it takes to fill the bucket.
interval string requiredInterval defines the time interval in which the token bucket will fill tokens specified by
fill_amount
signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.label_key stringSpecifies which label the rate limiter should be keyed by.
Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set
label_key: "user"
. If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket. Deprecated: v3.0.0. Uselimit_by_label_key
instead.lazy_sync object
enabled Enables lazy syncDefault value:
false
num_sync int64Default value:
4
Number of times to lazy sync within the
interval
.limit_by_label_key stringSpecifies which label the rate limiter should be keyed by.
Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set
limit_by_label_key: "user"
. If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket.max_idle_time stringDefault value:
7200s
Max idle time before token bucket state for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
scheduler object
Scheduler is used to schedule the requests when the quota is exhausted.
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Flow selection criteria.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]range_driven_load_scheduler object
Range Driven Load Scheduler.
dry_run booleanDecides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.
dry_run_config_key stringConfiguration key for setting dry run mode through dynamic configuration.
in_ports object
Input ports for the Range Load Scheduler.
overload_confirmation object
The
overload_confirmation
port provides additional criteria to determine overload state which results in Flow throttling at the service.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object required
The input signal to the controller.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Range Load Scheduler.
desired_load_multiplier object
Desired Load multiplier is the ratio of desired token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
is_overload object
A Boolean signal that indicates whether the service is in overload state.
signal_name stringName of the outgoing Signal on the OutPort.
observed_load_multiplier object
Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Range Load Scheduler.
alerter object required
Configuration parameters for the embedded Alerter.
alert_channels string[]A list of alert channel strings.
alert_name string requiredName of the alert.
labels object
Additional labels to add to alert.
property name*
stringresolve_timeout stringDefault value:
5s
Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
severity stringPossible values: [
info
,warn
,crit
]Default value:
info
Severity of the alert, one of 'info', 'warn' or 'crit'.
degree double requiredhigh_throttle_threshold object required
load_multiplier doublePossible values:
<= 1
signal_value doubleload_scheduler object required
Parameters for the Load Scheduler.
scheduler object
Configuration of Weighted Fair Queuing-based workload scheduler.
Contains configuration of per-agent scheduler
decision_deadline_margin stringDefault value:
0.01s
Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the
grpc-timeout
HTTP header.Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
default_workload_parameters object
Parameters to be used if none of workloads specified in
workloads
match.priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
503 Service Unavailable
) that is returned when a request is denied.fairness_label_key stringKey for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.
priority_label_key stringKey for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.
tokens_label_key stringKey for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.
workload_label_key stringKey for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.
workloads object[]
List of workloads to be used in scheduler.
Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":
- Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
- Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.
Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match,
default_workload
will be used.infoArray [label_matcher object required
Label Matcher to select a Workload based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]name stringName of the workload.
parameters object
Parameters associated with flows matching the label matcher.
priority doubleDefault value:
1
$$ inverted_priority = {\frac {1} {priority}} $$
$$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$
queue_timeout stringTimeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
tokens doubleDefault value:
1
Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.
]selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]workload_latency_based_tokens booleanDefault value:
false
Automatically estimate the size of flows within each workload, based on historical latency. Each workload's
tokens
will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as(avg. latency \* in-flight flows)
(Little's Law).The value of tokens estimated takes a lower precedence than the value of
tokens
specified in the workload definition andtokens
explicitly specified in the flow labels.low_throttle_threshold object required
load_multiplier doublePossible values:
<= 1
signal_value doublerate_limiter object
Rate Limiter provides service protection by applying rate limits using the token bucket algorithm.
in_ports object required
bucket_capacity object required
Capacity of the bucket to allow for bursty traffic.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
fill_amount object required
Number of tokens to fill within an
interval
.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
pass_through object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Rate Limiter component.
accept_percentage object
The percentage of flows being accepted.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
continuous_fill booleanDefault value:
true
Continuous fill determines whether the token bucket should be filled continuously or only on discrete intervals.
delay_initial_fill booleanDefault value:
false
Delays the initial filling of the token bucket. If set to false, the token bucket will start filling immediately after the first request is received. This can potentially lead to more requests being accepted than the specified rate limit during the first interval. When set to true, the token bucket will be given a chance to empty out before the filling starts. The delay is equal to the time it takes to fill the bucket.
interval string requiredInterval defines the time interval in which the token bucket will fill tokens specified by
fill_amount
signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.label_key stringSpecifies which label the rate limiter should be keyed by.
Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set
label_key: "user"
. If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket. Deprecated: v3.0.0. Uselimit_by_label_key
instead.lazy_sync object
enabled Enables lazy syncDefault value:
false
num_sync int64Default value:
4
Number of times to lazy sync within the
interval
.limit_by_label_key stringSpecifies which label the rate limiter should be keyed by.
Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set
limit_by_label_key: "user"
. If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket.max_idle_time stringDefault value:
7200s
Max idle time before token bucket state for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
request_parameters object
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
429 Too Many Requests
) that is returned when a request is denied.tokens_label_key stringFlow label key that will be used to override the number of tokens for this request. This is an optional parameter and takes highest precedence when assigning tokens to a request. The label value must be a valid number.
selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]sampler object
Sampler is a component that regulates the flow of requests to the service by allowing only the specified percentage of requests or sticky sessions.
in_ports object
Input ports for the Sampler.
accept_percentage object
The percentage of requests to accept.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
parameters object required
Parameters for the Sampler.
denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtmlPossible values: [
Empty
,Continue
,OK
,Created
,Accepted
,NonAuthoritativeInformation
,NoContent
,ResetContent
,PartialContent
,MultiStatus
,AlreadyReported
,IMUsed
,MultipleChoices
,MovedPermanently
,Found
,SeeOther
,NotModified
,UseProxy
,TemporaryRedirect
,PermanentRedirect
,BadRequest
,Unauthorized
,PaymentRequired
,Forbidden
,NotFound
,MethodNotAllowed
,NotAcceptable
,ProxyAuthenticationRequired
,RequestTimeout
,Conflict
,Gone
,LengthRequired
,PreconditionFailed
,PayloadTooLarge
,URITooLong
,UnsupportedMediaType
,RangeNotSatisfiable
,ExpectationFailed
,MisdirectedRequest
,UnprocessableEntity
,Locked
,FailedDependency
,UpgradeRequired
,PreconditionRequired
,TooManyRequests
,RequestHeaderFieldsTooLarge
,InternalServerError
,NotImplemented
,BadGateway
,ServiceUnavailable
,GatewayTimeout
,HTTPVersionNotSupported
,VariantAlsoNegotiates
,InsufficientStorage
,LoopDetected
,NotExtended
,NetworkAuthenticationRequired
]Default value:
Empty
This field allows you to override the default HTTP status code (
403 Forbidden
) that is returned when a request is denied.ramp_mode booleanDefault value:
false
Ramp component can accept flows with
ramp_mode
flag set.selectors object[] required
Possible values:
>= 1
Selectors for the component.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]session_label_key stringThe flow label key for identifying sessions.
- When label key is specified, Sampler acts as a sticky filter.
The series of flows with the same value of label key get the same
decision provided that the
accept_percentage
is same or higher. - When label key is not specified, Sampler acts as a stateless filter. Percentage of flows are selected randomly for rejection.
pass_through_label_values string[]Specify certain label values to be always accepted by this Sampler regardless of accept percentage.
pass_through_label_values_config_key stringConfiguration key for setting pass through label values through dynamic configuration.
gradient_controller object
Gradient controller calculates the ratio between the signal and the setpoint to determine the magnitude of the correction that need to be applied. This controller can be used to build AIMD (Additive Increase, Multiplicative Decrease) or MIMD style response.
in_ports object
Input ports of the Gradient Controller.
control_variable object
Actual current value of the control variable.
This signal is multiplied by the gradient to produce the output.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
max object
Maximum value to limit the output signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
min object
Minimum value to limit the output signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
setpoint object
Setpoint to be used for the gradient computation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object
Signal to be used for the gradient computation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
manual_mode booleanIn manual mode, the controller does not adjust the control variable. It emits the same output as the control variable input. This setting can be adjusted at runtime through dynamic configuration without restarting the policy.
manual_mode_config_key stringConfiguration key for overriding
manual_mode
setting through dynamic configuration.out_ports object
Output ports of the Gradient Controller.
output object
Computed desired value of the control variable.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Gradient Parameters.
max_gradient doubleDefault value:
1.7976931348623157e+308
Maximum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.min_gradient doubleDefault value:
-1.7976931348623157e+308
Minimum gradient which clamps the computed gradient value to the range,
[min_gradient, max_gradient]
.slope double requiredSlope controls the aggressiveness and direction of the Gradient Controller.
Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:
- $\text{slope} = 1$: when signal is too high, increase control variable,
- $\text{slope} = -1$: when signal is too high, decrease control variable,
- $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.
The sign of slope depends on correlation between the signal and control variable:
- Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
- Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).
:::note
You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.
:::
The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.
Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.
:::note
Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.
:::
holder object
Holds the last valid signal value for the specified duration then waits for next valid value to hold.
hold_for stringDefault value:
5s
Holding the last valid signal value for the
hold_for
duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.in_ports object
Input ports for the Holder component.
input object
The input signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
reset object
Resets the holder output to the current input signal when reset signal is valid and non-zero.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Holder component.
output object
The output signal.
signal_name stringName of the outgoing Signal on the OutPort.
integrator object
Accumulates sum of signal every tick.
evaluation_interval stringThe evaluation interval of the Integrator. This determines how often the Integrator is incremented. Defaults to the evaluation interval of the circuit. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
in_ports object
Input ports for the Integrator component.
input object
The input signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
max object
The maximum output.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
min object
The minimum output.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
reset object
Resets the integrator output to zero when reset signal is valid and non-zero. Reset also resets the max and min constraints.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
initial_value doubleDefault value:
0
Initial value of the integrator.
out_ports object
Output ports for the Integrator component.
output object
signal_name stringName of the outgoing Signal on the OutPort.
inverter object
Logical NOT.
in_ports object
Input ports for the Inverter component.
input object
Signal to be negated.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Inverter component.
output object
Logical negation of the input signal.
Will always be 0 (false), 1 (true) or invalid (unknown).
signal_name stringName of the outgoing Signal on the OutPort.
max object
Emits the maximum of the input signals.
in_ports object
Input ports for the Max component.
inputs object[]
Array of input signals.
Array [constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
]out_ports object
Output ports for the Max component.
output object
Signal with maximum value as an output signal.
signal_name stringName of the outgoing Signal on the OutPort.
min object
Emits the minimum of the input signals.
in_ports object
Input ports for the Min component.
inputs object[]
Array of input signals.
Array [constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
]out_ports object
Output ports for the Min component.
output object
Signal with minimum value as an output signal.
signal_name stringName of the outgoing Signal on the OutPort.
nested_circuit object
Nested circuit defines a sub-circuit as a high-level component. It consists of a list of components and a map of input and output ports.
components object[]
List of components in the nested circuit.
Array [0123456789]in_ports_map object
Maps input port names to input ports.
property name* object (Components receive input from other components through InPorts)
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports_map object
Maps output port names to output ports.
property name* object (Components produce output for other components through OutPorts)
signal_name stringName of the outgoing Signal on the OutPort.
nested_signal_egress object
Nested signal egress is a special type of component that allows to extract a signal from a nested circuit.
in_ports object
Input ports for the NestedSignalEgress component.
signal object
Egress signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
port_name stringName of the port.
nested_signal_ingress object
Nested signal ingress is a special type of component that allows to inject a signal into a nested circuit.
out_ports object
Output ports for the NestedSignalIngress component.
signal object
Ingress signal.
signal_name stringName of the outgoing Signal on the OutPort.
port_name stringName of the port.
or object
Logical OR.
in_ports object
Input ports for the Or component.
inputs object[]
Array of input signals.
Array [constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
]out_ports object
Output ports for the Or component.
output object
Result of logical OR of all the input signals.
Will always be 0 (false), 1 (true) or invalid (unknown).
signal_name stringName of the outgoing Signal on the OutPort.
pid_controller object
PID Controller is a proportional–integral–derivative controller.
in_ports object
max object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
min object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
setpoint object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
signal object
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
output object
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
evaluation_interval stringThe evaluation interval of the PID controller. This determines how often the PID output is computed. Defaults to the evaluation interval of the circuit. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
kd doubleDefault value:
0
The derivative gain of the PID controller.
ki doubleDefault value:
0
The integral gain of the PID controller.
kp doubleDefault value:
0
The proportional gain of the PID controller.
reset_after_invalid_samples int32Possible values:
>= 1
Default value:
4
The integrator resets after the specified number of ticks if the signal or setpoint are continuously invalid. Defaults to 4 invalid samples.
polynomial_range_function object
Polynomial Range Function is a function that maps a signal to a range of values following a polynomial function.
in_ports object
input object
The input signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
output object
The output signal.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
clamp_to_custom_values object
post_end doublepre_start doubleclamp_to_datapoint Clamp to the nearest data-pointcontinue_curve Continue polynomial curvedegree doubleend object
input doubleoutput doublestart object
input doubleoutput doublepulse_generator object
Generates 0 and 1 in turns.
false_for stringDefault value:
5s
Emitting 0 for the
false_for
duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.out_ports object
Output ports for the PulseGenerator component.
output object
signal_name stringName of the outgoing Signal on the OutPort.
true_for stringDefault value:
5s
Emitting 1 for the
true_for
duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.query object
Query components that are query databases such as Prometheus.
promql object
Periodically runs a Prometheus query in the background and emits the result.
evaluation_interval stringDefault value:
10s
Describes the interval between successive evaluations of the Prometheus query. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
out_ports object
Output ports for the PromQL component.
output object
The result of the Prometheus query as an output signal.
signal_name stringName of the outgoing Signal on the OutPort.
query_string stringDescribes the PromQL query to be run.
:::note
The query must return a single value either as a scalar or as a vector with a single element.
:::
:::info Usage with Flux Meter
Flux Meter metrics can be queried using PromQL. Flux Meter defines histogram type of metrics in Prometheus. Therefore, one can refer to
flux_meter_sum
,flux_meter_count
andflux_meter_bucket
. The particular Flux Meter can be identified with theflux_meter_name
label. There are additional labels available on a Flux Meter such asvalid
,flow_status
,http_status_code
anddecision_type
.:::
:::info Usage with OpenTelemetry Metrics
Aperture supports OpenTelemetry metrics. See reference for more details.
:::
signal_generator object
Generates the specified signal.
in_ports object
Inputs for the Signal Generator component.
backward object
Whether to progress the Signal Generator towards the previous step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
forward object
Whether to progress the Signal Generator towards the next step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
reset object
Whether to reset the Signal Generator to the first step.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Outputs for the Signal Generator component.
at_end object
A Boolean signal indicating whether the Signal Generator is at the end of signal generation.
signal_name stringName of the outgoing Signal on the OutPort.
at_start object
A Boolean signal indicating whether the Signal Generator is at the start of signal generation.
signal_name stringName of the outgoing Signal on the OutPort.
output object
The generated signal.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the Signal Generator component.
steps object[] required
Possible values:
>= 1
Array [duration string requiredDuration for which the step is active. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
target_output object
The value of the step.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
]sma object
Simple Moving Average filter.
in_ports object
Input ports for the SMA component.
input object
Signal to be used for the moving average computation.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the SMA component.
output object
Computed moving average.
signal_name stringName of the outgoing Signal on the OutPort.
parameters object required
Parameters for the SMA component.
sma_window string requiredWindow of time over which the moving average is computed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
valid_during_warmup booleanDefault value:
false
Whether the output is valid during the warm-up stage.
switcher object
Switcher acts as a switch that emits one of the two signals based on third signal.
in_ports object
Input ports for the Switcher component.
off_signal object
Output signal when switch is invalid or 0.0.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
on_signal object
Output signal when switch is valid and not 0.0.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
switch object
Decides whether to return
on_signal
oroff_signal
.constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
out_ports object
Output ports for the Switcher component.
output object
Selected signal (
on_signal
oroff_signal
).signal_name stringName of the outgoing Signal on the OutPort.
unary_operator object
Takes an input signal and emits the square root of the input signal.
in_ports object
Input ports for the UnaryOperator component.
input object
Input signal.
constant_signal object
Constant value to be used for this InPort instead of a signal.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
signal_name stringName of the incoming Signal on the InPort.
operator stringPossible values: [
abs
,acos
,acosh
,asin
,asinh
,atan
,atanh
,cbrt
,ceil
,cos
,cosh
,erf
,erfc
,erfcinv
,erfinv
,exp
,exp2
,expm1
,floor
,gamma
,j0
,j1
,lgamma
,log
,log10
,log1p
,log2
,round
,roundtoeven
,sin
,sinh
,sqrt
,tan
,tanh
,trunc
,y0
,y1
]Unary Operator to apply.
The unary operator can be one of the following:
abs
: Absolute value with the sign removed.acos
:arccosine
, in radians.acosh
: Inverse hyperbolic cosine.asin
:arcsine
, in radians.asinh
: Inverse hyperbolic sine.atan
:arctangent
, in radians.atanh
: Inverse hyperbolic tangent.cbrt
: Cube root.ceil
: Least integer value greater than or equal to input signal.cos
:cosine
, in radians.cosh
: Hyperbolic cosine.erf
: Error function.erfc
: Complementary error function.erfcinv
: Inverse complementary error function.erfinv
: Inverse error function.exp
: The base-e exponential of input signal.exp2
: The base-2 exponential of input signal.expm1
: The base-e exponential of input signal minus 1.floor
: Greatest integer value less than or equal to input signal.gamma
: Gamma function.j0
: Bessel function of the first kind of order 0.j1
: Bessel function of the first kind of order 1.lgamma
: Natural logarithm of the absolute value of the gamma function.log
: Natural logarithm of input signal.log10
: Base-10 logarithm of input signal.log1p
: Natural logarithm of input signal plus 1.log2
: Base-2 logarithm of input signal.round
: Round to nearest integer.roundtoeven
: Round to nearest integer, with ties going to the nearest even integer.sin
:sine
, in radians.sinh
: Hyperbolic sine.sqrt
: Square root.tan
:tangent
, in radians.tanh
: Hyperbolic tangent.trunc
: Truncate to integer.y0
: Bessel function of the second kind of order 0.y1
: Bessel function of the second kind of order 1.
out_ports object
Output ports for the UnaryOperator component.
output object
Output signal.
signal_name stringName of the outgoing Signal on the OutPort.
variable object
Emits a variable signal which can be changed at runtime through dynamic configuration.
config_key stringConfiguration key for overriding value setting through dynamic configuration.
constant_output object required
The constant signal emitted by this component. The value of the constant signal can be overridden at runtime through dynamic configuration.
special_value stringPossible values: [
NaN
,+Inf
,-Inf
]A special value such as NaN, +Inf, -Inf.
value doubleA constant value.
out_ports object
Output ports for the Variable component.
output object
The value is emitted to the output port.
signal_name stringName of the outgoing Signal on the OutPort.
]evaluation_interval stringDefault value:
1s
Evaluation interval (tick) is the time between consecutive runs of the policy circuit. This interval is typically aligned with how often the corrective action (actuation) needs to be taken. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.
resources object
Resources (such as Flux Meters, Classifiers) to setup.
flow_control object
FlowControlResources are resources that are provided by flow control integration.
classifiers object[]
Classifiers are installed in the data-plane and are used to label the requests based on payload content.
The flow labels created by Classifiers can be matched by Flux Meters to create metrics for control purposes.
Array [rego object
Rego is a policy language used to express complex policies in a concise and declarative way. It can be used to define flow classification rules by writing custom queries that extract values from request metadata. For simple cases, such as directly reading a value from header or a field from JSON body, declarative extractors are recommended.
labels object required
A map of {key, value} pairs mapping from flow label keys to queries that define how to extract and propagate flow labels with that key. The name of the label maps to a variable in the Rego module. It maps to
data.<package>.<label>
variable.property name* object
telemetry Decides if the created flow label should be available as an attribute in OLAP telemetry and propagated in [baggage](/concepts/flow-label#baggage)Default value:
true
:::note
The flow label is always accessible in Aperture Policies regardless of this setting.
