apollographql
feat: experimental circuit breaker plugin
Fixes #2251
Circuit breaker plugin that will return a GraphQLError with CIRCUIT_BREAKER_OPEN error extension code, if the StateMachine is in Open state, or if the call is not permitted, like being in HalfOpen state.
The plugin is configurable in different ways.
Target all subgraphs with default configuration
experimental.subgraph_circuit_breaker:
enabled: true
subgraphs: All
Target all subgraphs with spefific configuration
experimental.subgraph_circuit_breaker:
enabled: true
configuration:
success_rate: 0.5
minimum_requests: 2
success_rate_window_seconds: 10
constant_backoff_seconds: 5
subgraphs: All
Target all subgraphs with with default circuit_breaker_configuration and overrides
experimental.subgraph_circuit_breaker:
enabled: true
circuit_breaker_configuration: # default values
success_rate: 0.5
minimum_requests: 2
success_rate_window_seconds: 10
constant_backoff_seconds: 5
subgraphs:
AllWithOverrides:
subgraph-a:
success_rate: 0.8
minimum_requests: 20
success_rate_window_seconds: 1
constant_backoff_seconds: 5
# all other subgraphs will use provided configuration
Target only some subgraphs with default configuration
experimental.subgraph_circuit_breaker:
enabled: true
subgraphs:
Only:
- subgraph-a
- subgraph-b
Target only some subgraphs with overrides configuration
experimental.subgraph_circuit_breaker:
enabled: true
subgraphs:
OnlyWithOverrides:
subgraph-a:
success_rate: 0.8
minimum_requests: 20
success_rate_window_seconds: 1
constant_backoff_seconds: 5
# no more circuit breakers
Target all subgraphs except
experimental.subgraph_circuit_breaker:
enabled: true
subgraphs:
Except:
- subgraph-a
- subgraph-b
Checklist
Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.
- [X] Changes are compatible[^1]
- [ ] Documentation[^2] completed
- [ ] Performance impact assessed and acceptable
- Tests added and passing[^3]
- [ ] Unit Tests
- [ ] Integration Tests
- [ ] Manual Tests
Exceptions
Note any exceptions here
Notes
[^1]: It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. [^2]: Configuration is an important part of many changes. Where applicable please try to document configuration examples. [^3]: Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions.
CI performance tests
- [ ] connectors-const - Connectors stress test that runs with a constant number of users
- [x] const - Basic stress test that runs with a constant number of users
- [ ] demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
- [ ] demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
- [ ] enhanced-signature - Enhanced signature enabled
- [ ] events - Stress test for events with a lot of users and deduplication ENABLED
- [ ] events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
- [ ] events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
- [ ] events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
- [ ] events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
- [ ] events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
- [ ] extended-reference-mode - Extended reference mode enabled
- [ ] large-request - Stress test with a 1 MB request payload
- [ ] no-tracing - Basic stress test, no tracing
- [ ] reload - Reload test over a long period of time at a constant rate of users
- [ ] step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
- [ ] step-local-metrics - Field stats that are generated from the router rather than FTV1
- [ ] step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
- [x] step - Basic stress test that steps up the number of users over time
- [ ] xlarge-request - Stress test with 10 MB request payload
- [ ] xxlarge-request - Stress test with 100 MB request payload
![router-perf[bot] avatar](https://avatars.githubusercontent.com/u/17189275?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @samuelAndalon what is pending here, i was exploring the same feature for our service.
The only pending thing is a review, it might take a while, I advice you to implement this in your own space if you have a custom build of the router.
Hi @samuelAndalon. I'm looking into circuit breaking on the Apollo side, and I'm hoping you could help me better understand your use case. I don't see much GQL-specific code here other than the creation of the GraphQLError, so I'm wondering if the Router is the right place for this. Is there something blocking you from using an existing proxy or service mesh to do this?
so I'm wondering if the Router is the right place for this. Is there something blocking you from using an existing proxy or service mesh to do this?
you could yes, but that means that if the breaker is open @ the mesh layer, the router would still be preparing the graphql request, execute all the plugins logic, etc, just to have the mesh to block the request, that's kind of a waste of resources, IMHO the best place to have a circuit breaker is @ the application layer,
I don't see much GQL-specific code here other than the creation of the GraphQLError
that's the point of a circuit breaker, to wrap your fallible logic into an state machine