The ConcurrencyLimitingPolicy CustomResourceDefinition (CRD) is part of the Service Mesh (ASM) traffic scheduling suite. It declaratively configures the maximum number of concurrent requests for global traffic of a service in an ASM instance.
How it works
The ASM traffic scheduling suite tracks in-flight requests against the max_concurrency threshold. The selectors field determines which requests the policy applies to. When limit_by_label_key is set, requests are grouped by label, and each group maintains its own independent concurrency count.
To handle edge cases such as pod restarts where a request termination event may not be recorded, max_inflight_duration sets a timeout. Requests that exceed this timeout are automatically treated as completed, preventing stale records from permanently consuming concurrency slots.
Sample configuration
The following YAML shows a minimal ConcurrencyLimitingPolicy spec:
spec:
concurrency_limiter:
max_concurrency: 100
parameters:
max_inflight_duration: 60s
selectors:
- service: my-service.default.svc.cluster.local
port:
number: 8080-
max_concurrency: 100-- Allows up to 100 concurrent in-flight requests. -
max_inflight_duration: 60s-- Treats any request not completed within 60 seconds as finished, freeing its concurrency slot. -
selectors-- Applies the limit to traffic that matches the specified service and port.
ConcurrencyLimitingPolicySpec
The spec section is the top-level configuration for ConcurrencyLimitingPolicy.
|
Field |
Type |
Required |
Description |
|
concurrency_limiter |
Yes |
Concurrency limiter configuration. See ConcurrencyLimiter. |
ConcurrencyLimiter
Defines the concurrency limit, matching rules, and request handling behavior.
|
Field |
Type |
Required |
Description |
|
max_concurrency |
int64 |
Yes |
Maximum number of concurrent in-flight requests allowed. |
|
parameters |
Yes |
Parameters that control how the concurrency limiter groups and tracks requests. See ConcurrencyLimiterParameters. |
|
|
request_parameters |
No |
Actions the concurrency limiter performs on requests. Uses the same schema as the RateLimitingPolicy CRD. |
|
|
selectors |
[]Selector |
Yes |
Requests that the concurrency limit applies to. |
ConcurrencyLimiterParameters
Controls how the concurrency limiter tracks in-flight requests.
|
Field |
Type |
Required |
Description |
|
limit_by_label_key |
string |
No |
Groups requests by label for independent concurrency tracking. When set, each unique label value maintains its own concurrency limit. For details on labeling requests, see Description of request labels. |
|
max_idle_time |
Duration |
No |
Maximum idle time before releasing the in-flight request record for a specific label. If no requests with a given label arrive within this period, the record is released. Takes effect only when |
|
max_inflight_duration |
Duration |
Yes |
Maximum time a request is considered in-flight. After this timeout, the request is treated as completed regardless of its actual state. This prevents stale records caused by events such as pod restarts from permanently consuming concurrency slots. Set this value to the expected maximum response time of your service. |