Skip to main content
Version: 2.34.0

GetPolicy returns a policy with the specified name.​

GetPolicy returns a policy with the specified name.

Path Parameters
  • name string required
Responses

A successful response.


Schema
  • policy object

    Policy expresses observability-driven control logic.

    info

    See also Policy overview.

    Policy specification contains a circuit that defines the controller logic and resources that need to be setup.

  • circuit object

    Defines the control-loop logic of the policy.

  • components object[]

    Defines a signal processing graph as a list of components.

  • Array [
  • alerter object

    Alerter reacts to a signal and generates alert to send to alert manager.

  • in_ports object

    Input ports for the Alerter component.

  • signal object

    Signal which Alerter is monitoring. If the signal greater than 0, Alerter generates an alert.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • parameters object required

    Alerter Parameters configure parameters such as alert name, severity, resolve timeout, alert channels and labels.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • and object

    Logical AND.

  • in_ports object

    Input ports for the And component.

  • inputs object[]

    Array of input signals.

  • Array [
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • ]
  • out_ports object

    Output ports for the And component.

  • output object

    Result of logical AND of all the input signals.

    Will always be 0 (false), 1 (true) or invalid (unknown).

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • arithmetic_combinator object

    Applies the given operator on input operands (signals) and emits the result.

  • in_ports object

    Input ports for the Arithmetic Combinator component.

  • lhs object

    Left hand side of the arithmetic operation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • rhs object

    Right hand side of the arithmetic operation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • operator string

    Possible values: [add, sub, mul, div, xor, lshift, rshift]

    Operator of the arithmetic operation.

    The arithmetic operation can be addition, subtraction, multiplication, division, XOR, right bit shift or left bit shift. In case of XOR and bit shifts, value of signals is cast to integers before performing the operation.

  • out_ports object

    Output ports for the Arithmetic Combinator component.

  • output object

    Result of arithmetic operation.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • auto_scale object

    AutoScale components are used to scale the service.

  • auto_scaler object

    AutoScaler provides auto-scaling functionality for any scalable resource.

  • dry_run boolean

    Dry run mode ensures that no scaling is invoked by this auto scaler. This is useful for observing the behavior of auto scaler without disrupting any real deployment. This parameter sets the default value of dry run setting which can be overridden at runtime using dynamic configuration.

  • dry_run_config_key string

    Configuration key for overriding dry run setting through dynamic configuration.

  • scale_in_controllers object[]

    List of Controllers for scaling in.

  • Array [
  • alerter object required

    Configuration for embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • controller object required
  • gradient object

    Decreasing Gradient defines a controller for scaling in based on Gradient Controller.

  • in_ports object

    Input ports for the Gradient.

  • setpoint object

    The setpoint to use for scale-in.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object

    The signal to use for scale-in.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • parameters object

    This allows subset of parameters with constrained values compared to a regular gradient controller. For full documentation of these parameters, refer to the GradientControllerParameters.

  • min_gradient double

    Default value: -1.7976931348623157e+308

  • slope double

    Default value: 1

  • periodic object

    PeriodicDecrease defines a controller for scaling in based on a periodic timer.

  • period string required

    The period of the timer. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • scale_in_percentage double required

    Possible values: <= 100

    The percentage of scale to reduce.

  • ]
  • scale_out_controllers object[]

    List of Controllers for scaling out.

  • Array [
  • alerter object required

    Configuration for embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • controller object required
  • gradient object

    Increasing Gradient defines a controller for scaling out based on Gradient Controller.

  • in_ports object

    Input ports for the Gradient.

  • setpoint object

    The setpoint to use for scale-out.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object

    The signal to use for scale-out.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • parameters object

    This allows subset of parameters with constrained values compared to a regular gradient controller. For full documentation of these parameters, refer to the GradientControllerParameters.

  • max_gradient double

    Default value: 1.7976931348623157e+308

  • slope double

    Default value: 1

  • ]
  • scaling_backend object required
  • kubernetes_replicas object

    KubernetesReplicas defines a horizontal pod scaler for Kubernetes.

  • kubernetes_object_selector object required

    The Kubernetes object on which horizontal scaling is applied.

  • agent_group string

    Default value: default

    Which agent-group this selector applies to.

  • api_version API version of Kubernetes resource required
  • kind string required

    Kubernetes resource type.

  • name string required

    Kubernetes resource name.

  • namespace string required

    Kubernetes namespace that the resource belongs to.

  • max_replicas int64

    Possible values: non-empty

    Default value: 9223372036854775807

    The maximum replicas to which the AutoScaler can scale-out.

  • min_replicas int64

    Default value: 0

    The minimum replicas to which the AutoScaler can scale-in.

  • out_ports object

    Output ports for Kubernetes Replicas.

  • actual_replicas object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • configured_replicas object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • desired_replicas object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • scaling_parameters object required

    Parameters that define the scaling behavior.

  • cooldown_override_percentage double

    Default value: 50

    Cooldown override percentage defines a threshold change in scale-out beyond which previous cooldown is overridden. For example, if the cooldown is 5 minutes and the cooldown override percentage is 10%, then if the scale-increases by 10% or more, the previous cooldown is canceled. Defaults to 50%.

  • max_scale_in_percentage double

    Default value: 1

    The maximum decrease of scale (for example, pods) at one time. Defined as percentage of current scale value. Can never go below one even if percentage computation is less than one. Defaults to 1% of current scale value.

  • max_scale_out_percentage double

    Default value: 10

    The maximum increase of scale (for example, pods) at one time. Defined as percentage of current scale value. Can never go below one even if percentage computation is less than one. Defaults to 10% of current scale value.

  • scale_in_alerter object required

    Configuration for scale-in Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • scale_in_cooldown string

    Default value: 120s

    The amount of time to wait after a scale-in operation for another scale-in operation. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • scale_out_alerter object required

    Configuration for scale-out Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • scale_out_cooldown string

    Default value: 30s

    The amount of time to wait after a scale-out operation for another scale-out or scale-in operation. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • pod_scaler object

    PodScaler provides pod horizontal scaling functionality for scalable Kubernetes resources.

  • dry_run boolean

    Dry run mode ensures that no scaling is invoked by this pod scaler. This is useful for observing the behavior of pod scaler without disrupting any real deployment. This parameter sets the default value of dry run setting which can be overridden at runtime using dynamic configuration.

  • dry_run_config_key string

    Configuration key for overriding dry run setting through dynamic configuration.

  • in_ports object

    Input ports for the PodScaler component.

  • replicas object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • kubernetes_object_selector object required

    The Kubernetes object to which this pod scaler applies.

  • agent_group string

    Default value: default

    Which agent-group this selector applies to.

  • api_version API version of Kubernetes resource required
  • kind string required

    Kubernetes resource type.

  • name string required

    Kubernetes resource name.

  • namespace string required

    Kubernetes namespace that the resource belongs to.

  • out_ports object

    Output ports for the PodScaler component.

  • actual_replicas object

    The number of replicas that are currently running.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • configured_replicas object

    The number of replicas that are desired.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • bool_variable object

    BoolVariable emits a constant Boolean signal which can be changed at runtime through dynamic configuration.

  • config_key string

    Configuration key for overriding value setting through dynamic configuration.

  • constant_output boolean

    The constant Boolean signal emitted by this component. The value of the constant Boolean signal can be overridden at runtime through dynamic configuration.

  • out_ports object

    Output ports for the BoolVariable component.

  • output object

    The value is emitted to the output port.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • decider object

    Decider emits the binary result of comparison operator on two operands.

  • false_for string

    Default value: 0s

    Duration of time to wait before changing to false state. If the duration is zero, the change will happen instantaneously. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • in_ports object

    Input ports for the Decider component.

