--- title: Kubernetes description: A template that is used to control the production of Kubernetes-specific attributes. location: https://istio.io/docs/reference/config/policy-and-telemetry/templates/kubernetes.html layout: protoc-gen-docs generator: protoc-gen-docs number_of_entries: 2 ---

The kubernetes template holds data that controls the production of Kubernetes-specific attributes.

Example config:

apiVersion: "config.istio.io/v1alpha2"
kind: kubernetes
metadata:
  name: attributes
  namespace: istio-system
spec:
  # Pass the required attribute data to the adapter
  source_uid: source.uid | ""
  source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr
  destination_uid: destination.uid | ""
  destination_ip: destination.ip | ip("0.0.0.0") # default to unspecified ip addr
  attribute_bindings:
    # Fill the new attributes from the adapter produced output.
    # $out refers to an instance of OutputTemplate message
    source.ip: $out.source_pod_ip
    source.labels: $out.source_labels
    source.namespace: $out.source_namespace
    source.service: $out.source_service
    source.serviceAccount: $out.source_service_account_name
    destination.ip: $out.destination_pod_ip
    destination.labels: $out.destination_labels
    destination.namespace: $out.destination_mamespace
    destination.service: $out.destination_service
    destination.serviceAccount: $out.destination_service_account_name

Template

The kubernetes template represents data used to generate kubernetes-derived attributes.

The values provided controls the manner in which the kubernetesenv adapter discovers and generates values related to pod information. Next ID: 8

Field Type Description Required
sourceUid string

Source pod’s uid. Must be of the form: “kubernetes://pod.namespace”

No
sourceIp IPAddress

Source pod’s ip.

No
destinationUid string

Destination pod’s uid. Must be of the form: “kubernetes://pod.namespace”

No
destinationIp IPAddress

Destination pod’s ip.

No
destinationPort int64

Destination container’s port number.

No

OutputTemplate

OutputTemplate refers to the output from the adapter. It is used inside the attribute_binding section of the config to assign values to the generated attributes using the $out.<field name of the OutputTemplate> syntax. Next ID: 33

Field Type Description Required
sourcePodUid string

Refers to the source.uid for a pod. This is for TCP use cases where the attribute is not present. attributebindings can refer to this field using $out.sourcepod_uid

No
sourcePodIp IPAddress

Refers to source pod ip address. attributebindings can refer to this field using $out.sourcepod_ip

No
sourcePodName string

Refers to source pod name. attributebindings can refer to this field using $out.sourcepod_name

No
sourceLabels map<string, string>

Refers to source pod labels. attributebindings can refer to this field using $out.sourcelabels

No
sourceNamespace string

Refers to source pod namespace. attributebindings can refer to this field using $out.sourcenamespace

No
sourceServiceAccountName string

Refers to source pod service account name. attributebindings can refer to this field using $out.sourceserviceaccountname

No
sourceHostIp IPAddress

Refers to source pod host ip address. attributebindings can refer to this field using $out.sourcehost_ip

No
sourceWorkloadUid string

Refers to the Istio workload identifier for the source pod. Attributebindings can refer to this field using $out.sourceworkload_uid

No
sourceWorkloadName string

Refers to the Istio workload name for the source pod. Attributebindings can refer to this field using $out.sourceworkload_name

No
sourceWorkloadNamespace string

Refers to the Istio workload namespace for the source pod. Attributebindings can refer to this field using $out.sourceworkload_namespace

No
sourceOwner string

Refers to the (controlling) owner of the source pod. Attributebindings can refer to this field using $out.sourceowner

No
destinationPodUid string

Refers to the destination.uid for a pod. This is for TCP use cases where the attribute is not present. attributebindings can refer to this field using $out.destinationpod_uid

No
destinationPodIp IPAddress

Refers to destination pod ip address. attributebindings can refer to this field using $out.destinationpod_ip

No
destinationPodName string

Refers to destination pod name. attributebindings can refer to this field using $out.destinationpod_name

No
destinationContainerName string

Refers to destination container name. attributebindings can refer to this field using $out.destinationcontainer_name

No
destinationLabels map<string, string>

Refers to destination pod labels. attributebindings can refer to this field using $out.destinationlabels

No
destinationNamespace string

Refers to destination pod namespace. attributebindings can refer to this field using $out.destinationnamespace

No
destinationServiceAccountName string

Refers to destination pod service account name. attributebindings can refer to this field using $out.destinationserviceaccountname

No
destinationHostIp IPAddress

Refers to destination pod host ip address. attributebindings can refer to this field using $out.destinationhost_ip

No
destinationOwner string

Refers to the (controlling) owner of the destination pod. Attributebindings can refer to this field using $out.destinationowner

No
destinationWorkloadUid string

Refers to the Istio workload identifier for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_uid

No
destinationWorkloadName string

Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_name

No
destinationWorkloadNamespace string

Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_namespace

No