github.com/cilium/cilium@v1.16.2/api/v1/openapi.yaml (about) 1 --- 2 swagger: '2.0' 3 info: 4 title: Cilium API 5 description: Cilium 6 version: v1beta1 7 x-schemes: 8 - unix 9 basePath: "/v1" 10 produces: 11 - application/json 12 consumes: 13 - application/json 14 paths: 15 "/cluster/nodes": 16 get: 17 summary: Get nodes information stored in the cilium-agent 18 tags: 19 - daemon 20 parameters: 21 - name: client-id 22 description: | 23 Client UUID should be used when the client wants to request 24 a diff of nodes added and / or removed since the last time 25 that client has made a request. 26 in: header 27 required: false 28 type: integer 29 responses: 30 '200': 31 description: Success 32 schema: 33 "$ref": "#/definitions/ClusterNodeStatus" 34 "/healthz": 35 get: 36 summary: Get health of Cilium daemon 37 description: | 38 Returns health and status information of the Cilium daemon and related 39 components such as the local container runtime, connected datastore, 40 Kubernetes integration and Hubble. 41 tags: 42 - daemon 43 parameters: 44 - name: brief 45 description: | 46 Brief will return a brief representation of the Cilium status. 47 in: header 48 required: false 49 type: boolean 50 responses: 51 '200': 52 description: Success 53 schema: 54 "$ref": "#/definitions/StatusResponse" 55 "/config": 56 get: 57 summary: Get configuration of Cilium daemon 58 description: | 59 Returns the configuration of the Cilium daemon. 60 tags: 61 - daemon 62 responses: 63 '200': 64 description: Success 65 schema: 66 "$ref": "#/definitions/DaemonConfiguration" 67 patch: 68 summary: Modify daemon configuration 69 description: | 70 Updates the daemon configuration by applying the provided 71 ConfigurationMap and regenerates & recompiles all required datapath 72 components. 73 tags: 74 - daemon 75 parameters: 76 - name: configuration 77 in: body 78 required: true 79 schema: 80 "$ref": "#/definitions/DaemonConfigurationSpec" 81 responses: 82 '200': 83 description: Success 84 '400': 85 description: Bad configuration parameters 86 schema: 87 "$ref": "#/definitions/Error" 88 '403': 89 description: Forbidden 90 '500': 91 description: Recompilation failed 92 x-go-name: Failure 93 schema: 94 "$ref": "#/definitions/Error" 95 "/endpoint/{id}": 96 get: 97 summary: Get endpoint by endpoint ID 98 description: | 99 Returns endpoint information 100 tags: 101 - endpoint 102 parameters: 103 - "$ref": "#/parameters/endpoint-id" 104 responses: 105 '200': 106 description: Success 107 schema: 108 "$ref": "#/definitions/Endpoint" 109 '400': 110 description: Invalid endpoint ID format for specified type 111 x-go-name: Invalid 112 schema: 113 "$ref": "#/definitions/Error" 114 '404': 115 description: Endpoint not found 116 '429': 117 description: Rate-limiting too many requests in the given time frame 118 put: 119 summary: Create endpoint 120 description: | 121 Creates a new endpoint 122 tags: 123 - endpoint 124 parameters: 125 - "$ref": "#/parameters/endpoint-id" 126 - "$ref": "#/parameters/endpoint-change-request" 127 responses: 128 '201': 129 description: Created 130 schema: 131 "$ref": "#/definitions/Endpoint" 132 '400': 133 description: Invalid endpoint in request 134 x-go-name: Invalid 135 schema: 136 "$ref": "#/definitions/Error" 137 '403': 138 description: Forbidden 139 '409': 140 description: Endpoint already exists 141 x-go-name: Exists 142 '500': 143 description: Endpoint creation failed 144 x-go-name: Failed 145 schema: 146 "$ref": "#/definitions/Error" 147 '429': 148 description: Rate-limiting too many requests in the given time frame 149 patch: 150 summary: Modify existing endpoint 151 deprecated: true 152 description: | 153 Applies the endpoint change request to an existing endpoint 154 tags: 155 - endpoint 156 parameters: 157 - "$ref": "#/parameters/endpoint-id" 158 - "$ref": "#/parameters/endpoint-change-request" 159 responses: 160 '200': 161 description: Success 162 '400': 163 description: Invalid modify endpoint request 164 x-go-name: Invalid 165 schema: 166 "$ref": "#/definitions/Error" 167 '403': 168 description: Forbidden 169 '404': 170 description: Endpoint does not exist 171 '500': 172 description: Endpoint update failed 173 x-go-name: Failed 174 schema: 175 "$ref": "#/definitions/Error" 176 '429': 177 description: Rate-limiting too many requests in the given time frame 178 delete: 179 summary: Delete endpoint 180 description: | 181 Deletes the endpoint specified by the ID. Deletion is imminent and 182 atomic, if the deletion request is valid and the endpoint exists, 183 deletion will occur even if errors are encountered in the process. If 184 errors have been encountered, the code 202 will be returned, otherwise 185 200 on success. 186 187 All resources associated with the endpoint will be freed and the 188 workload represented by the endpoint will be disconnected.It will no 189 longer be able to initiate or receive communications of any sort. 190 tags: 191 - endpoint 192 parameters: 193 - "$ref": "#/parameters/endpoint-id" 194 responses: 195 '200': 196 description: Success 197 '206': 198 description: Deleted with a number of errors encountered 199 x-go-name: Errors 200 schema: 201 type: integer 202 '400': 203 description: | 204 Invalid endpoint ID format for specified type. Details in error 205 message 206 x-go-name: Invalid 207 schema: 208 "$ref": "#/definitions/Error" 209 '403': 210 description: Forbidden 211 '404': 212 description: Endpoint not found 213 '429': 214 description: Rate-limiting too many requests in the given time frame 215 "/endpoint": 216 get: 217 summary: Retrieves a list of endpoints that have metadata matching the provided parameters. 218 description: | 219 Retrieves a list of endpoints that have metadata matching the provided parameters, or all endpoints if no parameters provided. 220 tags: 221 - endpoint 222 parameters: 223 - "$ref": "#/parameters/labels" 224 responses: 225 '200': 226 description: Success 227 schema: 228 type: array 229 items: 230 "$ref": "#/definitions/Endpoint" 231 '404': 232 description: Endpoints with provided parameters not found 233 '429': 234 description: Rate-limiting too many requests in the given time frame 235 delete: 236 summary: Deletes a list of endpoints 237 description: | 238 Deletes a list of endpoints that have endpoints matching the provided properties 239 tags: 240 - endpoint 241 parameters: 242 - "$ref": "#/parameters/endpoint-batch-delete-request" 243 responses: 244 '200': 245 description: Success 246 '206': 247 description: Deleted with a number of errors encountered 248 x-go-name: Errors 249 schema: 250 type: integer 251 '400': 252 description: Invalid endpoint delete request 253 x-go-name: Invalid 254 '404': 255 description: No endpoints with provided parameters found 256 '429': 257 description: Rate-limiting too many requests in the given time frame 258 "/endpoint/{id}/config": 259 get: 260 summary: Retrieve endpoint configuration 261 description: | 262 Retrieves the configuration of the specified endpoint. 263 tags: 264 - endpoint 265 parameters: 266 - "$ref": "#/parameters/endpoint-id" 267 responses: 268 '200': 269 description: Success 270 schema: 271 "$ref": "#/definitions/EndpointConfigurationStatus" 272 '404': 273 description: Endpoint not found 274 '429': 275 description: Rate-limiting too many requests in the given time frame 276 patch: 277 summary: Modify mutable endpoint configuration 278 description: | 279 Update the configuration of an existing endpoint and regenerates & 280 recompiles the corresponding programs automatically. 281 tags: 282 - endpoint 283 parameters: 284 - "$ref": "#/parameters/endpoint-id" 285 - name: endpoint-configuration 286 in: body 287 required: true 288 schema: 289 "$ref": "#/definitions/EndpointConfigurationSpec" 290 responses: 291 '200': 292 description: Success 293 '400': 294 description: Invalid configuration request 295 x-go-name: Invalid 296 '403': 297 description: Forbidden 298 '404': 299 description: Endpoint not found 300 '500': 301 description: Update failed. Details in message. 302 x-go-name: Failed 303 schema: 304 "$ref": "#/definitions/Error" 305 '429': 306 description: Rate-limiting too many requests in the given time frame 307 "/endpoint/{id}/labels": 308 get: 309 summary: Retrieves the list of labels associated with an endpoint. 310 tags: 311 - endpoint 312 parameters: 313 - "$ref": "#/parameters/endpoint-id" 314 responses: 315 '200': 316 description: Success 317 schema: 318 "$ref": "#/definitions/LabelConfiguration" 319 '404': 320 description: Endpoint not found 321 '429': 322 description: Rate-limiting too many requests in the given time frame 323 patch: 324 summary: Set label configuration of endpoint 325 description: | 326 Sets labels associated with an endpoint. These can be user provided or 327 derived from the orchestration system. 328 tags: 329 - endpoint 330 parameters: 331 - "$ref": "#/parameters/endpoint-id" 332 - name: configuration 333 in: body 334 required: true 335 schema: 336 "$ref": "#/definitions/LabelConfigurationSpec" 337 responses: 338 '200': 339 description: Success 340 '403': 341 description: Forbidden 342 '404': 343 description: Endpoint not found 344 '500': 345 description: Error while updating labels 346 x-go-name: UpdateFailed 347 schema: 348 "$ref": "#/definitions/Error" 349 '429': 350 description: Rate-limiting too many requests in the given time frame 351 "/endpoint/{id}/log": 352 get: 353 summary: Retrieves the status logs associated with this endpoint. 354 tags: 355 - endpoint 356 parameters: 357 - "$ref": "#/parameters/endpoint-id" 358 responses: 359 '200': 360 description: Success 361 schema: 362 "$ref": "#/definitions/EndpointStatusLog" 363 '400': 364 description: Invalid identity provided 365 x-go-name: Invalid 366 '404': 367 description: Endpoint not found 368 '429': 369 description: Rate-limiting too many requests in the given time frame 370 371 "/endpoint/{id}/healthz": 372 get: 373 summary: Retrieves the status logs associated with this endpoint. 374 tags: 375 - endpoint 376 parameters: 377 - "$ref": "#/parameters/endpoint-id" 378 responses: 379 '200': 380 description: Success 381 schema: 382 "$ref": "#/definitions/EndpointHealth" 383 '400': 384 description: Invalid identity provided 385 x-go-name: Invalid 386 '404': 387 description: Endpoint not found 388 '429': 389 description: Rate-limiting too many requests in the given time frame 390 "/identity": 391 get: 392 summary: Retrieves a list of identities that have metadata matching the provided parameters. 393 description: | 394 Retrieves a list of identities that have metadata matching the provided parameters, or all identities if no parameters are provided. 395 tags: 396 - policy 397 parameters: 398 - "$ref": "#/parameters/labels" 399 responses: 400 '200': 401 description: Success 402 schema: 403 type: array 404 items: 405 "$ref": "#/definitions/Identity" 406 '404': 407 description: Identities with provided parameters not found 408 '520': 409 description: Identity storage unreachable. Likely a network problem. 410 x-go-name: Unreachable 411 schema: 412 "$ref": "#/definitions/Error" 413 '521': 414 description: Invalid identity format in storage 415 x-go-name: InvalidStorageFormat 416 schema: 417 "$ref": "#/definitions/Error" 418 "/identity/{id}": 419 get: 420 summary: Retrieve identity 421 tags: 422 - policy 423 parameters: 424 - "$ref": "#/parameters/identity-id" 425 responses: 426 '200': 427 description: Success 428 schema: 429 "$ref": "#/definitions/Identity" 430 '400': 431 description: Invalid identity provided 432 '404': 433 description: Identity not found 434 '520': 435 description: Identity storage unreachable. Likely a network problem. 436 x-go-name: Unreachable 437 schema: 438 "$ref": "#/definitions/Error" 439 '521': 440 description: Invalid identity format in storage 441 x-go-name: InvalidStorageFormat 442 schema: 443 "$ref": "#/definitions/Error" 444 "/identity/endpoints": 445 get: 446 summary: Retrieve identities which are being used by local endpoints 447 tags: 448 - policy 449 responses: 450 '200': 451 description: Success 452 schema: 453 type: array 454 items: 455 "$ref": "#/definitions/IdentityEndpoints" 456 '404': 457 description: Set of identities which are being used by local endpoints could not be found. 458 "/ipam": 459 post: 460 summary: Allocate an IP address 461 tags: 462 - ipam 463 parameters: 464 - "$ref": "#/parameters/ipam-family" 465 - "$ref": "#/parameters/ipam-owner" 466 - "$ref": "#/parameters/ipam-pool" 467 - "$ref": "#/parameters/ipam-expiration" 468 responses: 469 '201': 470 description: Success 471 schema: 472 "$ref": "#/definitions/IPAMResponse" 473 '403': 474 description: Forbidden 475 '502': 476 description: Allocation failure 477 x-go-name: Failure 478 schema: 479 "$ref": "#/definitions/Error" 480 "/ipam/{ip}": 481 post: 482 summary: Allocate an IP address 483 tags: 484 - ipam 485 parameters: 486 - "$ref": "#/parameters/ipam-ip" 487 - "$ref": "#/parameters/ipam-owner" 488 - "$ref": "#/parameters/ipam-pool" 489 responses: 490 '200': 491 description: Success 492 '400': 493 description: Invalid IP address 494 x-go-name: Invalid 495 '403': 496 description: Forbidden 497 '409': 498 description: IP already allocated 499 x-go-name: Exists 500 '500': 501 description: IP allocation failure. Details in message. 502 x-go-name: Failure 503 schema: 504 "$ref": "#/definitions/Error" 505 '501': 506 description: Allocation for address family disabled 507 x-go-name: Disabled 508 delete: 509 summary: Release an allocated IP address 510 tags: 511 - ipam 512 parameters: 513 - "$ref": "#/parameters/ipam-ip" 514 - "$ref": "#/parameters/ipam-pool" 515 responses: 516 '200': 517 description: Success 518 '400': 519 description: Invalid IP address 520 x-go-name: Invalid 521 '403': 522 description: Forbidden 523 '404': 524 description: IP address not found 525 '500': 526 description: Address release failure 527 x-go-name: Failure 528 schema: 529 "$ref": "#/definitions/Error" 530 '501': 531 description: Allocation for address family disabled 532 x-go-name: Disabled 533 "/policy": 534 get: 535 summary: Retrieve entire policy tree 536 description: | 537 Returns the entire policy tree with all children. 