  • lhs object

    Left hand side input signal for the comparison operation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • rhs object

    Right hand side input signal for the comparison operation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • operator string

    Possible values: [gt, lt, gte, lte, eq, neq]

    Comparison operator that computes operation on LHS and RHS input signals.

  • out_ports object

    Output ports for the Decider component.

  • output object

    Selected signal (1.0 or 0.0).

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • true_for string

    Default value: 0s

    Duration of time to wait before changing to true state. If the duration is zero, the change will happen instantaneously.``` This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • differentiator object

    Differentiator calculates rate of change per tick. Deprecated: v3.0.0. Use PIDController instead.

  • in_ports object

    Input ports for the Differentiator component.

  • input object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Differentiator component.

  • output object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • window string

    Default value: 5s

    The window of time over which differentiator operates. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • ema object

    Exponential Moving Average filter.

  • in_ports object

    Input ports for the EMA component.

  • input object

    Input signal to be used for the EMA computation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • max_envelope object

    Upper bound of the moving average.

    When the signal exceeds max_envelope it is multiplied by correction_factor_on_max_envelope_violation once per tick.

    note

    If the signal deviates from max_envelope faster than the correction faster, it might end up exceeding the envelope.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • min_envelope object

    Lower bound of the moving average.

    Behavior is similar to max_envelope.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the EMA component.

  • output object

    Exponential moving average of the series of reading as an output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the EMA component.

  • correction_factor_on_max_envelope_violation double

    Default value: 1

    Correction factor to apply on the output value if its in violation of the max envelope.

  • correction_factor_on_min_envelope_violation double

    Default value: 1

    Correction factor to apply on the output value if its in violation of the min envelope.

  • ema_window string required

    EMA window duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • valid_during_warmup boolean

    Default value: false

    Whether the output is valid during the warm-up stage.

  • warmup_window string required

    Duration of EMA warming up window.

    The initial value of the EMA is the average of signal readings received during the warm up window. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • extrapolator object

    Takes an input signal and emits the extrapolated value; either mirroring the input value or repeating the last known value up to the maximum extrapolation interval.

  • in_ports object

    Input ports for the Extrapolator component.

  • input object

    Input signal for the Extrapolator component.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Extrapolator component.

  • output object

    Extrapolated signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Extrapolator component.

  • max_extrapolation_interval string required

    Maximum time interval to repeat the last valid value of input signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • first_valid object

    Picks the first valid input signal and emits it.

  • in_ports object

    Input ports for the FirstValid component.

  • inputs object[]

    Array of input signals.

  • Array [
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • ]
  • out_ports object

    Output ports for the FirstValid component.

  • output object

    First valid input signal as an output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • flow_control object

    FlowControl components are used to regulate requests flow.

  • adaptive_load_scheduler object

    Adaptive Load Scheduler component does additive increase of load multiplier during non-overload state. During overload, the load multiplier is throttled based on the provided strategy. Deprecated: v3.0.0. Use AIMDLoadScheduler instead.

  • dry_run boolean

    Decides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.

  • dry_run_config_key string

    Configuration key for setting dry run mode through dynamic configuration.

  • in_ports object required

    Collection of input ports for the Adaptive Load Scheduler component.

  • overload_confirmation object

    The overload_confirmation port provides additional criteria to determine overload state which results in Flow throttling at the service.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • setpoint object required

    The setpoint input to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object required

    The input signal to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Collection of output ports for the Adaptive Load Scheduler component.

  • desired_load_multiplier object

    Desired Load multiplier is the ratio of desired token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • is_overload object

    A Boolean signal that indicates whether the service is in overload state.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • observed_load_multiplier object

    Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Adaptive Load Scheduler component.

  • alerter object required

    Configuration parameters for the embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • gradient object required

    Parameters for the Gradient Controller.

  • max_gradient double

    Default value: 1.7976931348623157e+308

    Maximum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • min_gradient double

    Default value: -1.7976931348623157e+308

    Minimum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • slope double required

    Slope controls the aggressiveness and direction of the Gradient Controller.

    Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:

    • $\text{slope} = 1$: when signal is too high, increase control variable,
    • $\text{slope} = -1$: when signal is too high, decrease control variable,
    • $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.

    The sign of slope depends on correlation between the signal and control variable:

    • Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
    • Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).

    :::note

    You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.

    :::

    The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.

    Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.

    :::note

    Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.

    :::

  • load_multiplier_linear_increment double

    Default value: 0.0025

    Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the max_load_multiplier is reached.

  • load_scheduler object required

    Parameters for the Load Scheduler.

  • scheduler object

    Configuration of Weighted Fair Queuing-based workload scheduler.

    Contains configuration of per-agent scheduler

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • workload_latency_based_tokens boolean

    Default value: false

    Automatically estimate the size of flows within each workload, based on historical latency. Each workload's tokens will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as (avg. latency \* in-flight flows) (Little's Law).

    The value of tokens estimated takes a lower precedence than the value of tokens specified in the workload definition and tokens explicitly specified in the flow labels.

  • max_load_multiplier double

    Default value: 2

    The maximum load multiplier that can be reached during recovery from an overload state.

    • Helps protect the service from request bursts while the system is still recovering.
    • Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
    • The pass-through mode gets disabled if the system enters the overload state again.
  • aiad_load_scheduler object

    AIAD Load Scheduler.

  • dry_run boolean

    Decides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.

  • dry_run_config_key string

    Configuration key for setting dry run mode through dynamic configuration.

  • in_ports object

    Input ports for the AIAD Load Scheduler.

  • overload_confirmation object

    The overload_confirmation port provides additional criteria to determine overload state which results in Flow throttling at the service.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • setpoint object required

    The setpoint input to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object required

    The input signal to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the AIAD Load Scheduler.

  • desired_load_multiplier object

    Desired Load multiplier is the ratio of desired token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • is_overload object

    A Boolean signal that indicates whether the service is in overload state.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • observed_load_multiplier object

    Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • overload_condition Overload condition determines the criteria to determine overload state. The default condition is "gt", that is, when the signal is greater than the setpoint. The condition must be one of: <!-- vale off --> - "gt": greater than - "lt": less than - "gte": greater than or equal to - "lte": less than or equal to <!-- vale on --> required

    Possible values: [gt, lt, gte, lte]

    Default value: gt

  • parameters object required

    Parameters for the AIAD Load Scheduler.

  • alerter object required

    Configuration parameters for the embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • load_multiplier_linear_decrement double

    Default value: 0.05

    Linear decrement to load multiplier every 10 seconds while the system is in the overloaded state, up until the min_load_multiplier is reached.

  • load_multiplier_linear_increment double

    Default value: 0.025

    Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the max_load_multiplier is reached.

  • load_scheduler object required

    Parameters for the Load Scheduler.

  • scheduler object

    Configuration of Weighted Fair Queuing-based workload scheduler.

    Contains configuration of per-agent scheduler

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • workload_latency_based_tokens boolean

    Default value: false

    Automatically estimate the size of flows within each workload, based on historical latency. Each workload's tokens will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as (avg. latency \* in-flight flows) (Little's Law).

    The value of tokens estimated takes a lower precedence than the value of tokens specified in the workload definition and tokens explicitly specified in the flow labels.

  • max_load_multiplier double

    Default value: 2

    The maximum load multiplier that can be reached during recovery from an overload state.

    • Helps protect the service from request bursts while the system is still recovering.
    • Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
    • The pass-through mode gets disabled if the system enters the overload state again.
  • min_load_multiplier double

    Default value: 0

    The minimum load multiplier that can be reached during an overload state.

