The rbac adapter provides Role-Based Access Control (RBAC) functionality for for services within the Istio mesh.

This adapter supports the authorization template.


Configuration format for the rbac adapter.

For example, the following configuration defines a RBAC handler with configuration store URL pointing to Kubernetes etcd (“k8s://”). If you want to run Mixer locally, you can set the configuration store URL to a local directory (e.g., “fs:///tmp/testdata/configroot”).

apiVersion: "config.istio.io/v1alpha2"
kind: rbac
  name: rbachandler
  namespace: istio-system
  config_store_url: "fs:///tmp/testdata/config"
Field Type Description
configStoreUrl string

URL for the config store. It is used to initiate a new Store instance. Following are some examples of the config store URL: * “k8s://” * “fs:///tmp/testdata/configroot”

cacheDuration google.protobuf.Duration

The duration for which authorization results may be cached.