:::
:::caution
When using FluxNinja extension, telemetry enabled labels are sent to Aperture Cloud for observability. Telemetry should be disabled for sensitive labels.
:::
module string requiredSource code of the Rego module.
:::note
Must include a "package" declaration.
:::
rules object
A map of {key, value} pairs mapping from flow label keys to rules that define how to extract and propagate flow labels with that key.
property name* object (Rule describes a single classification Rule)
Example of a JSON extractor:
extractor:
json:
from: request.http.body
pointer: /user/nameextractor object
High-level declarative extractor.
address object
Display an address as a single string -
<ip>:<port>
.from string requiredAttribute path pointing to some string - for example,
source.address
.from Use an attribute with no conversionAttribute path is a dot-separated path to attribute.
Should be either:
- one of the fields of Attribute Context, or
- a special
request.http.bearer
pseudo-attribute. For example,request.http.method
orrequest.http.header.user-agent
Note: The same attribute path syntax is shared by other extractor variants, wherever attribute path is needed in their "from" syntax.
Example:
from: request.http.headers.user-agent
json object
Parse JSON, and extract one of the fields.
from string requiredAttribute path pointing to some strings - for example,
request.http.body
.pointer stringJSON pointer represents a parsed JSON pointer which allows to select a specified field from the payload.
Note: Uses JSON pointer syntax, for example,
/foo/bar
. If the pointer points into an object, it'd be converted to a string.jwt object
Parse the attribute as JWT and read the payload.
from string requiredJWT (JSON Web Token) can be extracted from any input attribute, but most likely you'd want to use
request.http.bearer
.json_pointer stringJSON pointer allowing to select a specified field from the payload.
Note: Uses JSON pointer syntax, for example,
/foo/bar
. If the pointer points into an object, it'd be converted to a string.path_templates object
Match HTTP Path to given path templates.
template_values object
Template value keys are OpenAPI-inspired path templates.
- Static path segment
/foo
matches a path segment exactly /{param}
matches arbitrary path segment. (The parameter name is ignored and can be omitted ({}
))- The parameter must cover whole segment.
- Additionally, path template can end with
/*
wildcard to match arbitrary number of trailing segments (0 or more). - Multiple consecutive
/
are ignored, as well as trailing/
. - Parametrized path segments must come after static segments.
*
, if present, must come last.- Most specific template "wins" (
/foo
over/{}
and/{}
over/*
).
See also https://swagger.io/specification/#path-templating-matching\
Example:
/register: register
"/user/{userId}": user
/static/*: otherproperty name*
stringtelemetry Decides if the created flow label should be available as an attribute in OLAP telemetry and propagated in [baggage](/concepts/flow-label#baggage)Default value:
true
:::note
The flow label is always accessible in Aperture Policies regardless of this setting.
:::
:::caution
When using FluxNinja extension, telemetry enabled labels are sent to Aperture Cloud for observability. Telemetry should be disabled for sensitive labels.
:::
selectors object[] required
Possible values:
>= 1
Selectors for flows that will be classified by this Classifier.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]]flux_meters object
Flux Meters are installed in the data-plane and form the observability leg of the feedback loop.
Flux Meter created metrics can be consumed as input to the circuit through the PromQL component.
property name* object
Flux Meter gathers metrics for the traffic that matches its selector. The histogram created by Flux Meter measures the workload latency by default.
infoSee also Flux Meter overview.
Example:
static_buckets:
buckets: [5.0,10.0,25.0,50.0,100.0,250.0,500.0,1000.0,2500.0,5000.0,10000.0]
selectors:
- agent_group: demoapp
service: service1-demo-app.demoapp.svc.cluster.local
control_point: ingress
attribute_key: response_duration_msattribute_key stringDefault value:
workload_duration_ms
Key of the attribute in access log or span from which the metric for this flux meter is read.
:::info
For list of available attributes in Envoy access logs, refer Envoy Filter
:::
exponential_buckets object
ExponentialBuckets creates
count
number of buckets where the lowest bucket has an upper bound ofstart
and each following bucket's upper bound isfactor
times the previous bucket's upper bound. The final +inf bucket is not counted.count int32Number of buckets.
factor doubleFactor to be multiplied to the previous bucket's upper bound to calculate the following bucket's upper bound.
start doubleUpper bound of the lowest bucket.
exponential_buckets_range object
ExponentialBucketsRange creates
count
number of buckets where the lowest bucket ismin
and the highest bucket ismax
. The final +inf bucket is not counted.count int32Number of buckets.
max doubleHighest bucket.
min doubleLowest bucket.
linear_buckets object
LinearBuckets creates
count
number of buckets, eachwidth
wide, where the lowest bucket has an upper bound ofstart
. The final +inf bucket is not counted.count int32Number of buckets.
start doubleUpper bound of the lowest bucket.
width doubleWidth of each bucket.
selectors object[] required
Possible values:
>= 1
Selectors for flows that will be metered by this Flux Meter.