  • aimd_load_scheduler object

    AIMD Load Scheduler.

  • dry_run boolean

    Decides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.

  • dry_run_config_key string

    Configuration key for setting dry run mode through dynamic configuration.

  • in_ports object

    Input ports for the AIMD Load Scheduler.

  • overload_confirmation object

    The overload_confirmation port provides additional criteria to determine overload state which results in Flow throttling at the service.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • setpoint object required

    The setpoint input to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object required

    The input signal to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the AIMD Load Scheduler.

  • desired_load_multiplier object

    Desired Load multiplier is the ratio of desired token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • is_overload object

    A Boolean signal that indicates whether the service is in overload state.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • observed_load_multiplier object

    Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the AIMD Load Scheduler.

  • alerter object required

    Configuration parameters for the embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • gradient object required

    Parameters for the Gradient Controller.

  • max_gradient double

    Default value: 1.7976931348623157e+308

    Maximum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • min_gradient double

    Default value: -1.7976931348623157e+308

    Minimum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • slope double required

    Slope controls the aggressiveness and direction of the Gradient Controller.

    Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:

    • $\text{slope} = 1$: when signal is too high, increase control variable,
    • $\text{slope} = -1$: when signal is too high, decrease control variable,
    • $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.

    The sign of slope depends on correlation between the signal and control variable:

    • Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
    • Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).

    :::note

    You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.

    :::

    The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.

    Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.

    :::note

    Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.

    :::

  • load_multiplier_linear_increment double

    Default value: 0.025

    Linear increment to load multiplier every 10 seconds while the system is not in the overloaded state, up until the max_load_multiplier is reached.

  • load_scheduler object required

    Parameters for the Load Scheduler.

  • scheduler object

    Configuration of Weighted Fair Queuing-based workload scheduler.

    Contains configuration of per-agent scheduler

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • workload_latency_based_tokens boolean

    Default value: false

    Automatically estimate the size of flows within each workload, based on historical latency. Each workload's tokens will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as (avg. latency \* in-flight flows) (Little's Law).

    The value of tokens estimated takes a lower precedence than the value of tokens specified in the workload definition and tokens explicitly specified in the flow labels.

  • max_load_multiplier double

    Default value: 2

    The maximum load multiplier that can be reached during recovery from an overload state.

    • Helps protect the service from request bursts while the system is still recovering.
    • Once this value is reached, the scheduler enters the pass-through mode, allowing requests to bypass the scheduler and be sent directly to the service.
    • The pass-through mode gets disabled if the system enters the overload state again.
  • concurrency_limiter object
  • in_ports object required

    Input ports for the Concurrency Limiter component.

  • max_concurrency object required

    The maximum number of concurrent requests to be allowed.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • pass_through object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Concurrency Limiter component.

  • accept_percentage object

    The percentage of flows being accepted by the Concurrency Limiter.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Concurrency Limiter component.

  • limit_by_label_key string

    Specifies which label the concurrency calculation should be keyed by.

    Concurrency limiting is done independently for each value of the label with given key. For example, to give each API Key a separate limit, assuming you have a api_key flow label set up, set limit_by_label_key: "api_key". If no label key is specified, then all requests matching the selectors will be concurrency limited based on the global concurrency count.

  • max_idle_time string

    Default value: 7200s

    Max idle time before concurrency count for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • max_inflight_duration string required

    The time duration after which flow is assumed to have ended in case the end call gets missed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • request_parameters object
  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (429 Too Many Requests) that is returned when a request is denied.

  • tokens_label_key string

    Flow label key that will be used to override the number of tokens for this request. This is an optional parameter and takes highest precedence when assigning tokens to a request. The label value must be a valid number.

  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • concurrency_scheduler object

    Schedules the traffic based on in-flight request concurrency.

  • concurrency_limiter object required

    Parameter to configure concurrency limiting.

  • limit_by_label_key string

    Specifies which label the concurrency calculation should be keyed by.

    Concurrency limiting is done independently for each value of the label with given key. For example, to give each API Key a separate limit, assuming you have a api_key flow label set up, set limit_by_label_key: "api_key". If no label key is specified, then all requests matching the selectors will be concurrency limited based on the global concurrency count.

  • max_idle_time string

    Default value: 7200s

    Max idle time before concurrency count for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • max_inflight_duration string required

    The time duration after which flow is assumed to have ended in case the end call gets missed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • in_ports object required
  • max_concurrency object required

    The maximum number of concurrent requests to be allowed.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • pass_through object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Concurrency Scheduler component.

  • accept_percentage object

    The percentage of flows being accepted by the Concurrency Limiter.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • scheduler object

    Scheduler is used to schedule the requests when the concurrency limit is reached.

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Flow selection criteria.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • load_ramp object

    Load Ramp smoothly regulates the flow of requests over specified steps.

  • in_ports object

    Inputs for the Load Ramp component.

  • backward object

    Whether to progress the Load Ramp towards the previous step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • forward object

    Whether to progress the Load Ramp towards the next step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • reset object

    Whether to reset the Load Ramp to the first step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Outputs for the Load Ramp component.

  • accept_percentage object

    The percentage of flows being accepted by the Load Ramp.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • at_end object

    A Boolean signal indicating whether the Load Ramp is at the end of signal generation.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • at_start object

    A Boolean signal indicating whether the Load Ramp is at the start of signal generation.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Load Ramp component.

  • sampler object required

    Parameters for the Sampler.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (403 Forbidden) that is returned when a request is denied.

  • ramp_mode boolean

    Default value: false

    Ramp component can accept flows with ramp_mode flag set.

  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • session_label_key string

    The flow label key for identifying sessions.

    • When label key is specified, Sampler acts as a sticky filter. The series of flows with the same value of label key get the same decision provided that the accept_percentage is same or higher.
    • When label key is not specified, Sampler acts as a stateless filter. Percentage of flows are selected randomly for rejection.
  • steps object[] required

    Possible values: >= 1

  • Array [
  • duration string required

    Duration for which the step is active. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • target_accept_percentage double

    Possible values: <= 100

    The value of the step.

  • ]
  • pass_through_label_values string[]

    Specify certain label values to be always accepted by the Sampler regardless of accept percentage.

  • pass_through_label_values_config_key string

    Configuration key for setting pass through label values through dynamic configuration.

  • load_scheduler object

    Load Scheduler provides service protection by creating a prioritized workload queue in front of the service using Weighted Fair Queuing.

  • dry_run boolean

    Decides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.

  • dry_run_config_key string

    Configuration key for setting dry run mode through dynamic configuration.

  • in_ports object required

    Input ports for the LoadScheduler component.

  • load_multiplier object

    Load multiplier is proportion of incoming token rate that needs to be accepted. The signal gets updated once every 10 seconds.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the LoadScheduler component.

  • observed_load_multiplier object

    Observed load multiplier is the proportion of incoming token rate that is being accepted. The signal gets updated once every 10 seconds.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required
  • scheduler object

    Configuration of Weighted Fair Queuing-based workload scheduler.

    Contains configuration of per-agent scheduler

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • workload_latency_based_tokens boolean

    Default value: false

    Automatically estimate the size of flows within each workload, based on historical latency. Each workload's tokens will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as (avg. latency \* in-flight flows) (Little's Law).

    The value of tokens estimated takes a lower precedence than the value of tokens specified in the workload definition and tokens explicitly specified in the flow labels.

  • quota_scheduler object

    Schedules the traffic based on token-bucket based quotas.

  • in_ports object required
  • bucket_capacity object required

    Capacity of the bucket to allow for bursty traffic.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • fill_amount object required

    Number of tokens to fill within an interval.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • pass_through object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Quota Scheduler component.

