Fault Injection (proto)
This extension has the qualified name envoy.filters.http.fault
Note
This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.
Tip
This extension extends and can be used with the following extension category:
This extension must be configured with one of the following type URLs:
Fault Injection configuration overview.
extensions.filters.http.fault.v3.FaultAbort
[extensions.filters.http.fault.v3.FaultAbort proto]
{
"http_status": ...,
"grpc_status": ...,
"header_abort": {...},
"percentage": {...}
}
- http_status
(uint32) HTTP status code to use to abort the HTTP request.
Precisely one of http_status, grpc_status, header_abort must be set.
- grpc_status
(uint32) gRPC status code to use to abort the gRPC request.
Precisely one of http_status, grpc_status, header_abort must be set.
- header_abort
(extensions.filters.http.fault.v3.FaultAbort.HeaderAbort) Fault aborts are controlled via an HTTP header (if applicable).
Precisely one of http_status, grpc_status, header_abort must be set.
- percentage
(type.v3.FractionalPercent) The percentage of requests/operations/connections that will be aborted with the error code provided.
extensions.filters.http.fault.v3.FaultAbort.HeaderAbort
[extensions.filters.http.fault.v3.FaultAbort.HeaderAbort proto]
Fault aborts are controlled via an HTTP header (if applicable). See the HTTP fault filter documentation for more information.
extensions.filters.http.fault.v3.HTTPFault
[extensions.filters.http.fault.v3.HTTPFault proto]
{
"delay": {...},
"abort": {...},
"upstream_cluster": ...,
"headers": [],
"downstream_nodes": [],
"max_active_faults": {...},
"response_rate_limit": {...},
"delay_percent_runtime": ...,
"abort_percent_runtime": ...,
"delay_duration_runtime": ...,
"abort_http_status_runtime": ...,
"max_active_faults_runtime": ...,
"response_rate_limit_percent_runtime": ...,
"abort_grpc_status_runtime": ...,
"disable_downstream_cluster_stats": ...,
"filter_metadata": {...}
}
- delay
(extensions.filters.common.fault.v3.FaultDelay) If specified, the filter will inject delays based on the values in the object.
- abort
(extensions.filters.http.fault.v3.FaultAbort) If specified, the filter will abort requests based on the values in the object. At least
abort
ordelay
must be specified.
- upstream_cluster
(string) Specifies the name of the (destination) upstream cluster that the filter should match on. Fault injection will be restricted to requests bound to the specific upstream cluster.
- headers
(repeated config.route.v3.HeaderMatcher) Specifies a set of headers that the filter should match on. The fault injection filter can be applied selectively to requests that match a set of headers specified in the fault filter config. The chances of actual fault injection further depend on the value of the percentage field. The filter will check the request’s headers against all the specified headers in the filter config. A match will happen if all the headers in the config are present in the request with the same values (or based on presence if the
value
field is not in the config).
- downstream_nodes
(repeated string) Faults are injected for the specified list of downstream hosts. If this setting is not set, faults are injected for all downstream nodes. Downstream node name is taken from the HTTP x-envoy-downstream-service-node header and compared against downstream_nodes list.
- max_active_faults
(UInt32Value) The maximum number of faults that can be active at a single time via the configured fault filter. Note that because this setting can be overridden at the route level, it’s possible for the number of active faults to be greater than this value (if injected via a different route). If not specified, defaults to unlimited. This setting can be overridden via
runtime <config_http_filters_fault_injection_runtime>
and any faults that are not injected due to overflow will be indicated via thefaults_overflow <config_http_filters_fault_injection_stats>
stat.Attention
Like other circuit breakers in Envoy, this is a fuzzy limit. It’s possible for the number of active faults to rise slightly above the configured amount due to the implementation details.
- response_rate_limit
(extensions.filters.common.fault.v3.FaultRateLimit) The response rate limit to be applied to the response body of the stream. When configured, the percentage can be overridden by the fault.http.rate_limit.response_percent runtime key.
Attention
This is a per-stream limit versus a connection level limit. This means that concurrent streams will each get an independent limit.
- delay_percent_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.delay.fixed_delay_percent
- abort_percent_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.abort.abort_percent
- delay_duration_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.delay.fixed_duration_ms
- abort_http_status_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.abort.http_status
- max_active_faults_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.max_active_faults
- response_rate_limit_percent_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.rate_limit.response_percent
- abort_grpc_status_runtime
(string) The runtime key to override the default runtime. The default is: fault.http.abort.grpc_status
- disable_downstream_cluster_stats
(bool) To control whether stats storage is allocated dynamically for each downstream server. If set to true, “x-envoy-downstream-service-cluster” field of header will be ignored by this filter. If set to false, dynamic stats storage will be allocated for the downstream cluster name. Default value is false.
- filter_metadata
(Struct) When an abort or delay fault is executed, the metadata struct provided here will be added to the request’s dynamic metadata under the namespace corresponding to the name of the fault filter. This data can be logged as part of Access Logs using the command operator %DYNAMIC_METADATA(NAMESPACE)%, where NAMESPACE is the name of the fault filter.