Admission Control

This extension may be referenced by the qualified name envoy.filters.http.admission_control


This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.


This API is work-in-progress and is subject to breaking changes.


[extensions.filters.http.admission_control.v3alpha.AdmissionControl proto]

  "enabled": "{...}",
  "success_criteria": "{...}",
  "sampling_window": "{...}",
  "aggression_coefficient": "{...}"

(config.core.v3.RuntimeFeatureFlag) If set to false, the admission control filter will operate as a pass-through filter. If the message is unspecified, the filter will be enabled.


(extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria, REQUIRED) Defines how a request is considered a success/failure.


(Duration) The sliding time window over which the success rate is calculated. The window is rounded to the nearest second. Defaults to 120s.


(config.core.v3.RuntimeDouble) Rejection probability is defined by the formula:

max(0, (rq_count - aggression_coefficient * rq_success_count) / (rq_count + 1))

The coefficient dictates how aggressively the admission controller will throttle requests as the success rate drops. Lower values will cause throttling to kick in at higher success rates and result in more aggressive throttling. Any values less than 1.0, will be set to 1.0. If the message is unspecified, the coefficient is 2.0.


[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria proto]

Default method of specifying what constitutes a successful request. All status codes that indicate a successful request must be explicitly specified if not relying on the default values.

  "http_criteria": "{...}",
  "grpc_criteria": "{...}"

(extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria) If HTTP criteria are unspecified, all HTTP status codes below 500 are treated as successful responses.


The default HTTP codes considered successful by the admission controller are done so due to the unlikelihood that sending fewer requests would change their behavior (for example: redirects, unauthorized access, or bad requests won’t be alleviated by sending less traffic).


(extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria) GRPC status codes to consider as request successes. If unspecified, defaults to: Ok, Cancelled, Unknown, InvalidArgument, NotFound, AlreadyExists, Unauthenticated, FailedPrecondition, OutOfRange, PermissionDenied, and Unimplemented.


The default gRPC codes that are considered successful by the admission controller are chosen because of the unlikelihood that sending fewer requests will change the behavior.


[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria proto]

  "http_success_status": []

(type.v3.Int32Range, REQUIRED) Status code ranges that constitute a successful request. Configurable codes are in the range [100, 600).


[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria proto]

  "grpc_success_status": []

(uint32, REQUIRED) Status codes that constitute a successful request. Mappings can be found at: