AttributeManifest describes a set of Attributes produced by some component of an Istio deployment. They encode information about attribute names and types. They are used by Mixer to validate configuration supplied by the operator at runtime.
||string||Optional. The revision of this document. Assigned by server.|
||string||Required. Name of the component producing these attributes. This can be the proxy (with the canonical name "istio-proxy") or the name of an
||repeated map<string, AttributeInfo>||
The set of attributes this Istio component will be responsible for producing at runtime. We map from attribute name to the attribute's specification. The name of an attribute, which is how attributes are referred to in aspect configuration, must conform to:
Attribute names must be unique within a single Istio deployment. The set of canonical attributes are described at /docs/reference/config/mixer/attribute-vocabulary.html. Attributes not in that list should be named with a component-specific suffix such as request.count-my.component
AttributeInfo describes the schema of an Istio
||string||Optional. A human-readable description of the attribute's purpose.|
||ValueType||Required. The type of data carried by this attribute.|
attributes to describe runtime activities of Istio services.
An Istio attribute carries a specific piece of information about an activity,
such as the error code of an API request, the latency of an API request, or the
original IP address of a TCP connection. The attributes are often generated
and consumed by different services. For example, a frontend service can
generate an authenticated user attribute and pass it to a backend service for
access control purpose.
To simplify the system and improve developer experience, Istio uses shared attribute definitions across all components. For example, the same authenticated user attribute will be used for logging, monitoring, analytics, billing, access control, auditing. Many Istio components provide their functionality by collecting, generating, and operating on attributes. For example, the proxy collects the error code attribute, and the logging stores it into a log.
Each Istio attribute must conform to an
AttributeInfo in an
AttributeManifest in the current Istio deployment at runtime. An
AttributeInfo is used to define an attribute’s
metadata: the type of its value and a detailed description that explains
the semantics of the attribute type. Each attribute’s name is globally unique;
in other words an attribute name can only appear once across all manifests.
The runtime presentation of an attribute is intentionally left out of this specification, because passing attribute using JSON, XML, or Protocol Buffers does not change the semantics of the attribute. Different implementations can choose different representations based on their needs.
Because many systems already have REST APIs, it makes sense to define a standard HTTP mapping for Istio attributes that are compatible with typical REST APIs. The design is to map one attribute to one HTTP header, the attribute name and value becomes the HTTP header name and value. The actual encoding scheme will be decided later.
kind: CustomResourceDefinition apiVersion: apiextensions.k8s.io/v1beta1 metadata: name: attributemanifests.config.istio.io labels: package: istio.io.mixer istio: core spec: group: config.istio.io names: kind: attributemanifest plural: attributemanifests singular: attributemanifest scope: Namespaced version: v1alpha2
apiVersion: "config.istio.io/v1alpha2" kind: attributemanifest metadata: name: kubernetes namespace: istio-system spec: attributes: source.ip: valueType: IP_ADDRESS source.labels: valueType: STRING_MAP source.name: valueType: STRING source.namespace: valueType: STRING source.service: valueType: STRING source.serviceAccount: valueType: STRING destination.ip: valueType: IP_ADDRESS destination.labels: valueType: STRING_MAP destination.name: valueType: STRING destination.namespace: valueType: STRING destination.service: valueType: STRING destination.serviceAccount: valueType: STRING