  • accept_percentage object

    The percentage of flows being accepted.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • rate_limiter object required

    Parameter to configure rate limiting quotas.

  • continuous_fill boolean

    Default value: true

    Continuous fill determines whether the token bucket should be filled continuously or only on discrete intervals.

  • delay_initial_fill boolean

    Default value: false

    Delays the initial filling of the token bucket. If set to false, the token bucket will start filling immediately after the first request is received. This can potentially lead to more requests being accepted than the specified rate limit during the first interval. When set to true, the token bucket will be given a chance to empty out before the filling starts. The delay is equal to the time it takes to fill the bucket.

  • interval string required

    Interval defines the time interval in which the token bucket will fill tokens specified by fill_amount signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • label_key string

    Specifies which label the rate limiter should be keyed by.

    Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set label_key: "user". If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket. Deprecated: v3.0.0. Use limit_by_label_key instead.

  • lazy_sync object
  • enabled Enables lazy sync

    Default value: false

  • num_sync int64

    Default value: 4

    Number of times to lazy sync within the interval.

  • limit_by_label_key string

    Specifies which label the rate limiter should be keyed by.

    Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set limit_by_label_key: "user". If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket.

  • max_idle_time string

    Default value: 7200s

    Max idle time before token bucket state for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • scheduler object

    Scheduler is used to schedule the requests when the quota is exhausted.

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Flow selection criteria.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • range_driven_load_scheduler object

    Range Driven Load Scheduler.

  • dry_run boolean

    Decides whether to run the load scheduler in dry-run mode. In dry run mode the scheduler acts as pass through to all flow and does not queue flows. It is useful for observing the behavior of load scheduler without disrupting any real traffic.

  • dry_run_config_key string

    Configuration key for setting dry run mode through dynamic configuration.

  • in_ports object

    Input ports for the Range Load Scheduler.

  • overload_confirmation object

    The overload_confirmation port provides additional criteria to determine overload state which results in Flow throttling at the service.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object required

    The input signal to the controller.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Range Load Scheduler.

  • desired_load_multiplier object

    Desired Load multiplier is the ratio of desired token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • is_overload object

    A Boolean signal that indicates whether the service is in overload state.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • observed_load_multiplier object

    Observed Load multiplier is the ratio of accepted token rate to the incoming token rate.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Range Load Scheduler.

  • alerter object required

    Configuration parameters for the embedded Alerter.

  • alert_channels string[]

    A list of alert channel strings.

  • alert_name string required

    Name of the alert.

  • labels object

    Additional labels to add to alert.

  • property name* string
  • resolve_timeout string

    Default value: 5s

    Duration of alert resolver. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • severity string

    Possible values: [info, warn, crit]

    Default value: info

    Severity of the alert, one of 'info', 'warn' or 'crit'.

  • degree double required
  • high_throttle_threshold object required
  • load_multiplier double

    Possible values: <= 1

  • signal_value double
  • load_scheduler object required

    Parameters for the Load Scheduler.

  • scheduler object

    Configuration of Weighted Fair Queuing-based workload scheduler.

    Contains configuration of per-agent scheduler

  • decision_deadline_margin string

    Default value: 0.01s

    Decision deadline margin is the amount of time that the scheduler will subtract from the request deadline to determine the deadline for the decision. This is to ensure that the scheduler has enough time to make a decision before the request deadline happens, accounting for processing delays. The request deadline is based on the gRPC deadline or the grpc-timeout HTTP header.

    Fail-open logic is use for flow control APIs, so if the gRPC deadline reaches, the flow will end up being unconditionally allowed while it is still waiting on the scheduler. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • default_workload_parameters object

    Parameters to be used if none of workloads specified in workloads match.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (503 Service Unavailable) that is returned when a request is denied.

  • fairness_label_key string

    Key for a flow label that is used to enforce fairness among requests in a workload. If not specified, requests within a workload of the same priority are admitted in a FIFO manner.

  • priority_label_key string

    Key for a flow label that can be used to override the default priority for this flow. The value associated with this key must be a valid number. Higher numbers means higher priority. If this parameter is not provided, the priority for the flow will be determined by the matched workload's priority.

  • tokens_label_key string

    Key for a flow label that can be used to override the default number of tokens for this request. The value associated with this key must be a valid number. If this parameter is not provided, the number of tokens for the flow will be determined by the matched workload's token count.

  • workload_label_key string

    Key for a flow label that can be used to provide workloads for this request. If this parameter is not provided, the workloads for the flow will be determined by the matched workload's name in the policy.

  • workloads object[]

    List of workloads to be used in scheduler.

    Categorizing flows into workloads allows for load throttling to be "intelligent" instead of queueing flows in an arbitrary order. There are two aspects of this "intelligence":

    • Scheduler can more precisely calculate concurrency if it understands that flows belonging to different classes have different weights (for example, insert queries compared to select queries).
    • Setting different priorities to different workloads lets the scheduler avoid dropping important traffic during overload.

    Each workload in this list specifies also a matcher that is used to determine which flow will be categorized into which workload. In case of multiple matching workloads, the first matching one will be used. If none of workloads match, default_workload will be used.

  • Array [
  • label_matcher object required

    Label Matcher to select a Workload based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • name string

    Name of the workload.

  • parameters object

    Parameters associated with flows matching the label matcher.

  • priority double

    Default value: 1

    $$ inverted_priority = {\frac {1} {priority}} $$

    $$ virtual_finish_time = virtual_time + \left(tokens \cdot inverted_priority\right) $$

  • queue_timeout string

    Timeout for the flow in the workload. If timeout is provided on the Check call as well, the minimum of the two is picked. If this override is not provided, the timeout provided in the check call is used. 0 timeout value implies that the request will not wait in the queue and will be accepted or dropped immediately. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • tokens double

    Default value: 1

    Tokens determines the cost of admitting a single flow in the workload, which is typically defined as milliseconds of flow latency (time to response or duration of a feature) or simply equal to 1 if the resource being accessed is constrained by the number of flows (3rd party rate limiters). This override is applicable only if tokens for the flow aren't specified in the flow labels.

  • ]
  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • workload_latency_based_tokens boolean

    Default value: false

    Automatically estimate the size of flows within each workload, based on historical latency. Each workload's tokens will be set to average latency of flows in that workload during the last few seconds (exact duration of this average can change). This setting is useful in concurrency limiting use-case, where the concurrency is calculated as (avg. latency \* in-flight flows) (Little's Law).

    The value of tokens estimated takes a lower precedence than the value of tokens specified in the workload definition and tokens explicitly specified in the flow labels.

  • low_throttle_threshold object required
  • load_multiplier double

    Possible values: <= 1

  • signal_value double
  • rate_limiter object

    Rate Limiter provides service protection by applying rate limits using the token bucket algorithm.

  • in_ports object required
  • bucket_capacity object required

    Capacity of the bucket to allow for bursty traffic.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • fill_amount object required

    Number of tokens to fill within an interval.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • pass_through object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Rate Limiter component.

  • accept_percentage object

    The percentage of flows being accepted.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required
  • continuous_fill boolean

    Default value: true

    Continuous fill determines whether the token bucket should be filled continuously or only on discrete intervals.

  • delay_initial_fill boolean

    Default value: false

    Delays the initial filling of the token bucket. If set to false, the token bucket will start filling immediately after the first request is received. This can potentially lead to more requests being accepted than the specified rate limit during the first interval. When set to true, the token bucket will be given a chance to empty out before the filling starts. The delay is equal to the time it takes to fill the bucket.