538 tags: 539 - policy 540 parameters: 541 - name: labels 542 in: body 543 schema: 544 "$ref": "#/definitions/Labels" 545 responses: 546 '200': 547 description: Success 548 schema: 549 "$ref": "#/definitions/Policy" 550 '404': 551 description: No policy rules found 552 put: 553 summary: Create or update a policy (sub)tree 554 tags: 555 - policy 556 parameters: 557 - "$ref": "#/parameters/policy-rules" 558 - "$ref": "#/parameters/policy-replace" 559 - "$ref": "#/parameters/policy-replace-with-labels" 560 responses: 561 '200': 562 description: Success 563 schema: 564 "$ref": "#/definitions/Policy" 565 '400': 566 description: Invalid policy 567 x-go-name: InvalidPolicy 568 schema: 569 "$ref": "#/definitions/Error" 570 '403': 571 description: Forbidden 572 '460': 573 description: Invalid path 574 x-go-name: InvalidPath 575 schema: 576 "$ref": "#/definitions/Error" 577 '500': 578 description: Policy import failed 579 x-go-name: Failure 580 schema: 581 "$ref": "#/definitions/Error" 582 delete: 583 summary: Delete a policy (sub)tree 584 tags: 585 - policy 586 parameters: 587 - name: labels 588 in: body 589 required: false 590 schema: 591 "$ref": "#/definitions/Labels" 592 responses: 593 '200': 594 description: Success 595 schema: 596 "$ref": "#/definitions/Policy" 597 '400': 598 description: Invalid request 599 x-go-name: Invalid 600 schema: 601 "$ref": "#/definitions/Error" 602 '403': 603 description: Forbidden 604 '404': 605 description: Policy not found 606 '500': 607 description: Error while deleting policy 608 x-go-name: Failure 609 schema: 610 "$ref": "#/definitions/Error" 611 "/policy/selectors": 612 get: 613 summary: See what selectors match which identities 614 tags: 615 - policy 616 responses: 617 '200': 618 description: Success 619 schema: 620 "$ref": "#/definitions/SelectorCache" 621 "/lrp": 622 get: 623 summary: Retrieve list of all local redirect policies 624 tags: 625 - service 626 responses: 627 '200': 628 description: Success 629 schema: 630 type: array 631 items: 632 "$ref": "#/definitions/LRPSpec" 633 "/service": 634 get: 635 summary: Retrieve list of all services 636 tags: 637 - service 638 responses: 639 '200': 640 description: Success 641 schema: 642 type: array 643 items: 644 "$ref": "#/definitions/Service" 645 "/service/{id}": 646 get: 647 summary: Retrieve configuration of a service 648 tags: 649 - service 650 parameters: 651 - "$ref": "#/parameters/service-id" 652 responses: 653 '200': 654 description: Success 655 schema: 656 "$ref": "#/definitions/Service" 657 '404': 658 description: Service not found 659 put: 660 summary: Create or update service 661 tags: 662 - service 663 parameters: 664 - "$ref": "#/parameters/service-id" 665 - "$ref": "#/parameters/service-config" 666 responses: 667 '200': 668 description: Updated 669 '201': 670 description: Created 671 '403': 672 description: Forbidden 673 '460': 674 description: Invalid frontend in service configuration 675 x-go-name: InvalidFrontend 676 schema: 677 "$ref": "#/definitions/Error" 678 '461': 679 description: Invalid backend in service configuration 680 x-go-name: InvalidBackend 681 schema: 682 "$ref": "#/definitions/Error" 683 '500': 684 description: Error while creating service 685 x-go-name: Failure 686 schema: 687 "$ref": "#/definitions/Error" 688 '501': 689 description: Error while updating backend states 690 x-go-name: UpdateBackendFailure 691 schema: 692 "$ref": "#/definitions/Error" 693 delete: 694 summary: Delete a service 695 tags: 696 - service 697 parameters: 698 - "$ref": "#/parameters/service-id" 699 responses: 700 '200': 701 description: Success 702 '403': 703 description: Forbidden 704 '404': 705 description: Service not found 706 '500': 707 description: Service deletion failed 708 x-go-name: Failure 709 schema: 710 "$ref": "#/definitions/Error" 711 712 "/recorder": 713 get: 714 summary: Retrieve list of all recorders 715 tags: 716 - recorder 717 responses: 718 '200': 719 description: Success 720 schema: 721 type: array 722 items: 723 "$ref": "#/definitions/Recorder" 724 "/recorder/masks": 725 get: 726 summary: Retrieve list of all recorder masks 727 tags: 728 - recorder 729 responses: 730 '200': 731 description: Success 732 schema: 733 type: array 734 items: 735 "$ref": "#/definitions/RecorderMask" 736 "/recorder/{id}": 737 get: 738 summary: Retrieve configuration of a recorder 739 tags: 740 - recorder 741 parameters: 742 - "$ref": "#/parameters/recorder-id" 743 responses: 744 '200': 745 description: Success 746 schema: 747 "$ref": "#/definitions/Recorder" 748 '404': 749 description: Recorder not found 750 put: 751 summary: Create or update recorder 752 tags: 753 - recorder 754 parameters: 755 - "$ref": "#/parameters/recorder-id" 756 - "$ref": "#/parameters/recorder-config" 757 responses: 758 '200': 759 description: Updated 760 '201': 761 description: Created 762 '403': 763 description: Forbidden 764 '500': 765 description: Error while creating recorder 766 x-go-name: Failure 767 schema: 768 "$ref": "#/definitions/Error" 769 delete: 770 summary: Delete a recorder 771 tags: 772 - recorder 773 parameters: 774 - "$ref": "#/parameters/recorder-id" 775 responses: 776 '200': 777 description: Success 778 '403': 779 description: Forbidden 780 '404': 781 description: Recorder not found 782 '500': 783 description: Recorder deletion failed 784 x-go-name: Failure 785 schema: 786 "$ref": "#/definitions/Error" 787 "/prefilter": 788 get: 789 summary: Retrieve list of CIDRs 790 tags: 791 - prefilter 792 responses: 793 '200': 794 description: Success 795 schema: 796 "$ref": "#/definitions/Prefilter" 797 '500': 798 description: Prefilter get failed 799 x-go-name: Failure 800 schema: 801 "$ref": "#/definitions/Error" 802 patch: 803 summary: Update list of CIDRs 804 tags: 805 - prefilter 806 parameters: 807 - "$ref": "#/parameters/prefilter-spec" 808 responses: 809 '200': 810 description: Updated 811 schema: 812 "$ref": "#/definitions/Prefilter" 813 '403': 814 description: Forbidden 815 '461': 816 description: Invalid CIDR prefix 817 x-go-name: InvalidCIDR 818 schema: 819 "$ref": "#/definitions/Error" 820 '500': 821 description: Prefilter update failed 822 x-go-name: Failure 823 schema: 824 "$ref": "#/definitions/Error" 825 delete: 826 summary: Delete list of CIDRs 827 tags: 828 - prefilter 829 parameters: 830 - "$ref": "#/parameters/prefilter-spec" 831 responses: 832 '200': 833 description: Deleted 834 schema: 835 "$ref": "#/definitions/Prefilter" 836 '403': 837 description: Forbidden 838 '461': 839 description: Invalid CIDR prefix 840 x-go-name: InvalidCIDR 841 schema: 842 "$ref": "#/definitions/Error" 843 '500': 844 description: Prefilter delete failed 845 x-go-name: Failure 846 schema: 847 "$ref": "#/definitions/Error" 848 "/debuginfo": 849 get: 850 summary: Retrieve information about the agent and environment for debugging 851 tags: 852 - daemon 853 responses: 854 '200': 855 description: Success 856 schema: 857 "$ref": "#/definitions/DebugInfo" 858 '500': 859 description: DebugInfo get failed 860 x-go-name: Failure 861 schema: 862 "$ref": "#/definitions/Error" 863 "/cgroup-dump-metadata": 864 get: 865 summary: Retrieve cgroup metadata for all pods 866 tags: 867 - daemon 868 responses: 869 '200': 870 description: Success 871 schema: 872 "$ref": "#/definitions/CgroupDumpMetadata" 873 '500': 874 description: CgroupDumpMetadata get failed 875 x-go-name: Failure 876 schema: 877 "$ref": "#/definitions/Error" 878 "/map": 879 get: 880 summary: List all open maps 881 tags: 882 - daemon 883 responses: 884 '200': 885 description: Success 886 schema: 887 "$ref": "#/definitions/BPFMapList" 888 "/map/{name}": 889 get: 890 summary: Retrieve contents of BPF map 891 tags: 892 - daemon 893 parameters: 894 - "$ref": "#/parameters/map-name" 895 responses: 896 '200': 897 description: Success 898 schema: 899 "$ref": "#/definitions/BPFMap" 900 '404': 901 description: Map not found 902 "/map/{name}/events": 903 get: 904 summary: Retrieves the recent event logs associated with this endpoint. 905 tags: 906 - daemon 907 parameters: 908 - "$ref": "#/parameters/map-name" 909 - "$ref": "#/parameters/follow" 910 responses: 911 '200': 912 description: Success 913 schema: 914 type: string 915 format: binary 916 '404': 917 description: Map not found 918 "/metrics/": 919 get: 920 summary: Retrieve cilium metrics 921 tags: 922 - metrics 923 parameters: [] 924 responses: 925 '200': 926 description: Success 927 schema: 928 type: array 929 items: 930 "$ref": "#/definitions/Metric" 931 '500': 932 description: Metrics cannot be retrieved 933 934 "/fqdn/cache": 935 get: 936 summary: Retrieves the list of DNS lookups intercepted from all endpoints. 937 description: | 938 Retrieves the list of DNS lookups intercepted from endpoints, 939 optionally filtered by DNS name, CIDR IP range or source. 940 tags: 941 - policy 942 parameters: 943 - "$ref": "#/parameters/matchpattern" 944 - "$ref": "#/parameters/cidr" 945 - "$ref": "#/parameters/source" 946 responses: 947 '200': 948 description: Success 949 schema: 950 type: array 951 items: 952 "$ref": "#/definitions/DNSLookup" 953 '400': 954 description: Invalid request (error parsing parameters) 955 schema: 956 "$ref": "#/definitions/Error" 957 '404': 958 description: No DNS data with provided parameters found 959 delete: 960 summary: Deletes matching DNS lookups from the policy-generation cache. 961 description: | 962 Deletes matching DNS lookups from the cache, optionally restricted by 963 DNS name. The removed IP data will no longer be used in generated 964 policies. 965 tags: 966 - policy 967 parameters: 968 - "$ref": "#/parameters/matchpattern" 969 responses: 970 '200': 971 description: Success 972 '403': 973 description: Forbidden 974 '400': 975 description: Invalid request (error parsing parameters) 976 schema: 977 "$ref": "#/definitions/Error" 978 979 "/fqdn/cache/{id}": 980 get: 981 summary: Retrieves the list of DNS lookups intercepted from an endpoint. 982 description: | 983 Retrieves the list of DNS lookups intercepted from the specific endpoint, 984 optionally filtered by endpoint id, DNS name, CIDR IP range or source. 985 tags: 986 - policy 987 parameters: 988 - "$ref": "#/parameters/endpoint-id" 989 - "$ref": "#/parameters/matchpattern" 990 - "$ref": "#/parameters/cidr" 991 - "$ref": "#/parameters/source" 992 responses: 993 '200': 994 description: Success 995 schema: 996 type: array 997 items: 998 "$ref": "#/definitions/DNSLookup" 999 '400': 1000 description: Invalid request (error parsing parameters) 1001 schema: 1002 "$ref": "#/definitions/Error" 1003 '404': 1004 description: No DNS data with provided parameters found 1005 "/fqdn/names": 1006 get: 1007 summary: List internal DNS selector representations 1008 description: | 1009 Retrieves the list of DNS-related fields (names to poll, selectors and 1010 their corresponding regexes). 1011 tags: 1012 - policy 1013 responses: 1014 '200': 1015 description: Success 1016 schema: 1017 "$ref": "#/definitions/NameManager" 1018 '400': 1019 description: Invalid request (error parsing parameters) 1020 schema: 1021 "$ref": "#/definitions/Error" 1022 "/ip": 1023 get: 1024 summary: Lists information about known IP addresses 1025 description: | 1026 Retrieves a list of IPs with known associated information such as 1027 their identities, host addresses, Kubernetes pod names, etc. 1028 The list can optionally filtered by a CIDR IP range. 1029 tags: 1030 - policy 1031 parameters: 1032 - "$ref": "#/parameters/cidr" 1033 responses: 1034 '200': 1035 description: Success 1036 schema: 1037 type: array 1038 items: 1039 "$ref": "#/definitions/IPListEntry" 1040 '400': 1041 description: Invalid request (error parsing parameters) 1042 schema: 1043 "$ref": "#/definitions/Error" 1044 '404': 1045 description: No IP cache entries with provided parameters found 1046 "/node/ids": 1047 get: 1048 summary: List information about known node IDs 1049 description: | 1050 Retrieves a list of node IDs allocated by the agent and their 1051 associated node IP addresses. 1052 tags: 1053 - daemon 1054 responses: 1055 '200': 1056 description: Success 1057 schema: 1058 type: array 1059 items: 1060 "$ref": "#/definitions/NodeID" 1061 "/bgp/peers": 1062 get: 1063 summary: Lists operational state of BGP peers 1064 description: | 1065 Retrieves current operational state of BGP peers created by 1066 Cilium BGP virtual router. This includes session state, uptime, 1067 information per address family, etc. 1068 tags: 1069 - bgp 1070 responses: 1071 '200': 1072 description: Success 1073 schema: 1074 type: array 1075 items: 1076 "$ref": "#/definitions/BgpPeer" 1077 '500': 1078 description: Internal Server Error 1079 schema: 1080 "$ref": "#/definitions/Error" 1081 '501': 1082 description: BGP Control Plane disabled 1083 x-go-name: Disabled 1084 schema: 1085 "$ref": "#/definitions/Error" 1086 "/bgp/routes": 1087 get: 1088 summary: Lists BGP routes from BGP Control Plane RIB. 1089 description: Retrieves routes from BGP Control Plane RIB filtered by parameters you specify 1090 tags: 1091 - bgp 1092 parameters: 1093 - "$ref": "#/parameters/bgp-table-type" 1094 - "$ref": "#/parameters/bgp-afi" 1095 - "$ref": "#/parameters/bgp-safi" 1096 - "$ref": "#/parameters/bgp-router-asn" 1097 - "$ref": "#/parameters/bgp-neighbor-address" 1098 responses: 1099 '200': 1100 description: Success 1101 schema: 1102 type: array 1103 items: 1104 "$ref": "#/definitions/BgpRoute" 1105 '500': 1106 description: Internal Server Error 1107 schema: 1108 "$ref": "#/definitions/Error" 1109 '501': 1110 description: BGP Control Plane disabled 1111 x-go-name: Disabled 1112 schema: 1113 "$ref": "#/definitions/Error" 1114 "/bgp/route-policies": 1115 get: 1116 summary: Lists BGP route policies configured in BGP Control Plane. 1117 description: Retrieves route policies from BGP Control Plane. 1118 tags: 1119 - bgp 1120 parameters: 1121 - "$ref": "#/parameters/bgp-router-asn" 1122 responses: 1123 '200': 1124 description: Success 1125 schema: 1126 type: array 1127 items: 1128 "$ref": "#/definitions/BgpRoutePolicy" 1129 '500': 1130 description: Internal Server Error 1131 schema: 1132 "$ref": "#/definitions/Error" 1133 '501': 1134 description: BGP Control Plane disabled 1135 x-go-name: Disabled 1136 schema: 1137 "$ref": "#/definitions/Error" 1138 parameters: 1139 endpoint-id: 1140 name: id 1141 description: | 1142 String describing an endpoint with the format ``[prefix:]id``. If no prefix 1143 is specified, a prefix of ``cilium-local:`` is assumed. Not all endpoints 1144 will be addressable by all endpoint ID prefixes with the exception of the 1145 local Cilium UUID which is assigned to all endpoints. 1146 1147 Supported endpoint id prefixes: 1148 - cilium-local: Local Cilium endpoint UUID, e.g. cilium-local:3389595 1149 - cilium-global: Global Cilium endpoint UUID, e.g. cilium-global:cluster1:nodeX:452343 1150 - cni-attachment-id: CNI attachment ID, e.g. cni-attachment-id:22222:eth0 1151 - container-id: Container runtime ID, e.g. container-id:22222 (deprecated, may not be unique) 1152 - container-name: Container name, e.g. container-name:foobar (deprecated, may not be unique) 1153 - pod-name: pod name for this container if K8s is enabled, e.g. pod-name:default:foobar (deprecated, may not be unique) 1154 - cep-name: cep name for this container if K8s is enabled, e.g. pod-name:default:foobar-net1 1155 - docker-endpoint: Docker libnetwork endpoint ID, e.g. docker-endpoint:4444 1156 in: path 1157 required: true 1158 type: string 1159 endpoint-change-request: 1160 name: endpoint 1161 in: body 1162 required: true 1163 schema: 1164 "$ref": "#/definitions/EndpointChangeRequest" 1165 endpoint-batch-delete-request: 1166 name: endpoint 1167 in: body 1168 required: true 1169 schema: 1170 "$ref": "#/definitions/EndpointBatchDeleteRequest" 1171 identity-id: 1172 name: id 1173 description: | 1174 Cluster wide unique identifier of a security identity. 1175 in: path 1176 required: true 1177 type: string 1178 labels: 1179 name: labels 1180 description: | 1181 List of labels 1182 in: body 1183 required: false 1184 schema: 1185 "$ref": "#/definitions/Labels" 1186 policy-rules: 1187 name: policy 1188 description: Policy rules 1189 required: true 1190 in: body 1191 schema: 1192 type: string 1193 policy-replace: 1194 name: replace 1195 description: If true, indicates that existing rules with identical labels should be replaced. 1196 required: false 1197 in: query 1198 type: boolean 1199 policy-replace-with-labels: 1200 name: replace-with-labels 1201 description: If present, indicates that existing rules with the given labels should be deleted. 1202 required: false 1203 in: query 1204 type: array 1205 items: 1206 type: string 1207 pod-name: 1208 name: pod 1209 description: | 1210 K8s pod name 1211 required: true 1212 in: path 1213 type: string 1214 trace-selector: 1215 name: trace-selector 1216 description: Context to provide policy evaluation on 1217 in: body 1218 schema: 1219 "$ref": "#/definitions/TraceSelector" 1220 service-id: 1221 name: id 1222 description: ID of service 1223 required: true 1224 in: path 1225 type: integer 1226 service-address: 1227 name: address 1228 description: Service address configuration 1229 in: body 1230 schema: 1231 "$ref": "#/definitions/FrontendAddress" 1232 service-config: 1233 name: config 1234 description: Service configuration 1235 in: body 1236 required: true 1237 schema: 1238 "$ref": "#/definitions/ServiceSpec" 1239 recorder-id: 1240 name: id 1241 description: ID of recorder 1242 required: true 1243 in: path 1244 type: integer 1245 recorder-config: 1246 name: config 1247 description: Recorder configuration 1248 in: body 1249 required: true 1250 schema: 1251 "$ref": "#/definitions/RecorderSpec" 1252 prefilter-spec: 1253 name: prefilter-spec 1254 description: List of CIDR ranges for filter table 1255 required: true 1256 in: body 1257 schema: 1258 "$ref": "#/definitions/PrefilterSpec" 1259 ipam-ip: 1260 name: ip 1261 description: IP address 1262 in: path 1263 required: true 1264 type: string 1265 ipam-family: 1266 name: family 1267 in: query 1268 type: string 1269 enum: 1270 - ipv4 1271 - ipv6 1272 ipam-owner: 1273 name: owner 1274 in: query 1275 type: string 1276 ipam-pool: 1277 name: pool 1278 in: query 1279 type: string 1280 ipam-expiration: 1281 name: expiration 1282 in: header 1283 type: boolean 1284 map-name: 1285 name: name 1286 description: Name of map 1287 required: true 1288 in: path 1289 type: string 1290 follow: 1291 name: follow 1292 description: Whether to follow streamed requests 1293 required: false 1294 in: query 1295 type: boolean 1296 matchpattern: 1297 name: matchpattern 1298 description: A toFQDNs compatible matchPattern expression 1299 required: false 1300 in: query 1301 type: string 1302 cidr: 1303 name: cidr 1304 description: A CIDR range of IPs 1305 required: false 1306 in: query 1307 type: string 1308 source: 1309 name: source 1310 description: Source from which FQDN entries come from 1311 required: false 1312 in: query 1313 type: string 1314 bgp-table-type: 1315 name: table_type 1316 description: BGP Routing Information Base (RIB) table type 1317 required: true 1318 in: query 1319 type: string 1320 enum: 1321 - loc-rib 1322 - adj-rib-in 1323 - adj-rib-out 1324 bgp-afi: 1325 name: afi 1326 description: Address Family Indicator (AFI) of a BGP route 1327 required: true 1328 in: query 1329 type: string 1330 bgp-safi: 1331 name: safi 1332 description: Subsequent Address Family Indicator (SAFI) of a BGP route 1333 required: true 1334 in: query 1335 type: string 1336 bgp-router-asn: 1337 name: router_asn 1338 description: | 1339 Autonomous System Number (ASN) identifying a BGP virtual router instance. 1340 If not specified, all virtual router instances are selected. 1341 required: false 1342 in: query 1343 type: integer 1344 bgp-neighbor-address: 1345 name: neighbor 1346 description: | 1347 IP address specifying a BGP neighbor. 1348 Has to be specified only when table type is adj-rib-in or adj-rib-out. 1349 required: false 1350 in: query 1351 type: string 1352 1353 definitions: 1354 Endpoint: 1355 description: An endpoint is a namespaced network interface to which cilium applies policies 1356 type: object 1357 properties: 1358 id: 1359 description: The cilium-agent-local ID of the endpoint 1360 type: integer 1361 spec: 1362 description: The desired configuration state of the endpoint 1363 "$ref": "#/definitions/EndpointConfigurationSpec" 1364 status: 1365 description: The desired and realized configuration state of the endpoint 1366 "$ref": "#/definitions/EndpointStatus" 1367 EndpointChangeRequest: 1368 description: | 1369 Structure which contains the mutable elements of an Endpoint. 1370 type: object 1371 required: 1372 - state 1373 properties: 1374 id: 1375 description: Local endpoint ID 1376 type: integer 1377 container-id: 1378 description: ID assigned by container runtime 1379 type: string 1380 container-name: 1381 description: Name assigned to container 1382 type: string 1383 docker-endpoint-id: 1384 description: Docker endpoint ID 1385 type: string 1386 labels: 1387 description: Labels describing the identity 1388 "$ref": "#/definitions/Labels" 1389 docker-network-id: 1390 description: Docker network ID 1391 type: string 1392 interface-name: 1393 description: Name of network device in host netns 1394 type: string 1395 interface-index: 1396 description: Index of network device in host netns 1397 type: integer 1398 container-interface-name: 1399 description: Name of network device in container netns 1400 type: string 1401 state: 1402 description: Current state of endpoint 1403 "$ref": "#/definitions/EndpointState" 1404 mac: 1405 description: MAC address 1406 type: string 1407 host-mac: 1408 description: MAC address 1409 type: string 1410 addressing: 1411 "$ref": "#/definitions/AddressPair" 1412 k8s-pod-name: 1413 description: Kubernetes pod name 1414 type: string 1415 k8s-namespace: 1416 description: Kubernetes namespace name 1417 type: string 1418 k8s-uid: 1419 description: Kubernetes pod UID 1420 type: string 1421 datapath-map-id: 1422 description: ID of datapath tail call map 1423 type: integer 1424 policy-enabled: 1425 description: Whether policy enforcement is enabled or not 1426 type: boolean 1427 pid: 1428 description: Process ID of the workload belonging to this endpoint 1429 type: integer 1430 sync-build-endpoint: 1431 description: | 1432 Whether to build an endpoint synchronously 1433 type: boolean 1434 disable-legacy-identifiers: 1435 description: >- 1436 Disables lookup using legacy endpoint identifiers (container name, 1437 container id, pod name) for this endpoint 1438 type: boolean 1439 netns-cookie: 1440 description: Network namespace cookie 1441 type: string 1442 datapath-configuration: 1443 "$ref": "#/definitions/EndpointDatapathConfiguration" 1444 properties: 1445 description: >- 1446 Properties is used to store information about the endpoint at 1447 creation. 1448 Useful for tests. 1449 additionalProperties: 1450 type: object 1451 EndpointBatchDeleteRequest: 1452 description: | 1453 Properties selecting a batch of endpoints to delete. 1454 type: object 1455 properties: 1456 container-id: 1457 description: ID assigned by container runtime 1458 type: string 1459 EndpointDatapathConfiguration: 1460 description: Datapath configuration to be used for the endpoint 1461 type: object 1462 properties: 1463 require-arp-passthrough: 1464 description: Enable ARP passthrough mode 1465 type: boolean 1466 require-egress-prog: 1467 description: > 1468 Endpoint requires a host-facing egress program to be attached to 1469 implement ingress policy and reverse NAT. 1470 type: boolean 1471 external-ipam: 1472 description: > 1473 Indicates that IPAM is done external to Cilium. This will prevent the 1474 IP from being released and re-allocation of the IP address is skipped 1475 on restore. 1476 type: boolean 1477 require-routing: 1478 description: > 1479 Endpoint requires BPF routing to be enabled, when disabled, routing 1480 is delegated to Linux routing. 1481 type: boolean 1482 default: true 1483 install-endpoint-route: 1484 description: > 1485 Installs a route in the Linux routing table pointing to the device of 1486 the endpoint's interface. 1487 type: boolean 1488 disable-sip-verification: 1489 description: > 1490 Disable source IP verification for the endpoint. 1491 type: boolean 1492 EndpointStatus: 1493 description: The current state and configuration of the endpoint, its policy & datapath, and subcomponents 1494 type: object 1495 required: 1496 - state 1497 properties: 1498 external-identifiers: 1499 description: Unique identifiers for this endpoint from outside cilium 1500 "$ref": "#/definitions/EndpointIdentifiers" 1501 identity: 1502 description: The security identity for this endpoint 1503 "$ref": "#/definitions/Identity" 1504 labels: 1505 description: Labels applied to this endpoint 1506 "$ref": "#/definitions/LabelConfigurationStatus" 1507 realized: 1508 description: The configuration in effect on this endpoint 1509 "$ref": "#/definitions/EndpointConfigurationSpec" 1510 networking: 1511 description: Networking properties of the endpoint 1512 "$ref": "#/definitions/EndpointNetworking" 1513 policy: 1514 description: The policy applied to this endpoint from the policy repository 1515 "$ref": "#/definitions/EndpointPolicyStatus" 1516 log: 1517 description: Most recent status log. See endpoint/{id}/log for the complete log. 1518 "$ref": "#/definitions/EndpointStatusLog" 1519 controllers: 1520 description: Status of internal controllers attached to this endpoint 1521 "$ref": "#/definitions/ControllerStatuses" 1522 state: 1523 description: Current state of endpoint 1524 "$ref": "#/definitions/EndpointState" 1525 health: 1526 description: Summary overall endpoint & subcomponent health 1527 "$ref": "#/definitions/EndpointHealth" 1528 namedPorts: 1529 description: List of named ports that can be used in Network Policy 1530 "$ref": "#/definitions/NamedPorts" 1531 EndpointState: 1532 description: State of endpoint 1533 type: string 1534 enum: 1535 - waiting-for-identity 1536 - not-ready 1537 - waiting-to-regenerate 1538 - regenerating 1539 - restoring 1540 - ready 1541 - disconnecting 1542 - disconnected 1543 - invalid 1544 EndpointHealth: 1545 description: |- 1546 Health of the endpoint 1547 1548 +deepequal-gen=true 1549 type: object 1550 properties: 1551 overallHealth: 1552 "$ref": "#/definitions/EndpointHealthStatus" 1553 bpf: 1554 "$ref": "#/definitions/EndpointHealthStatus" 1555 policy: 1556 "$ref": "#/definitions/EndpointHealthStatus" 1557 connected: 1558 description: Is this endpoint reachable 1559 type: boolean 1560 EndpointHealthStatus: 1561 description: > 1562 A common set of statuses for endpoint health 1563 * ``OK`` = All components operational 1564 * ``Bootstrap`` = This component is being created 1565 * ``Pending`` = A change is being processed to be applied 1566 * ``Warning`` = This component is not applying up-to-date policies (but is still applying the previous version) 1567 * ``Failure`` = An error has occurred and no policy is being applied 1568 * ``Disabled`` = This endpoint is disabled and will not handle traffic 1569 type: string 1570 enum: 1571 - OK 1572 - Bootstrap 1573 - Pending 1574 - Warning 1575 - Failure 1576 - Disabled 1577 EndpointStatusLog: 1578 description: Status log of endpoint 1579 type: array 1580 items: 1581 "$ref": "#/definitions/EndpointStatusChange" 1582 EndpointStatusChange: 1583 description: |- 1584 Indication of a change of status 1585 1586 +deepequal-gen=true 1587 type: object 1588 properties: 1589 timestamp: 1590 description: Timestamp when status change occurred 1591 type: string 1592 code: 1593 description: Code indicate type of status change 1594 type: string 1595 enum: 1596 - ok 1597 - failed 1598 message: 1599 description: Status message 1600 type: string 1601 state: 1602 "$ref": "#/definitions/EndpointState" 1603 EndpointPolicyStatus: 1604 description: Policy information of an endpoint 1605 type: object 1606 properties: 1607 spec: 1608 description: The policy that should apply to this endpoint 1609 "$ref": "#/definitions/EndpointPolicy" 1610 realized: 1611 description: The policy in the datapath for this endpoint 1612 "$ref": "#/definitions/EndpointPolicy" 1613 proxy-policy-revision: 1614 description: The policy revision currently enforced in the proxy for this endpoint 1615 type: integer 1616 proxy-statistics: 1617 description: Statistics of the proxy redirects configured for this endpoint 1618 type: array 1619 items: 1620 "$ref": "#/definitions/ProxyStatistics" 1621 EndpointPolicyEnabled: 1622 description: Whether policy enforcement is enabled (ingress, egress, both or none) 1623 type: string 1624 enum: 1625 - none 1626 - ingress 1627 - egress 1628 - both 1629 - audit-ingress 1630 - audit-egress 1631 - audit-both 1632 EndpointPolicy: 1633 description: |- 1634 Policy information of an endpoint 1635 1636 +k8s:deepcopy-gen=true 1637 type: object 1638 properties: 1639 policy-revision: 1640 description: The agent-local policy revision 1641 type: integer 1642 id: 1643 description: Own identity of endpoint 1644 type: integer 1645 policy-enabled: 1646 description: Whether policy enforcement is enabled (ingress, egress, both or none) 1647 "$ref": "#/definitions/EndpointPolicyEnabled" 1648 build: 1649 description: Build number of calculated policy in use 1650 type: integer 1651 allowed-ingress-identities: 1652 description: | 1653 List of identities allowed to communicate to this endpoint 1654 type: array 1655 items: 1656 type: integer 1657 denied-ingress-identities: 1658 description: | 1659 List of identities not allowed to communicate to this endpoint 1660 type: array 1661 items: 1662 type: integer 1663 allowed-egress-identities: 1664 description: | 1665 List of identities to which this endpoint is allowed to communicate 1666 type: array 1667 items: 1668 type: integer 1669 denied-egress-identities: 1670 description: | 1671 List of identities to which this endpoint is not allowed to communicate 1672 type: array 1673 items: 1674 type: integer 1675 l4: 1676 "$ref": "#/definitions/L4Policy" 1677 cidr-policy: 1678 "$ref": "#/definitions/CIDRPolicy" 1679 PolicyRule: 1680 description: |- 1681 A policy rule including the rule labels it derives from 1682 1683 +k8s:deepcopy-gen=true 1684 properties: 1685 rule: 1686 description: The policy rule as json 1687 type: string 1688 derived-from-rules: 1689 description: The policy rule labels identifying the policy rules this rule derives from 1690 type: array 1691 items: 1692 type: array 1693 items: 1694 type: string 1695 rules-by-selector: 1696 description: The policy rule labels identifying the policy rules this rule derives from, mapped by selector 1697 type: object 1698 additionalProperties: 1699 type: array 1700 items: 1701 type: array 1702 items: 1703 type: string 1704 L4Policy: 1705 description: |- 1706 L4 endpoint policy 1707 1708 +k8s:deepcopy-gen=true 1709 type: object 1710 properties: 1711 ingress: 1712 description: List of L4 ingress rules 1713 type: array 1714 items: 1715 "$ref": "#/definitions/PolicyRule" 1716 egress: 1717 description: List of L4 egress rules 1718 type: array 1719 items: 1720 "$ref": "#/definitions/PolicyRule" 1721 CIDRPolicy: 1722 description: |- 1723 CIDR endpoint policy 1724 1725 +k8s:deepcopy-gen=true 1726 type: object 1727 properties: 1728 ingress: 1729 description: List of CIDR ingress rules 1730 type: array 1731 items: 1732 "$ref": "#/definitions/PolicyRule" 1733 egress: 1734 description: List of CIDR egress rules 1735 type: array 1736 items: 1737 "$ref": "#/definitions/PolicyRule" 1738 1739 Prefilter: 1740 description: Collection of endpoints to be served 1741 type: object 1742 properties: 1743 spec: 1744 "$ref": "#/definitions/PrefilterSpec" 1745 status: 1746 "$ref": "#/definitions/PrefilterStatus" 1747 PrefilterSpec: 1748 description: CIDR ranges implemented in the Prefilter 1749 type: object 1750 properties: 1751 revision: 1752 type: integer 1753 deny: 1754 type: array 1755 items: 1756 type: string 1757 PrefilterStatus: 1758 description: CIDR ranges implemented in the Prefilter 1759 type: object 1760 properties: 1761 realized: 1762 "$ref": "#/definitions/PrefilterSpec" 1763 1764 CIDRList: 1765 description: List of CIDRs 1766 type: object 1767 properties: 1768 revision: 1769 type: integer 1770 list: 1771 type: array 1772 items: 1773 type: string 1774 DebugInfo: 1775 description: groups some debugging related information on the agent 1776 type: object 1777 properties: 1778 cilium-version: 1779 type: string 1780 kernel-version: 1781 type: string 1782 cilium-status: 1783 "$ref": "#/definitions/StatusResponse" 1784 endpoint-list: 1785 type: array 1786 items: 1787 "$ref": "#/definitions/Endpoint" 1788 service-list: 1789 type: array 1790 items: 1791 "$ref": "#/definitions/Service" 1792 policy: 1793 "$ref": "#/definitions/Policy" 1794 cilium-memory-map: 1795 type: string 1796 cilium-nodemonitor-memory-map: 1797 type: string 1798 environment-variables: 1799 type: array 1800 items: 1801 type: string 1802 subsystem: 1803 type: object 1804 additionalProperties: 1805 type: string 1806 encryption: 1807 type: object 1808 properties: 1809 wireguard: 1810 description: Status of the WireGuard agent 1811 "$ref": "#/definitions/WireguardStatus" 1812 CgroupDumpMetadata: 1813 description: cgroup full metadata 1814 type: object 1815 properties: 1816 pod-metadatas: 1817 type: array 1818 items: 1819 "$ref": "#/definitions/CgroupPodMetadata" 1820 CgroupPodMetadata: 1821 description: cgroup pod metadata 1822 type: object 1823 properties: 1824 name: 1825 type: string 1826 namespace: 1827 type: string 1828 containers: 1829 type: array 1830 items: 1831 "$ref": "#/definitions/CgroupContainerMetadata" 1832 ips: 1833 type: array 1834 items: 1835 type: string 1836 CgroupContainerMetadata: 1837 description: cgroup container metadata 1838 type: object 1839 properties: 1840 cgroup-id: 1841 type: integer 1842 format: uint64 1843 cgroup-path: 1844 type: string 1845 IPAMResponse: 1846 description: IPAM configuration of an endpoint 1847 type: object 1848 required: 1849 - address 1850 - host-addressing 1851 properties: 1852 address: 1853 "$ref": "#/definitions/AddressPair" 1854 ipv4: 1855 "$ref": "#/definitions/IPAMAddressResponse" 1856 ipv6: 1857 "$ref": "#/definitions/IPAMAddressResponse" 1858 host-addressing: 1859 "$ref": "#/definitions/NodeAddressing" 1860 IPAMAddressResponse: 1861 description: IPAM configuration of an individual address family 1862 type: object 1863 properties: 1864 ip: 1865 description: Allocated IP for endpoint 1866 type: string 1867 gateway: 1868 description: IP of gateway 1869 type: string 1870 cidrs: 1871 description: List of CIDRs out of which IPs are allocated 1872 type: array 1873 items: 1874 type: string 1875 master-mac: 1876 type: string 1877 description: MAC of master interface if address is a slave/secondary of a master interface 1878 expiration-uuid: 1879 type: string 1880 description: | 1881 The UUID for the expiration timer. Set when expiration has been 1882 enabled while allocating. 1883 interface-number: 1884 type: string 1885 description: | 1886 InterfaceNumber is a field for generically identifying an interface. This is only useful in ENI mode. 1887 AddressPair: 1888 description: Addressing information of an endpoint 1889 type: object 1890 properties: 1891 ipv4: 1892 description: IPv4 address 1893 type: string 1894 ipv4-expiration-uuid: 1895 description: UUID of IPv4 expiration timer 1896 type: string 1897 ipv4-pool-name: 1898 description: IPAM pool from which this IPv4 address was allocated 1899 type: string 1900 ipv6: 1901 description: IPv6 address 1902 type: string 1903 ipv6-expiration-uuid: 1904 description: UUID of IPv6 expiration timer 1905 type: string 1906 ipv6-pool-name: 1907 description: IPAM pool from which this IPv6 address was allocated 1908 type: string 1909 Address: 1910 description: IP address 1911 type: string 1912 ClusterNodesResponse: 1913 properties: 1914 self: 1915 description: Name of local node (if available) 1916 type: string 1917 nodes: 1918 description: List of known nodes 1919 type: array 1920 items: 1921 "$ref": "#/definitions/NodeElement" 1922 Identity: 1923 description: Security identity 1924 type: object 1925 properties: 1926 id: 1927 description: Unique identifier 1928 type: integer 1929 labels: 1930 description: Labels describing the identity 1931 "$ref": "#/definitions/Labels" 1932 labelsSHA256: 1933 description: SHA256 of labels 1934 type: string 1935 IdentityEndpoints: 1936 description: Security identities owned by endpoints on the local node 1937 type: object 1938 properties: 1939 identity: 1940 description: Security identity 1941 "$ref": "#/definitions/Identity" 1942 refCount: 1943 description: number of endpoints consuming this identity locally (should always be > 0) 1944 type: integer 1945 EndpointNetworking: 1946 description: Unique identifiers for this endpoint from outside cilium 1947 type: object 1948 properties: 1949 addressing: 1950 description: IP4/6 addresses assigned to this Endpoint 1951 type: array 1952 items: 1953 "$ref": "#/definitions/AddressPair" 1954 host-addressing: 1955 "$ref": "#/definitions/NodeAddressing" 1956 host-mac: 1957 description: MAC address 1958 type: string 1959 mac: 1960 description: MAC address 1961 type: string 1962 interface-name: 1963 description: Name of network device in host netns 1964 type: string 1965 interface-index: 1966 description: Index of network device in host netns 1967 type: integer 1968 container-interface-name: 1969 description: Name of network device in container netns 1970 type: string 1971 EndpointIdentifiers: 1972 description: |- 1973 Unique identifiers for this endpoint from outside cilium 1974 1975 +deepequal-gen=true 1976 type: object 1977 properties: 1978 cni-attachment-id: 1979 description: ID assigned to this attachment by container runtime 1980 type: string 1981 container-id: 1982 description: ID assigned by container runtime (deprecated, may not be unique) 1983 type: string 1984 container-name: 1985 description: Name assigned to container (deprecated, may not be unique) 1986 type: string 1987 docker-endpoint-id: 1988 description: Docker endpoint ID 1989 type: string 1990 docker-network-id: 1991 description: Docker network ID 1992 type: string 1993 pod-name: 1994 description: K8s pod for this endpoint (deprecated, may not be unique) 1995 type: string 1996 k8s-pod-name: 1997 description: K8s pod name for this endpoint (deprecated, may not be unique) 1998 type: string 1999 k8s-namespace: 2000 description: K8s namespace for this endpoint (deprecated, may not be unique) 2001 type: string 2002 Labels: 2003 description: Set of labels 2004 type: array 2005 items: 2006 type: string 2007 LabelConfiguration: 2008 description: Label configuration of an endpoint 2009 type: object 2010 properties: 2011 spec: 2012 description: The user provided desired configuration 2013 "$ref": "#/definitions/LabelConfigurationSpec" 2014 status: 2015 description: The current configuration 2016 "$ref": "#/definitions/LabelConfigurationStatus" 2017 LabelConfigurationSpec: 2018 description: User desired Label configuration of an endpoint 2019 type: object 2020 properties: 2021 user: 2022 description: "Custom labels in addition to orchestration system labels." 2023 "$ref": "#/definitions/Labels" 2024 LabelConfigurationStatus: 2025 description: Labels and label configuration of an endpoint 2026 type: object 2027 properties: 2028 realized: 2029 description: The current configuration 2030 "$ref": "#/definitions/LabelConfigurationSpec" 2031 security-relevant: 2032 description: "Labels derived from orchestration system that are used in computing a security identity" 2033 "$ref": "#/definitions/Labels" 2034 derived: 2035 description: "All labels derived from the orchestration system" 2036 "$ref": "#/definitions/Labels" 2037 disabled: 2038 description: "Labels derived from orchestration system which have been disabled." 