Array [agent_group stringDefault value:
aperture-cloud
Agent Group this selector applies to.
:::info
Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.
:::
control_point string requiredControl Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.
label_matcher object
Label Matcher can be used to match flows based on flow labels.
expression object
An arbitrary expression to be evaluated on the labels.
all object
The expression is true when all sub expressions are true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]any object
The expression is true when any sub expression is true.
of object[]
List of sub expressions of the match expression.
Array [0123456789]label_equals object
The expression is true when label value equals given value.
label string requiredName of the label to equal match the value.
value stringExact value that the label should be equal to.
label_exists stringThe expression is true when label with given name exists.
label_matches object
The expression is true when label matches given regular expression.
label string requiredName of the label to match the regular expression.
regex string requiredRegular expression that should match the label value. It uses Go's regular expression syntax.
not object
The expression negates the result of sub expression.
0123456789match_expressions object[]
List of Kubernetes-style label matcher requirements.
Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use
match_list
instead.Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]match_labels object
A map of {key,value} pairs representing labels to be matched. A single {key,value} in the
match_labels
requires that the labelkey
is present and equal tovalue
.Note: The requirements are combined using the logical AND operator.
property name*
stringmatch_list object[]
List of label matching requirements.
Note: The requirements are combined using the logical AND operator.
Array [key string requiredLabel key that the selector applies to.
operator string requiredPossible values: [
In
,NotIn
,Exists
,DoesNotExist
]Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values string[]An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
]service stringDefault value:
any
The Fully Qualified Domain Name of the service to select.
In Kubernetes, this is the FQDN of the Service object.
:::info
any
matches all services.:::
:::info
An entity (for example, Kubernetes pod) might belong to multiple services.
:::
]static_buckets object
StaticBuckets holds the static value of the buckets where latency histogram will be stored.
buckets double[]Default value:
[5, 10, 25, 50, 100, 250, 500, 1000, 2500, 5000, 10000]
The buckets in which latency histogram will be stored.
infra_meters object
Infra Meters configure custom metrics OpenTelemetry collector pipelines, which will receive and process telemetry at the agents and send metrics to the configured Prometheus. Key in this map refers to OTel pipeline name. Prefixing pipeline name with
metrics/
is optional, as all the components and pipeline names would be normalized.Example:
infra_meters:
rabbitmq:
agent_group: default
per_agent_group: true
processors:
batch:
send_batch_size: 10
timeout: 10s
receivers:
rabbitmq:
collection_interval: 10s
endpoint: http://<rabbitmq-svc-fqdn>:15672
password: secretpassword
username: admincautionValidate the OTel configuration before applying it to the production cluster. Incorrect configuration will get rejected at the agents and might cause shutdown of the agent(s).
property name* object
InfraMeter is a resource that sets up OpenTelemetry pipelines. It defines receivers, processors, and a single metrics pipeline which will be exported to the configured Prometheus instance. Environment variables can be used in the configuration using format
${ENV_VAR_NAME}
.infoagent_group stringDefault value:
default
AgentGroup is the agent group to sync this InfraMeter with.
per_agent_group booleanDefault value:
false
PerAgentGroup marks the pipeline to be instantiated only once per agent group. This is helpful for receivers that scrape for example, some cluster-wide metrics. When not set, pipeline will be instantiated on every Agent.
pipeline object
Pipeline is an OTel metrics pipeline definition, which only uses receivers and processors defined above. Exporter would be added automatically.
If there are no processors defined or only one processor is defined, the pipeline definition can be omitted. In such cases, the pipeline will automatically use all given receivers and the defined processor (if any). However, if there are more than one processor, the pipeline must be defined explicitly.
processors string[]receivers string[]processors object
Processors define processors to be used in custom metrics pipelines. This should be in OTel format.
property name*
objectreceivers object
Receivers define receivers to be used in custom metrics pipelines. This should be in OTel format.
property name*
objecttelemetry_collectors object[]
TelemetryCollector configures OpenTelemetry collector integration. Deprecated: v3.0.0. Use
infra_meters
instead.Array [agent_group stringDefault value:
default
infra_meters object
Infra Meters configure custom metrics OpenTelemetry collector pipelines, which will receive and process telemetry at the agents and send metrics to the configured Prometheus. Key in this map refers to OTel pipeline name. Prefixing pipeline name with
metrics/
is optional, as all the components and pipeline names would be normalized.Example:
telemetry_collectors:
- agent_group: default
infra_meters:
rabbitmq:
processors:
batch:
send_batch_size: 10
timeout: 10s
receivers:
rabbitmq:
collection_interval: 10s
endpoint: http://<rabbitmq-svc-fqdn>:15672
password: secretpassword
username: admin
per_agent_group: truecautionValidate the OTel configuration before applying it to the production cluster. Incorrect configuration will get rejected at the agents and might cause shutdown of the agent(s).
property name* object
InfraMeter is a resource that sets up OpenTelemetry pipelines. It defines receivers, processors, and a single metrics pipeline which will be exported to the configured Prometheus instance. Environment variables can be used in the configuration using format
${ENV_VAR_NAME}
.infoagent_group stringDefault value:
default
AgentGroup is the agent group to sync this InfraMeter with.
per_agent_group booleanDefault value:
false
PerAgentGroup marks the pipeline to be instantiated only once per agent group. This is helpful for receivers that scrape for example, some cluster-wide metrics. When not set, pipeline will be instantiated on every Agent.
pipeline object
Pipeline is an OTel metrics pipeline definition, which only uses receivers and processors defined above. Exporter would be added automatically.
