Kubernetes

The kubernetes template holds data that controls the production of Kubernetes-specific attributes.

Example config:

apiVersion: "config.istio.io/v1alpha2"
kind: kubernetes
metadata:
  name: attributes
  namespace: istio-system
spec:
  # Pass the required attribute data to the adapter
  source_uid: source.uid | ""
  source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr
  destination_uid: destination.uid | ""
  destination_ip: destination.ip | ip("0.0.0.0") # default to unspecified ip addr
  attribute_bindings:
    # Fill the new attributes from the adapter produced output.
    # $out refers to an instance of OutputTemplate message
    source.ip: $out.source_pod_ip
    source.labels: $out.source_labels
    source.namespace: $out.source_namespace
    source.service: $out.source_service
    source.serviceAccount: $out.source_service_account_name
    destination.ip: $out.destination_pod_ip
    destination.labels: $out.destination_labels
    destination.namespace: $out.destination_mamespace
    destination.service: $out.destination_service
    destination.serviceAccount: $out.destination_service_account_name

OutputTemplate

OutputTemplate refers to the output from the adapter. It is used inside the attribute_binding section of the config to assign values to the generated attributes using the $out.<field name of the OutputTemplate> syntax.

Field	Type	Description
`sourcePodIp`	`istio.policy.v1beta1.IPAddress`	Refers to source pod ip address. attributebindings can refer to this field using $out.sourcepod_ip
`sourcePodName`	`string`	Refers to source pod name. attributebindings can refer to this field using $out.sourcepod_name
`sourceLabels`	`map<string, string>`	Refers to source pod labels. attributebindings can refer to this field using $out.sourcelabels
`sourceNamespace`	`string`	Refers to source pod namespace. attributebindings can refer to this field using $out.sourcenamespace
`sourceService`	`string`	Refers to source service. attributebindings can refer to this field using $out.sourceservice
`sourceServiceAccountName`	`string`	Refers to source pod service account name. attributebindings can refer to this field using $out.sourceserviceaccountname
`sourceHostIp`	`istio.policy.v1beta1.IPAddress`	Refers to source pod host ip address. attributebindings can refer to this field using $out.sourcehost_ip
`destinationPodIp`	`istio.policy.v1beta1.IPAddress`	Refers to destination pod ip address. attributebindings can refer to this field using $out.destinationpod_ip
`destinationPodName`	`string`	Refers to destination pod name. attributebindings can refer to this field using $out.destinationpod_name
`destinationLabels`	`map<string, string>`	Refers to destination pod labels. attributebindings can refer to this field using $out.destinationlabels
`destinationNamespace`	`string`	Refers to destination pod namespace. attributebindings can refer to this field using $out.destinationnamespace
`destinationService`	`string`	Refers to destination service. attributebindings can refer to this field using $out.destinationservice
`destinationServiceAccountName`	`string`	Refers to destination pod service account name. attributebindings can refer to this field using $out.destinationserviceaccountname
`destinationHostIp`	`istio.policy.v1beta1.IPAddress`	Refers to destination pod host ip address. attributebindings can refer to this field using $out.destinationhost_ip
`originPodIp`	`istio.policy.v1beta1.IPAddress`	Refers to origin pod ip address. attributebindings can refer to this field using $out.originpod_ip
`originPodName`	`string`	Refers to origin pod name. attributebindings can refer to this field using $out.originpod_name
`originLabels`	`map<string, string>`	Refers to origin pod labels. attributebindings can refer to this field using $out.originlabels
`originNamespace`	`string`	Refers to origin pod namespace. attributebindings can refer to this field using $out.originnamespace
`originService`	`string`	Refers to origin service. attributebindings can refer to this field using $out.originservice
`originServiceAccountName`	`string`	Refers to origin pod service account name. attributebindings can refer to this field using $out.originserviceaccountname
`originHostIp`	`istio.policy.v1beta1.IPAddress`	Refers to origin pod host ip address. attributebindings can refer to this field using $out.originhost_ip

Template

The kubernetes template represents data used to generate kubernetes-derived attributes.

The values provided controls the manner in which the kubernetesenv adapter discovers and generates values related to pod information.

Field	Type	Description
`sourceUid`	`string`	Source pod’s uid. Must be of the form: “kubernetes://pod.namespace”
`sourceIp`	`istio.policy.v1beta1.IPAddress`	Source pod’s ip.
`destinationUid`	`string`	Destination pod’s uid. Must be of the form: “kubernetes://pod.namespace”
`destinationIp`	`istio.policy.v1beta1.IPAddress`	Destination pod’s ip.
`originUid`	`string`	Origin pod’s uid. Must be of the form: “kubernetes://pod.namespace”
`originIp`	`istio.policy.v1beta1.IPAddress`	Origin pod’s ip.

istio.policy.v1beta1.IPAddress

An instance field of type IPAddress denotes that the expression for the field must evalaute to ValueType.IP_ADDRESS

Objects of type IPAddress are also passed to the adapters during request-time for the instance fields of type IPAddress

Field	Type	Description
`value`	`bytes`	IPAddress encoded as bytes.