Flow Attributes

Flow attributes define which Kubernetes metadata to extract and how to associate it with network flows.

Overview

The attributes configuration has two main components:

1. Extract: Which metadata fields to extract from Kubernetes resources

2. Association: How to map flow attributes (IPs, ports) to Kubernetes object fields

Configuration

attributes "source" "k8s" {
  extract {
    metadata = [
      "[*].metadata.name",
      "[*].metadata.namespace",
      "[*].metadata.uid",
    ]
  }

  association {
    pod = {
      sources = [
        {
          from = "flow"
          name = "source.ip"
          to = ["status.podIP", "status.podIPs[*]"]
        }
      ]
    }

    service = {
      sources = [
        {
          from = "flow"
          name = "source.ip"
          to = ["spec.clusterIP", "spec.clusterIPs[*]"]
        },
        {
          from = "flow"
          name = "source.port"
          to = ["spec.ports[*].port"]
        }
      ]
    }
  }
}

Extract Configuration

metadata

Array of JSON paths to extract from Kubernetes resources.

Common extractions:

Syntax:

• [*]: Applies to all resource kinds

• pod.metadata.name: Specific to pods

• [*].metadata.labels: Extract labels

Association Configuration

Associations map flow fields to Kubernetes object fields for matching.

Pod Association

Service Association

Source vs Destination

Configure attributes for both flow directions:

Default Configuration

Strategy: Comprehensive Kubernetes metadata enrichment without manual configuration

• Pod associations capture container networking (IPs, ports, protocols) including both pod and host networking

• Service associations cover all service types (ClusterIP, LoadBalancer, ExternalIP) with port and protocol matching

• Node associations match node IP addresses for host networking scenarios

• Endpoint associations capture endpoint slice IP addresses for service discovery

This covers the most common Kubernetes networking patterns and provides immediate network observability upon deployment.

How to Disable Default Attributes

If you need to disable the automatic attributes configuration, override it with an empty configuration:

How to Customize Default Attributes

You can provide your own attributes configuration to override the defaults:

Any explicit attributes configuration completely replaces the defaults for that direction and provider.

Verification

To verify the default attributes are working:

1. Deploy Mermin without any attributes configuration

2. Generate network traffic in your cluster

3. Check that flow spans include Kubernetes metadata like:

   • k8s.pod.name

   • k8s.service.name

   • k8s.namespace.name

Next Steps

• Kubernetes Informers: Configure resource watching

• Owner Relations: Add owner metadata

• Configuration Examples: See complete configurations