If there are no processors defined or only one processor is defined, the pipeline definition can be omitted. In such cases, the pipeline will automatically use all given receivers and the defined processor (if any). However, if there are more than one processor, the pipeline must be defined explicitly.
processors string[]receivers string[]processors object
Processors define processors to be used in custom metrics pipelines. This should be in OTel format.
property name*
objectreceivers object
Receivers define receivers to be used in custom metrics pipelines. This should be in OTel format.
property name*
object]- reason string
- status string
Possible values: [
VALID
,INVALID
,NOT_LOADED
,STALE
,OUTDATED
]Default value:
VALID
- VALID: Policy is valid, present in etcd and running in the controller.
- INVALID: Policy is present in etcd, but fails to parse.
- NOT_LOADED: Policy is present in etcd, but is not (yet) running in the controller.
- STALE: Policy is running on the controller, but is not present in etcd.
- OUTDATED: Policy is present in etcd and policy with the same name is running in the controller, but these policies differ.
{
"policy": {
"circuit": {
"components": [
{
"alerter": {
"in_ports": {
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"parameters": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
}
},
"and": {
"in_ports": {
"inputs": [
{
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
]
},
"out_ports": {
"output": {
"signal_name": "string"
}
}
},
"arithmetic_combinator": {
"in_ports": {
"lhs": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"rhs": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"operator": "add",
"out_ports": {
"output": {
"signal_name": "string"
}
}
},
"auto_scale": {
"auto_scaler": {
"dry_run": true,
"dry_run_config_key": "string",
"scale_in_controllers": [
{
"alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"controller": {
"gradient": {
"in_ports": {
"setpoint": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"parameters": {
"min_gradient": -1.7976931348623157e+308,
"slope": 1
}
},
"periodic": {
"period": "string",
"scale_in_percentage": 0
}
}
}
],
"scale_out_controllers": [
{
"alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"controller": {
"gradient": {
"in_ports": {
"setpoint": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"parameters": {
"max_gradient": 1.7976931348623157e+308,
"slope": 1
}
}
}
}
],
"scaling_backend": {
"kubernetes_replicas": {
"kubernetes_object_selector": {
"agent_group": "default",
"api_version": "string",
"kind": "string",
"name": "string",
"namespace": "string"
},
"max_replicas": "9223372036854775807",
"min_replicas": "0",
"out_ports": {
"actual_replicas": {
"signal_name": "string"
},
"configured_replicas": {
"signal_name": "string"
},
"desired_replicas": {
"signal_name": "string"
}
}
}
},
"scaling_parameters": {
"cooldown_override_percentage": 50,
"max_scale_in_percentage": 1,
"max_scale_out_percentage": 10,
"scale_in_alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"scale_in_cooldown": "120s",
"scale_out_alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"scale_out_cooldown": "30s"
}
},
"pod_scaler": {
"dry_run": true,
"dry_run_config_key": "string",
"in_ports": {
"replicas": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"kubernetes_object_selector": {
"agent_group": "default",
"api_version": "string",
"kind": "string",
"name": "string",
"namespace": "string"
},
"out_ports": {
"actual_replicas": {
"signal_name": "string"
},
"configured_replicas": {
"signal_name": "string"
}
}
}
},
"bool_variable": {
"config_key": "string",
"constant_output": true,
"out_ports": {
"output": {
"signal_name": "string"
}
}
},
"decider": {
"false_for": "0s",
"in_ports": {
"lhs": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"rhs": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"operator": "gt",
"out_ports": {
"output": {
"signal_name": "string"
}
},
"true_for": "0s"
},
"differentiator": {
"in_ports": {
"input": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"output": {
"signal_name": "string"
}
},
"window": "5s"
},
"ema": {
"in_ports": {
"input": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"max_envelope": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"min_envelope": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"output": {
"signal_name": "string"
}
},
"parameters": {
"correction_factor_on_max_envelope_violation": 1,
"correction_factor_on_min_envelope_violation": 1,
"ema_window": "string",
"valid_during_warmup": false,
"warmup_window": "string"
}
},
"extrapolator": {
"in_ports": {
"input": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"output": {
"signal_name": "string"
}
},
"parameters": {
"max_extrapolation_interval": "string"
}
},
"first_valid": {
"in_ports": {
"inputs": [
{
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
]
},
"out_ports": {
"output": {
"signal_name": "string"
}
}
},
"flow_control": {
"adaptive_load_scheduler": {
"dry_run": true,
"dry_run_config_key": "string",
"in_ports": {
