Attribute Manifests



AttributeManifest describes a set of Attributes produced by some component of an Istio deployment. They encode information about attribute names and types. They are used by Mixer to validate configuration supplied by the operator at runtime.

Field Type Description
revision string Optional. The revision of this document. Assigned by server.
name string Required. Name of the component producing these attributes. This can be the proxy (with the canonical name "istio-proxy") or the name of an attributes kind adapter in Mixer.
attributes repeated map<string, AttributeInfo>

The set of attributes this Istio component will be responsible for producing at runtime. We map from attribute name to the attribute's specification. The name of an attribute, which is how attributes are referred to in aspect configuration, must conform to:


Where IDENT must match the regular expression [a-z][a-z0-9]+ and SEPARATOR must match the regular expression [\.-].

Attribute names must be unique within a single Istio deployment. The set of canonical attributes are described at /docs/reference/config/mixer/attribute-vocabulary.html. Attributes not in that list should be named with a component-specific suffix such as request.count-my.component


AttributeInfo describes the schema of an Istio Attribute.

Field Type Description
description string Optional. A human-readable description of the attribute's purpose.
valueType ValueType Required. The type of data carried by this attribute.

Istio Attributes

Istio uses attributes to describe runtime activities of Istio services. An Istio attribute carries a specific piece of information about an activity, such as the error code of an API request, the latency of an API request, or the original IP address of a TCP connection. The attributes are often generated and consumed by different services. For example, a frontend service can generate an authenticated user attribute and pass it to a backend service for access control purpose.

To simplify the system and improve developer experience, Istio uses shared attribute definitions across all components. For example, the same authenticated user attribute will be used for logging, monitoring, analytics, billing, access control, auditing. Many Istio components provide their functionality by collecting, generating, and operating on attributes. For example, the proxy collects the error code attribute, and the logging stores it into a log.


Each Istio attribute must conform to an AttributeInfo in an AttributeManifest in the current Istio deployment at runtime. An AttributeInfo is used to define an attribute’s metadata: the type of its value and a detailed description that explains the semantics of the attribute type. Each attribute’s name is globally unique; in other words an attribute name can only appear once across all manifests.

The runtime presentation of an attribute is intentionally left out of this specification, because passing attribute using JSON, XML, or Protocol Buffers does not change the semantics of the attribute. Different implementations can choose different representations based on their needs.

HTTP Mapping

Because many systems already have REST APIs, it makes sense to define a standard HTTP mapping for Istio attributes that are compatible with typical REST APIs. The design is to map one attribute to one HTTP header, the attribute name and value becomes the HTTP header name and value. The actual encoding scheme will be decided later.

Custom Resource Definition

kind: CustomResourceDefinition
    istio: core
    kind: attributemanifest
    plural: attributemanifests
    singular: attributemanifest
  scope: Namespaced
  version: v1alpha2

Example Manifest

apiVersion: ""
kind: attributemanifest
  name: kubernetes
  namespace: istio-system
      valueType: IP_ADDRESS
      valueType: STRING_MAP
      valueType: STRING
      valueType: STRING
      valueType: STRING
      valueType: STRING
      valueType: IP_ADDRESS
      valueType: STRING_MAP
      valueType: STRING
      valueType: STRING
      valueType: STRING
      valueType: STRING