2039 "$ref": "#/definitions/Labels" 2040 StatusResponse: 2041 description: |- 2042 Health and status information of daemon 2043 2044 +k8s:deepcopy-gen=true 2045 type: object 2046 properties: 2047 cilium: 2048 description: Status of Cilium daemon 2049 "$ref": "#/definitions/Status" 2050 kvstore: 2051 description: Status of key/value datastore 2052 "$ref": "#/definitions/Status" 2053 cni-file: 2054 description: Status of the CNI configuration file 2055 "$ref": "#/definitions/Status" 2056 container-runtime: 2057 description: Status of local container runtime 2058 "$ref": "#/definitions/Status" 2059 host-firewall: 2060 description: Status of the host firewall 2061 "$ref": "#/definitions/HostFirewall" 2062 hubble: 2063 description: Status of Hubble server 2064 "$ref": "#/definitions/HubbleStatus" 2065 kubernetes: 2066 description: Status of Kubernetes integration 2067 "$ref": "#/definitions/K8sStatus" 2068 datapath-mode: 2069 description: Status of datapath mode 2070 "$ref": "#/definitions/DatapathMode" 2071 attach-mode: 2072 description: Status of core datapath attachment mode 2073 "$ref": "#/definitions/AttachMode" 2074 kube-proxy-replacement: 2075 description: Status of kube-proxy replacement 2076 "$ref": "#/definitions/KubeProxyReplacement" 2077 ipam: 2078 description: Status of IP address management 2079 "$ref": "#/definitions/IPAMStatus" 2080 nodeMonitor: 2081 description: Status of the node monitor 2082 "$ref": "#/definitions/MonitorStatus" 2083 cluster: 2084 description: Status of cluster 2085 "$ref": "#/definitions/ClusterStatus" 2086 controllers: 2087 description: Status of all endpoint controllers 2088 "$ref": "#/definitions/ControllerStatuses" 2089 proxy: 2090 description: Status of proxy 2091 "$ref": "#/definitions/ProxyStatus" 2092 identity-range: 2093 description: Status of identity range of the cluster 2094 "$ref": "#/definitions/IdentityRange" 2095 ipv6-big-tcp: 2096 description: Status of IPv6 BIG TCP 2097 "$ref": "#/definitions/IPV6BigTCP" 2098 ipv4-big-tcp: 2099 description: Status of IPv4 BIG TCP 2100 "$ref": "#/definitions/IPV4BigTCP" 2101 bandwidth-manager: 2102 description: Status of bandwidth manager 2103 "$ref": "#/definitions/BandwidthManager" 2104 masquerading: 2105 description: Status of masquerading 2106 "$ref": "#/definitions/Masquerading" 2107 routing: 2108 description: Status of routing 2109 "$ref": "#/definitions/Routing" 2110 clock-source: 2111 description: Status of clock source 2112 "$ref": "#/definitions/ClockSource" 2113 srv6: 2114 description: Status of SRv6 2115 "$ref": "#/definitions/Srv6" 2116 stale: 2117 description: List of stale information in the status 2118 type: object 2119 additionalProperties: 2120 description: Timestamp when the probe was started 2121 type: string 2122 format: date-time 2123 client-id: 2124 description: | 2125 When supported by the API, this client ID should be used by the 2126 client when making another request to the server. 2127 See for example "/cluster/nodes". 2128 type: integer 2129 cluster-mesh: 2130 description: Status of ClusterMesh 2131 "$ref": "#/definitions/ClusterMeshStatus" 2132 bpf-maps: 2133 description: Status of BPF maps 2134 "$ref": "#/definitions/BPFMapStatus" 2135 encryption: 2136 description: Status of transparent encryption 2137 "$ref": "#/definitions/EncryptionStatus" 2138 cni-chaining: 2139 description: Status of CNI chaining 2140 "$ref": "#/definitions/CNIChainingStatus" 2141 auth-certificate-provider: 2142 description: Status of Mutual Authentication certificate provider 2143 "$ref": "#/definitions/Status" 2144 Status: 2145 description: Status of an individual component 2146 type: object 2147 properties: 2148 state: 2149 type: string 2150 description: State the component is in 2151 enum: 2152 - Ok 2153 - Warning 2154 - Failure 2155 - Disabled 2156 msg: 2157 type: string 2158 description: Human readable status/error/warning message 2159 HostFirewall: 2160 description: |- 2161 Status of the host firewall 2162 2163 +k8s:deepcopy-gen=true 2164 type: object 2165 properties: 2166 mode: 2167 type: string 2168 enum: 2169 - Disabled 2170 - Enabled 2171 devices: 2172 type: array 2173 items: 2174 type: string 2175 HubbleStatus: 2176 description: |- 2177 Status of the Hubble server 2178 2179 +k8s:deepcopy-gen=true 2180 type: object 2181 properties: 2182 state: 2183 type: string 2184 description: State the component is in 2185 enum: 2186 - Ok 2187 - Warning 2188 - Failure 2189 - Disabled 2190 msg: 2191 type: string 2192 description: Human readable status/error/warning message 2193 observer: 2194 type: object 2195 description: |- 2196 Status of the Hubble observer 2197 2198 +k8s:deepcopy-gen=true 2199 properties: 2200 max-flows: 2201 type: integer 2202 description: Maximum number of flows this Hubble observer is able to store 2203 current-flows: 2204 type: integer 2205 description: Current number of flows this Hubble observer stores 2206 seen-flows: 2207 type: integer 2208 description: Total number of flows this Hubble observer has seen 2209 uptime: 2210 type: string 2211 format: duration 2212 description: Uptime of this Hubble observer instance 2213 metrics: 2214 type: object 2215 description: Status of the Hubble metrics server 2216 properties: 2217 state: 2218 type: string 2219 description: State of the Hubble metrics 2220 enum: 2221 - Ok 2222 - Warning 2223 - Failure 2224 - Disabled 2225 K8sStatus: 2226 description: |- 2227 Status of Kubernetes integration 2228 2229 +k8s:deepcopy-gen=true 2230 type: object 2231 properties: 2232 state: 2233 type: string 2234 description: State the component is in 2235 enum: 2236 - Ok 2237 - Warning 2238 - Failure 2239 - Disabled 2240 k8s-api-versions: 2241 type: array 2242 items: 2243 type: string 2244 msg: 2245 type: string 2246 description: Human readable status/error/warning message 2247 KubeProxyReplacement: 2248 description: |- 2249 Status of kube-proxy replacement 2250 2251 +k8s:deepcopy-gen=true 2252 type: object 2253 properties: 2254 mode: 2255 type: string 2256 enum: 2257 - 'True' 2258 - 'False' 2259 devices: 2260 type: array 2261 items: 2262 type: string 2263 deviceList: 2264 description: |- 2265 2266 2267 +k8s:deepcopy-gen=true 2268 type: array 2269 items: 2270 description: |- 2271 2272 2273 +k8s:deepcopy-gen=true 2274 type: object 2275 properties: 2276 name: 2277 type: string 2278 ip: 2279 description: |- 2280 2281 2282 +k8s:deepcopy-gen=true 2283 type: array 2284 items: 2285 type: string 2286 directRoutingDevice: 2287 type: string 2288 features: 2289 description: |- 2290 2291 2292 +k8s:deepcopy-gen=true 2293 type: object 2294 properties: 2295 nodePort: 2296 description: |- 2297 2298 2299 +k8s:deepcopy-gen=true 2300 type: object 2301 properties: 2302 enabled: 2303 type: boolean 2304 mode: 2305 type: string 2306 enum: 2307 - SNAT 2308 - DSR 2309 - Hybrid 2310 dsrMode: 2311 type: string 2312 enum: 2313 - IP Option/Extension 2314 - IPIP 2315 - Geneve 2316 algorithm: 2317 type: string 2318 enum: 2319 - Random 2320 - Maglev 2321 acceleration: 2322 type: string 2323 enum: 2324 - None 2325 - Native 2326 - Generic 2327 - Best-Effort 2328 portMin: 2329 type: integer 2330 portMax: 2331 type: integer 2332 lutSize: 2333 type: integer 2334 hostPort: 2335 description: |- 2336 2337 2338 +k8s:deepcopy-gen=true 2339 type: object 2340 properties: 2341 enabled: 2342 type: boolean 2343 externalIPs: 2344 description: |- 2345 2346 2347 +k8s:deepcopy-gen=true 2348 type: object 2349 properties: 2350 enabled: 2351 type: boolean 2352 hostReachableServices: 2353 description: |- 2354 2355 2356 +k8s:deepcopy-gen=true 2357 type: object 2358 properties: 2359 enabled: 2360 type: boolean 2361 protocols: 2362 type: array 2363 items: 2364 type: string 2365 socketLB: 2366 description: |- 2367 2368 2369 +k8s:deepcopy-gen=true 2370 type: object 2371 properties: 2372 enabled: 2373 type: boolean 2374 sessionAffinity: 2375 description: |- 2376 2377 2378 +k8s:deepcopy-gen=true 2379 type: object 2380 properties: 2381 enabled: 2382 type: boolean 2383 gracefulTermination: 2384 description: |- 2385 2386 2387 +k8s:deepcopy-gen=true 2388 type: object 2389 properties: 2390 enabled: 2391 type: boolean 2392 nat46X64: 2393 description: |- 2394 2395 2396 +k8s:deepcopy-gen=true 2397 type: object 2398 properties: 2399 enabled: 2400 type: boolean 2401 service: 2402 description: |- 2403 2404 2405 +k8s:deepcopy-gen=true 2406 type: object 2407 properties: 2408 enabled: 2409 type: boolean 2410 gateway: 2411 description: |- 2412 2413 2414 +k8s:deepcopy-gen=true 2415 type: object 2416 properties: 2417 enabled: 2418 type: boolean 2419 prefixes: 2420 type: array 2421 items: 2422 type: string 2423 socketLBTracing: 2424 description: |- 2425 2426 2427 +k8s:deepcopy-gen=true 2428 type: object 2429 properties: 2430 enabled: 2431 type: boolean 2432 bpfSocketLBHostnsOnly: 2433 description: flag bpf-lb-sock-hostns-only 2434 type: boolean 2435 AllocationMap: 2436 description: | 2437 Map of allocated IPs 2438 type: object 2439 additionalProperties: 2440 type: string 2441 IPAMStatus: 2442 description: |- 2443 Status of IP address management 2444 2445 +k8s:deepcopy-gen=true 2446 properties: 2447 allocations: 2448 "$ref": "#/definitions/AllocationMap" 2449 ipv4: 2450 type: array 2451 items: 2452 type: string 2453 ipv6: 2454 type: array 2455 items: 2456 type: string 2457 status: 2458 type: string 2459 ClusterStatus: 2460 description: |- 2461 Status of cluster 2462 2463 +k8s:deepcopy-gen=true 2464 properties: 2465 ciliumHealth: 2466 description: Status of local cilium-health daemon 2467 "$ref": "#/definitions/Status" 2468 self: 2469 description: Name of local node (if available) 2470 type: string 2471 nodes: 2472 description: List of known nodes 2473 type: array 2474 items: 2475 "$ref": "#/definitions/NodeElement" 2476 ClusterNodeStatus: 2477 description: Status of cluster 2478 properties: 2479 self: 2480 description: Name of local node (if available) 2481 type: string 2482 nodes-added: 2483 description: List of known nodes 2484 type: array 2485 items: 2486 "$ref": "#/definitions/NodeElement" 2487 nodes-removed: 2488 description: List of known nodes 2489 type: array 2490 items: 2491 "$ref": "#/definitions/NodeElement" 2492 client-id: 2493 description: ID that should be used by the client to receive a diff from the previous request 2494 type: integer 2495 ClusterMeshStatus: 2496 description: |- 2497 Status of ClusterMesh 2498 2499 +k8s:deepcopy-gen=true 2500 properties: 2501 clusters: 2502 description: List of remote clusters 2503 type: array 2504 items: 2505 "$ref": "#/definitions/RemoteCluster" 2506 num-global-services: 2507 description: Number of global services 2508 type: integer 2509 RemoteCluster: 2510 description: |- 2511 Status of remote cluster 2512 2513 +k8s:deepcopy-gen=true 2514 properties: 2515 name: 2516 description: Name of the cluster 2517 type: string 2518 ready: 2519 description: Indicates readiness of the remote cluster 2520 type: boolean 2521 connected: 2522 description: Indicates whether the connection to the remote kvstore is established 2523 type: boolean 2524 synced: 2525 description: Synchronization status about each resource type 2526 "$ref": "#/definitions/RemoteClusterSynced" 2527 config: 2528 description: Cluster configuration exposed by the remote cluster 2529 "$ref": "#/definitions/RemoteClusterConfig" 2530 num-nodes: 2531 description: Number of nodes in the cluster 2532 type: integer 2533 num-shared-services: 2534 description: Number of services in the cluster 2535 type: integer 2536 num-identities: 2537 description: Number of identities in the cluster 2538 type: integer 2539 num-endpoints: 2540 description: Number of endpoints in the cluster 2541 type: integer 2542 status: 2543 description: Status of the control plane 2544 type: string 2545 num-failures: 2546 description: Number of failures reaching the cluster 2547 type: integer 2548 last-failure: 2549 description: Time of last failure that occurred while attempting to reach the cluster 2550 type: string 2551 format: date-time 2552 RemoteClusterSynced: 2553 description: |- 2554 Status of the synchronization with the remote cluster, about each resource 2555 type. A given resource is considered to be synchronized if the initial 2556 list of entries has been completely received from the remote cluster, and 2557 new events are currently being watched. 2558 2559 +k8s:deepcopy-gen=true 2560 properties: 2561 nodes: 2562 description: Nodes synchronization status 2563 type: boolean 2564 services: 2565 description: Services synchronization status 2566 type: boolean 2567 endpoints: 2568 description: Endpoints synchronization status 2569 type: boolean 2570 identities: 2571 description: Identities synchronization status 2572 type: boolean 2573 RemoteClusterConfig: 2574 description: |- 2575 Cluster configuration exposed by the remote cluster 2576 2577 +k8s:deepcopy-gen=true 2578 properties: 2579 required: 2580 description: Whether the configuration is required to be present 2581 type: boolean 2582 retrieved: 2583 description: Whether the configuration has been correctly retrieved 2584 type: boolean 2585 cluster-id: 2586 description: The Cluster ID advertised by the remote cluster 2587 type: integer 2588 kvstoremesh: 2589 description: Whether the remote cluster information is locally cached by kvstoremesh 2590 type: boolean 2591 sync-canaries: 2592 description: Whether the remote cluster supports per-prefix "synced" canaries 2593 type: boolean 2594 MonitorStatus: 2595 description: Status of the node monitor 2596 properties: 2597 cpus: 2598 description: Number of CPUs to listen on for events. 2599 type: integer 2600 npages: 2601 description: Number of pages used for the perf ring buffer. 2602 type: integer 2603 pagesize: 2604 description: Pages size used for the perf ring buffer. 2605 type: integer 2606 lost: 2607 description: Number of samples lost by perf. 2608 type: integer 2609 unknown: 2610 description: Number of unknown samples. 2611 type: integer 2612 KVstoreConfiguration: 2613 description: Configuration used for the kvstore 2614 properties: 2615 type: 2616 description: Type of kvstore 2617 type: string 2618 options: 2619 description: Configuration options 2620 type: object 2621 additionalProperties: 2622 type: string 2623 DaemonConfiguration: 2624 description: | 2625 Response to a daemon configuration request. 2626 type: object 2627 properties: 2628 spec: 2629 description: Changeable configuration 2630 "$ref": "#/definitions/DaemonConfigurationSpec" 2631 status: 2632 description: | 2633 Current daemon configuration related status.Contains the addressing 2634 information, k8s, node monitor and immutable and mutable 2635 configuration settings. 2636 "$ref": "#/definitions/DaemonConfigurationStatus" 2637 DaemonConfigurationSpec: 2638 description: The controllable configuration of the daemon. 