.. _envoy_v3_api_file_envoy/extensions/filters/http/admission_control/v3alpha/admission_control.proto: Admission Control ================= .. _extension_envoy.filters.http.admission_control: This extension may be referenced by the qualified name *envoy.filters.http.admission_control* .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. .. warning:: This API is work-in-progress and is subject to breaking changes. .. _envoy_v3_api_msg_extensions.filters.http.admission_control.v3alpha.AdmissionControl: extensions.filters.http.admission_control.v3alpha.AdmissionControl ------------------------------------------------------------------ `[extensions.filters.http.admission_control.v3alpha.AdmissionControl proto] `_ .. code-block:: json { "enabled": "{...}", "success_criteria": "{...}", "sampling_window": "{...}", "aggression": "{...}", "sr_threshold": "{...}" } .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.enabled: enabled (:ref:`config.core.v3.RuntimeFeatureFlag `) If set to false, the admission control filter will operate as a pass-through filter. If the message is unspecified, the filter will be enabled. .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.success_criteria: success_criteria (:ref:`extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria `, *REQUIRED*) Defines how a request is considered a success/failure. .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.sampling_window: sampling_window (`Duration `_) The sliding time window over which the success rate is calculated. The window is rounded to the nearest second. Defaults to 30s. .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.aggression: aggression (:ref:`config.core.v3.RuntimeDouble `) Rejection probability is defined by the formula:: max(0, (rq_count - rq_success_count / sr_threshold) / (rq_count + 1)) ^ (1 / aggression) The aggression dictates how heavily the admission controller will throttle requests upon SR dropping at or below the threshold. A value of 1 will result in a linear increase in rejection probability as SR drops. Any values less than 1.0, will be set to 1.0. If the message is unspecified, the aggression is 1.0. See `the admission control documentation `_ for a diagram illustrating this. .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.sr_threshold: sr_threshold (:ref:`config.core.v3.RuntimePercent `) Dictates the success rate at which the rejection probability is non-zero. As success rate drops below this threshold, rejection probability will increase. Any success rate above the threshold results in a rejection probability of 0. Defaults to 95%. .. _envoy_v3_api_msg_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria: extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria ---------------------------------------------------------------------------------- `[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria proto] `_ Default method of specifying what constitutes a successful request. All status codes that indicate a successful request must be explicitly specified if not relying on the default values. .. code-block:: json { "http_criteria": "{...}", "grpc_criteria": "{...}" } .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.http_criteria: http_criteria (:ref:`extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria `) If HTTP criteria are unspecified, all HTTP status codes below 500 are treated as successful responses. .. note:: The default HTTP codes considered successful by the admission controller are done so due to the unlikelihood that sending fewer requests would change their behavior (for example: redirects, unauthorized access, or bad requests won't be alleviated by sending less traffic). .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.grpc_criteria: grpc_criteria (:ref:`extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria `) GRPC status codes to consider as request successes. If unspecified, defaults to: Ok, Cancelled, Unknown, InvalidArgument, NotFound, AlreadyExists, Unauthenticated, FailedPrecondition, OutOfRange, PermissionDenied, and Unimplemented. .. note:: The default gRPC codes that are considered successful by the admission controller are chosen because of the unlikelihood that sending fewer requests will change the behavior. .. _envoy_v3_api_msg_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria: extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria ----------------------------------------------------------------------------------------------- `[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria proto] `_ .. code-block:: json { "http_success_status": [] } .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.HttpCriteria.http_success_status: http_success_status (**repeated** :ref:`type.v3.Int32Range `, *REQUIRED*) Status code ranges that constitute a successful request. Configurable codes are in the range [100, 600). .. _envoy_v3_api_msg_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria: extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria ----------------------------------------------------------------------------------------------- `[extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria proto] `_ .. code-block:: json { "grpc_success_status": [] } .. _envoy_v3_api_field_extensions.filters.http.admission_control.v3alpha.AdmissionControl.SuccessCriteria.GrpcCriteria.grpc_success_status: grpc_success_status (**repeated** `uint32 `_, *REQUIRED*) Status codes that constitute a successful request. Mappings can be found at: https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.