"overload_confirmation": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"setpoint": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"desired_load_multiplier": {
"signal_name": "string"
},
"is_overload": {
"signal_name": "string"
},
"observed_load_multiplier": {
"signal_name": "string"
}
},
"parameters": {
"alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"gradient": {
"max_gradient": 1.7976931348623157e+308,
"min_gradient": -1.7976931348623157e+308,
"slope": 0
},
"load_multiplier_linear_increment": 0.0025,
"load_scheduler": {
"scheduler": {
"decision_deadline_margin": "0.01s",
"default_workload_parameters": {
"priority": 1,
"queue_timeout": "string",
"tokens": 1
},
"denied_response_status_code": "Empty",
"fairness_label_key": "string",
"priority_label_key": "string",
"tokens_label_key": "string",
"workload_label_key": "string",
"workloads": [
{
"label_matcher": {
"expression": {
"all": {
"of": [
{}
]
},
"any": {
"of": [
{}
]
},
"label_equals": {
"label": "string",
"value": "string"
},
"label_exists": "string",
"label_matches": {
"label": "string",
"regex": "string"
},
"not": {}
},
"match_expressions": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
],
"match_labels": {},
"match_list": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
]
},
"name": "string",
"parameters": {
"priority": 1,
"queue_timeout": "string",
"tokens": 1
}
}
]
},
"selectors": [
{
"agent_group": "aperture-cloud",
"control_point": "string",
"label_matcher": {
"expression": {
"all": {
"of": [
{}
]
},
"any": {
"of": [
{}
]
},
"label_equals": {
"label": "string",
"value": "string"
},
"label_exists": "string",
"label_matches": {
"label": "string",
"regex": "string"
},
"not": {}
},
"match_expressions": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
],
"match_labels": {},
"match_list": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
]
},
"service": "any"
}
],
"workload_latency_based_tokens": false
},
"max_load_multiplier": 2
}
},
"aiad_load_scheduler": {
"dry_run": true,
"dry_run_config_key": "string",
"in_ports": {
"overload_confirmation": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"setpoint": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"desired_load_multiplier": {
"signal_name": "string"
},
"is_overload": {
"signal_name": "string"
},
"observed_load_multiplier": {
"signal_name": "string"
}
},
"overload_condition": "gt",
"parameters": {
"alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"load_multiplier_linear_decrement": 0.05,
"load_multiplier_linear_increment": 0.025,
"load_scheduler": {
"scheduler": {
"decision_deadline_margin": "0.01s",
"default_workload_parameters": {
"priority": 1,
"queue_timeout": "string",
"tokens": 1
},
"denied_response_status_code": "Empty",
"fairness_label_key": "string",
"priority_label_key": "string",
"tokens_label_key": "string",
"workload_label_key": "string",
"workloads": [
{
"label_matcher": {
"expression": {
"all": {
"of": [
{}
]
},
"any": {
"of": [
{}
]
},
"label_equals": {
"label": "string",
"value": "string"
},
"label_exists": "string",
"label_matches": {
"label": "string",
"regex": "string"
},
"not": {}
},
"match_expressions": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
],
"match_labels": {},
"match_list": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
]
},
"name": "string",
"parameters": {
"priority": 1,
"queue_timeout": "string",
"tokens": 1
}
}
]
},
"selectors": [
{
"agent_group": "aperture-cloud",
"control_point": "string",
"label_matcher": {
"expression": {
"all": {
"of": [
{}
]
},
"any": {
"of": [
{}
]
},
"label_equals": {
"label": "string",
"value": "string"
},
"label_exists": "string",
"label_matches": {
"label": "string",
"regex": "string"
},
"not": {}
},
"match_expressions": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
],
"match_labels": {},
"match_list": [
{
"key": "string",
"operator": "In",
"values": [
"string"
]
}
]
},
"service": "any"
}
],
"workload_latency_based_tokens": false
},
"max_load_multiplier": 2,
"min_load_multiplier": 0
}
},
"aimd_load_scheduler": {
"dry_run": true,
"dry_run_config_key": "string",
"in_ports": {
"overload_confirmation": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"setpoint": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
},
"signal": {
"constant_signal": {
"special_value": "NaN",
"value": 0
},
"signal_name": "string"
}
},
"out_ports": {
"desired_load_multiplier": {
"signal_name": "string"
},
"is_overload": {
"signal_name": "string"
},
"observed_load_multiplier": {
"signal_name": "string"
}
},
"parameters": {
"alerter": {
"alert_channels": [
"string"
],
"alert_name": "string",
"labels": {},
"resolve_timeout": "5s",
"severity": "info"
},
"gradient": {
"max_gradient": 1.7976931348623157e+308,
"min_gradient": -1.7976931348623157e+308,
"slope": 0
},
"load_multiplier_linear_increment": 0.025,
"load_scheduler": {
"scheduler": {
"decision_deadline_margin": "0.01s",
"default_workload_parameters": {
"priority": 1,
"queue_timeout": "string",
"tokens": 1
},
"denied_response_status_code": "Empty",
"fairness_label_key": "string",
"priority_label_key": "string",
"tokens_label_key": "string",
"workload_label_key": "string",