Skip to main content
Version: vNext (upcoming release)

Circuit Breaker Thresholds

Summary

In Pomerium requests will automatically fail when circuit breaker thresholds are reached. The following thresholds are available:

  • Max Connections: The maximum number of connections that Pomerium will establish to all hosts in a route's upstream cluster. Envoy default is 1024.
  • Max Pending Requests: The maximum number of requests that will be queued while waiting for a ready connection pool connection. Envoy default is 1024.
  • Max Requests: The maximum number of requests that can be outstanding to all route upstream hosts in a cluster at any given time. Envoy default is 1024.
  • Max Retries: The maximum number of retries that can be outstanding to all hosts in a route upstream cluster at any given time. Envoy default is 3. At this time Pomerium does not enable retries for any requests, though this may change in the future.
  • Max Connection Pools: The maximum number of connection pools that can be concurrently instantiated. Envoy default is unlimited.

Thresholds can be set at the global level or the individual route level. Each threshold is optional.

For route (upstream) clusters, global thresholds are applied first, then route-level thresholds override any matching fields. If neither global nor route-level thresholds are configured, Envoy's built-in defaults apply.

For Pomerium's internal clusters (such as the authorize, databroker, and control plane clusters), all thresholds default to unlimited to prevent internal traffic from being circuit-broken. Global thresholds will override these unlimited defaults.

How to Configure

Config file keysEnvironment variablesTypeUsage
circuit_breaker_thresholdsCIRCUIT_BREAKER_THRESHOLDSobjectoptional

Available Thresholds

  • max_connections
  • max_pending_requests
  • max_requests
  • max_retries
  • max_connection_pools

Examples

circuit_breaker_thresholds:
  max_connections: 128
CIRCUIT_BREAKER_THRESHOLDS='{"max_connections":128}'
Feedback