Kubernetes

The kubernetes template holds data that controls the production of Kubernetes-specific attributes.

Example config:

apiVersion: "config.istio.io/v1alpha2"
kind: kubernetes
metadata:
  name: attributes
  namespace: istio-system
spec:
  # Pass the required attribute data to the adapter
  source_uid: source.uid | ""
  source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr
  destination_uid: destination.uid | ""
  destination_ip: destination.ip | ip("0.0.0.0") # default to unspecified ip addr
  attribute_bindings:
    # Fill the new attributes from the adapter produced output.
    # $out refers to an instance of OutputTemplate message
    source.ip: $out.source_pod_ip
    source.labels: $out.source_labels
    source.namespace: $out.source_namespace
    source.service: $out.source_service
    source.serviceAccount: $out.source_service_account_name
    destination.ip: $out.destination_pod_ip
    destination.labels: $out.destination_labels
    destination.namespace: $out.destination_mamespace
    destination.service: $out.destination_service
    destination.serviceAccount: $out.destination_service_account_name

OutputTemplate

OutputTemplate refers to the output from the adapter. It is used inside the attribute_binding section of the config to assign values to the generated attributes using the $out.<field name of the OutputTemplate> syntax.

FieldTypeDescription
sourcePodIpistio.policy.v1beta1.IPAddress

Refers to source pod ip address. attributebindings can refer to this field using $out.sourcepod_ip

sourcePodNamestring

Refers to source pod name. attributebindings can refer to this field using $out.sourcepod_name

sourceLabelsmap<string, string>

Refers to source pod labels. attributebindings can refer to this field using $out.sourcelabels

sourceNamespacestring

Refers to source pod namespace. attributebindings can refer to this field using $out.sourcenamespace

sourceServicestring

Refers to source service. attributebindings can refer to this field using $out.sourceservice

sourceServiceAccountNamestring

Refers to source pod service account name. attributebindings can refer to this field using $out.sourceserviceaccountname

sourceHostIpistio.policy.v1beta1.IPAddress

Refers to source pod host ip address. attributebindings can refer to this field using $out.sourcehost_ip

destinationPodIpistio.policy.v1beta1.IPAddress

Refers to destination pod ip address. attributebindings can refer to this field using $out.destinationpod_ip

destinationPodNamestring

Refers to destination pod name. attributebindings can refer to this field using $out.destinationpod_name

destinationLabelsmap<string, string>

Refers to destination pod labels. attributebindings can refer to this field using $out.destinationlabels

destinationNamespacestring

Refers to destination pod namespace. attributebindings can refer to this field using $out.destinationnamespace

destinationServicestring

Refers to destination service. attributebindings can refer to this field using $out.destinationservice

destinationServiceAccountNamestring

Refers to destination pod service account name. attributebindings can refer to this field using $out.destinationserviceaccountname

destinationHostIpistio.policy.v1beta1.IPAddress

Refers to destination pod host ip address. attributebindings can refer to this field using $out.destinationhost_ip

originPodIpistio.policy.v1beta1.IPAddress

Refers to origin pod ip address. attributebindings can refer to this field using $out.originpod_ip

originPodNamestring

Refers to origin pod name. attributebindings can refer to this field using $out.originpod_name

originLabelsmap<string, string>

Refers to origin pod labels. attributebindings can refer to this field using $out.originlabels

originNamespacestring

Refers to origin pod namespace. attributebindings can refer to this field using $out.originnamespace

originServicestring

Refers to origin service. attributebindings can refer to this field using $out.originservice

originServiceAccountNamestring

Refers to origin pod service account name. attributebindings can refer to this field using $out.originserviceaccountname

originHostIpistio.policy.v1beta1.IPAddress

Refers to origin pod host ip address. attributebindings can refer to this field using $out.originhost_ip

Template

The kubernetes template represents data used to generate kubernetes-derived attributes.

The values provided controls the manner in which the kubernetesenv adapter discovers and generates values related to pod information.

FieldTypeDescription
sourceUidstring

Source pod’s uid. Must be of the form: “kubernetes://pod.namespace”

sourceIpistio.policy.v1beta1.IPAddress

Source pod’s ip.

destinationUidstring

Destination pod’s uid. Must be of the form: “kubernetes://pod.namespace”

destinationIpistio.policy.v1beta1.IPAddress

Destination pod’s ip.

originUidstring

Origin pod’s uid. Must be of the form: “kubernetes://pod.namespace”

originIpistio.policy.v1beta1.IPAddress

Origin pod’s ip.

istio.policy.v1beta1.IPAddress

An instance field of type IPAddress denotes that the expression for the field must evalaute to ValueType.IP_ADDRESS

Objects of type IPAddress are also passed to the adapters during request-time for the instance fields of type IPAddress

FieldTypeDescription
valuebytes

IPAddress encoded as bytes.