2639 type: object 2640 properties: 2641 options: 2642 description: Changeable configuration 2643 "$ref": "#/definitions/ConfigurationMap" 2644 policy-enforcement: 2645 description: "The policy-enforcement mode" 2646 type: string 2647 enum: 2648 - default 2649 - always 2650 - never 2651 DaemonConfigurationStatus: 2652 description: | 2653 Response to a daemon configuration request. Contains the addressing 2654 information, k8s, node monitor and immutable and mutable configuration 2655 settings. 2656 type: object 2657 properties: 2658 realized: 2659 description: Currently applied configuration 2660 "$ref": "#/definitions/DaemonConfigurationSpec" 2661 immutable: 2662 description: Immutable configuration (read-only) 2663 "$ref": "#/definitions/ConfigurationMap" 2664 addressing: 2665 "$ref": "#/definitions/NodeAddressing" 2666 k8s-endpoint: 2667 type: string 2668 k8s-configuration: 2669 type: string 2670 nodeMonitor: 2671 description: Status of the node monitor 2672 "$ref": "#/definitions/MonitorStatus" 2673 kvstoreConfiguration: 2674 "$ref": "#/definitions/KVstoreConfiguration" 2675 deviceMTU: 2676 description: MTU on workload facing devices 2677 type: integer 2678 routeMTU: 2679 description: MTU for network facing routes 2680 type: integer 2681 enableRouteMTUForCNIChaining: 2682 description: Enable route MTU for pod netns when CNI chaining is used 2683 type: boolean 2684 datapathMode: 2685 "$ref": "#/definitions/DatapathMode" 2686 ipam-mode: 2687 description: Configured IPAM mode 2688 type: string 2689 masquerade: 2690 type: boolean 2691 masqueradeProtocols: 2692 description: Status of masquerading feature 2693 type: object 2694 properties: 2695 ipv4: 2696 description: Status of masquerading for IPv4 traffic 2697 type: boolean 2698 ipv6: 2699 description: Status of masquerading for IPv6 traffic 2700 type: boolean 2701 egress-multi-home-ip-rule-compat: 2702 description: Configured compatibility mode for --egress-multi-home-ip-rule-compat 2703 type: boolean 2704 daemonConfigurationMap: 2705 description: Config map which contains all the active daemon configurations 2706 additionalProperties: 2707 type: object 2708 GSOMaxSize: 2709 description: Maximum IPv6 GSO size on workload facing devices 2710 type: integer 2711 GROMaxSize: 2712 description: Maximum IPv6 GRO size on workload facing devices 2713 type: integer 2714 GSOIPv4MaxSize: 2715 description: Maximum IPv4 GSO size on workload facing devices 2716 type: integer 2717 GROIPv4MaxSize: 2718 description: Maximum IPv4 GRO size on workload facing devices 2719 type: integer 2720 ipLocalReservedPorts: 2721 description: Comma-separated list of IP ports should be reserved in the workload network namespace 2722 type: string 2723 DatapathMode: 2724 description: Datapath mode 2725 type: string 2726 enum: 2727 - veth 2728 - netkit 2729 - netkit-l2 2730 AttachMode: 2731 description: Core datapath attachment mode 2732 type: string 2733 enum: 2734 - tc 2735 - tcx 2736 EndpointConfigurationSpec: 2737 description: An endpoint's configuration 2738 type: object 2739 properties: 2740 options: 2741 description: Changeable configuration 2742 "$ref": "#/definitions/ConfigurationMap" 2743 label-configuration: 2744 description: the endpoint's labels 2745 "$ref": "#/definitions/LabelConfigurationSpec" 2746 EndpointConfigurationStatus: 2747 description: An endpoint's configuration 2748 type: object 2749 properties: 2750 realized: 2751 description: currently applied changeable configuration 2752 "$ref": "#/definitions/EndpointConfigurationSpec" 2753 immutable: 2754 description: Immutable configuration (read-only) 2755 "$ref": "#/definitions/ConfigurationMap" 2756 error: 2757 description: Most recent error, if applicable 2758 "$ref": "#/definitions/Error" 2759 ConfigurationMap: 2760 description: | 2761 Map of configuration key/value pairs. 2762 type: object 2763 additionalProperties: 2764 type: string 2765 NodeElement: 2766 description: |- 2767 Known node in the cluster 2768 2769 +k8s:deepcopy-gen=true 2770 properties: 2771 name: 2772 type: string 2773 description: | 2774 Name of the node including the cluster association. This is typically 2775 <clustername>/<hostname>. 2776 primary-address: 2777 description: Primary address used for intra-cluster communication 2778 "$ref": "#/definitions/NodeAddressing" 2779 secondary-addresses: 2780 description: Alternative addresses assigned to the node 2781 type: array 2782 items: 2783 "$ref": "#/definitions/NodeAddressingElement" 2784 health-endpoint-address: 2785 description: Address used for probing cluster connectivity 2786 "$ref": "#/definitions/NodeAddressing" 2787 ingress-address: 2788 description: Source address for Ingress listener 2789 "$ref": "#/definitions/NodeAddressing" 2790 source: 2791 description: Source of the node configuration 2792 type: string 2793 NodeAddressing: 2794 description: |- 2795 Addressing information of a node for all address families 2796 2797 +k8s:deepcopy-gen=true 2798 type: object 2799 properties: 2800 ipv6: 2801 "$ref": "#/definitions/NodeAddressingElement" 2802 ipv4: 2803 "$ref": "#/definitions/NodeAddressingElement" 2804 NodeAddressingElement: 2805 description: Addressing information 2806 type: object 2807 properties: 2808 enabled: 2809 description: True if address family is enabled 2810 type: boolean 2811 ip: 2812 description: IP address of node 2813 type: string 2814 alloc-range: 2815 description: Address pool to be used for local endpoints 2816 type: string 2817 address-type: 2818 description: Node address type, one of HostName, ExternalIP or InternalIP 2819 type: string 2820 Policy: 2821 description: Policy definition 2822 type: object 2823 properties: 2824 revision: 2825 description: | 2826 Revision number of the policy. Incremented each time the policy is 2827 changed in the agent's repository 2828 type: integer 2829 policy: 2830 description: Policy definition as JSON. 2831 type: string 2832 PolicyTraceResult: 2833 description: Response to a policy resolution process 2834 type: object 2835 properties: 2836 verdict: 2837 type: string 2838 log: 2839 type: string 2840 Port: 2841 description: |- 2842 Layer 4 port / protocol pair 2843 2844 +deepequal-gen=true 2845 type: object 2846 properties: 2847 protocol: 2848 description: Layer 4 protocol 2849 type: string 2850 enum: 2851 - TCP 2852 - UDP 2853 - SCTP 2854 - ICMP 2855 - ICMPV6 2856 - ANY 2857 port: 2858 description: Layer 4 port number 2859 type: integer 2860 format: uint16 2861 name: 2862 description: Optional layer 4 port name 2863 type: string 2864 SelectorCache: 2865 description: cache of which identities match selectors in the policy repository 2866 type: array 2867 items: 2868 "$ref": "#/definitions/SelectorIdentityMapping" 2869 SelectorIdentityMapping: 2870 description: mapping of selector to identities which match it 2871 type: object 2872 properties: 2873 selector: 2874 description: string form of selector 2875 type: string 2876 labels: 2877 description: Labels are the metadata labels associated with the selector 2878 "$ref": "#/definitions/LabelArray" 2879 identities: 2880 description: identities mapping to this selector 2881 type: array 2882 items: 2883 type: integer 2884 users: 2885 description: number of users of this selector in the cache 2886 type: integer 2887 Srv6: 2888 description: |- 2889 Status of the SRv6 2890 2891 +k8s:deepcopy-gen=true 2892 type: object 2893 properties: 2894 enabled: 2895 type: boolean 2896 srv6EncapMode: 2897 type: string 2898 enum: 2899 - SRH 2900 - Reduced 2901 TraceSelector: 2902 description: Context describing a pair of source and destination identity 2903 type: object 2904 properties: 2905 from: 2906 "$ref": "#/definitions/TraceFrom" 2907 to: 2908 "$ref": "#/definitions/TraceTo" 2909 verbose: 2910 description: | 2911 Enable verbose tracing. 2912 type: boolean 2913 TraceFrom: 2914 type: object 2915 properties: 2916 labels: 2917 "$ref": "#/definitions/Labels" 2918 TraceTo: 2919 type: object 2920 properties: 2921 labels: 2922 "$ref": "#/definitions/Labels" 2923 dports: 2924 description: | 2925 List of Layer 4 port and protocol pairs which will be used in communication 2926 from the source identity to the destination identity. 2927 type: array 2928 items: 2929 "$ref": "#/definitions/Port" 2930 2931 FrontendAddress: 2932 description: | 2933 Layer 4 address. The protocol is currently ignored, all services will 2934 behave as if protocol any is specified. To restrict to a particular 2935 protocol, use policy. 2936 type: object 2937 properties: 2938 ip: 2939 description: Layer 3 address 2940 type: string 2941 protocol: 2942 description: Layer 4 protocol 2943 type: string 2944 enum: 2945 - tcp 2946 - udp 2947 - any 2948 scope: 2949 description: Load balancing scope for frontend address 2950 type: string 2951 enum: 2952 - external 2953 - internal 2954 port: 2955 description: Layer 4 port number 2956 type: integer 2957 format: uint16 2958 BackendAddress: 2959 description: Service backend address 2960 type: object 2961 required: 2962 - ip 2963 properties: 2964 ip: 2965 description: Layer 3 address 2966 type: string 2967 port: 2968 description: Layer 4 port number 2969 type: integer 2970 format: uint16 2971 nodeName: 2972 description: Optional name of the node on which this backend runs 2973 type: string 2974 state: 2975 description: State of the backend for load-balancing service traffic 2976 type: string 2977 enum: 2978 - active 2979 - terminating 2980 - quarantined 2981 - maintenance 2982 preferred: 2983 description: |- 2984 Indicator if this backend is preferred in the context of clustermesh service affinity. The value is set based 2985 on related annotation of global service. Applicable for active state only. 2986 type: boolean 2987 weight: 2988 description: Backend weight 2989 type: integer 2990 format: uint16 2991 x-nullable: true 2992 zone: 2993 description: Optional name of the zone in which this backend runs 2994 type: string 2995 LRPBackend: 2996 description: Pod backend of an LRP 2997 type: object 2998 properties: 2999 pod-id: 3000 description: Namespace and name of the backend pod 3001 type: string 3002 backend-address: 3003 "$ref": "#/definitions/BackendAddress" 3004 FrontendMapping: 3005 description: Mapping of frontend to backend pods of an LRP 3006 type: object 3007 properties: 3008 frontend-address: 3009 "$ref": "#/definitions/FrontendAddress" 3010 backends: 3011 description: Pod backends of an LRP 3012 type: array 3013 items: 3014 "$ref": "#/definitions/LRPBackend" 3015 LRPSpec: 3016 description: Configuration of an LRP 3017 type: object 3018 properties: 3019 uid: 3020 description: Unique identification 3021 type: string 3022 name: 3023 description: LRP service name 3024 type: string 3025 namespace: 3026 description: LRP service namespace 3027 type: string 3028 frontend-type: 3029 description: LRP frontend type 3030 type: string 3031 lrp-type: 3032 description: LRP config type 3033 type: string 3034 service-id: 3035 description: matching k8s service namespace and name 3036 type: string 3037 frontend-mappings: 3038 description: mapping of frontends to pod backends 3039 type: array 3040 items: 3041 "$ref": "#/definitions/FrontendMapping" 3042 Service: 3043 description: Collection of endpoints to be served 3044 type: object 3045 properties: 3046 spec: 3047 "$ref": "#/definitions/ServiceSpec" 3048 status: 3049 "$ref": "#/definitions/ServiceStatus" 3050 ServiceSpec: 3051 description: Configuration of a service 3052 type: object 3053 required: 3054 - frontend-address 3055 properties: 3056 id: 3057 description: Unique identification 3058 type: integer 3059 frontend-address: 3060 description: Frontend address 3061 "$ref": "#/definitions/FrontendAddress" 3062 backend-addresses: 3063 description: List of backend addresses 3064 type: array 3065 items: 3066 "$ref": "#/definitions/BackendAddress" 3067 flags: 3068 description: Optional service configuration flags 3069 type: object 3070 properties: 3071 type: 3072 description: Service type 3073 type: string 3074 enum: 3075 - ClusterIP 3076 - NodePort 3077 - ExternalIPs 3078 - HostPort 3079 - LoadBalancer 3080 - LocalRedirect 3081 trafficPolicy: 3082 description: Service external traffic policy (deprecated in favor of extTrafficPolicy) 3083 type: string 3084 enum: 3085 - Cluster 3086 - Local 3087 extTrafficPolicy: 3088 description: Service external traffic policy 3089 type: string 3090 enum: 3091 - Cluster 3092 - Local 3093 intTrafficPolicy: 3094 description: Service internal traffic policy 3095 type: string 3096 enum: 3097 - Cluster 3098 - Local 3099 natPolicy: 3100 description: Service protocol NAT policy 3101 type: string 3102 enum: 3103 - None 3104 - Nat46 3105 - Nat64 3106 healthCheckNodePort: 3107 description: Service health check node port 3108 type: integer 3109 format: uint16 3110 name: 3111 description: Service name (e.g. Kubernetes service name) 3112 type: string 3113 namespace: 3114 description: Service namespace (e.g. Kubernetes namespace) 3115 type: string 3116 cluster: 3117 description: Service cluster 3118 type: string 3119 updateServices: 3120 description: | 3121 Update all services selecting the backends with their given states 3122 (id and frontend are ignored) 3123 type: boolean 3124 3125 ServiceStatus: 3126 description: Configuration of a service 3127 type: object 3128 properties: 3129 realized: 3130 "$ref": "#/definitions/ServiceSpec" 3131 3132 StateDBQuery: 3133 description: StateDB query 3134 type: object 3135 properties: 3136 table: 3137 description: Name of the table to query 3138 type: string 3139 index: 3140 description: Index to query against 3141 type: string 3142 lowerbound: 3143 description: LowerBound prefix search or full-matching Get 3144 type: boolean 3145 key: 3146 description: Key to query with. Base64 encoded. 