  • interval string required

    Interval defines the time interval in which the token bucket will fill tokens specified by fill_amount signal. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • label_key string

    Specifies which label the rate limiter should be keyed by.

    Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set label_key: "user". If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket. Deprecated: v3.0.0. Use limit_by_label_key instead.

  • lazy_sync object
  • enabled Enables lazy sync

    Default value: false

  • num_sync int64

    Default value: 4

    Number of times to lazy sync within the interval.

  • limit_by_label_key string

    Specifies which label the rate limiter should be keyed by.

    Rate limiting is done independently for each value of the label with given key. For example, to give each user a separate limit, assuming you have a user flow label set up, set limit_by_label_key: "user". If no label key is specified, then all requests matching the selectors will be rate limited based on the global bucket.

  • max_idle_time string

    Default value: 7200s

    Max idle time before token bucket state for a label is removed. If set to 0, the state is never removed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • request_parameters object
  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (429 Too Many Requests) that is returned when a request is denied.

  • tokens_label_key string

    Flow label key that will be used to override the number of tokens for this request. This is an optional parameter and takes highest precedence when assigning tokens to a request. The label value must be a valid number.

  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • sampler object

    Sampler is a component that regulates the flow of requests to the service by allowing only the specified percentage of requests or sticky sessions.

  • in_ports object

    Input ports for the Sampler.

  • accept_percentage object

    The percentage of requests to accept.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • parameters object required

    Parameters for the Sampler.

  • denied_response_status_code HTTP response codes. For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

    Possible values: [Empty, Continue, OK, Created, Accepted, NonAuthoritativeInformation, NoContent, ResetContent, PartialContent, MultiStatus, AlreadyReported, IMUsed, MultipleChoices, MovedPermanently, Found, SeeOther, NotModified, UseProxy, TemporaryRedirect, PermanentRedirect, BadRequest, Unauthorized, PaymentRequired, Forbidden, NotFound, MethodNotAllowed, NotAcceptable, ProxyAuthenticationRequired, RequestTimeout, Conflict, Gone, LengthRequired, PreconditionFailed, PayloadTooLarge, URITooLong, UnsupportedMediaType, RangeNotSatisfiable, ExpectationFailed, MisdirectedRequest, UnprocessableEntity, Locked, FailedDependency, UpgradeRequired, PreconditionRequired, TooManyRequests, RequestHeaderFieldsTooLarge, InternalServerError, NotImplemented, BadGateway, ServiceUnavailable, GatewayTimeout, HTTPVersionNotSupported, VariantAlsoNegotiates, InsufficientStorage, LoopDetected, NotExtended, NetworkAuthenticationRequired]

    Default value: Empty

    This field allows you to override the default HTTP status code (403 Forbidden) that is returned when a request is denied.

  • ramp_mode boolean

    Default value: false

    Ramp component can accept flows with ramp_mode flag set.

  • selectors object[] required

    Possible values: >= 1

    Selectors for the component.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • session_label_key string

    The flow label key for identifying sessions.

    • When label key is specified, Sampler acts as a sticky filter. The series of flows with the same value of label key get the same decision provided that the accept_percentage is same or higher.
    • When label key is not specified, Sampler acts as a stateless filter. Percentage of flows are selected randomly for rejection.
  • pass_through_label_values string[]

    Specify certain label values to be always accepted by this Sampler regardless of accept percentage.

  • pass_through_label_values_config_key string

    Configuration key for setting pass through label values through dynamic configuration.

  • gradient_controller object

    Gradient controller calculates the ratio between the signal and the setpoint to determine the magnitude of the correction that need to be applied. This controller can be used to build AIMD (Additive Increase, Multiplicative Decrease) or MIMD style response.

  • in_ports object

    Input ports of the Gradient Controller.

  • control_variable object

    Actual current value of the control variable.

    This signal is multiplied by the gradient to produce the output.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • max object

    Maximum value to limit the output signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • min object

    Minimum value to limit the output signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • setpoint object

    Setpoint to be used for the gradient computation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object

    Signal to be used for the gradient computation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • manual_mode boolean

    In manual mode, the controller does not adjust the control variable. It emits the same output as the control variable input. This setting can be adjusted at runtime through dynamic configuration without restarting the policy.

  • manual_mode_config_key string

    Configuration key for overriding manual_mode setting through dynamic configuration.

  • out_ports object

    Output ports of the Gradient Controller.

  • output object

    Computed desired value of the control variable.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Gradient Parameters.

  • max_gradient double

    Default value: 1.7976931348623157e+308

    Maximum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • min_gradient double

    Default value: -1.7976931348623157e+308

    Minimum gradient which clamps the computed gradient value to the range, [min_gradient, max_gradient].

  • slope double required

    Slope controls the aggressiveness and direction of the Gradient Controller.

    Slope is used as exponent on the signal to setpoint ratio in computation of the gradient (see the main description for exact equation). This parameter decides how aggressive the controller responds to the deviation of signal from the setpoint. for example:

    • $\text{slope} = 1$: when signal is too high, increase control variable,
    • $\text{slope} = -1$: when signal is too high, decrease control variable,
    • $\text{slope} = -0.5$: when signal is too high, decrease control variable gradually.

    The sign of slope depends on correlation between the signal and control variable:

    • Use $\text{slope} < 0$ if there is a positive correlation between the signal and the control variable (for example, Per-pod CPU usage and total concurrency).
    • Use $\text{slope} > 0$ if there is a negative correlation between the signal and the control variable (for example, Per-pod CPU usage and number of pods).

    :::note

    You need to set negative slope for a positive correlation, as you're describing the action which controller should make when the signal increases.

    :::

    The magnitude of slope describes how aggressively should the controller react to a deviation of signal. With $|\text{slope}| = 1$, the controller will aim to bring the signal to the setpoint in one tick (assuming linear correlation with signal and setpoint). Smaller magnitudes of slope will make the controller adjust the control variable gradually.

    Setting $|\text{slope}| < 1$ (for example, $\pm0.8$) is recommended. If you experience overshooting, consider lowering the magnitude even more. Values of $|\text{slope}| > 1$ aren't recommended.

    :::note

    Remember that the gradient and output signal can be (optionally) clamped, so the slope might not fully describe aggressiveness of the controller.

    :::

  • holder object

    Holds the last valid signal value for the specified duration then waits for next valid value to hold.

  • hold_for string

    Default value: 5s

    Holding the last valid signal value for the hold_for duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • in_ports object

    Input ports for the Holder component.

  • input object

    The input signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • reset object

    Resets the holder output to the current input signal when reset signal is valid and non-zero.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Holder component.

  • output object

    The output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • integrator object

    Accumulates sum of signal every tick.

  • evaluation_interval string

    The evaluation interval of the Integrator. This determines how often the Integrator is incremented. Defaults to the evaluation interval of the circuit. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • in_ports object

    Input ports for the Integrator component.

  • input object

    The input signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • max object

    The maximum output.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • min object

    The minimum output.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • reset object

    Resets the integrator output to zero when reset signal is valid and non-zero. Reset also resets the max and min constraints.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • initial_value double

    Default value: 0

    Initial value of the integrator.

  • out_ports object

    Output ports for the Integrator component.

  • output object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • inverter object

    Logical NOT.

  • in_ports object

    Input ports for the Inverter component.

  • input object

    Signal to be negated.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Inverter component.

  • output object

    Logical negation of the input signal.

    Will always be 0 (false), 1 (true) or invalid (unknown).

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • max object

    Emits the maximum of the input signals.

  • in_ports object

    Input ports for the Max component.

  • inputs object[]

    Array of input signals.

  • Array [
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • ]
  • out_ports object

    Output ports for the Max component.

  • output object

    Signal with maximum value as an output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • min object

    Emits the minimum of the input signals.

  • in_ports object

    Input ports for the Min component.

  • inputs object[]

    Array of input signals.

  • Array [
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • ]
  • out_ports object

    Output ports for the Min component.

  • output object

    Signal with minimum value as an output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • nested_circuit object

    Nested circuit defines a sub-circuit as a high-level component. It consists of a list of components and a map of input and output ports.

  • components object[]

    List of components in the nested circuit.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • in_ports_map object

    Maps input port names to input ports.

  • property name* object (Components receive input from other components through InPorts)
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports_map object

    Maps output port names to output ports.

  • property name* object (Components produce output for other components through OutPorts)
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • nested_signal_egress object

    Nested signal egress is a special type of component that allows to extract a signal from a nested circuit.

  • in_ports object

    Input ports for the NestedSignalEgress component.

  • signal object

    Egress signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • port_name string

    Name of the port.

  • nested_signal_ingress object

    Nested signal ingress is a special type of component that allows to inject a signal into a nested circuit.

  • out_ports object

    Output ports for the NestedSignalIngress component.

  • signal object

    Ingress signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • port_name string

    Name of the port.

  • or object

    Logical OR.

  • in_ports object

    Input ports for the Or component.

  • inputs object[]

    Array of input signals.

  • Array [
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • ]
  • out_ports object

    Output ports for the Or component.

  • output object

    Result of logical OR of all the input signals.

    Will always be 0 (false), 1 (true) or invalid (unknown).

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • pid_controller object

    PID Controller is a proportional–integral–derivative controller.

  • in_ports object
  • max object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • min object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • setpoint object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • signal object
  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object
  • output object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required
  • evaluation_interval string

    The evaluation interval of the PID controller. This determines how often the PID output is computed. Defaults to the evaluation interval of the circuit. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • kd double

    Default value: 0

    The derivative gain of the PID controller.

  • ki double

    Default value: 0

    The integral gain of the PID controller.

  • kp double

    Default value: 0

    The proportional gain of the PID controller.

  • reset_after_invalid_samples int32

    Possible values: >= 1

    Default value: 4

    The integrator resets after the specified number of ticks if the signal or setpoint are continuously invalid. Defaults to 4 invalid samples.

  • polynomial_range_function object

    Polynomial Range Function is a function that maps a signal to a range of values following a polynomial function.

  • in_ports object
  • input object

    The input signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object
  • output object

    The output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required
  • clamp_to_custom_values object
  • post_end double
  • pre_start double
  • clamp_to_datapoint Clamp to the nearest data-point
  • continue_curve Continue polynomial curve
  • degree double
  • end object
  • input double
  • output double
  • start object
  • input double
  • output double
  • pulse_generator object

    Generates 0 and 1 in turns.

  • false_for string

    Default value: 5s

    Emitting 0 for the false_for duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • out_ports object

    Output ports for the PulseGenerator component.

  • output object
  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • true_for string

    Default value: 5s

    Emitting 1 for the true_for duration. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • query object

    Query components that are query databases such as Prometheus.

  • promql object

    Periodically runs a Prometheus query in the background and emits the result.

  • evaluation_interval string

    Default value: 10s

    Describes the interval between successive evaluations of the Prometheus query. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • out_ports object

    Output ports for the PromQL component.

  • output object

    The result of the Prometheus query as an output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • query_string string

    Describes the PromQL query to be run.

    :::note

    The query must return a single value either as a scalar or as a vector with a single element.

    :::

    :::info Usage with Flux Meter

    Flux Meter metrics can be queried using PromQL. Flux Meter defines histogram type of metrics in Prometheus. Therefore, one can refer to flux_meter_sum, flux_meter_count and flux_meter_bucket. The particular Flux Meter can be identified with the flux_meter_name label. There are additional labels available on a Flux Meter such as valid, flow_status, http_status_code and decision_type.

    :::

    :::info Usage with OpenTelemetry Metrics

    Aperture supports OpenTelemetry metrics. See reference for more details.

    :::

  • signal_generator object

    Generates the specified signal.

  • in_ports object

    Inputs for the Signal Generator component.

  • backward object

    Whether to progress the Signal Generator towards the previous step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • forward object

    Whether to progress the Signal Generator towards the next step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • reset object

    Whether to reset the Signal Generator to the first step.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Outputs for the Signal Generator component.

  • at_end object

    A Boolean signal indicating whether the Signal Generator is at the end of signal generation.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • at_start object

    A Boolean signal indicating whether the Signal Generator is at the start of signal generation.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • output object

    The generated signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the Signal Generator component.

  • steps object[] required

    Possible values: >= 1

  • Array [
  • duration string required

    Duration for which the step is active. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • target_output object

    The value of the step.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • ]
  • sma object

    Simple Moving Average filter.

  • in_ports object

    Input ports for the SMA component.

  • input object

    Signal to be used for the moving average computation.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the SMA component.

  • output object

    Computed moving average.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • parameters object required

    Parameters for the SMA component.

  • sma_window string required

    Window of time over which the moving average is computed. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • valid_during_warmup boolean

    Default value: false

    Whether the output is valid during the warm-up stage.

  • switcher object

    Switcher acts as a switch that emits one of the two signals based on third signal.

  • in_ports object

    Input ports for the Switcher component.

  • off_signal object

    Output signal when switch is invalid or 0.0.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • on_signal object

    Output signal when switch is valid and not 0.0.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • switch object

    Decides whether to return on_signal or off_signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • out_ports object

    Output ports for the Switcher component.

  • output object

    Selected signal (on_signal or off_signal).

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • unary_operator object

    Takes an input signal and emits the square root of the input signal.

  • in_ports object

    Input ports for the UnaryOperator component.

  • input object

    Input signal.

  • constant_signal object

    Constant value to be used for this InPort instead of a signal.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • signal_name string

    Name of the incoming Signal on the InPort.

  • operator string

    Possible values: [abs, acos, acosh, asin, asinh, atan, atanh, cbrt, ceil, cos, cosh, erf, erfc, erfcinv, erfinv, exp, exp2, expm1, floor, gamma, j0, j1, lgamma, log, log10, log1p, log2, round, roundtoeven, sin, sinh, sqrt, tan, tanh, trunc, y0, y1]

    Unary Operator to apply.

    The unary operator can be one of the following:

    • abs: Absolute value with the sign removed.
    • acos: arccosine, in radians.
    • acosh: Inverse hyperbolic cosine.
    • asin: arcsine, in radians.
    • asinh: Inverse hyperbolic sine.
    • atan: arctangent, in radians.
    • atanh: Inverse hyperbolic tangent.
    • cbrt: Cube root.
    • ceil: Least integer value greater than or equal to input signal.
    • cos: cosine, in radians.
    • cosh: Hyperbolic cosine.
    • erf: Error function.
    • erfc: Complementary error function.
    • erfcinv: Inverse complementary error function.
    • erfinv: Inverse error function.
    • exp: The base-e exponential of input signal.
    • exp2: The base-2 exponential of input signal.
    • expm1: The base-e exponential of input signal minus 1.
    • floor: Greatest integer value less than or equal to input signal.
    • gamma: Gamma function.
    • j0: Bessel function of the first kind of order 0.
    • j1: Bessel function of the first kind of order 1.
    • lgamma: Natural logarithm of the absolute value of the gamma function.
    • log: Natural logarithm of input signal.
    • log10: Base-10 logarithm of input signal.
    • log1p: Natural logarithm of input signal plus 1.
    • log2: Base-2 logarithm of input signal.
    • round: Round to nearest integer.
    • roundtoeven: Round to nearest integer, with ties going to the nearest even integer.
    • sin: sine, in radians.
    • sinh: Hyperbolic sine.
    • sqrt: Square root.
    • tan: tangent, in radians.
    • tanh: Hyperbolic tangent.
    • trunc: Truncate to integer.
    • y0: Bessel function of the second kind of order 0.
    • y1: Bessel function of the second kind of order 1.
  • out_ports object

    Output ports for the UnaryOperator component.

