github.com/cilium/cilium@v1.16.2/api/v1/openapi.yaml (about)

     1  ---
     2  swagger: '2.0'
     3  info:
     4    title: Cilium API
     5    description: Cilium
     6    version: v1beta1
     7  x-schemes:
     8  - unix
     9  basePath: "/v1"
    10  produces:
    11  - application/json
    12  consumes:
    13  - application/json
    14  paths:
    15    "/cluster/nodes":
    16      get:
    17        summary: Get nodes information stored in the cilium-agent
    18        tags:
    19        - daemon
    20        parameters:
    21        - name: client-id
    22          description: |
    23            Client UUID should be used when the client wants to request
    24            a diff of nodes added and / or removed since the last time
    25            that client has made a request.
    26          in: header
    27          required: false
    28          type: integer
    29        responses:
    30          '200':
    31            description: Success
    32            schema:
    33              "$ref": "#/definitions/ClusterNodeStatus"
    34    "/healthz":
    35      get:
    36        summary: Get health of Cilium daemon
    37        description: |
    38          Returns health and status information of the Cilium daemon and related
    39          components such as the local container runtime, connected datastore,
    40          Kubernetes integration and Hubble.
    41        tags:
    42        - daemon
    43        parameters:
    44        - name: brief
    45          description: |
    46            Brief will return a brief representation of the Cilium status.
    47          in: header
    48          required: false
    49          type: boolean
    50        responses:
    51          '200':
    52            description: Success
    53            schema:
    54              "$ref": "#/definitions/StatusResponse"
    55    "/config":
    56      get:
    57        summary: Get configuration of Cilium daemon
    58        description: |
    59          Returns the configuration of the Cilium daemon.
    60        tags:
    61        - daemon
    62        responses:
    63          '200':
    64            description: Success
    65            schema:
    66              "$ref": "#/definitions/DaemonConfiguration"
    67      patch:
    68        summary: Modify daemon configuration
    69        description: |
    70          Updates the daemon configuration by applying the provided
    71          ConfigurationMap and regenerates & recompiles all required datapath
    72          components.
    73        tags:
    74        - daemon
    75        parameters:
    76        - name: configuration
    77          in: body
    78          required: true
    79          schema:
    80            "$ref": "#/definitions/DaemonConfigurationSpec"
    81        responses:
    82          '200':
    83            description: Success
    84          '400':
    85            description: Bad configuration parameters
    86            schema:
    87              "$ref": "#/definitions/Error"
    88          '403':
    89            description: Forbidden
    90          '500':
    91            description: Recompilation failed
    92            x-go-name: Failure
    93            schema:
    94              "$ref": "#/definitions/Error"
    95    "/endpoint/{id}":
    96      get:
    97        summary: Get endpoint by endpoint ID
    98        description: |
    99          Returns endpoint information
   100        tags:
   101        - endpoint
   102        parameters:
   103        - "$ref": "#/parameters/endpoint-id"
   104        responses:
   105          '200':
   106            description: Success
   107            schema:
   108              "$ref": "#/definitions/Endpoint"
   109          '400':
   110            description: Invalid endpoint ID format for specified type
   111            x-go-name: Invalid
   112            schema:
   113              "$ref": "#/definitions/Error"
   114          '404':
   115            description: Endpoint not found
   116          '429':
   117            description: Rate-limiting too many requests in the given time frame
   118      put:
   119        summary: Create endpoint
   120        description: |
   121          Creates a new endpoint
   122        tags:
   123        - endpoint
   124        parameters:
   125        - "$ref": "#/parameters/endpoint-id"
   126        - "$ref": "#/parameters/endpoint-change-request"
   127        responses:
   128          '201':
   129            description: Created
   130            schema:
   131              "$ref": "#/definitions/Endpoint"
   132          '400':
   133            description: Invalid endpoint in request
   134            x-go-name: Invalid
   135            schema:
   136              "$ref": "#/definitions/Error"
   137          '403':
   138            description: Forbidden
   139          '409':
   140            description: Endpoint already exists
   141            x-go-name: Exists
   142          '500':
   143            description: Endpoint creation failed
   144            x-go-name: Failed
   145            schema:
   146              "$ref": "#/definitions/Error"
   147          '429':
   148            description: Rate-limiting too many requests in the given time frame
   149      patch:
   150        summary: Modify existing endpoint
   151        deprecated: true
   152        description: |
   153          Applies the endpoint change request to an existing endpoint
   154        tags:
   155        - endpoint
   156        parameters:
   157        - "$ref": "#/parameters/endpoint-id"
   158        - "$ref": "#/parameters/endpoint-change-request"
   159        responses:
   160          '200':
   161            description: Success
   162          '400':
   163            description: Invalid modify endpoint request
   164            x-go-name: Invalid
   165            schema:
   166              "$ref": "#/definitions/Error"
   167          '403':
   168            description: Forbidden
   169          '404':
   170            description: Endpoint does not exist
   171          '500':
   172            description: Endpoint update failed
   173            x-go-name: Failed
   174            schema:
   175              "$ref": "#/definitions/Error"
   176          '429':
   177            description: Rate-limiting too many requests in the given time frame
   178      delete:
   179        summary: Delete endpoint
   180        description: |
   181          Deletes the endpoint specified by the ID. Deletion is imminent and
   182          atomic, if the deletion request is valid and the endpoint exists,
   183          deletion will occur even if errors are encountered in the process. If
   184          errors have been encountered, the code 202 will be returned, otherwise
   185          200 on success.
   186  
   187          All resources associated with the endpoint will be freed and the
   188          workload represented by the endpoint will be disconnected.It will no
   189          longer be able to initiate or receive communications of any sort.
   190        tags:
   191        - endpoint
   192        parameters:
   193        - "$ref": "#/parameters/endpoint-id"
   194        responses:
   195          '200':
   196            description: Success
   197          '206':
   198            description: Deleted with a number of errors encountered
   199            x-go-name: Errors
   200            schema:
   201              type: integer
   202          '400':
   203            description: |
   204              Invalid endpoint ID format for specified type. Details in error
   205              message
   206            x-go-name: Invalid
   207            schema:
   208              "$ref": "#/definitions/Error"
   209          '403':
   210            description: Forbidden
   211          '404':
   212            description: Endpoint not found
   213          '429':
   214            description: Rate-limiting too many requests in the given time frame
   215    "/endpoint":
   216      get:
   217        summary: Retrieves a list of endpoints that have metadata matching the provided parameters.
   218        description: |
   219          Retrieves a list of endpoints that have metadata matching the provided parameters, or all endpoints if no parameters provided.
   220        tags:
   221        - endpoint
   222        parameters:
   223        - "$ref": "#/parameters/labels"
   224        responses:
   225          '200':
   226            description: Success
   227            schema:
   228              type: array
   229              items:
   230                "$ref": "#/definitions/Endpoint"
   231          '404':
   232            description: Endpoints with provided parameters not found
   233          '429':
   234            description: Rate-limiting too many requests in the given time frame
   235      delete:
   236        summary: Deletes a list of endpoints
   237        description: |
   238          Deletes a list of endpoints that have endpoints matching the provided properties
   239        tags:
   240          - endpoint
   241        parameters:
   242          - "$ref": "#/parameters/endpoint-batch-delete-request"
   243        responses:
   244          '200':
   245            description: Success
   246          '206':
   247            description: Deleted with a number of errors encountered
   248            x-go-name: Errors
   249            schema:
   250              type: integer
   251          '400':
   252            description: Invalid endpoint delete request
   253            x-go-name: Invalid
   254          '404':
   255            description: No endpoints with provided parameters found
   256          '429':
   257            description: Rate-limiting too many requests in the given time frame
   258    "/endpoint/{id}/config":
   259      get:
   260        summary: Retrieve endpoint configuration
   261        description: |
   262          Retrieves the configuration of the specified endpoint.
   263        tags:
   264        - endpoint
   265        parameters:
   266        - "$ref": "#/parameters/endpoint-id"
   267        responses:
   268          '200':
   269            description: Success
   270            schema:
   271              "$ref": "#/definitions/EndpointConfigurationStatus"
   272          '404':
   273            description: Endpoint not found
   274          '429':
   275            description: Rate-limiting too many requests in the given time frame
   276      patch:
   277        summary: Modify mutable endpoint configuration
   278        description: |
   279          Update the configuration of an existing endpoint and regenerates &
   280          recompiles the corresponding programs automatically.
   281        tags:
   282        - endpoint
   283        parameters:
   284        - "$ref": "#/parameters/endpoint-id"
   285        - name: endpoint-configuration
   286          in: body
   287          required: true
   288          schema:
   289            "$ref": "#/definitions/EndpointConfigurationSpec"
   290        responses:
   291          '200':
   292            description: Success
   293          '400':
   294            description: Invalid configuration request
   295            x-go-name: Invalid
   296          '403':
   297            description: Forbidden
   298          '404':
   299            description: Endpoint not found
   300          '500':
   301            description: Update failed. Details in message.
   302            x-go-name: Failed
   303            schema:
   304              "$ref": "#/definitions/Error"
   305          '429':
   306            description: Rate-limiting too many requests in the given time frame
   307    "/endpoint/{id}/labels":
   308      get:
   309        summary: Retrieves the list of labels associated with an endpoint.
   310        tags:
   311        - endpoint
   312        parameters:
   313        - "$ref": "#/parameters/endpoint-id"
   314        responses:
   315          '200':
   316            description: Success
   317            schema:
   318              "$ref": "#/definitions/LabelConfiguration"
   319          '404':
   320            description: Endpoint not found
   321          '429':
   322            description: Rate-limiting too many requests in the given time frame
   323      patch:
   324        summary: Set label configuration of endpoint
   325        description: |
   326          Sets labels associated with an endpoint. These can be user provided or
   327          derived from the orchestration system.
   328        tags:
   329        - endpoint
   330        parameters:
   331        - "$ref": "#/parameters/endpoint-id"
   332        - name: configuration
   333          in: body
   334          required: true
   335          schema:
   336            "$ref": "#/definitions/LabelConfigurationSpec"
   337        responses:
   338          '200':
   339            description: Success
   340          '403':
   341            description: Forbidden
   342          '404':
   343            description: Endpoint not found
   344          '500':
   345            description: Error while updating labels
   346            x-go-name: UpdateFailed
   347            schema:
   348              "$ref": "#/definitions/Error"
   349          '429':
   350            description: Rate-limiting too many requests in the given time frame
   351    "/endpoint/{id}/log":
   352      get:
   353        summary: Retrieves the status logs associated with this endpoint.
   354        tags:
   355        - endpoint
   356        parameters:
   357        - "$ref": "#/parameters/endpoint-id"
   358        responses:
   359          '200':
   360            description: Success
   361            schema:
   362              "$ref": "#/definitions/EndpointStatusLog"
   363          '400':
   364            description: Invalid identity provided
   365            x-go-name: Invalid
   366          '404':
   367            description: Endpoint not found
   368          '429':
   369            description: Rate-limiting too many requests in the given time frame
   370  
   371    "/endpoint/{id}/healthz":
   372      get:
   373        summary: Retrieves the status logs associated with this endpoint.
   374        tags:
   375        - endpoint
   376        parameters:
   377        - "$ref": "#/parameters/endpoint-id"
   378        responses:
   379          '200':
   380            description: Success
   381            schema:
   382              "$ref": "#/definitions/EndpointHealth"
   383          '400':
   384            description: Invalid identity provided
   385            x-go-name: Invalid
   386          '404':
   387            description: Endpoint not found
   388          '429':
   389            description: Rate-limiting too many requests in the given time frame
   390    "/identity":
   391      get:
   392        summary: Retrieves a list of identities that have metadata matching the provided parameters.
   393        description: |
   394          Retrieves a list of identities that have metadata matching the provided parameters, or all identities if no parameters are provided.
   395        tags:
   396        - policy
   397        parameters:
   398        - "$ref": "#/parameters/labels"
   399        responses:
   400          '200':
   401            description: Success
   402            schema:
   403              type: array
   404              items:
   405                "$ref": "#/definitions/Identity"
   406          '404':
   407            description: Identities with provided parameters not found
   408          '520':
   409            description: Identity storage unreachable. Likely a network problem.
   410            x-go-name: Unreachable
   411            schema:
   412              "$ref": "#/definitions/Error"
   413          '521':
   414            description: Invalid identity format in storage
   415            x-go-name: InvalidStorageFormat
   416            schema:
   417              "$ref": "#/definitions/Error"
   418    "/identity/{id}":
   419      get:
   420        summary: Retrieve identity
   421        tags:
   422        - policy
   423        parameters:
   424        - "$ref": "#/parameters/identity-id"
   425        responses:
   426          '200':
   427            description: Success
   428            schema:
   429              "$ref": "#/definitions/Identity"
   430          '400':
   431            description: Invalid identity provided
   432          '404':
   433            description: Identity not found
   434          '520':
   435            description: Identity storage unreachable. Likely a network problem.
   436            x-go-name: Unreachable
   437            schema:
   438              "$ref": "#/definitions/Error"
   439          '521':
   440            description: Invalid identity format in storage
   441            x-go-name: InvalidStorageFormat
   442            schema:
   443              "$ref": "#/definitions/Error"
   444    "/identity/endpoints":
   445      get:
   446        summary: Retrieve identities which are being used by local endpoints
   447        tags:
   448        - policy
   449        responses:
   450          '200':
   451            description: Success
   452            schema:
   453              type: array
   454              items:
   455                "$ref": "#/definitions/IdentityEndpoints"
   456          '404':
   457            description: Set of identities which are being used by local endpoints could not be found.
   458    "/ipam":
   459      post:
   460        summary: Allocate an IP address
   461        tags:
   462        - ipam
   463        parameters:
   464        - "$ref": "#/parameters/ipam-family"
   465        - "$ref": "#/parameters/ipam-owner"
   466        - "$ref": "#/parameters/ipam-pool"
   467        - "$ref": "#/parameters/ipam-expiration"
   468        responses:
   469          '201':
   470            description: Success
   471            schema:
   472              "$ref": "#/definitions/IPAMResponse"
   473          '403':
   474            description: Forbidden
   475          '502':
   476            description: Allocation failure
   477            x-go-name: Failure
   478            schema:
   479              "$ref": "#/definitions/Error"
   480    "/ipam/{ip}":
   481      post:
   482        summary: Allocate an IP address
   483        tags:
   484        - ipam
   485        parameters:
   486        - "$ref": "#/parameters/ipam-ip"
   487        - "$ref": "#/parameters/ipam-owner"
   488        - "$ref": "#/parameters/ipam-pool"
   489        responses:
   490          '200':
   491            description: Success
   492          '400':
   493            description: Invalid IP address
   494            x-go-name: Invalid
   495          '403':
   496            description: Forbidden
   497          '409':
   498            description: IP already allocated
   499            x-go-name: Exists
   500          '500':
   501            description: IP allocation failure. Details in message.
   502            x-go-name: Failure
   503            schema:
   504              "$ref": "#/definitions/Error"
   505          '501':
   506            description: Allocation for address family disabled
   507            x-go-name: Disabled
   508      delete:
   509        summary: Release an allocated IP address
   510        tags:
   511        - ipam
   512        parameters:
   513        - "$ref": "#/parameters/ipam-ip"
   514        - "$ref": "#/parameters/ipam-pool"
   515        responses:
   516          '200':
   517            description: Success
   518          '400':
   519            description: Invalid IP address
   520            x-go-name: Invalid
   521          '403':
   522            description: Forbidden
   523          '404':
   524            description: IP address not found
   525          '500':
   526            description: Address release failure
   527            x-go-name: Failure
   528            schema:
   529              "$ref": "#/definitions/Error"
   530          '501':
   531            description: Allocation for address family disabled
   532            x-go-name: Disabled
   533    "/policy":
   534      get:
   535        summary: Retrieve entire policy tree
   536        description: |
   537          Returns the entire policy tree with all children.
   538        tags:
   539        - policy
   540        parameters:
   541        - name: labels
   542          in: body
   543          schema:
   544            "$ref": "#/definitions/Labels"
   545        responses:
   546          '200':
   547            description: Success
   548            schema:
   549              "$ref": "#/definitions/Policy"
   550          '404':
   551            description: No policy rules found
   552      put:
   553        summary: Create or update a policy (sub)tree
   554        tags:
   555        - policy
   556        parameters:
   557        - "$ref": "#/parameters/policy-rules"
   558        - "$ref": "#/parameters/policy-replace"
   559        - "$ref": "#/parameters/policy-replace-with-labels"
   560        responses:
   561          '200':
   562            description: Success
   563            schema:
   564              "$ref": "#/definitions/Policy"
   565          '400':
   566            description: Invalid policy
   567            x-go-name: InvalidPolicy
   568            schema:
   569              "$ref": "#/definitions/Error"
   570          '403':
   571            description: Forbidden
   572          '460':
   573            description: Invalid path
   574            x-go-name: InvalidPath
   575            schema:
   576              "$ref": "#/definitions/Error"
   577          '500':
   578            description: Policy import failed
   579            x-go-name: Failure
   580            schema:
   581              "$ref": "#/definitions/Error"
   582      delete:
   583        summary: Delete a policy (sub)tree
   584        tags:
   585        - policy
   586        parameters:
   587        - name: labels
   588          in: body
   589          required: false
   590          schema:
   591            "$ref": "#/definitions/Labels"
   592        responses:
   593          '200':
   594            description: Success
   595            schema:
   596              "$ref": "#/definitions/Policy"
   597          '400':
   598            description: Invalid request
   599            x-go-name: Invalid
   600            schema:
   601              "$ref": "#/definitions/Error"
   602          '403':
   603            description: Forbidden
   604          '404':
   605            description: Policy not found
   606          '500':
   607            description: Error while deleting policy
   608            x-go-name: Failure
   609            schema:
   610              "$ref": "#/definitions/Error"
   611    "/policy/selectors":
   612      get:
   613        summary: See what selectors match which identities
   614        tags:
   615        - policy
   616        responses:
   617          '200':
   618            description: Success
   619            schema:
   620              "$ref": "#/definitions/SelectorCache"
   621    "/lrp":
   622      get:
   623        summary: Retrieve list of all local redirect policies
   624        tags:
   625        - service
   626        responses:
   627          '200':
   628            description: Success
   629            schema:
   630              type: array
   631              items:
   632                "$ref": "#/definitions/LRPSpec"
   633    "/service":
   634      get:
   635        summary: Retrieve list of all services
   636        tags:
   637        - service
   638        responses:
   639          '200':
   640            description: Success
   641            schema:
   642              type: array
   643              items:
   644                "$ref": "#/definitions/Service"
   645    "/service/{id}":
   646      get:
   647        summary: Retrieve configuration of a service
   648        tags:
   649        - service
   650        parameters:
   651        - "$ref": "#/parameters/service-id"
   652        responses:
   653          '200':
   654            description: Success
   655            schema:
   656              "$ref": "#/definitions/Service"
   657          '404':
   658            description: Service not found
   659      put:
   660        summary: Create or update service
   661        tags:
   662        - service
   663        parameters:
   664        - "$ref": "#/parameters/service-id"
   665        - "$ref": "#/parameters/service-config"
   666        responses:
   667          '200':
   668            description: Updated
   669          '201':
   670            description: Created
   671          '403':
   672            description: Forbidden
   673          '460':
   674            description: Invalid frontend in service configuration
   675            x-go-name: InvalidFrontend
   676            schema:
   677              "$ref": "#/definitions/Error"
   678          '461':
   679            description: Invalid backend in service configuration
   680            x-go-name: InvalidBackend
   681            schema:
   682              "$ref": "#/definitions/Error"
   683          '500':
   684            description: Error while creating service
   685            x-go-name: Failure
   686            schema:
   687              "$ref": "#/definitions/Error"
   688          '501':
   689            description: Error while updating backend states
   690            x-go-name: UpdateBackendFailure
   691            schema:
   692              "$ref": "#/definitions/Error"
   693      delete:
   694        summary: Delete a service
   695        tags:
   696        - service
   697        parameters:
   698        - "$ref": "#/parameters/service-id"
   699        responses:
   700          '200':
   701            description: Success
   702          '403':
   703            description: Forbidden
   704          '404':
   705            description: Service not found
   706          '500':
   707            description: Service deletion failed
   708            x-go-name: Failure
   709            schema:
   710              "$ref": "#/definitions/Error"
   711  
   712    "/recorder":
   713      get:
   714        summary: Retrieve list of all recorders
   715        tags:
   716        - recorder
   717        responses:
   718          '200':
   719            description: Success
   720            schema:
   721              type: array
   722              items:
   723                "$ref": "#/definitions/Recorder"
   724    "/recorder/masks":
   725      get:
   726        summary: Retrieve list of all recorder masks
   727        tags:
   728        - recorder
   729        responses:
   730          '200':
   731            description: Success
   732            schema:
   733              type: array
   734              items:
   735                "$ref": "#/definitions/RecorderMask"
   736    "/recorder/{id}":
   737      get:
   738        summary: Retrieve configuration of a recorder
   739        tags:
   740        - recorder
   741        parameters:
   742        - "$ref": "#/parameters/recorder-id"
   743        responses:
   744          '200':
   745            description: Success
   746            schema:
   747              "$ref": "#/definitions/Recorder"
   748          '404':
   749            description: Recorder not found
   750      put:
   751        summary: Create or update recorder
   752        tags:
   753        - recorder
   754        parameters:
   755        - "$ref": "#/parameters/recorder-id"
   756        - "$ref": "#/parameters/recorder-config"
   757        responses:
   758          '200':
   759            description: Updated
   760          '201':
   761            description: Created
   762          '403':
   763            description: Forbidden
   764          '500':
   765            description: Error while creating recorder
   766            x-go-name: Failure
   767            schema:
   768              "$ref": "#/definitions/Error"
   769      delete:
   770        summary: Delete a recorder
   771        tags:
   772        - recorder
   773        parameters:
   774        - "$ref": "#/parameters/recorder-id"
   775        responses:
   776          '200':
   777            description: Success
   778          '403':
   779            description: Forbidden
   780          '404':
   781            description: Recorder not found
   782          '500':
   783            description: Recorder deletion failed
   784            x-go-name: Failure
   785            schema:
   786              "$ref": "#/definitions/Error"
   787    "/prefilter":
   788      get:
   789        summary: Retrieve list of CIDRs
   790        tags:
   791        - prefilter
   792        responses:
   793          '200':
   794            description: Success
   795            schema:
   796              "$ref": "#/definitions/Prefilter"
   797          '500':
   798            description: Prefilter get failed
   799            x-go-name: Failure
   800            schema:
   801              "$ref": "#/definitions/Error"
   802      patch:
   803        summary: Update list of CIDRs
   804        tags:
   805        - prefilter
   806        parameters:
   807        - "$ref": "#/parameters/prefilter-spec"
   808        responses:
   809          '200':
   810            description: Updated
   811            schema:
   812              "$ref": "#/definitions/Prefilter"
   813          '403':
   814            description: Forbidden
   815          '461':
   816            description: Invalid CIDR prefix
   817            x-go-name: InvalidCIDR
   818            schema:
   819              "$ref": "#/definitions/Error"
   820          '500':
   821            description: Prefilter update failed
   822            x-go-name: Failure
   823            schema:
   824              "$ref": "#/definitions/Error"
   825      delete:
   826        summary: Delete list of CIDRs
   827        tags:
   828        - prefilter
   829        parameters:
   830        - "$ref": "#/parameters/prefilter-spec"
   831        responses:
   832          '200':
   833            description: Deleted
   834            schema:
   835              "$ref": "#/definitions/Prefilter"
   836          '403':
   837            description: Forbidden
   838          '461':
   839            description: Invalid CIDR prefix
   840            x-go-name: InvalidCIDR
   841            schema:
   842              "$ref": "#/definitions/Error"
   843          '500':
   844            description: Prefilter delete failed
   845            x-go-name: Failure
   846            schema:
   847              "$ref": "#/definitions/Error"
   848    "/debuginfo":
   849      get:
   850        summary: Retrieve information about the agent and environment for debugging
   851        tags:
   852        - daemon
   853        responses:
   854          '200':
   855            description: Success
   856            schema:
   857              "$ref": "#/definitions/DebugInfo"
   858          '500':
   859            description: DebugInfo get failed
   860            x-go-name: Failure
   861            schema:
   862              "$ref": "#/definitions/Error"
   863    "/cgroup-dump-metadata":
   864      get:
   865        summary: Retrieve cgroup metadata for all pods
   866        tags:
   867        - daemon
   868        responses:
   869          '200':
   870            description: Success
   871            schema:
   872              "$ref": "#/definitions/CgroupDumpMetadata"
   873          '500':
   874            description: CgroupDumpMetadata get failed
   875            x-go-name: Failure
   876            schema:
   877              "$ref": "#/definitions/Error"
   878    "/map":
   879      get:
   880        summary: List all open maps
   881        tags:
   882        - daemon
   883        responses:
   884          '200':
   885            description: Success
   886            schema:
   887              "$ref": "#/definitions/BPFMapList"
   888    "/map/{name}":
   889      get:
   890        summary: Retrieve contents of BPF map
   891        tags:
   892        - daemon
   893        parameters:
   894        - "$ref": "#/parameters/map-name"
   895        responses:
   896          '200':
   897            description: Success
   898            schema:
   899              "$ref": "#/definitions/BPFMap"
   900          '404':
   901            description: Map not found
   902    "/map/{name}/events":
   903      get:
   904        summary: Retrieves the recent event logs associated with this endpoint.
   905        tags:
   906        - daemon
   907        parameters:
   908        - "$ref": "#/parameters/map-name"
   909        - "$ref": "#/parameters/follow"
   910        responses:
   911          '200':
   912            description: Success
   913            schema:
   914              type: string
   915              format: binary
   916          '404':
   917            description: Map not found
   918    "/metrics/":
   919      get:
   920        summary: Retrieve cilium metrics
   921        tags:
   922        - metrics
   923        parameters: []
   924        responses:
   925          '200':
   926            description: Success
   927            schema:
   928              type: array
   929              items:
   930                "$ref": "#/definitions/Metric"
   931          '500':
   932            description: Metrics cannot be retrieved
   933  
   934    "/fqdn/cache":
   935      get:
   936        summary: Retrieves the list of DNS lookups intercepted from all endpoints.
   937        description: |
   938          Retrieves the list of DNS lookups intercepted from endpoints,
   939          optionally filtered by DNS name, CIDR IP range or source.
   940        tags:
   941        - policy
   942        parameters:
   943        - "$ref": "#/parameters/matchpattern"
   944        - "$ref": "#/parameters/cidr"
   945        - "$ref": "#/parameters/source"
   946        responses:
   947          '200':
   948            description: Success
   949            schema:
   950              type: array
   951              items:
   952                "$ref": "#/definitions/DNSLookup"
   953          '400':
   954            description: Invalid request (error parsing parameters)
   955            schema:
   956              "$ref": "#/definitions/Error"
   957          '404':
   958            description: No DNS data with provided parameters found
   959      delete:
   960        summary: Deletes matching DNS lookups from the policy-generation cache.
   961        description: |
   962          Deletes matching DNS lookups from the cache, optionally restricted by
   963          DNS name. The removed IP data will no longer be used in generated
   964          policies.
   965        tags:
   966        - policy
   967        parameters:
   968        - "$ref": "#/parameters/matchpattern"
   969        responses:
   970          '200':
   971            description: Success
   972          '403':
   973            description: Forbidden
   974          '400':
   975            description: Invalid request (error parsing parameters)
   976            schema:
   977              "$ref": "#/definitions/Error"
   978  
   979    "/fqdn/cache/{id}":
   980      get:
   981        summary: Retrieves the list of DNS lookups intercepted from an endpoint.
   982        description: |
   983          Retrieves the list of DNS lookups intercepted from the specific endpoint,
   984          optionally filtered by endpoint id, DNS name, CIDR IP range or source.
   985        tags:
   986        - policy
   987        parameters:
   988        - "$ref": "#/parameters/endpoint-id"
   989        - "$ref": "#/parameters/matchpattern"
   990        - "$ref": "#/parameters/cidr"
   991        - "$ref": "#/parameters/source"
   992        responses:
   993          '200':
   994            description: Success
   995            schema:
   996              type: array
   997              items:
   998                "$ref": "#/definitions/DNSLookup"
   999          '400':
  1000            description: Invalid request (error parsing parameters)
  1001            schema:
  1002              "$ref": "#/definitions/Error"
  1003          '404':
  1004            description: No DNS data with provided parameters found
  1005    "/fqdn/names":
  1006      get:
  1007        summary: List internal DNS selector representations
  1008        description: |
  1009          Retrieves the list of DNS-related fields (names to poll, selectors and
  1010          their corresponding regexes).
  1011        tags:
  1012        - policy
  1013        responses:
  1014          '200':
  1015            description: Success
  1016            schema:
  1017              "$ref": "#/definitions/NameManager"
  1018          '400':
  1019            description: Invalid request (error parsing parameters)
  1020            schema:
  1021              "$ref": "#/definitions/Error"
  1022    "/ip":
  1023      get:
  1024        summary: Lists information about known IP addresses
  1025        description: |
  1026          Retrieves a list of IPs with known associated information such as
  1027          their identities, host addresses, Kubernetes pod names, etc.
  1028          The list can optionally filtered by a CIDR IP range.
  1029        tags:
  1030        - policy
  1031        parameters:
  1032        - "$ref": "#/parameters/cidr"
  1033        responses:
  1034          '200':
  1035            description: Success
  1036            schema:
  1037              type: array
  1038              items:
  1039                "$ref": "#/definitions/IPListEntry"
  1040          '400':
  1041            description: Invalid request (error parsing parameters)
  1042            schema:
  1043              "$ref": "#/definitions/Error"
  1044          '404':
  1045            description: No IP cache entries with provided parameters found
  1046    "/node/ids":
  1047      get:
  1048        summary: List information about known node IDs
  1049        description: |
  1050          Retrieves a list of node IDs allocated by the agent and their
  1051          associated node IP addresses.
  1052        tags:
  1053        - daemon
  1054        responses:
  1055          '200':
  1056            description: Success
  1057            schema:
  1058              type: array
  1059              items:
  1060                "$ref": "#/definitions/NodeID"
  1061    "/bgp/peers":
  1062      get:
  1063        summary: Lists operational state of BGP peers
  1064        description: |
  1065          Retrieves current operational state of BGP peers created by
  1066          Cilium BGP virtual router. This includes session state, uptime,
  1067          information per address family, etc.
  1068        tags:
  1069          - bgp
  1070        responses:
  1071          '200':
  1072            description: Success
  1073            schema:
  1074              type: array
  1075              items:
  1076                "$ref": "#/definitions/BgpPeer"
  1077          '500':
  1078            description: Internal Server Error
  1079            schema:
  1080              "$ref": "#/definitions/Error"
  1081          '501':
  1082            description: BGP Control Plane disabled
  1083            x-go-name: Disabled
  1084            schema:
  1085              "$ref": "#/definitions/Error"
  1086    "/bgp/routes":
  1087      get:
  1088        summary: Lists BGP routes from BGP Control Plane RIB.
  1089        description: Retrieves routes from BGP Control Plane RIB filtered by parameters you specify
  1090        tags:
  1091          - bgp
  1092        parameters:
  1093          - "$ref": "#/parameters/bgp-table-type"
  1094          - "$ref": "#/parameters/bgp-afi"
  1095          - "$ref": "#/parameters/bgp-safi"
  1096          - "$ref": "#/parameters/bgp-router-asn"
  1097          - "$ref": "#/parameters/bgp-neighbor-address"
  1098        responses:
  1099          '200':
  1100            description: Success
  1101            schema:
  1102              type: array
  1103              items:
  1104                "$ref": "#/definitions/BgpRoute"
  1105          '500':
  1106            description: Internal Server Error
  1107            schema:
  1108              "$ref": "#/definitions/Error"
  1109          '501':
  1110            description: BGP Control Plane disabled
  1111            x-go-name: Disabled
  1112            schema:
  1113              "$ref": "#/definitions/Error"
  1114    "/bgp/route-policies":
  1115      get:
  1116        summary: Lists BGP route policies configured in BGP Control Plane.
  1117        description: Retrieves route policies from BGP Control Plane.
  1118        tags:
  1119          - bgp
  1120        parameters:
  1121          - "$ref": "#/parameters/bgp-router-asn"
  1122        responses:
  1123          '200':
  1124            description: Success
  1125            schema:
  1126              type: array
  1127              items:
  1128                "$ref": "#/definitions/BgpRoutePolicy"
  1129          '500':
  1130            description: Internal Server Error
  1131            schema:
  1132              "$ref": "#/definitions/Error"
  1133          '501':
  1134            description: BGP Control Plane disabled
  1135            x-go-name: Disabled
  1136            schema:
  1137              "$ref": "#/definitions/Error"
  1138  parameters:
  1139    endpoint-id:
  1140      name: id
  1141      description: |
  1142        String describing an endpoint with the format ``[prefix:]id``. If no prefix
  1143        is specified, a prefix of ``cilium-local:`` is assumed. Not all endpoints
  1144        will be addressable by all endpoint ID prefixes with the exception of the
  1145        local Cilium UUID which is assigned to all endpoints.
  1146  
  1147        Supported endpoint id prefixes:
  1148          - cilium-local: Local Cilium endpoint UUID, e.g. cilium-local:3389595
  1149          - cilium-global: Global Cilium endpoint UUID, e.g. cilium-global:cluster1:nodeX:452343
  1150          - cni-attachment-id: CNI attachment ID, e.g. cni-attachment-id:22222:eth0
  1151          - container-id: Container runtime ID, e.g. container-id:22222 (deprecated, may not be unique)
  1152          - container-name: Container name, e.g. container-name:foobar (deprecated, may not be unique)
  1153          - pod-name: pod name for this container if K8s is enabled, e.g. pod-name:default:foobar (deprecated, may not be unique)
  1154          - cep-name: cep name for this container if K8s is enabled, e.g. pod-name:default:foobar-net1
  1155          - docker-endpoint: Docker libnetwork endpoint ID, e.g. docker-endpoint:4444
  1156      in: path
  1157      required: true
  1158      type: string
  1159    endpoint-change-request:
  1160      name: endpoint
  1161      in: body
  1162      required: true
  1163      schema:
  1164        "$ref": "#/definitions/EndpointChangeRequest"
  1165    endpoint-batch-delete-request:
  1166      name: endpoint
  1167      in: body
  1168      required: true
  1169      schema:
  1170        "$ref": "#/definitions/EndpointBatchDeleteRequest"
  1171    identity-id:
  1172      name: id
  1173      description: |
  1174        Cluster wide unique identifier of a security identity.
  1175      in: path
  1176      required: true
  1177      type: string
  1178    labels:
  1179      name: labels
  1180      description: |
  1181        List of labels
  1182      in: body
  1183      required: false
  1184      schema:
  1185        "$ref": "#/definitions/Labels"
  1186    policy-rules:
  1187      name: policy
  1188      description: Policy rules
  1189      required: true
  1190      in: body
  1191      schema:
  1192        type: string
  1193    policy-replace:
  1194      name: replace
  1195      description: If true, indicates that existing rules with identical labels should be replaced.
  1196      required: false
  1197      in: query
  1198      type: boolean
  1199    policy-replace-with-labels:
  1200      name: replace-with-labels
  1201      description: If present, indicates that existing rules with the given labels should be deleted.
  1202      required: false
  1203      in: query
  1204      type: array
  1205      items:
  1206        type: string
  1207    pod-name:
  1208      name: pod
  1209      description: |
  1210        K8s pod name
  1211      required: true
  1212      in: path
  1213      type: string
  1214    trace-selector:
  1215      name: trace-selector
  1216      description: Context to provide policy evaluation on
  1217      in: body
  1218      schema:
  1219        "$ref": "#/definitions/TraceSelector"
  1220    service-id:
  1221      name: id
  1222      description: ID of service
  1223      required: true
  1224      in: path
  1225      type: integer
  1226    service-address:
  1227      name: address
  1228      description: Service address configuration
  1229      in: body
  1230      schema:
  1231        "$ref": "#/definitions/FrontendAddress"
  1232    service-config:
  1233      name: config
  1234      description: Service configuration
  1235      in: body
  1236      required: true
  1237      schema:
  1238        "$ref": "#/definitions/ServiceSpec"
  1239    recorder-id:
  1240      name: id
  1241      description: ID of recorder
  1242      required: true
  1243      in: path
  1244      type: integer
  1245    recorder-config:
  1246      name: config
  1247      description: Recorder configuration
  1248      in: body
  1249      required: true
  1250      schema:
  1251        "$ref": "#/definitions/RecorderSpec"
  1252    prefilter-spec:
  1253      name: prefilter-spec
  1254      description: List of CIDR ranges for filter table
  1255      required: true
  1256      in: body
  1257      schema:
  1258        "$ref": "#/definitions/PrefilterSpec"
  1259    ipam-ip:
  1260      name: ip
  1261      description: IP address
  1262      in: path
  1263      required: true
  1264      type: string
  1265    ipam-family:
  1266      name: family
  1267      in: query
  1268      type: string
  1269      enum:
  1270      - ipv4
  1271      - ipv6
  1272    ipam-owner:
  1273      name: owner
  1274      in: query
  1275      type: string
  1276    ipam-pool:
  1277      name: pool
  1278      in: query
  1279      type: string
  1280    ipam-expiration:
  1281      name: expiration
  1282      in: header
  1283      type: boolean
  1284    map-name:
  1285      name: name
  1286      description: Name of map
  1287      required: true
  1288      in: path
  1289      type: string
  1290    follow:
  1291      name: follow
  1292      description: Whether to follow streamed requests
  1293      required: false
  1294      in: query
  1295      type: boolean
  1296    matchpattern:
  1297      name: matchpattern
  1298      description: A toFQDNs compatible matchPattern expression
  1299      required: false
  1300      in: query
  1301      type: string
  1302    cidr:
  1303      name: cidr
  1304      description: A CIDR range of IPs
  1305      required: false
  1306      in: query
  1307      type: string
  1308    source:
  1309      name: source
  1310      description: Source from which FQDN entries come from
  1311      required: false
  1312      in: query
  1313      type: string
  1314    bgp-table-type:
  1315      name: table_type
  1316      description: BGP Routing Information Base (RIB) table type
  1317      required: true
  1318      in: query
  1319      type: string
  1320      enum:
  1321      - loc-rib
  1322      - adj-rib-in
  1323      - adj-rib-out
  1324    bgp-afi:
  1325      name: afi
  1326      description: Address Family Indicator (AFI) of a BGP route
  1327      required: true
  1328      in: query
  1329      type: string
  1330    bgp-safi:
  1331      name: safi
  1332      description: Subsequent Address Family Indicator (SAFI) of a BGP route
  1333      required: true
  1334      in: query
  1335      type: string
  1336    bgp-router-asn:
  1337      name: router_asn
  1338      description: |
  1339        Autonomous System Number (ASN) identifying a BGP virtual router instance.
  1340        If not specified, all virtual router instances are selected.
  1341      required: false
  1342      in: query
  1343      type: integer
  1344    bgp-neighbor-address:
  1345      name: neighbor
  1346      description: |
  1347        IP address specifying a BGP neighbor.
  1348        Has to be specified only when table type is adj-rib-in or adj-rib-out.
  1349      required: false
  1350      in: query
  1351      type: string
  1352  
  1353  definitions:
  1354    Endpoint:
  1355      description: An endpoint is a namespaced network interface to which cilium applies policies
  1356      type: object
  1357      properties:
  1358        id:
  1359          description: The cilium-agent-local ID of the endpoint
  1360          type: integer
  1361        spec:
  1362          description: The desired configuration state of the endpoint
  1363          "$ref": "#/definitions/EndpointConfigurationSpec"
  1364        status:
  1365          description: The desired and realized configuration state of the endpoint
  1366          "$ref": "#/definitions/EndpointStatus"
  1367    EndpointChangeRequest:
  1368      description: |
  1369        Structure which contains the mutable elements of an Endpoint.
  1370      type: object
  1371      required:
  1372        - state
  1373      properties:
  1374        id:
  1375          description: Local endpoint ID
  1376          type: integer
  1377        container-id:
  1378          description: ID assigned by container runtime
  1379          type: string
  1380        container-name:
  1381          description: Name assigned to container
  1382          type: string
  1383        docker-endpoint-id:
  1384          description: Docker endpoint ID
  1385          type: string
  1386        labels:
  1387          description: Labels describing the identity
  1388          "$ref": "#/definitions/Labels"
  1389        docker-network-id:
  1390          description: Docker network ID
  1391          type: string
  1392        interface-name:
  1393          description: Name of network device in host netns
  1394          type: string
  1395        interface-index:
  1396          description: Index of network device in host netns
  1397          type: integer
  1398        container-interface-name:
  1399          description: Name of network device in container netns
  1400          type: string
  1401        state:
  1402          description: Current state of endpoint
  1403          "$ref": "#/definitions/EndpointState"
  1404        mac:
  1405          description: MAC address
  1406          type: string
  1407        host-mac:
  1408          description: MAC address
  1409          type: string
  1410        addressing:
  1411          "$ref": "#/definitions/AddressPair"
  1412        k8s-pod-name:
  1413          description: Kubernetes pod name
  1414          type: string
  1415        k8s-namespace:
  1416          description: Kubernetes namespace name
  1417          type: string
  1418        k8s-uid:
  1419          description: Kubernetes pod UID
  1420          type: string
  1421        datapath-map-id:
  1422          description: ID of datapath tail call map
  1423          type: integer
  1424        policy-enabled:
  1425          description: Whether policy enforcement is enabled or not
  1426          type: boolean
  1427        pid:
  1428          description: Process ID of the workload belonging to this endpoint
  1429          type: integer
  1430        sync-build-endpoint:
  1431          description: |
  1432            Whether to build an endpoint synchronously
  1433          type: boolean
  1434        disable-legacy-identifiers:
  1435          description: >-
  1436            Disables lookup using legacy endpoint identifiers (container name,
  1437            container id, pod name) for this endpoint
  1438          type: boolean
  1439        netns-cookie:
  1440          description: Network namespace cookie
  1441          type: string
  1442        datapath-configuration:
  1443          "$ref": "#/definitions/EndpointDatapathConfiguration"
  1444        properties:
  1445          description: >-
  1446            Properties is used to store information about the endpoint at
  1447            creation.
  1448            Useful for tests.
  1449          additionalProperties:
  1450            type: object
  1451    EndpointBatchDeleteRequest:
  1452      description: |
  1453        Properties selecting a batch of endpoints to delete.
  1454      type: object
  1455      properties:
  1456        container-id:
  1457          description: ID assigned by container runtime
  1458          type: string
  1459    EndpointDatapathConfiguration:
  1460      description: Datapath configuration to be used for the endpoint
  1461      type: object
  1462      properties:
  1463        require-arp-passthrough:
  1464          description: Enable ARP passthrough mode
  1465          type: boolean
  1466        require-egress-prog:
  1467          description: >
  1468            Endpoint requires a host-facing egress program to be attached to
  1469            implement ingress policy and reverse NAT.
  1470          type: boolean
  1471        external-ipam:
  1472          description: >
  1473            Indicates that IPAM is done external to Cilium. This will prevent the
  1474            IP from being released and re-allocation of the IP address is skipped
  1475            on restore.
  1476          type: boolean
  1477        require-routing:
  1478          description: >
  1479            Endpoint requires BPF routing to be enabled, when disabled, routing
  1480            is delegated to Linux routing.
  1481          type: boolean
  1482          default: true
  1483        install-endpoint-route:
  1484          description: >
  1485            Installs a route in the Linux routing table pointing to the device of
  1486            the endpoint's interface.
  1487          type: boolean
  1488        disable-sip-verification:
  1489          description: >
  1490            Disable source IP verification for the endpoint.
  1491          type: boolean
  1492    EndpointStatus:
  1493      description: The current state and configuration of the endpoint, its policy & datapath, and subcomponents
  1494      type: object
  1495      required:
  1496        - state
  1497      properties:
  1498        external-identifiers:
  1499          description: Unique identifiers for this endpoint from outside cilium
  1500          "$ref": "#/definitions/EndpointIdentifiers"
  1501        identity:
  1502          description: The security identity for this endpoint
  1503          "$ref": "#/definitions/Identity"
  1504        labels:
  1505          description: Labels applied to this endpoint
  1506          "$ref": "#/definitions/LabelConfigurationStatus"
  1507        realized:
  1508          description: The configuration in effect on this endpoint
  1509          "$ref": "#/definitions/EndpointConfigurationSpec"
  1510        networking:
  1511          description: Networking properties of the endpoint
  1512          "$ref": "#/definitions/EndpointNetworking"
  1513        policy:
  1514          description: The policy applied to this endpoint from the policy repository
  1515          "$ref": "#/definitions/EndpointPolicyStatus"
  1516        log:
  1517          description: Most recent status log. See endpoint/{id}/log for the complete log.
  1518          "$ref": "#/definitions/EndpointStatusLog"
  1519        controllers:
  1520          description: Status of internal controllers attached to this endpoint
  1521          "$ref": "#/definitions/ControllerStatuses"
  1522        state:
  1523          description: Current state of endpoint
  1524          "$ref": "#/definitions/EndpointState"
  1525        health:
  1526          description: Summary overall endpoint & subcomponent health
  1527          "$ref": "#/definitions/EndpointHealth"
  1528        namedPorts:
  1529          description: List of named ports that can be used in Network Policy
  1530          "$ref": "#/definitions/NamedPorts"
  1531    EndpointState:
  1532      description: State of endpoint
  1533      type: string
  1534      enum:
  1535        - waiting-for-identity
  1536        - not-ready
  1537        - waiting-to-regenerate
  1538        - regenerating
  1539        - restoring
  1540        - ready
  1541        - disconnecting
  1542        - disconnected
  1543        - invalid
  1544    EndpointHealth:
  1545      description: |-
  1546        Health of the endpoint
  1547  
  1548        +deepequal-gen=true
  1549      type: object
  1550      properties:
  1551        overallHealth:
  1552         "$ref": "#/definitions/EndpointHealthStatus"
  1553        bpf:
  1554         "$ref": "#/definitions/EndpointHealthStatus"
  1555        policy:
  1556         "$ref": "#/definitions/EndpointHealthStatus"
  1557        connected:
  1558          description: Is this endpoint reachable
  1559          type: boolean
  1560    EndpointHealthStatus:
  1561      description: >
  1562        A common set of statuses for endpoint health
  1563        * ``OK`` = All components operational
  1564        * ``Bootstrap`` = This component is being created
  1565        * ``Pending`` = A change is being processed to be applied
  1566        * ``Warning`` = This component is not applying up-to-date policies (but is still applying the previous version)
  1567        * ``Failure`` = An error has occurred and no policy is being applied
  1568        * ``Disabled`` = This endpoint is disabled and will not handle traffic
  1569      type: string
  1570      enum:
  1571        - OK
  1572        - Bootstrap
  1573        - Pending
  1574        - Warning
  1575        - Failure
  1576        - Disabled
  1577    EndpointStatusLog:
  1578      description: Status log of endpoint
  1579      type: array
  1580      items:
  1581        "$ref": "#/definitions/EndpointStatusChange"
  1582    EndpointStatusChange:
  1583      description: |-
  1584        Indication of a change of status
  1585  
  1586        +deepequal-gen=true
  1587      type: object
  1588      properties:
  1589        timestamp:
  1590          description: Timestamp when status change occurred
  1591          type: string
  1592        code:
  1593          description: Code indicate type of status change
  1594          type: string
  1595          enum:
  1596           - ok
  1597           - failed
  1598        message:
  1599          description: Status message
  1600          type: string
  1601        state:
  1602          "$ref": "#/definitions/EndpointState"
  1603    EndpointPolicyStatus:
  1604      description: Policy information of an endpoint
  1605      type: object
  1606      properties:
  1607        spec:
  1608          description: The policy that should apply to this endpoint
  1609          "$ref": "#/definitions/EndpointPolicy"
  1610        realized:
  1611          description: The policy in the datapath for this endpoint
  1612          "$ref": "#/definitions/EndpointPolicy"
  1613        proxy-policy-revision:
  1614          description: The policy revision currently enforced in the proxy for this endpoint
  1615          type: integer
  1616        proxy-statistics:
  1617          description: Statistics of the proxy redirects configured for this endpoint
  1618          type: array
  1619          items:
  1620            "$ref": "#/definitions/ProxyStatistics"
  1621    EndpointPolicyEnabled:
  1622      description: Whether policy enforcement is enabled (ingress, egress, both or none)
  1623      type: string
  1624      enum:
  1625        - none
  1626        - ingress
  1627        - egress
  1628        - both
  1629        - audit-ingress
  1630        - audit-egress
  1631        - audit-both
  1632    EndpointPolicy:
  1633      description: |-
  1634        Policy information of an endpoint
  1635  
  1636        +k8s:deepcopy-gen=true
  1637      type: object
  1638      properties:
  1639        policy-revision:
  1640          description: The agent-local policy revision
  1641          type: integer
  1642        id:
  1643          description: Own identity of endpoint
  1644          type: integer
  1645        policy-enabled:
  1646          description: Whether policy enforcement is enabled (ingress, egress, both or none)
  1647          "$ref": "#/definitions/EndpointPolicyEnabled"
  1648        build:
  1649          description: Build number of calculated policy in use
  1650          type: integer
  1651        allowed-ingress-identities:
  1652          description: |
  1653            List of identities allowed to communicate to this endpoint
  1654          type: array
  1655          items:
  1656            type: integer
  1657        denied-ingress-identities:
  1658          description: |
  1659            List of identities not allowed to communicate to this endpoint
  1660          type: array
  1661          items:
  1662            type: integer
  1663        allowed-egress-identities:
  1664          description: |
  1665            List of identities to which this endpoint is allowed to communicate
  1666          type: array
  1667          items:
  1668            type: integer
  1669        denied-egress-identities:
  1670          description: |
  1671            List of identities to which this endpoint is not allowed to communicate
  1672          type: array
  1673          items:
  1674            type: integer
  1675        l4:
  1676          "$ref": "#/definitions/L4Policy"
  1677        cidr-policy:
  1678          "$ref": "#/definitions/CIDRPolicy"
  1679    PolicyRule:
  1680      description: |-
  1681        A policy rule including the rule labels it derives from
  1682  
  1683        +k8s:deepcopy-gen=true
  1684      properties:
  1685        rule:
  1686          description: The policy rule as json
  1687          type: string
  1688        derived-from-rules:
  1689          description: The policy rule labels identifying the policy rules this rule derives from
  1690          type: array
  1691          items:
  1692            type: array
  1693            items:
  1694              type: string
  1695        rules-by-selector:
  1696          description: The policy rule labels identifying the policy rules this rule derives from, mapped by selector
  1697          type: object
  1698          additionalProperties:
  1699            type: array
  1700            items:
  1701              type: array
  1702              items:
  1703                type: string
  1704    L4Policy:
  1705      description: |-
  1706        L4 endpoint policy
  1707  
  1708        +k8s:deepcopy-gen=true
  1709      type: object
  1710      properties:
  1711        ingress:
  1712          description: List of L4 ingress rules
  1713          type: array
  1714          items:
  1715            "$ref": "#/definitions/PolicyRule"
  1716        egress:
  1717          description: List of L4 egress rules
  1718          type: array
  1719          items:
  1720            "$ref": "#/definitions/PolicyRule"
  1721    CIDRPolicy:
  1722      description: |-
  1723        CIDR endpoint policy
  1724  
  1725        +k8s:deepcopy-gen=true
  1726      type: object
  1727      properties:
  1728        ingress:
  1729          description: List of CIDR ingress rules
  1730          type: array
  1731          items:
  1732            "$ref": "#/definitions/PolicyRule"
  1733        egress:
  1734          description: List of CIDR egress rules
  1735          type: array
  1736          items:
  1737            "$ref": "#/definitions/PolicyRule"
  1738  
  1739    Prefilter:
  1740      description: Collection of endpoints to be served
  1741      type: object
  1742      properties:
  1743        spec:
  1744          "$ref": "#/definitions/PrefilterSpec"
  1745        status:
  1746          "$ref": "#/definitions/PrefilterStatus"
  1747    PrefilterSpec:
  1748      description: CIDR ranges implemented in the Prefilter
  1749      type: object
  1750      properties:
  1751        revision:
  1752          type: integer
  1753        deny:
  1754          type: array
  1755          items:
  1756            type: string
  1757    PrefilterStatus:
  1758      description: CIDR ranges implemented in the Prefilter
  1759      type: object
  1760      properties:
  1761        realized:
  1762          "$ref": "#/definitions/PrefilterSpec"
  1763  
  1764    CIDRList:
  1765      description: List of CIDRs
  1766      type: object
  1767      properties:
  1768        revision:
  1769          type: integer
  1770        list:
  1771          type: array
  1772          items:
  1773            type: string
  1774    DebugInfo:
  1775      description: groups some debugging related information on the agent
  1776      type: object
  1777      properties:
  1778        cilium-version:
  1779          type: string
  1780        kernel-version:
  1781          type: string
  1782        cilium-status:
  1783          "$ref": "#/definitions/StatusResponse"
  1784        endpoint-list:
  1785          type: array
  1786          items:
  1787            "$ref": "#/definitions/Endpoint"
  1788        service-list:
  1789          type: array
  1790          items:
  1791            "$ref": "#/definitions/Service"
  1792        policy:
  1793          "$ref": "#/definitions/Policy"
  1794        cilium-memory-map:
  1795          type: string
  1796        cilium-nodemonitor-memory-map:
  1797          type: string
  1798        environment-variables:
  1799          type: array
  1800          items:
  1801            type: string
  1802        subsystem:
  1803          type: object
  1804          additionalProperties:
  1805            type: string
  1806        encryption:
  1807          type: object
  1808          properties:
  1809            wireguard:
  1810              description: Status of the WireGuard agent
  1811              "$ref": "#/definitions/WireguardStatus"
  1812    CgroupDumpMetadata:
  1813      description: cgroup full metadata
  1814      type: object
  1815      properties:
  1816        pod-metadatas:
  1817          type: array
  1818          items:
  1819            "$ref": "#/definitions/CgroupPodMetadata"
  1820    CgroupPodMetadata:
  1821      description: cgroup pod metadata
  1822      type: object
  1823      properties:
  1824        name:
  1825          type: string
  1826        namespace:
  1827          type: string
  1828        containers:
  1829          type: array
  1830          items:
  1831            "$ref": "#/definitions/CgroupContainerMetadata"
  1832        ips:
  1833          type: array
  1834          items:
  1835            type: string
  1836    CgroupContainerMetadata:
  1837      description: cgroup container metadata
  1838      type: object
  1839      properties:
  1840        cgroup-id:
  1841          type: integer
  1842          format: uint64
  1843        cgroup-path:
  1844          type: string
  1845    IPAMResponse:
  1846      description: IPAM configuration of an endpoint
  1847      type: object
  1848      required:
  1849        - address
  1850        - host-addressing
  1851      properties:
  1852        address:
  1853          "$ref": "#/definitions/AddressPair"
  1854        ipv4:
  1855          "$ref": "#/definitions/IPAMAddressResponse"
  1856        ipv6:
  1857          "$ref": "#/definitions/IPAMAddressResponse"
  1858        host-addressing:
  1859          "$ref": "#/definitions/NodeAddressing"
  1860    IPAMAddressResponse:
  1861      description: IPAM configuration of an individual address family
  1862      type: object
  1863      properties:
  1864        ip:
  1865          description: Allocated IP for endpoint
  1866          type: string
  1867        gateway:
  1868          description: IP of gateway
  1869          type: string
  1870        cidrs:
  1871          description: List of CIDRs out of which IPs are allocated
  1872          type: array
  1873          items:
  1874            type: string
  1875        master-mac:
  1876          type: string
  1877          description: MAC of master interface if address is a slave/secondary of a master interface
  1878        expiration-uuid:
  1879          type: string
  1880          description: |
  1881            The UUID for the expiration timer. Set when expiration has been
  1882            enabled while allocating.
  1883        interface-number:
  1884          type: string
  1885          description: |
  1886            InterfaceNumber is a field for generically identifying an interface. This is only useful in ENI mode.
  1887    AddressPair:
  1888      description: Addressing information of an endpoint
  1889      type: object
  1890      properties:
  1891        ipv4:
  1892          description: IPv4 address
  1893          type: string
  1894        ipv4-expiration-uuid:
  1895          description: UUID of IPv4 expiration timer
  1896          type: string
  1897        ipv4-pool-name:
  1898          description: IPAM pool from which this IPv4 address was allocated
  1899          type: string
  1900        ipv6:
  1901          description: IPv6 address
  1902          type: string
  1903        ipv6-expiration-uuid:
  1904          description: UUID of IPv6 expiration timer
  1905          type: string
  1906        ipv6-pool-name:
  1907          description: IPAM pool from which this IPv6 address was allocated
  1908          type: string
  1909    Address:
  1910      description: IP address
  1911      type: string
  1912    ClusterNodesResponse:
  1913      properties:
  1914        self:
  1915          description: Name of local node (if available)
  1916          type: string
  1917        nodes:
  1918          description: List of known nodes
  1919          type: array
  1920          items:
  1921            "$ref": "#/definitions/NodeElement"
  1922    Identity:
  1923      description: Security identity
  1924      type: object
  1925      properties:
  1926        id:
  1927          description: Unique identifier
  1928          type: integer
  1929        labels:
  1930          description: Labels describing the identity
  1931          "$ref": "#/definitions/Labels"
  1932        labelsSHA256:
  1933          description: SHA256 of labels
  1934          type: string
  1935    IdentityEndpoints:
  1936      description: Security identities owned by endpoints on the local node
  1937      type: object
  1938      properties:
  1939        identity:
  1940          description: Security identity
  1941          "$ref": "#/definitions/Identity"
  1942        refCount:
  1943          description: number of endpoints consuming this identity locally (should always be > 0)
  1944          type: integer
  1945    EndpointNetworking:
  1946      description: Unique identifiers for this endpoint from outside cilium
  1947      type: object
  1948      properties:
  1949        addressing:
  1950          description: IP4/6 addresses assigned to this Endpoint
  1951          type: array
  1952          items:
  1953            "$ref": "#/definitions/AddressPair"
  1954        host-addressing:
  1955          "$ref": "#/definitions/NodeAddressing"
  1956        host-mac:
  1957          description: MAC address
  1958          type: string
  1959        mac:
  1960          description: MAC address
  1961          type: string
  1962        interface-name:
  1963          description: Name of network device in host netns
  1964          type: string
  1965        interface-index:
  1966          description: Index of network device in host netns
  1967          type: integer
  1968        container-interface-name:
  1969          description: Name of network device in container netns
  1970          type: string
  1971    EndpointIdentifiers:
  1972      description: |-
  1973        Unique identifiers for this endpoint from outside cilium
  1974  
  1975        +deepequal-gen=true
  1976      type: object
  1977      properties:
  1978        cni-attachment-id:
  1979          description: ID assigned to this attachment by container runtime
  1980          type: string
  1981        container-id:
  1982          description: ID assigned by container runtime (deprecated, may not be unique)
  1983          type: string
  1984        container-name:
  1985          description: Name assigned to container (deprecated, may not be unique)
  1986          type: string
  1987        docker-endpoint-id:
  1988          description: Docker endpoint ID
  1989          type: string
  1990        docker-network-id:
  1991          description: Docker network ID
  1992          type: string
  1993        pod-name:
  1994          description: K8s pod for this endpoint (deprecated, may not be unique)
  1995          type: string
  1996        k8s-pod-name:
  1997          description: K8s pod name for this endpoint (deprecated, may not be unique)
  1998          type: string
  1999        k8s-namespace:
  2000          description: K8s namespace for this endpoint (deprecated, may not be unique)
  2001          type: string
  2002    Labels:
  2003      description: Set of labels
  2004      type: array
  2005      items:
  2006        type: string
  2007    LabelConfiguration:
  2008      description: Label configuration of an endpoint
  2009      type: object
  2010      properties:
  2011        spec:
  2012          description: The user provided desired configuration
  2013          "$ref": "#/definitions/LabelConfigurationSpec"
  2014        status:
  2015          description: The current configuration
  2016          "$ref": "#/definitions/LabelConfigurationStatus"
  2017    LabelConfigurationSpec:
  2018      description: User desired Label configuration of an endpoint
  2019      type: object
  2020      properties:
  2021        user:
  2022          description: "Custom labels in addition to orchestration system labels."
  2023          "$ref": "#/definitions/Labels"
  2024    LabelConfigurationStatus:
  2025      description: Labels and label configuration of an endpoint
  2026      type: object
  2027      properties:
  2028        realized:
  2029          description: The current configuration
  2030          "$ref": "#/definitions/LabelConfigurationSpec"
  2031        security-relevant:
  2032          description: "Labels derived from orchestration system that are used in computing a security identity"
  2033          "$ref": "#/definitions/Labels"
  2034        derived:
  2035          description: "All labels derived from the orchestration system"
  2036          "$ref": "#/definitions/Labels"
  2037        disabled:
  2038          description: "Labels derived from orchestration system which have been disabled."
  2039          "$ref": "#/definitions/Labels"
  2040    StatusResponse:
  2041      description: |-
  2042        Health and status information of daemon
  2043  
  2044        +k8s:deepcopy-gen=true
  2045      type: object
  2046      properties:
  2047        cilium:
  2048          description: Status of Cilium daemon
  2049          "$ref": "#/definitions/Status"
  2050        kvstore:
  2051          description: Status of key/value datastore
  2052          "$ref": "#/definitions/Status"
  2053        cni-file:
  2054          description: Status of the CNI configuration file
  2055          "$ref": "#/definitions/Status"
  2056        container-runtime:
  2057          description: Status of local container runtime
  2058          "$ref": "#/definitions/Status"
  2059        host-firewall:
  2060          description: Status of the host firewall
  2061          "$ref": "#/definitions/HostFirewall"
  2062        hubble:
  2063          description: Status of Hubble server
  2064          "$ref": "#/definitions/HubbleStatus"
  2065        kubernetes:
  2066          description: Status of Kubernetes integration
  2067          "$ref": "#/definitions/K8sStatus"
  2068        datapath-mode:
  2069          description: Status of datapath mode
  2070          "$ref": "#/definitions/DatapathMode"
  2071        attach-mode:
  2072          description: Status of core datapath attachment mode
  2073          "$ref": "#/definitions/AttachMode"
  2074        kube-proxy-replacement:
  2075          description: Status of kube-proxy replacement
  2076          "$ref": "#/definitions/KubeProxyReplacement"
  2077        ipam:
  2078          description: Status of IP address management
  2079          "$ref": "#/definitions/IPAMStatus"
  2080        nodeMonitor:
  2081          description: Status of the node monitor
  2082          "$ref": "#/definitions/MonitorStatus"
  2083        cluster:
  2084          description: Status of cluster
  2085          "$ref": "#/definitions/ClusterStatus"
  2086        controllers:
  2087          description: Status of all endpoint controllers
  2088          "$ref": "#/definitions/ControllerStatuses"
  2089        proxy:
  2090          description: Status of proxy
  2091          "$ref": "#/definitions/ProxyStatus"
  2092        identity-range:
  2093          description: Status of identity range of the cluster
  2094          "$ref": "#/definitions/IdentityRange"
  2095        ipv6-big-tcp:
  2096          description: Status of IPv6 BIG TCP
  2097          "$ref": "#/definitions/IPV6BigTCP"
  2098        ipv4-big-tcp:
  2099          description: Status of IPv4 BIG TCP
  2100          "$ref": "#/definitions/IPV4BigTCP"
  2101        bandwidth-manager:
  2102          description: Status of bandwidth manager
  2103          "$ref": "#/definitions/BandwidthManager"
  2104        masquerading:
  2105          description: Status of masquerading
  2106          "$ref": "#/definitions/Masquerading"
  2107        routing:
  2108          description: Status of routing
  2109          "$ref": "#/definitions/Routing"
  2110        clock-source:
  2111          description: Status of clock source
  2112          "$ref": "#/definitions/ClockSource"
  2113        srv6:
  2114          description: Status of SRv6
  2115          "$ref": "#/definitions/Srv6"
  2116        stale:
  2117          description: List of stale information in the status
  2118          type: object
  2119          additionalProperties:
  2120            description: Timestamp when the probe was started
  2121            type: string
  2122            format: date-time
  2123        client-id:
  2124          description: |
  2125            When supported by the API, this client ID should be used by the
  2126            client when making another request to the server.
  2127            See for example "/cluster/nodes".
  2128          type: integer
  2129        cluster-mesh:
  2130          description: Status of ClusterMesh
  2131          "$ref": "#/definitions/ClusterMeshStatus"
  2132        bpf-maps:
  2133          description: Status of BPF maps
  2134          "$ref": "#/definitions/BPFMapStatus"
  2135        encryption:
  2136          description: Status of transparent encryption
  2137          "$ref": "#/definitions/EncryptionStatus"
  2138        cni-chaining:
  2139          description: Status of CNI chaining
  2140          "$ref": "#/definitions/CNIChainingStatus"
  2141        auth-certificate-provider:
  2142          description: Status of Mutual Authentication certificate provider
  2143          "$ref": "#/definitions/Status"
  2144    Status:
  2145      description: Status of an individual component
  2146      type: object
  2147      properties:
  2148        state:
  2149          type: string
  2150          description: State the component is in
  2151          enum:
  2152          - Ok
  2153          - Warning
  2154          - Failure
  2155          - Disabled
  2156        msg:
  2157          type: string
  2158          description: Human readable status/error/warning message
  2159    HostFirewall:
  2160      description: |-
  2161        Status of the host firewall
  2162  
  2163        +k8s:deepcopy-gen=true
  2164      type: object
  2165      properties:
  2166        mode:
  2167          type: string
  2168          enum:
  2169          - Disabled
  2170          - Enabled
  2171        devices:
  2172          type: array
  2173          items:
  2174            type: string
  2175    HubbleStatus:
  2176      description: |-
  2177        Status of the Hubble server
  2178  
  2179        +k8s:deepcopy-gen=true
  2180      type: object
  2181      properties:
  2182        state:
  2183          type: string
  2184          description: State the component is in
  2185          enum:
  2186            - Ok
  2187            - Warning
  2188            - Failure
  2189            - Disabled
  2190        msg:
  2191          type: string
  2192          description: Human readable status/error/warning message
  2193        observer:
  2194          type: object
  2195          description: |-
  2196            Status of the Hubble observer
  2197  
  2198            +k8s:deepcopy-gen=true
  2199          properties:
  2200            max-flows:
  2201              type: integer
  2202              description: Maximum number of flows this Hubble observer is able to store
  2203            current-flows:
  2204              type: integer
  2205              description: Current number of flows this Hubble observer stores
  2206            seen-flows:
  2207              type: integer
  2208              description: Total number of flows this Hubble observer has seen
  2209            uptime:
  2210              type: string
  2211              format: duration
  2212              description: Uptime of this Hubble observer instance
  2213        metrics:
  2214          type: object
  2215          description: Status of the Hubble metrics server
  2216          properties:
  2217            state:
  2218              type: string
  2219              description: State of the Hubble metrics
  2220              enum:
  2221                - Ok
  2222                - Warning
  2223                - Failure
  2224                - Disabled
  2225    K8sStatus:
  2226      description: |-
  2227        Status of Kubernetes integration
  2228  
  2229        +k8s:deepcopy-gen=true
  2230      type: object
  2231      properties:
  2232        state:
  2233          type: string
  2234          description: State the component is in
  2235          enum:
  2236          - Ok
  2237          - Warning
  2238          - Failure
  2239          - Disabled
  2240        k8s-api-versions:
  2241            type: array
  2242            items:
  2243              type: string
  2244        msg:
  2245          type: string
  2246          description: Human readable status/error/warning message
  2247    KubeProxyReplacement:
  2248      description: |-
  2249        Status of kube-proxy replacement
  2250  
  2251        +k8s:deepcopy-gen=true
  2252      type: object
  2253      properties:
  2254        mode:
  2255          type: string
  2256          enum:
  2257          - 'True'
  2258          - 'False'
  2259        devices:
  2260          type: array
  2261          items:
  2262            type: string
  2263        deviceList:
  2264          description: |-
  2265  
  2266  
  2267            +k8s:deepcopy-gen=true
  2268          type: array
  2269          items:
  2270            description: |-
  2271  
  2272  
  2273              +k8s:deepcopy-gen=true
  2274            type: object
  2275            properties:
  2276              name:
  2277                type: string
  2278              ip:
  2279                description: |-
  2280  
  2281  
  2282                  +k8s:deepcopy-gen=true
  2283                type: array
  2284                items:
  2285                  type: string
  2286        directRoutingDevice:
  2287          type: string
  2288        features:
  2289          description: |-
  2290  
  2291  
  2292            +k8s:deepcopy-gen=true
  2293          type: object
  2294          properties:
  2295            nodePort:
  2296              description: |-
  2297  
  2298  
  2299                +k8s:deepcopy-gen=true
  2300              type: object
  2301              properties:
  2302                enabled:
  2303                  type: boolean
  2304                mode:
  2305                  type: string
  2306                  enum:
  2307                  - SNAT
  2308                  - DSR
  2309                  - Hybrid
  2310                dsrMode:
  2311                  type: string
  2312                  enum:
  2313                    - IP Option/Extension
  2314                    - IPIP
  2315                    - Geneve
  2316                algorithm:
  2317                  type: string
  2318                  enum:
  2319                  - Random
  2320                  - Maglev
  2321                acceleration:
  2322                  type: string
  2323                  enum:
  2324                  - None
  2325                  - Native
  2326                  - Generic
  2327                  - Best-Effort
  2328                portMin:
  2329                  type: integer
  2330                portMax:
  2331                  type: integer
  2332                lutSize:
  2333                  type: integer
  2334            hostPort:
  2335              description: |-
  2336  
  2337  
  2338                +k8s:deepcopy-gen=true
  2339              type: object
  2340              properties:
  2341                enabled:
  2342                  type: boolean
  2343            externalIPs:
  2344              description: |-
  2345  
  2346  
  2347                +k8s:deepcopy-gen=true
  2348              type: object
  2349              properties:
  2350                enabled:
  2351                  type: boolean
  2352            hostReachableServices:
  2353              description: |-
  2354  
  2355  
  2356                +k8s:deepcopy-gen=true
  2357              type: object
  2358              properties:
  2359                enabled:
  2360                  type: boolean
  2361                protocols:
  2362                  type: array
  2363                  items:
  2364                    type: string
  2365            socketLB:
  2366              description: |-
  2367  
  2368  
  2369                +k8s:deepcopy-gen=true
  2370              type: object
  2371              properties:
  2372                enabled:
  2373                  type: boolean
  2374            sessionAffinity:
  2375              description: |-
  2376  
  2377  
  2378                +k8s:deepcopy-gen=true
  2379              type: object
  2380              properties:
  2381                enabled:
  2382                  type: boolean
  2383            gracefulTermination:
  2384              description: |-
  2385  
  2386  
  2387                +k8s:deepcopy-gen=true
  2388              type: object
  2389              properties:
  2390                enabled:
  2391                  type: boolean
  2392            nat46X64:
  2393              description: |-
  2394  
  2395  
  2396                +k8s:deepcopy-gen=true
  2397              type: object
  2398              properties:
  2399                enabled:
  2400                  type: boolean
  2401                service:
  2402                  description: |-
  2403  
  2404  
  2405                    +k8s:deepcopy-gen=true
  2406                  type: object
  2407                  properties:
  2408                    enabled:
  2409                      type: boolean
  2410                gateway:
  2411                  description: |-
  2412  
  2413  
  2414                    +k8s:deepcopy-gen=true
  2415                  type: object
  2416                  properties:
  2417                    enabled:
  2418                      type: boolean
  2419                    prefixes:
  2420                      type: array
  2421                      items:
  2422                        type: string
  2423            socketLBTracing:
  2424              description: |-
  2425  
  2426  
  2427                +k8s:deepcopy-gen=true
  2428              type: object
  2429              properties:
  2430                enabled:
  2431                  type: boolean
  2432            bpfSocketLBHostnsOnly:
  2433              description: flag bpf-lb-sock-hostns-only
  2434              type: boolean
  2435    AllocationMap:
  2436      description: |
  2437        Map of allocated IPs
  2438      type: object
  2439      additionalProperties:
  2440        type: string
  2441    IPAMStatus:
  2442      description: |-
  2443        Status of IP address management
  2444  
  2445        +k8s:deepcopy-gen=true
  2446      properties:
  2447        allocations:
  2448          "$ref": "#/definitions/AllocationMap"
  2449        ipv4:
  2450          type: array
  2451          items:
  2452            type: string
  2453        ipv6:
  2454          type: array
  2455          items:
  2456            type: string
  2457        status:
  2458          type: string
  2459    ClusterStatus:
  2460      description: |-
  2461        Status of cluster
  2462  
  2463        +k8s:deepcopy-gen=true
  2464      properties:
  2465        ciliumHealth:
  2466          description: Status of local cilium-health daemon
  2467          "$ref": "#/definitions/Status"
  2468        self:
  2469          description: Name of local node (if available)
  2470          type: string
  2471        nodes:
  2472          description: List of known nodes
  2473          type: array
  2474          items:
  2475            "$ref": "#/definitions/NodeElement"
  2476    ClusterNodeStatus:
  2477      description: Status of cluster
  2478      properties:
  2479        self:
  2480          description: Name of local node (if available)
  2481          type: string
  2482        nodes-added:
  2483          description: List of known nodes
  2484          type: array
  2485          items:
  2486            "$ref": "#/definitions/NodeElement"
  2487        nodes-removed:
  2488          description: List of known nodes
  2489          type: array
  2490          items:
  2491            "$ref": "#/definitions/NodeElement"
  2492        client-id:
  2493          description: ID that should be used by the client to receive a diff from the previous request
  2494          type: integer
  2495    ClusterMeshStatus:
  2496      description: |-
  2497        Status of ClusterMesh
  2498  
  2499        +k8s:deepcopy-gen=true
  2500      properties:
  2501        clusters:
  2502          description: List of remote clusters
  2503          type: array
  2504          items:
  2505            "$ref": "#/definitions/RemoteCluster"
  2506        num-global-services:
  2507          description: Number of global services
  2508          type: integer
  2509    RemoteCluster:
  2510      description: |-
  2511        Status of remote cluster
  2512  
  2513        +k8s:deepcopy-gen=true
  2514      properties:
  2515        name:
  2516          description: Name of the cluster
  2517          type: string
  2518        ready:
  2519          description: Indicates readiness of the remote cluster
  2520          type: boolean
  2521        connected:
  2522          description: Indicates whether the connection to the remote kvstore is established
  2523          type: boolean
  2524        synced:
  2525          description: Synchronization status about each resource type
  2526          "$ref": "#/definitions/RemoteClusterSynced"
  2527        config:
  2528          description: Cluster configuration exposed by the remote cluster
  2529          "$ref": "#/definitions/RemoteClusterConfig"
  2530        num-nodes:
  2531          description: Number of nodes in the cluster
  2532          type: integer
  2533        num-shared-services:
  2534          description: Number of services in the cluster
  2535          type: integer
  2536        num-identities:
  2537          description: Number of identities in the cluster
  2538          type: integer
  2539        num-endpoints:
  2540          description: Number of endpoints in the cluster
  2541          type: integer
  2542        status:
  2543          description: Status of the control plane
  2544          type: string
  2545        num-failures:
  2546          description: Number of failures reaching the cluster
  2547          type: integer
  2548        last-failure:
  2549          description: Time of last failure that occurred while attempting to reach the cluster
  2550          type: string
  2551          format: date-time
  2552    RemoteClusterSynced:
  2553      description: |-
  2554        Status of the synchronization with the remote cluster, about each resource
  2555        type. A given resource is considered to be synchronized if the initial
  2556        list of entries has been completely received from the remote cluster, and
  2557        new events are currently being watched.
  2558  
  2559        +k8s:deepcopy-gen=true
  2560      properties:
  2561        nodes:
  2562          description: Nodes synchronization status
  2563          type: boolean
  2564        services:
  2565          description: Services synchronization status
  2566          type: boolean
  2567        endpoints:
  2568          description: Endpoints synchronization status
  2569          type: boolean
  2570        identities:
  2571          description: Identities synchronization status
  2572          type: boolean
  2573    RemoteClusterConfig:
  2574      description: |-
  2575        Cluster configuration exposed by the remote cluster
  2576  
  2577        +k8s:deepcopy-gen=true
  2578      properties:
  2579        required:
  2580          description: Whether the configuration is required to be present
  2581          type: boolean
  2582        retrieved:
  2583          description: Whether the configuration has been correctly retrieved
  2584          type: boolean
  2585        cluster-id:
  2586          description: The Cluster ID advertised by the remote cluster
  2587          type: integer
  2588        kvstoremesh:
  2589          description: Whether the remote cluster information is locally cached by kvstoremesh
  2590          type: boolean
  2591        sync-canaries:
  2592          description: Whether the remote cluster supports per-prefix "synced" canaries
  2593          type: boolean
  2594    MonitorStatus:
  2595      description: Status of the node monitor
  2596      properties:
  2597        cpus:
  2598          description: Number of CPUs to listen on for events.
  2599          type: integer
  2600        npages:
  2601          description: Number of pages used for the perf ring buffer.
  2602          type: integer
  2603        pagesize:
  2604          description: Pages size used for the perf ring buffer.
  2605          type: integer
  2606        lost:
  2607          description: Number of samples lost by perf.
  2608          type: integer
  2609        unknown:
  2610          description: Number of unknown samples.
  2611          type: integer
  2612    KVstoreConfiguration:
  2613      description: Configuration used for the kvstore
  2614      properties:
  2615        type:
  2616          description: Type of kvstore
  2617          type: string
  2618        options:
  2619          description: Configuration options
  2620          type: object
  2621          additionalProperties:
  2622            type: string
  2623    DaemonConfiguration:
  2624      description: |
  2625        Response to a daemon configuration request.
  2626      type: object
  2627      properties:
  2628        spec:
  2629          description: Changeable configuration
  2630          "$ref": "#/definitions/DaemonConfigurationSpec"
  2631        status:
  2632          description: |
  2633            Current daemon configuration related status.Contains the addressing
  2634            information, k8s, node monitor and immutable and mutable
  2635            configuration settings.
  2636          "$ref": "#/definitions/DaemonConfigurationStatus"
  2637    DaemonConfigurationSpec:
  2638      description: The controllable configuration of the daemon.
  2639      type: object
  2640      properties:
  2641        options:
  2642          description: Changeable configuration
  2643          "$ref": "#/definitions/ConfigurationMap"
  2644        policy-enforcement:
  2645          description: "The policy-enforcement mode"
  2646          type: string
  2647          enum:
  2648            - default
  2649            - always
  2650            - never
  2651    DaemonConfigurationStatus:
  2652      description: |
  2653        Response to a daemon configuration request. Contains the addressing
  2654        information, k8s, node monitor and immutable and mutable configuration
  2655        settings.
  2656      type: object
  2657      properties:
  2658        realized:
  2659          description: Currently applied configuration
  2660          "$ref": "#/definitions/DaemonConfigurationSpec"
  2661        immutable:
  2662          description: Immutable configuration (read-only)
  2663          "$ref": "#/definitions/ConfigurationMap"
  2664        addressing:
  2665          "$ref": "#/definitions/NodeAddressing"
  2666        k8s-endpoint:
  2667          type: string
  2668        k8s-configuration:
  2669          type: string
  2670        nodeMonitor:
  2671          description: Status of the node monitor
  2672          "$ref": "#/definitions/MonitorStatus"
  2673        kvstoreConfiguration:
  2674          "$ref": "#/definitions/KVstoreConfiguration"
  2675        deviceMTU:
  2676          description: MTU on workload facing devices
  2677          type: integer
  2678        routeMTU:
  2679          description: MTU for network facing routes
  2680          type: integer
  2681        enableRouteMTUForCNIChaining:
  2682          description: Enable route MTU for pod netns when CNI chaining is used
  2683          type: boolean
  2684        datapathMode:
  2685          "$ref": "#/definitions/DatapathMode"
  2686        ipam-mode:
  2687          description: Configured IPAM mode
  2688          type: string
  2689        masquerade:
  2690          type: boolean
  2691        masqueradeProtocols:
  2692          description: Status of masquerading feature
  2693          type: object
  2694          properties:
  2695            ipv4:
  2696              description: Status of masquerading for IPv4 traffic
  2697              type: boolean
  2698            ipv6:
  2699              description: Status of masquerading for IPv6 traffic
  2700              type: boolean
  2701        egress-multi-home-ip-rule-compat:
  2702          description: Configured compatibility mode for --egress-multi-home-ip-rule-compat
  2703          type: boolean
  2704        daemonConfigurationMap:
  2705          description: Config map which contains all the active daemon configurations
  2706          additionalProperties:
  2707            type: object
  2708        GSOMaxSize:
  2709          description: Maximum IPv6 GSO size on workload facing devices
  2710          type: integer
  2711        GROMaxSize:
  2712          description: Maximum IPv6 GRO size on workload facing devices
  2713          type: integer
  2714        GSOIPv4MaxSize:
  2715          description: Maximum IPv4 GSO size on workload facing devices
  2716          type: integer
  2717        GROIPv4MaxSize:
  2718          description: Maximum IPv4 GRO size on workload facing devices
  2719          type: integer
  2720        ipLocalReservedPorts:
  2721          description: Comma-separated list of IP ports should be reserved in the workload network namespace
  2722          type: string
  2723    DatapathMode:
  2724      description: Datapath mode
  2725      type: string
  2726      enum:
  2727        - veth
  2728        - netkit
  2729        - netkit-l2
  2730    AttachMode:
  2731      description: Core datapath attachment mode
  2732      type: string
  2733      enum:
  2734        - tc
  2735        - tcx
  2736    EndpointConfigurationSpec:
  2737      description: An endpoint's configuration
  2738      type: object
  2739      properties:
  2740        options:
  2741          description: Changeable configuration
  2742          "$ref": "#/definitions/ConfigurationMap"
  2743        label-configuration:
  2744          description: the endpoint's labels
  2745          "$ref": "#/definitions/LabelConfigurationSpec"
  2746    EndpointConfigurationStatus:
  2747      description: An endpoint's configuration
  2748      type: object
  2749      properties:
  2750        realized:
  2751          description: currently applied changeable configuration
  2752          "$ref": "#/definitions/EndpointConfigurationSpec"
  2753        immutable:
  2754          description: Immutable configuration (read-only)
  2755          "$ref": "#/definitions/ConfigurationMap"
  2756        error:
  2757          description: Most recent error, if applicable
  2758          "$ref": "#/definitions/Error"
