Kubernetes

3 minute read

The kubernetes template holds data that controls the production of Kubernetes-specific attributes.

Example config:

apiVersion: "config.istio.io/v1alpha2"
kind: kubernetes
metadata:
  name: attributes
  namespace: istio-system
spec:
  # Pass the required attribute data to the adapter
  source_uid: source.uid | ""
  source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr
  destination_uid: destination.uid | ""
  destination_ip: destination.ip | ip("0.0.0.0") # default to unspecified ip addr
  attribute_bindings:
    # Fill the new attributes from the adapter produced output.
    # $out refers to an instance of OutputTemplate message
    source.ip: $out.source_pod_ip
    source.labels: $out.source_labels
    source.namespace: $out.source_namespace
    source.service: $out.source_service
    source.serviceAccount: $out.source_service_account_name
    destination.ip: $out.destination_pod_ip
    destination.labels: $out.destination_labels
    destination.namespace: $out.destination_mamespace
    destination.service: $out.destination_service
    destination.serviceAccount: $out.destination_service_account_name

OutputTemplate

OutputTemplate refers to the output from the adapter. It is used inside the attribute_binding section of the config to assign values to the generated attributes using the $out.<field name of the OutputTemplate> syntax. Next ID: 33

Field	Type	Description
`sourcePodUid`	`string`	Refers to the source.uid for a pod. This is for TCP use cases where the attribute is not present. attributebindings can refer to this field using $out.sourcepod_uid
`sourcePodIp`	`istio.policy.v1beta1.IPAddress¹`	Refers to source pod ip address. attributebindings can refer to this field using $out.sourcepod_ip
`sourcePodName`	`string`	Refers to source pod name. attributebindings can refer to this field using $out.sourcepod_name
`sourceLabels`	`map<string, string>`	Refers to source pod labels. attributebindings can refer to this field using $out.sourcelabels
`sourceNamespace`	`string`	Refers to source pod namespace. attributebindings can refer to this field using $out.sourcenamespace
`sourceServiceAccountName`	`string`	Refers to source pod service account name. attributebindings can refer to this field using $out.sourceserviceaccountname
`sourceHostIp`	`istio.policy.v1beta1.IPAddress¹`	Refers to source pod host ip address. attributebindings can refer to this field using $out.sourcehost_ip
`sourceWorkloadUid`	`string`	Refers to the Istio workload identifier for the source pod. Attributebindings can refer to this field using $out.sourceworkload_uid
`sourceWorkloadName`	`string`	Refers to the Istio workload name for the source pod. Attributebindings can refer to this field using $out.sourceworkload_name
`sourceWorkloadNamespace`	`string`	Refers to the Istio workload namespace for the source pod. Attributebindings can refer to this field using $out.sourceworkload_namespace
`sourceOwner`	`string`	Refers to the (controlling) owner of the source pod. Attributebindings can refer to this field using $out.sourceowner
`destinationPodUid`	`string`	Refers to the destination.uid for a pod. This is for TCP use cases where the attribute is not present. attributebindings can refer to this field using $out.destinationpod_uid
`destinationPodIp`	`istio.policy.v1beta1.IPAddress¹`	Refers to destination pod ip address. attributebindings can refer to this field using $out.destinationpod_ip
`destinationPodName`	`string`	Refers to destination pod name. attributebindings can refer to this field using $out.destinationpod_name
`destinationContainerName`	`string`	Refers to destination container name. attributebindings can refer to this field using $out.destinationcontainer_name
`destinationLabels`	`map<string, string>`	Refers to destination pod labels. attributebindings can refer to this field using $out.destinationlabels
`destinationNamespace`	`string`	Refers to destination pod namespace. attributebindings can refer to this field using $out.destinationnamespace
`destinationServiceAccountName`	`string`	Refers to destination pod service account name. attributebindings can refer to this field using $out.destinationserviceaccountname
`destinationHostIp`	`istio.policy.v1beta1.IPAddress¹`	Refers to destination pod host ip address. attributebindings can refer to this field using $out.destinationhost_ip
`destinationOwner`	`string`	Refers to the (controlling) owner of the destination pod. Attributebindings can refer to this field using $out.destinationowner
`destinationWorkloadUid`	`string`	Refers to the Istio workload identifier for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_uid
`destinationWorkloadName`	`string`	Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_name
`destinationWorkloadNamespace`	`string`	Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_namespace

Template

The kubernetes template represents data used to generate kubernetes-derived attributes.

The values provided controls the manner in which the kubernetesenv adapter discovers and generates values related to pod information. Next ID: 8

Field	Type	Description
`sourceUid`	`string`	Source pod’s uid. Must be of the form: “kubernetes://pod.namespace”
`sourceIp`	`istio.policy.v1beta1.IPAddress¹`	Source pod’s ip.
`destinationUid`	`string`	Destination pod’s uid. Must be of the form: “kubernetes://pod.namespace”
`destinationIp`	`istio.policy.v1beta1.IPAddress¹`	Destination pod’s ip.
`destinationPort`	`int64`	Destination container’s port number.

https://istio.io/v1.2/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress