> For the complete documentation index, see [llms.txt](https://docs.mermin.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mermin.dev/configuration/reference/kubernetes-selector-relations.md). # Configure Selector Relations of Kubernetes Resources **Block:** `discovery.informer.k8s` Selector relations enable matching Kubernetes resources based on label selectors (e.g. NetworkPolicy → Pod or Service → Pod). Mermin extracts these selectors, finds matching resources, and uses the resulting relations to enrich flow metadata. The resulting attributes (e.g. `source.k8s.networkpolicy.name`, `destination.k8s.service.name`) appear on flow spans when the corresponding [Flow Attributes](/configuration/reference/flow-span-kubernetes-attribution.md) associations are enabled (e.g. `networkpolicy`, `service`). You can configure: * **Selector-to-target mapping**: which resource kind contains the selector (`kind`) and which kind to match against (`to`; currently only Pod) * **Selector field paths**: JSONPath-style paths to `matchLabels` and optional `matchExpressions` on the source resource The resource kinds you use in `selector_relations` (e.g. NetworkPolicy, Service, Deployment) must be watched by the Kubernetes informer; see [**Kubernetes Informer Discovery**](/configuration/reference/kubernetes-informer-discovery.md) for `selectors` and namespace filtering. ## Configuration A full configuration example can be found in the [Default Configuration](https://github.com/elastiflow/mermin/blob/main/docs/configuration/default/config.hcl). ### `discovery.informer.k8s` block * `selector_relations` attribute `selector_relations` is optional and lives inside `discovery.informer.k8s`. If omitted or empty, no selector-based relations are used. When present, it is a list of relation rules; each rule is an object with the attributes described below. ```hcl discovery "informer" "k8s" { selector_relations = [ { kind = "NetworkPolicy" to = "Pod" selector_match_labels_field = "spec.podSelector.matchLabels" selector_match_expressions_field = "spec.podSelector.matchExpressions" }, { kind = "Service" to = "Pod" selector_match_labels_field = "spec.selector" }, ] } ``` ## Object Types ### Selector Relation Object Each element in `selector_relations` is an object with these attributes: * `kind` attribute From Kubernetes resource kind that contains the selector. Case insensitive. Supported kinds: NetworkPolicy, Service, Deployment, ReplicaSet, StatefulSet, DaemonSet, Job, CronJob. **Type:** String **Default:** None (required) **Example:** NetworkPolicy → Pod relation ```hcl { kind = "NetworkPolicy" to = "Pod" selector_match_labels_field = "spec.podSelector.matchLabels" selector_match_expressions_field = "spec.podSelector.matchExpressions" } ``` * `to` attribute Target resource kind to match against. Case insensitive. Currently only **Pod** is supported. **Type:** String **Default:** None (required) **Example:** Match selector to Pods ```hcl { kind = "Service" to = "Pod" selector_match_labels_field = "spec.selector" } ``` * `selector_match_labels_field` attribute JSONPath-style path to the label set used for matching. May point to a `matchLabels` object (e.g. `spec.podSelector.matchLabels`) or to a flat key-value map (e.g. Service's `spec.selector`). Required for the relation to work. **Type:** String **Default:** None (required) **Examples:** * NetworkPolicy podSelector labels ```hcl selector_match_labels_field = "spec.podSelector.matchLabels" ``` * Service selector (flat map, no nested matchLabels) ```hcl selector_match_labels_field = "spec.selector" ``` * `selector_match_expressions_field` attribute JSONPath-style path to the `matchExpressions` field on the from resource. Omit for resources that only use a flat selector (e.g. Service). **Type:** String (optional) **Default:** Omitted (no matchExpressions used) **Example:** NetworkPolicy podSelector matchExpressions ```hcl { kind = "NetworkPolicy" to = "Pod" selector_match_labels_field = "spec.podSelector.matchLabels" selector_match_expressions_field = "spec.podSelector.matchExpressions" } ``` ## Common Configurations ### NetworkPolicy → Pod **Example:** Extract podSelector from NetworkPolicy and attach NetworkPolicy metadata to matching Pod flows ```hcl { kind = "NetworkPolicy" to = "Pod" selector_match_labels_field = "spec.podSelector.matchLabels" selector_match_expressions_field = "spec.podSelector.matchExpressions" } ``` ### Service → Pod **Example:** Extract spec.selector from Service and attach Service metadata to matching Pod flows ```hcl { kind = "Service" to = "Pod" selector_match_labels_field = "spec.selector" } ``` ### Workload controllers → Pod Deployment, ReplicaSet, StatefulSet, DaemonSet, and Job use `spec.selector` with optional `matchExpressions`. **Example:** Deployment → Pod ```hcl { kind = "Deployment" to = "Pod" selector_match_labels_field = "spec.selector.matchLabels" selector_match_expressions_field = "spec.selector.matchExpressions" } ``` ### CronJob → Pod CronJob’s selector lives on the job template. **Example:** CronJob → Pod ```hcl { kind = "CronJob" to = "Pod" selector_match_labels_field = "spec.jobTemplate.spec.selector.matchLabels" selector_match_expressions_field = "spec.jobTemplate.spec.selector.matchExpressions" } ``` ## Next Steps {% tabs %} {% tab title="Configure Metadata" %} 1. [**Enable Flow Attributes**](/configuration/reference/flow-span-kubernetes-attribution.md): Make selector-based metadata appear on flows 2. [**Configure Resource Watching**](/configuration/reference/kubernetes-informer-discovery.md): Ensure required resources are watched 3. [**Configure Owner Relations**](/configuration/reference/kubernetes-owner-relations.md): Walk owner references {% endtab %} {% tab title="Examples" %} 1. [**Review Complete Configurations**](/configuration/examples.md): Production-ready examples {% endtab %} {% endtabs %} ### Need Help? * [**GitHub Discussions**](https://github.com/elastiflow/mermin/discussions): Ask about selector matching --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.mermin.dev/configuration/reference/kubernetes-selector-relations.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.