  • output object

    Output signal.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • variable object

    Emits a variable signal which can be changed at runtime through dynamic configuration.

  • config_key string

    Configuration key for overriding value setting through dynamic configuration.

  • constant_output object required

    The constant signal emitted by this component. The value of the constant signal can be overridden at runtime through dynamic configuration.

  • special_value string

    Possible values: [NaN, +Inf, -Inf]

    A special value such as NaN, +Inf, -Inf.

  • value double

    A constant value.

  • out_ports object

    Output ports for the Variable component.

  • output object

    The value is emitted to the output port.

  • signal_name string

    Name of the outgoing Signal on the OutPort.

  • ]
  • evaluation_interval string

    Default value: 1s

    Evaluation interval (tick) is the time between consecutive runs of the policy circuit. This interval is typically aligned with how often the corrective action (actuation) needs to be taken. This field employs the Duration JSON representation from Protocol Buffers. The format accommodates fractional seconds up to nine digits after the decimal point, offering nanosecond precision. Every duration value must be suffixed with an "s" to indicate 'seconds.' For example, a value of "10s" would signify a duration of 10 seconds.

  • resources object

    Resources (such as Flux Meters, Classifiers) to setup.

  • flow_control object

    FlowControlResources are resources that are provided by flow control integration.

  • classifiers object[]

    Classifiers are installed in the data-plane and are used to label the requests based on payload content.

    The flow labels created by Classifiers can be matched by Flux Meters to create metrics for control purposes.

  • Array [
  • rego object

    Rego is a policy language used to express complex policies in a concise and declarative way. It can be used to define flow classification rules by writing custom queries that extract values from request metadata. For simple cases, such as directly reading a value from header or a field from JSON body, declarative extractors are recommended.

  • labels object required

    A map of {key, value} pairs mapping from flow label keys to queries that define how to extract and propagate flow labels with that key. The name of the label maps to a variable in the Rego module. It maps to data.<package>.<label> variable.

  • property name* object
  • telemetry Decides if the created flow label should be available as an attribute in OLAP telemetry and propagated in [baggage](/concepts/flow-label#baggage)

    Default value: true

    :::note

    The flow label is always accessible in Aperture Policies regardless of this setting.

    :::

    :::caution

    When using FluxNinja extension, telemetry enabled labels are sent to Aperture Cloud for observability. Telemetry should be disabled for sensitive labels.

    :::

  • module string required

    Source code of the Rego module.

    :::note

    Must include a "package" declaration.

    :::

  • rules object

    A map of {key, value} pairs mapping from flow label keys to rules that define how to extract and propagate flow labels with that key.

  • property name* object (Rule describes a single classification Rule)

    Example of a JSON extractor:

    extractor:
    json:
    from: request.http.body
    pointer: /user/name
  • extractor object

    High-level declarative extractor.

  • address object

    Display an address as a single string - <ip>:<port>.

  • from string required

    Attribute path pointing to some string - for example, source.address.

  • from Use an attribute with no conversion

    Attribute path is a dot-separated path to attribute.

    Should be either:

    • one of the fields of Attribute Context, or
    • a special request.http.bearer pseudo-attribute. For example, request.http.method or request.http.header.user-agent

    Note: The same attribute path syntax is shared by other extractor variants, wherever attribute path is needed in their "from" syntax.

    Example:

    from: request.http.headers.user-agent
  • json object

    Parse JSON, and extract one of the fields.

  • from string required

    Attribute path pointing to some strings - for example, request.http.body.

  • pointer string

    JSON pointer represents a parsed JSON pointer which allows to select a specified field from the payload.

    Note: Uses JSON pointer syntax, for example, /foo/bar. If the pointer points into an object, it'd be converted to a string.

  • jwt object

    Parse the attribute as JWT and read the payload.

  • from string required

    JWT (JSON Web Token) can be extracted from any input attribute, but most likely you'd want to use request.http.bearer.

  • json_pointer string

    JSON pointer allowing to select a specified field from the payload.

    Note: Uses JSON pointer syntax, for example, /foo/bar. If the pointer points into an object, it'd be converted to a string.

  • path_templates object

    Match HTTP Path to given path templates.

  • template_values object

    Template value keys are OpenAPI-inspired path templates.

    • Static path segment /foo matches a path segment exactly
    • /{param} matches arbitrary path segment. (The parameter name is ignored and can be omitted ({}))
    • The parameter must cover whole segment.
    • Additionally, path template can end with /* wildcard to match arbitrary number of trailing segments (0 or more).
    • Multiple consecutive / are ignored, as well as trailing /.
    • Parametrized path segments must come after static segments.
    • *, if present, must come last.
    • Most specific template "wins" (/foo over /{} and /{} over /*).

    See also https://swagger.io/specification/#path-templating-matching\

    Example:

    /register: register
    "/user/{userId}": user
    /static/*: other
  • property name* string
  • telemetry Decides if the created flow label should be available as an attribute in OLAP telemetry and propagated in [baggage](/concepts/flow-label#baggage)

    Default value: true

    :::note

    The flow label is always accessible in Aperture Policies regardless of this setting.

    :::

    :::caution

    When using FluxNinja extension, telemetry enabled labels are sent to Aperture Cloud for observability. Telemetry should be disabled for sensitive labels.

    :::

  • selectors object[] required

    Possible values: >= 1

    Selectors for flows that will be classified by this Classifier.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • ]
  • flux_meters object

    Flux Meters are installed in the data-plane and form the observability leg of the feedback loop.

    Flux Meter created metrics can be consumed as input to the circuit through the PromQL component.

  • property name* object

    Flux Meter gathers metrics for the traffic that matches its selector. The histogram created by Flux Meter measures the workload latency by default.

    info

    Example:

    static_buckets:
    buckets: [5.0,10.0,25.0,50.0,100.0,250.0,500.0,1000.0,2500.0,5000.0,10000.0]
    selectors:
    - agent_group: demoapp
    service: service1-demo-app.demoapp.svc.cluster.local
    control_point: ingress
    attribute_key: response_duration_ms
  • attribute_key string

    Default value: workload_duration_ms

    Key of the attribute in access log or span from which the metric for this flux meter is read.

    :::info

    For list of available attributes in Envoy access logs, refer Envoy Filter

    :::

  • exponential_buckets object

    ExponentialBuckets creates count number of buckets where the lowest bucket has an upper bound of start and each following bucket's upper bound is factor times the previous bucket's upper bound. The final +inf bucket is not counted.

  • count int32

    Number of buckets.

  • factor double

    Factor to be multiplied to the previous bucket's upper bound to calculate the following bucket's upper bound.

  • start double

    Upper bound of the lowest bucket.

  • exponential_buckets_range object

    ExponentialBucketsRange creates count number of buckets where the lowest bucket is min and the highest bucket is max. The final +inf bucket is not counted.

  • count int32

    Number of buckets.

  • max double

    Highest bucket.

  • min double

    Lowest bucket.

  • linear_buckets object

    LinearBuckets creates count number of buckets, each width wide, where the lowest bucket has an upper bound of start. The final +inf bucket is not counted.

  • count int32

    Number of buckets.

  • start double

    Upper bound of the lowest bucket.

  • width double

    Width of each bucket.

  • selectors object[] required

    Possible values: >= 1

    Selectors for flows that will be metered by this Flux Meter.

  • Array [
  • agent_group string

    Default value: aperture-cloud

    Agent Group this selector applies to.

    :::info

    Agent Groups are used to scope policies to a subset of agents connected to the same controller. The agents within an agent group receive exact same policy configuration and form a peer to peer cluster to constantly share state.

    :::

  • control_point string required

    Control Point identifies location within services where policies can act on flows. For an SDK based insertion, a Control Point can represent a particular feature or execution block within a service. In case of service mesh or middleware insertion, a Control Point can identify ingress or egress calls or distinct listeners or filter chains.

  • label_matcher object

    Label Matcher can be used to match flows based on flow labels.

  • expression object

    An arbitrary expression to be evaluated on the labels.

  • all object

    The expression is true when all sub expressions are true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • any object

    The expression is true when any sub expression is true.

  • of object[]

    List of sub expressions of the match expression.

  • Array [
  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • ]
  • label_equals object

    The expression is true when label value equals given value.

  • label string required

    Name of the label to equal match the value.

  • value string

    Exact value that the label should be equal to.

  • label_exists string

    The expression is true when label with given name exists.

  • label_matches object

    The expression is true when label matches given regular expression.

  • label string required

    Name of the label to match the regular expression.

  • regex string required

    Regular expression that should match the label value. It uses Go's regular expression syntax.

  • not object

    The expression negates the result of sub expression.

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • match_expressions object[]

    List of Kubernetes-style label matcher requirements.

    Note: The requirements are combined using the logical AND operator. Deprecated: v3.0.0. Use match_list instead.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • match_labels object

    A map of {key,value} pairs representing labels to be matched. A single {key,value} in the match_labels requires that the label key is present and equal to value.

    Note: The requirements are combined using the logical AND operator.

  • property name* string
  • match_list object[]

    List of label matching requirements.

    Note: The requirements are combined using the logical AND operator.

  • Array [
  • key string required

    Label key that the selector applies to.

  • operator string required

    Possible values: [In, NotIn, Exists, DoesNotExist]

    Logical operator which represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

  • values string[]

    An array of string values that relates to the key by an operator. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.

  • ]
  • service string

    Default value: any

    The Fully Qualified Domain Name of the service to select.

    In Kubernetes, this is the FQDN of the Service object.

    :::info

    any matches all services.

    :::

    :::info

    An entity (for example, Kubernetes pod) might belong to multiple services.

    :::

  • ]
  • static_buckets object

    StaticBuckets holds the static value of the buckets where latency histogram will be stored.

  • buckets double[]

    Default value: [5, 10, 25, 50, 100, 250, 500, 1000, 2500, 5000, 10000]

    The buckets in which latency histogram will be stored.

  • infra_meters object

    Infra Meters configure custom metrics OpenTelemetry collector pipelines, which will receive and process telemetry at the agents and send metrics to the configured Prometheus. Key in this map refers to OTel pipeline name. Prefixing pipeline name with metrics/ is optional, as all the components and pipeline names would be normalized.

    Example:

    infra_meters:
    rabbitmq:
    agent_group: default
    per_agent_group: true
    processors:
    batch:
    send_batch_size: 10
    timeout: 10s
    receivers:
    rabbitmq:
    collection_interval: 10s
    endpoint: http://<rabbitmq-svc-fqdn>:15672
    password: secretpassword
    username: admin

    caution

    Validate the OTel configuration before applying it to the production cluster. Incorrect configuration will get rejected at the agents and might cause shutdown of the agent(s).

  • property name* object

    InfraMeter is a resource that sets up OpenTelemetry pipelines. It defines receivers, processors, and a single metrics pipeline which will be exported to the configured Prometheus instance. Environment variables can be used in the configuration using format ${ENV_VAR_NAME}.

  • agent_group string

    Default value: default

    AgentGroup is the agent group to sync this InfraMeter with.

  • per_agent_group boolean

    Default value: false

    PerAgentGroup marks the pipeline to be instantiated only once per agent group. This is helpful for receivers that scrape for example, some cluster-wide metrics. When not set, pipeline will be instantiated on every Agent.

  • pipeline object

    Pipeline is an OTel metrics pipeline definition, which only uses receivers and processors defined above. Exporter would be added automatically.

    If there are no processors defined or only one processor is defined, the pipeline definition can be omitted. In such cases, the pipeline will automatically use all given receivers and the defined processor (if any). However, if there are more than one processor, the pipeline must be defined explicitly.

  • processors string[]
  • receivers string[]
  • processors object

    Processors define processors to be used in custom metrics pipelines. This should be in OTel format.

  • property name* object
  • receivers object

    Receivers define receivers to be used in custom metrics pipelines. This should be in OTel format.

  • property name* object
  • telemetry_collectors object[]

    TelemetryCollector configures OpenTelemetry collector integration. Deprecated: v3.0.0. Use infra_meters instead.

  • Array [
  • agent_group string

    Default value: default

  • infra_meters object

    Infra Meters configure custom metrics OpenTelemetry collector pipelines, which will receive and process telemetry at the agents and send metrics to the configured Prometheus. Key in this map refers to OTel pipeline name. Prefixing pipeline name with metrics/ is optional, as all the components and pipeline names would be normalized.

    Example:

     telemetry_collectors:
    - agent_group: default
    infra_meters:
    rabbitmq:
    processors:
    batch:
    send_batch_size: 10
    timeout: 10s
    receivers:
    rabbitmq:
    collection_interval: 10s
    endpoint: http://<rabbitmq-svc-fqdn>:15672
    password: secretpassword
    username: admin
    per_agent_group: true

    caution

    Validate the OTel configuration before applying it to the production cluster. Incorrect configuration will get rejected at the agents and might cause shutdown of the agent(s).

  • property name* object

    InfraMeter is a resource that sets up OpenTelemetry pipelines. It defines receivers, processors, and a single metrics pipeline which will be exported to the configured Prometheus instance. Environment variables can be used in the configuration using format ${ENV_VAR_NAME}.

  • agent_group string

    Default value: default

    AgentGroup is the agent group to sync this InfraMeter with.

  • per_agent_group boolean

    Default value: false

    PerAgentGroup marks the pipeline to be instantiated only once per agent group. This is helpful for receivers that scrape for example, some cluster-wide metrics. When not set, pipeline will be instantiated on every Agent.

  • pipeline object

    Pipeline is an OTel metrics pipeline definition, which only uses receivers and processors defined above. Exporter would be added automatically.

    If there are no processors defined or only one processor is defined, the pipeline definition can be omitted. In such cases, the pipeline will automatically use all given receivers and the defined processor (if any). However, if there are more than one processor, the pipeline must be defined explicitly.

  • processors string[]
  • receivers string[]
  • processors object

    Processors define processors to be used in custom metrics pipelines. This should be in OTel format.

  • property name* object
  • receivers object

    Receivers define receivers to be used in custom metrics pipelines. This should be in OTel format.

  • property name* object
  • ]
  • reason string
  • status string

    Possible values: [VALID, INVALID, NOT_LOADED, STALE, OUTDATED]

    Default value: VALID

    • VALID: Policy is valid, present in etcd and running in the controller.
    • INVALID: Policy is present in etcd, but fails to parse.
    • NOT_LOADED: Policy is present in etcd, but is not (yet) running in the controller.
    • STALE: Policy is running on the controller, but is not present in etcd.
    • OUTDATED: Policy is present in etcd and policy with the same name is running in the controller, but these policies differ.