3147 type: string 3148 3149 Recorder: 3150 description: Collection of wildcard filters for pcap recorder 3151 type: object 3152 properties: 3153 spec: 3154 "$ref": "#/definitions/RecorderSpec" 3155 status: 3156 "$ref": "#/definitions/RecorderStatus" 3157 RecorderMask: 3158 description: Individual mask for pcap recorder 3159 type: object 3160 properties: 3161 status: 3162 "$ref": "#/definitions/RecorderMaskStatus" 3163 RecorderFilter: 3164 description: n-tuple filter to match traffic to be recorded 3165 type: object 3166 properties: 3167 src-prefix: 3168 description: Layer 3 source CIDR 3169 type: string 3170 src-port: 3171 description: Layer 4 source port, zero (or in future range) 3172 type: string 3173 dst-prefix: 3174 description: Layer 3 destination CIDR 3175 type: string 3176 dst-port: 3177 description: Layer 4 destination port, zero (or in future range) 3178 type: string 3179 protocol: 3180 description: Layer 4 protocol 3181 type: string 3182 enum: 3183 - TCP 3184 - UDP 3185 - SCTP 3186 - ANY 3187 RecorderSpec: 3188 description: Configuration of a recorder 3189 type: object 3190 required: 3191 - id 3192 - filters 3193 properties: 3194 id: 3195 description: Unique identification 3196 type: integer 3197 capture-length: 3198 description: Maximum packet length or zero for full packet length 3199 type: integer 3200 filters: 3201 description: List of wildcard filters for given recorder 3202 type: array 3203 items: 3204 "$ref": "#/definitions/RecorderFilter" 3205 RecorderMaskSpec: 3206 description: Configuration of a recorder mask 3207 type: object 3208 properties: 3209 users: 3210 description: Number of users of this mask 3211 type: integer 3212 priority: 3213 description: Priority of this mask 3214 type: integer 3215 src-prefix-mask: 3216 description: Layer 3 source IP mask 3217 type: string 3218 src-port-mask: 3219 description: Layer 4 source port mask 3220 type: string 3221 dst-prefix-mask: 3222 description: Layer 3 destination IP mask 3223 type: string 3224 dst-port-mask: 3225 description: Layer 4 destination port mask 3226 type: string 3227 protocol-mask: 3228 description: Layer 4 protocol mask 3229 type: string 3230 RecorderStatus: 3231 description: Configuration of a recorder 3232 type: object 3233 properties: 3234 realized: 3235 "$ref": "#/definitions/RecorderSpec" 3236 RecorderMaskStatus: 3237 description: Configuration of a recorder mask 3238 type: object 3239 properties: 3240 realized: 3241 "$ref": "#/definitions/RecorderMaskSpec" 3242 ProxyStatus: 3243 description: |- 3244 Status of proxy 3245 3246 +k8s:deepcopy-gen=true 3247 type: object 3248 properties: 3249 port-range: 3250 description: Port range used for proxying 3251 type: string 3252 ip: 3253 description: IP address that the proxy listens on 3254 type: string 3255 total-redirects: 3256 description: Total number of ports configured to redirect to proxies 3257 type: integer 3258 total-ports: 3259 description: Total number of listening proxy ports 3260 type: integer 3261 redirects: 3262 description: Detailed description of configured redirects 3263 type: array 3264 items: 3265 "$ref": "#/definitions/ProxyRedirect" 3266 envoy-deployment-mode: 3267 description: Deployment mode of Envoy L7 proxy 3268 type: string 3269 enum: 3270 - embedded 3271 - external 3272 IdentityRange: 3273 description: |- 3274 Status of identity range of the cluster 3275 3276 +k8s:deepcopy-gen=true 3277 properties: 3278 min-identity: 3279 description: Minimum identity of the cluster 3280 type: integer 3281 max-identity: 3282 description: Maximum identity of the cluster 3283 type: integer 3284 ProxyRedirect: 3285 description: Configured proxy redirection state 3286 type: object 3287 properties: 3288 name: 3289 description: Name of the proxy redirect 3290 type: string 3291 proxy: 3292 description: Name of the proxy this redirect points to 3293 type: string 3294 proxy-port: 3295 description: Host port that this redirect points to 3296 type: integer 3297 ProxyStatistics: 3298 description: |- 3299 Statistics of a set of proxy redirects for an endpoint 3300 3301 +k8s:deepcopy-gen=true 3302 type: object 3303 properties: 3304 protocol: 3305 description: Name of the L7 protocol 3306 type: string 3307 port: 3308 description: The port subject to the redirect 3309 type: integer 3310 allocated-proxy-port: 3311 description: The port the proxy is listening on 3312 type: integer 3313 location: 3314 description: Location of where the redirect is installed 3315 type: string 3316 enum: 3317 - ingress 3318 - egress 3319 statistics: 3320 description: Statistics of this set of proxy redirect 3321 "$ref": "#/definitions/RequestResponseStatistics" 3322 RequestResponseStatistics: 3323 description: |- 3324 Statistics of a proxy redirect 3325 3326 +k8s:deepcopy-gen=true 3327 type: object 3328 properties: 3329 requests: 3330 "$ref": "#/definitions/MessageForwardingStatistics" 3331 responses: 3332 "$ref": "#/definitions/MessageForwardingStatistics" 3333 MessageForwardingStatistics: 3334 description: Statistics of a message forwarding entity 3335 type: object 3336 properties: 3337 received: 3338 description: Number of messages received 3339 type: integer 3340 denied: 3341 description: Number of messages denied 3342 type: integer 3343 error: 3344 description: Number of errors while parsing messages 3345 type: integer 3346 forwarded: 3347 description: Number of messages forwarded 3348 type: integer 3349 IPV6BigTCP: 3350 description: |- 3351 Status of IPv6 BIG TCP 3352 3353 +k8s:deepcopy-gen=true 3354 type: object 3355 properties: 3356 enabled: 3357 description: Is IPv6 BIG TCP enabled 3358 type: boolean 3359 maxGRO: 3360 description: Maximum IPv6 GRO size 3361 type: integer 3362 maxGSO: 3363 description: Maximum IPv6 GSO size 3364 type: integer 3365 IPV4BigTCP: 3366 description: |- 3367 Status of IPv4 BIG TCP 3368 3369 +k8s:deepcopy-gen=true 3370 type: object 3371 properties: 3372 enabled: 3373 description: Is IPv4 BIG TCP enabled 3374 type: boolean 3375 maxGRO: 3376 description: Maximum IPv4 GRO size 3377 type: integer 3378 maxGSO: 3379 description: Maximum IPv4 GSO size 3380 type: integer 3381 BandwidthManager: 3382 description: |- 3383 Status of bandwidth manager 3384 3385 +k8s:deepcopy-gen=true 3386 type: object 3387 properties: 3388 enabled: 3389 description: Is bandwidth manager enabled 3390 type: boolean 3391 devices: 3392 type: array 3393 items: 3394 type: string 3395 congestionControl: 3396 type: string 3397 enum: 3398 - cubic 3399 - bbr 3400 Masquerading: 3401 description: |- 3402 Status of masquerading 3403 3404 +k8s:deepcopy-gen=true 3405 type: object 3406 properties: 3407 enabled: 3408 type: boolean 3409 enabledProtocols: 3410 description: Is masquerading enabled 3411 type: object 3412 properties: 3413 ipv4: 3414 description: Is masquerading enabled for IPv4 traffic 3415 type: boolean 3416 ipv6: 3417 description: Is masquerading enabled for IPv6 traffic 3418 type: boolean 3419 mode: 3420 type: string 3421 enum: 3422 - BPF 3423 - iptables 3424 ip-masq-agent: 3425 description: Is BPF ip-masq-agent enabled 3426 type: boolean 3427 snat-exclusion-cidr: 3428 description: |- 3429 This field is obsolete, please use snat-exclusion-cidr-v4 or snat-exclusion-cidr-v6. 3430 type: string 3431 snat-exclusion-cidr-v4: 3432 description: |- 3433 SnatExclusionCIDRv4 exempts SNAT from being performed on any packet sent to 3434 an IPv4 address that belongs to this CIDR. 3435 type: string 3436 snat-exclusion-cidr-v6: 3437 description: |- 3438 SnatExclusionCIDRv6 exempts SNAT from being performed on any packet sent to 3439 an IPv6 address that belongs to this CIDR. 3440 For IPv6 we only do masquerading in iptables mode. 3441 type: string 3442 ClockSource: 3443 description: |- 3444 Status of BPF clock source 3445 3446 +k8s:deepcopy-gen=true 3447 type: object 3448 properties: 3449 mode: 3450 description: Datapath clock source 3451 type: string 3452 enum: 3453 - ktime 3454 - jiffies 3455 hertz: 3456 description: Kernel Hz 3457 type: integer 3458 Routing: 3459 description: |- 3460 Status of routing 3461 3462 +k8s:deepcopy-gen=true 3463 type: object 3464 properties: 3465 inter-host-routing-mode: 3466 description: Datapath routing mode for cross-cluster connectivity 3467 type: string 3468 enum: 3469 - Native 3470 - Tunnel 3471 intra-host-routing-mode: 3472 description: Datapath routing mode for connectivity within the host 3473 type: string 3474 enum: 3475 - BPF 3476 - Legacy 3477 tunnel-protocol: 3478 description: Tunnel protocol in use for cross-cluster connectivity 3479 type: string 3480 ControllerStatuses: 3481 description: Collection of controller statuses 3482 type: array 3483 items: 3484 "$ref": "#/definitions/ControllerStatus" 3485 ControllerStatus: 3486 description: |- 3487 Status of a controller 3488 3489 +k8s:deepcopy-gen=true 3490 type: object 3491 properties: 3492 name: 3493 description: Name of controller 3494 type: string 3495 uuid: 3496 description: UUID of controller 3497 type: string 3498 format: uuid 3499 configuration: 3500 description: |- 3501 Configuration of controller 3502 3503 +deepequal-gen=true 3504 +k8s:deepcopy-gen=true 3505 type: object 3506 properties: 3507 interval: 3508 description: Regular synchronization interval 3509 type: string 3510 format: duration 3511 error-retry-base: 3512 description: Base error retry back-off time 3513 type: string 3514 format: duration 3515 error-retry: 3516 description: Retry on error 3517 type: boolean 3518 status: 3519 description: |- 3520 Current status of controller 3521 3522 +k8s:deepcopy-gen=true 3523 type: object 3524 properties: 3525 success-count: 3526 description: Total number of successful runs 3527 type: integer 3528 last-success-timestamp: 3529 description: Timestamp of last success 3530 type: string 3531 format: date-time 3532 failure-count: 3533 description: Total number of failed runs 3534 type: integer 3535 last-failure-timestamp: 3536 description: Timestamp of last error 3537 type: string 3538 format: date-time 3539 consecutive-failure-count: 3540 description: Number of consecutive errors since last success 3541 type: integer 3542 last-failure-msg: 3543 description: Error message of last failed run 3544 type: string 3545 MapEvent: 3546 description: Event on Map 3547 type: object 3548 properties: 3549 timestamp: 3550 description: Timestamp when the event occurred 3551 type: string 3552 format: date-time 3553 key: 3554 description: Map key on which the event occured 3555 type: string 3556 value: 3557 description: Map value on which the event occured 3558 type: string 3559 action: 3560 description: Action type for event 3561 type: string 3562 enum: 3563 - update 3564 - delete 3565 desired-action: 3566 description: Desired action to be performed after this event 3567 type: string 3568 enum: 3569 - ok 3570 - insert 3571 - delete 3572 last-error: 3573 description: Last error seen while performing desired action 3574 type: string 3575 BPFMapList: 3576 description: List of BPF Maps 3577 type: object 3578 properties: 3579 maps: 3580 description: Array of open BPF map lists 3581 type: array 3582 items: 3583 "$ref": "#/definitions/BPFMap" 3584 BPFMap: 3585 description: BPF map definition and content 3586 type: object 3587 properties: 3588 path: 3589 description: Path to BPF map 3590 type: string 3591 cache: 3592 description: Contents of cache 3593 type: array 3594 items: 3595 "$ref": "#/definitions/BPFMapEntry" 3596 BPFMapEntry: 3597 description: BPF map cache entry 3598 type: object 3599 properties: 3600 key: 3601 description: Key of map entry 3602 type: string 3603 value: 3604 description: Value of map entry 3605 type: string 3606 desired-action: 3607 description: Desired action to be performed 3608 type: string 3609 enum: 3610 - ok 3611 - insert 3612 - delete 3613 last-error: 3614 description: Last error seen while performing desired action 3615 type: string 3616 BPFMapProperties: 3617 description: BPF map properties 3618 type: object 3619 properties: 3620 name: 3621 description: Name of the BPF map 3622 type: string 3623 size: 3624 description: Size of the BPF map 3625 type: integer 3626 BPFMapStatus: 3627 description: | 3628 BPF map status 3629 3630 +k8s:deepcopy-gen=true 3631 type: object 3632 properties: 3633 dynamic-size-ratio: 3634 description: Ratio of total system memory to use for dynamic sizing of BPF maps 3635 type: number 3636 maps: 3637 description: BPF maps 3638 type: array 3639 items: 3640 "$ref": "#/definitions/BPFMapProperties" 3641 Metric: 3642 description: Metric information 3643 type: object 3644 properties: 3645 name: 3646 description: Name of the metric 3647 type: string 3648 value: 3649 description: Value of the metric 3650 type: number 3651 labels: 3652 description: Labels of the metric 3653 type: object 3654 additionalProperties: 3655 type: string 3656 Error: 3657 type: string 3658 NameManager: 3659 description: Internal state about DNS names in relation to policy subsystem 3660 type: object 3661 properties: 3662 DNSPollNames: 3663 description: Names to poll for DNS Poller 3664 type: array 3665 items: 3666 type: string 3667 FQDNPolicySelectors: 3668 description: Mapping of FQDNSelectors to corresponding regular expressions 3669 type: array 3670 items: 3671 "$ref": "#/definitions/SelectorEntry" 3672 SelectorEntry: 3673 description: Mapping of FQDNSelector to corresponding regular expression 3674 type: object 3675 properties: 3676 selectorString: 3677 description: FQDNSelector in string representation 3678 type: string 3679 regexString: 3680 description: String representation of regular expression form of FQDNSelector 3681 type: string 3682 DNSLookup: 3683 description: An IP -> DNS mapping, with metadata 3684 type: object 3685 properties: 3686 ips: 3687 description: IP addresses returned in this lookup 3688 type: array 3689 items: 3690 type: string 3691 fqdn: 3692 description: DNS name 3693 type: string 3694 ttl: 3695 description: The TTL in the DNS response 3696 type: integer 3697 lookup-time: 3698 description: The absolute time when this data was received 3699 type: string 3700 format: date-time 3701 expiration-time: 3702 description: The absolute time when this data will expire in this cache 3703 type: string 3704 format: date-time 3705 endpoint-id: 3706 description: The endpoint that made this lookup, or 0 for the agent itself. 3707 type: integer 3708 source: 3709 description: The reason this FQDN IP association exists. Either a DNS lookup or an ongoing connection to an IP that was created by a DNS lookup. 3710 type: string 3711 NodeID: 3712 description: Node ID with associated node IP addresses 3713 type: object 3714 required: 3715 - id 3716 - ips 3717 properties: 3718 id: 3719 description: ID allocated by the agent for the node 3720 type: integer 3721 ips: 3722 description: IP addresses of the node associated with the ID in the agent 3723 type: array 3724 items: 3725 type: string 3726 IPListEntry: 3727 description: IP entry with metadata 3728 type: object 3729 required: 3730 - cidr 3731 - identity 3732 properties: 3733 cidr: 3734 description: Key of the entry in the form of a CIDR range 3735 type: string 3736 identity: 3737 description: Numerical identity assigned to the IP 3738 type: integer 3739 hostIP: 3740 description: IP address of the host 3741 type: string 3742 encryptKey: 3743 description: The context ID for the encryption session 3744 type: integer 3745 metadata: 3746 "$ref": "#/definitions/IPListEntryMetadata" 3747 IPListEntryMetadata: 3748 description: Additional metadata assigned to an IP list entry 3749 type: object 3750 properties: 3751 source: 3752 description: Source of the IP entry and its metadata 3753 type: string 3754 example: k8s 3755 namespace: 3756 description: Namespace of the IP (e.g. Kubernetes namespace) 3757 type: string 3758 name: 3759 description: Name assigned to the IP (e.g. Kubernetes pod name) 3760 type: string 3761 NamedPorts: 3762 description: |- 3763 List of named Layer 4 port and protocol pairs which will be used in Network 3764 Policy specs. 3765 3766 +deepequal-gen=true 3767 +k8s:deepcopy-gen=true 3768 type: array 3769 items: 3770 "$ref": "#/definitions/Port" 3771 EncryptionStatus: 3772 description: |- 3773 Status of transparent encryption 3774 3775 +k8s:deepcopy-gen=true 3776 properties: 3777 mode: 3778 type: string 3779 enum: 3780 - Disabled 3781 - IPsec 3782 - Wireguard 3783 msg: 3784 type: string 3785 description: Human readable error/warning message 3786 ipsec: 3787 description: Status of the IPsec agent 3788 "$ref": "#/definitions/IPsecStatus" 3789 wireguard: 3790 description: Status of the WireGuard agent 3791 "$ref": "#/definitions/WireguardStatus" 3792 CNIChainingStatus: 3793 description: |- 3794 Status of CNI chaining 3795 3796 +k8s:deepcopy-gen=true 3797 properties: 3798 mode: 3799 type: string 3800 enum: 3801 - none 3802 - aws-cni 3803 - flannel 3804 - generic-veth 3805 - portmap 3806 IPsecStatus: 3807 description: |- 3808 Status of the IPsec agent 3809 3810 +k8s:deepcopy-gen=true 3811 properties: 3812 decrypt-interfaces: 3813 description: IPsec decryption interfaces 3814 type: array 3815 items: 3816 type: string 3817 max-seq-number: 3818 description: IPsec max sequence number 3819 type: string 3820 keys-in-use: 3821 description: IPsec keys in use 3822 type: integer 3823 error-count: 3824 description: IPsec error count 3825 type: integer 3826 xfrm-errors: 3827 description: IPsec XFRM errors 3828 type: object 3829 additionalProperties: 3830 type: integer 3831 WireguardStatus: 3832 description: |- 3833 Status of the WireGuard agent 3834 3835 +k8s:deepcopy-gen=true 3836 properties: 3837 node-encryption: 3838 description: Node Encryption status 3839 type: string 3840 interfaces: 3841 description: WireGuard interfaces managed by this Cilium instance 3842 type: array 3843 items: 3844 "$ref": "#/definitions/WireguardInterface" 3845 WireguardInterface: 3846 description: |- 3847 Status of a WireGuard interface 3848 3849 +k8s:deepcopy-gen=true 3850 properties: 3851 name: 3852 description: Name of the interface 3853 type: string 3854 public-key: 3855 description: Public key of this interface 3856 type: string 3857 listen-port: 3858 description: Port on which the WireGuard endpoint is exposed 3859 type: integer 3860 peer-count: 3861 description: Number of peers configured on this interface 3862 type: integer 3863 peers: 3864 description: Optional list of WireGuard peers 3865 type: array 3866 items: 3867 "$ref": "#/definitions/WireguardPeer" 3868 WireguardPeer: 3869 description: |- 3870 Status of a WireGuard peer 3871 3872 +k8s:deepcopy-gen=true 3873 properties: 3874 public-key: 3875 description: Public key of this peer 3876 type: string 3877 endpoint: 3878 description: Endpoint on which we are connected to this peer 3879 type: string 3880 last-handshake-time: 3881 description: Timestamp of the last handshake with this peer 3882 type: string 3883 format: date-time 3884 transfer-tx: 3885 description: Number of sent bytes 3886 type: integer 3887 transfer-rx: 3888 description: Number of received bytes 3889 type: integer 3890 allowed-ips: 3891 description: List of IPs which may be routed through this peer 3892 type: array 3893 items: 3894 type: string 3895 BgpPeer: 3896 description: |- 3897 State of a BGP Peer 3898 3899 +k8s:deepcopy-gen=true 3900 properties: 3901 local-asn: 3902 description: Local AS Number 3903 type: integer 3904 peer-asn: 3905 description: Peer AS Number 3906 type: integer 3907 peer-address: 3908 description: IP Address of peer 3909 type: string 3910 tcp-password-enabled: 3911 description: Set when a TCP password is configured for communications with this peer 3912 type: boolean 3913 ebgp-multihop-ttl: 3914 description: | 3915 Time To Live (TTL) value used in BGP packets sent to the eBGP neighbor. 3916 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). 3917 type: integer 3918 peer-port: 3919 description: TCP port number of peer 3920 type: integer 3921 minimum: 1 3922 maximum: 65535 3923 session-state: 3924 description: | 3925 BGP peer operational state as described here 3926 https://www.rfc-editor.org/rfc/rfc4271#section-8.2.2 3927 type: string 3928 uptime-nanoseconds: 3929 description: BGP peer connection uptime in nano seconds. 3930 type: integer 3931 graceful-restart: 3932 description: Graceful restart capability 3933 "$ref": "#/definitions/BgpGracefulRestart" 3934 families: 3935 description: BGP peer address family state 3936 type: array 3937 items: 3938 "$ref": "#/definitions/BgpPeerFamilies" 3939 connect-retry-time-seconds: 3940 description: Initial value for the BGP ConnectRetryTimer (RFC 4271, Section 8) in seconds 3941 type: integer 3942 configured-hold-time-seconds: 3943 description: | 3944 Configured initial value for the BGP HoldTimer (RFC 4271, Section 4.2) in seconds. 3945 The configured value will be used for negotiation with the peer during the BGP session establishment. 3946 type: integer 3947 applied-hold-time-seconds: 3948 description: | 3949 Applied initial value for the BGP HoldTimer (RFC 4271, Section 4.2) in seconds. 3950 The applied value holds the value that is in effect on the current BGP session. 3951 type: integer 3952 configured-keep-alive-time-seconds: 3953 description: | 3954 Configured initial value for the BGP KeepaliveTimer (RFC 4271, Section 8) in seconds. 3955 The applied value may be different than the configured value, as it depends on the negotiated hold time interval. 3956 type: integer 3957 applied-keep-alive-time-seconds: 3958 description: | 3959 Applied initial value for the BGP KeepaliveTimer (RFC 4271, Section 8) in seconds. 3960 The applied value holds the value that is in effect on the current BGP session. 3961 type: integer 3962 BgpPeerFamilies: 3963 description: |- 3964 BGP AFI SAFI state of the peer 3965 3966 +k8s:deepcopy-gen=true 3967 properties: 3968 afi: 3969 description: BGP address family indicator 3970 type: string 3971 safi: 3972 description: BGP subsequent address family indicator 3973 type: string 3974 received: 3975 description: Number of routes received from the peer of this address family 3976 type: integer 3977 accepted: 3978 description: Number of routes accepted from the peer of this address family 3979 type: integer 3980 advertised: 3981 description: Number of routes advertised of this address family to the peer 3982 type: integer 3983 BgpGracefulRestart: 3984 description: |- 3985 BGP graceful restart parameters negotiated with the peer. 3986 3987 +k8s:deepcopy-gen=true 3988 properties: 3989 enabled: 3990 description: |- 3991 When set, graceful restart capability is negotiated for all AFI/SAFIs of 3992 this peer. 3993 type: boolean 3994 restart-time-seconds: 3995 description: |- 3996 This is the time advertised to peer for the BGP session to be re-established 3997 after a restart. After this period, peer will remove stale routes. 3998 (RFC 4724 section 4.2) 3999 type: integer 4000 BgpRoute: 4001 description: Single BGP route retrieved from the RIB of underlying router 4002 properties: 4003 router-asn: 4004 description: Autonomous System Number (ASN) identifying a BGP virtual router instance 4005 type: integer 4006 neighbor: 4007 description: IP address specifying a BGP neighbor if the source table type is adj-rib-in or adj-rib-out 4008 type: string 4009 prefix: 4010 description: IP prefix of the route 4011 type: string 4012 paths: 4013 description: List of routing paths leading towards the prefix 4014 type: array 4015 items: 4016 "$ref": "#/definitions/BgpPath" 4017 BgpPath: 4018 description: Single BGP routing Path containing BGP Network Layer Reachability Information (NLRI) and path attributes 4019 properties: 4020 family: 4021 description: Address Family Indicator (AFI) and Subsequent Address Family Indicator (SAFI) of the path 4022 "$ref": "#/definitions/BgpFamily" 4023 nlri: 4024 description: Network Layer Reachability Information of the path 4025 "$ref": "#/definitions/BgpNlri" 4026 path-attributes: 4027 description: List of BGP path attributes specific for the path 4028 type: array 4029 items: 4030 "$ref": "#/definitions/BgpPathAttribute" 4031 age-nanoseconds: 4032 description: Age of the path (time since its creation) in nanoseconds 4033 type: integer 4034 best: 4035 description: True value flags the best path towards the destination prefix 4036 type: boolean 4037 stale: 4038 description: True value marks the path as stale 4039 type: boolean 4040 BgpFamily: 4041 description: Address Family Indicator (AFI) and Subsequent Address Family Indicator (SAFI) of the path 4042 properties: 4043 afi: 4044 description: Address Family Indicator (AFI) of the path 4045 type: string 4046 safi: 4047 description: Subsequent Address Family Indicator (SAFI) of the path 4048 type: string 4049 BgpNlri: 4050 description: Network Layer Reachability Information (NLRI) of the path 4051 properties: 4052 base64: 4053 description: Base64-encoded NLRI in the BGP UPDATE message format 4054 type: string 4055 BgpPathAttribute: 4056 description: Single BGP path attribute specific for the path 4057 properties: 4058 base64: 4059 description: Base64-encoded BGP path attribute in the BGP UPDATE message format 4060 type: string 4061 BgpRoutePolicy: 4062 description: Single BGP route policy retrieved from the underlying router 4063 properties: 4064 router-asn: 4065 description: Autonomous System Number (ASN) identifying a BGP virtual router instance 4066 type: integer 4067 name: 4068 description: Name of the route policy 4069 type: string 4070 type: 4071 description: Type of the route policy 4072 type: string 4073 enum: 4074 - export 4075 - import 4076 statements: 4077 description: List of the route policy statements 4078 type: array 4079 items: 4080 "$ref": "#/definitions/BgpRoutePolicyStatement" 4081 BgpRoutePolicyStatement: 4082 description: Single BGP route policy statement 4083 properties: 4084 match-neighbors: 4085 description: Matches any of the provided BGP neighbor IP addresses. If empty matches all neighbors. 4086 type: array 4087 items: 4088 type: string 4089 match-prefixes: 4090 description: Matches any of the provided prefixes. If empty matches all prefixes. 4091 type: array 4092 items: 4093 "$ref": "#/definitions/BgpRoutePolicyPrefixMatch" 4094 route-action: 4095 description: RIB processing action taken on the matched route 4096 type: string 4097 enum: 4098 - none 4099 - accept 4100 - reject 4101 add-communities: 4102 description: List of BGP standard community values to be added to the matched route 4103 type: array 4104 items: 4105 type: string 4106 add-large-communities: 4107 description: List of BGP large community values to be added to the matched route 4108 type: array 4109 items: 4110 type: string 4111 set-local-preference: 4112 description: BGP local preference value to be set on the matched route 4113 type: integer 4114 BgpRoutePolicyPrefixMatch: 4115 description: Matches a CIDR prefix in a BGP route policy 4116 properties: 4117 cidr: 4118 description: CIDR prefix to match with 4119 type: string 4120 prefix-len-min: 4121 description: Minimal prefix length that will match if it falls under CIDR 4122 type: integer 4123 prefix-len-max: 4124 description: Maximal prefix length that will match if it falls under CIDR 4125 type: integer 4126 Label: 4127 description: Label is the Cilium's representation of a container label 4128 type: object 4129 properties: 4130 key: 4131 type: string 4132 value: 4133 type: string 4134 source: 4135 description: Source can be one of the above values (e.g. LabelSourceContainer) 4136 type: string 4137 LabelArray: 4138 description: LabelArray is an array of labels forming a set 4139 type: array 4140 items: 4141 "$ref": "#/definitions/Label"