  2759    ConfigurationMap:
  2760      description: |
  2761        Map of configuration key/value pairs.
  2762      type: object
  2763      additionalProperties:
  2764        type: string
  2765    NodeElement:
  2766      description: |-
  2767        Known node in the cluster
  2768  
  2769        +k8s:deepcopy-gen=true
  2770      properties:
  2771        name:
  2772          type: string
  2773          description: |
  2774            Name of the node including the cluster association. This is typically
  2775            <clustername>/<hostname>.
  2776        primary-address:
  2777          description: Primary address used for intra-cluster communication
  2778          "$ref": "#/definitions/NodeAddressing"
  2779        secondary-addresses:
  2780          description: Alternative addresses assigned to the node
  2781          type: array
  2782          items:
  2783            "$ref": "#/definitions/NodeAddressingElement"
  2784        health-endpoint-address:
  2785          description: Address used for probing cluster connectivity
  2786          "$ref": "#/definitions/NodeAddressing"
  2787        ingress-address:
  2788          description: Source address for Ingress listener
  2789          "$ref": "#/definitions/NodeAddressing"
  2790        source:
  2791          description: Source of the node configuration
  2792          type: string
  2793    NodeAddressing:
  2794      description: |-
  2795        Addressing information of a node for all address families
  2796  
  2797        +k8s:deepcopy-gen=true
  2798      type: object
  2799      properties:
  2800        ipv6:
  2801          "$ref": "#/definitions/NodeAddressingElement"
  2802        ipv4:
  2803          "$ref": "#/definitions/NodeAddressingElement"
  2804    NodeAddressingElement:
  2805      description: Addressing information
  2806      type: object
  2807      properties:
  2808        enabled:
  2809          description: True if address family is enabled
  2810          type: boolean
  2811        ip:
  2812          description: IP address of node
  2813          type: string
  2814        alloc-range:
  2815          description: Address pool to be used for local endpoints
  2816          type: string
  2817        address-type:
  2818          description: Node address type, one of HostName, ExternalIP or InternalIP
  2819          type: string
  2820    Policy:
  2821      description: Policy definition
  2822      type: object
  2823      properties:
  2824        revision:
  2825          description: |
  2826            Revision number of the policy. Incremented each time the policy is
  2827            changed in the agent's repository
  2828          type: integer
  2829        policy:
  2830          description: Policy definition as JSON.
  2831          type: string
  2832    PolicyTraceResult:
  2833      description: Response to a policy resolution process
  2834      type: object
  2835      properties:
  2836        verdict:
  2837          type: string
  2838        log:
  2839          type: string
  2840    Port:
  2841      description: |-
  2842        Layer 4 port / protocol pair
  2843  
  2844        +deepequal-gen=true
  2845      type: object
  2846      properties:
  2847        protocol:
  2848          description: Layer 4 protocol
  2849          type: string
  2850          enum:
  2851            - TCP
  2852            - UDP
  2853            - SCTP
  2854            - ICMP
  2855            - ICMPV6
  2856            - ANY
  2857        port:
  2858          description: Layer 4 port number
  2859          type: integer
  2860          format: uint16
  2861        name:
  2862          description: Optional layer 4 port name
  2863          type: string
  2864    SelectorCache:
  2865      description: cache of which identities match selectors in the policy repository
  2866      type: array
  2867      items:
  2868        "$ref": "#/definitions/SelectorIdentityMapping"
  2869    SelectorIdentityMapping:
  2870      description: mapping of selector to identities which match it
  2871      type: object
  2872      properties:
  2873        selector:
  2874          description: string form of selector
  2875          type: string
  2876        labels:
  2877          description: Labels are the metadata labels associated with the selector
  2878          "$ref": "#/definitions/LabelArray"
  2879        identities:
  2880          description: identities mapping to this selector
  2881          type: array
  2882          items:
  2883              type: integer
  2884        users:
  2885          description: number of users of this selector in the cache
  2886          type: integer
  2887    Srv6:
  2888      description: |-
  2889        Status of the SRv6
  2890  
  2891        +k8s:deepcopy-gen=true
  2892      type: object
  2893      properties:
  2894        enabled:
  2895          type: boolean
  2896        srv6EncapMode:
  2897          type: string
  2898          enum:
  2899            - SRH
  2900            - Reduced
  2901    TraceSelector:
  2902      description: Context describing a pair of source and destination identity
  2903      type: object
  2904      properties:
  2905        from:
  2906          "$ref": "#/definitions/TraceFrom"
  2907        to:
  2908          "$ref": "#/definitions/TraceTo"
  2909        verbose:
  2910          description: |
  2911            Enable verbose tracing.
  2912          type: boolean
  2913    TraceFrom:
  2914      type: object
  2915      properties:
  2916        labels:
  2917          "$ref": "#/definitions/Labels"
  2918    TraceTo:
  2919      type: object
  2920      properties:
  2921        labels:
  2922          "$ref": "#/definitions/Labels"
  2923        dports:
  2924          description: |
  2925            List of Layer 4 port and protocol pairs which will be used in communication
  2926            from the source identity to the destination identity.
  2927          type: array
  2928          items:
  2929            "$ref": "#/definitions/Port"
  2930  
  2931    FrontendAddress:
  2932      description: |
  2933        Layer 4 address. The protocol is currently ignored, all services will
  2934        behave as if protocol any is specified. To restrict to a particular
  2935        protocol, use policy.
  2936      type: object
  2937      properties:
  2938        ip:
  2939          description: Layer 3 address
  2940          type: string
  2941        protocol:
  2942          description: Layer 4 protocol
  2943          type: string
  2944          enum:
  2945          - tcp
  2946          - udp
  2947          - any
  2948        scope:
  2949          description: Load balancing scope for frontend address
  2950          type: string
  2951          enum:
  2952          - external
  2953          - internal
  2954        port:
  2955          description: Layer 4 port number
  2956          type: integer
  2957          format: uint16
  2958    BackendAddress:
  2959      description: Service backend address
  2960      type: object
  2961      required:
  2962      - ip
  2963      properties:
  2964        ip:
  2965          description: Layer 3 address
  2966          type: string
  2967        port:
  2968          description: Layer 4 port number
  2969          type: integer
  2970          format: uint16
  2971        nodeName:
  2972          description: Optional name of the node on which this backend runs
  2973          type: string
  2974        state:
  2975          description: State of the backend for load-balancing service traffic
  2976          type: string
  2977          enum:
  2978            - active
  2979            - terminating
  2980            - quarantined
  2981            - maintenance
  2982        preferred:
  2983          description: |-
  2984            Indicator if this backend is preferred in the context of clustermesh service affinity. The value is set based
  2985            on related annotation of global service. Applicable for active state only.
  2986          type: boolean
  2987        weight:
  2988          description: Backend weight
  2989          type: integer
  2990          format: uint16
  2991          x-nullable: true
  2992        zone:
  2993          description: Optional name of the zone in which this backend runs
  2994          type: string
  2995    LRPBackend:
  2996      description: Pod backend of an LRP
  2997      type: object
  2998      properties:
  2999        pod-id:
  3000          description: Namespace and name of the backend pod
  3001          type: string
  3002        backend-address:
  3003          "$ref": "#/definitions/BackendAddress"
  3004    FrontendMapping:
  3005      description: Mapping of frontend to backend pods of an LRP
  3006      type: object
  3007      properties:
  3008        frontend-address:
  3009          "$ref": "#/definitions/FrontendAddress"
  3010        backends:
  3011          description: Pod backends of an LRP
  3012          type: array
  3013          items:
  3014            "$ref": "#/definitions/LRPBackend"
  3015    LRPSpec:
  3016      description: Configuration of an LRP
  3017      type: object
  3018      properties:
  3019        uid:
  3020          description: Unique identification
  3021          type: string
  3022        name:
  3023          description: LRP service name
  3024          type: string
  3025        namespace:
  3026          description: LRP service namespace
  3027          type: string
  3028        frontend-type:
  3029          description: LRP frontend type
  3030          type: string
  3031        lrp-type:
  3032          description: LRP config type
  3033          type: string
  3034        service-id:
  3035          description: matching k8s service namespace and name
  3036          type: string
  3037        frontend-mappings:
  3038          description: mapping of frontends to pod backends
  3039          type: array
  3040          items:
  3041            "$ref": "#/definitions/FrontendMapping"
  3042    Service:
  3043      description: Collection of endpoints to be served
  3044      type: object
  3045      properties:
  3046        spec:
  3047          "$ref": "#/definitions/ServiceSpec"
  3048        status:
  3049          "$ref": "#/definitions/ServiceStatus"
  3050    ServiceSpec:
  3051      description: Configuration of a service
  3052      type: object
  3053      required:
  3054      - frontend-address
  3055      properties:
  3056        id:
  3057          description: Unique identification
  3058          type: integer
  3059        frontend-address:
  3060          description: Frontend address
  3061          "$ref": "#/definitions/FrontendAddress"
  3062        backend-addresses:
  3063          description: List of backend addresses
  3064          type: array
  3065          items:
  3066            "$ref": "#/definitions/BackendAddress"
  3067        flags:
  3068          description: Optional service configuration flags
  3069          type: object
  3070          properties:
  3071            type:
  3072              description: Service type
  3073              type: string
  3074              enum:
  3075              - ClusterIP
  3076              - NodePort
  3077              - ExternalIPs
  3078              - HostPort
  3079              - LoadBalancer
  3080              - LocalRedirect
  3081            trafficPolicy:
  3082              description: Service external traffic policy (deprecated in favor of extTrafficPolicy)
  3083              type: string
  3084              enum:
  3085              - Cluster
  3086              - Local
  3087            extTrafficPolicy:
  3088              description: Service external traffic policy
  3089              type: string
  3090              enum:
  3091              - Cluster
  3092              - Local
  3093            intTrafficPolicy:
  3094              description: Service internal traffic policy
  3095              type: string
  3096              enum:
  3097              - Cluster
  3098              - Local
  3099            natPolicy:
  3100              description: Service protocol NAT policy
  3101              type: string
  3102              enum:
  3103              - None
  3104              - Nat46
  3105              - Nat64
  3106            healthCheckNodePort:
  3107              description: Service health check node port
  3108              type: integer
  3109              format: uint16
  3110            name:
  3111              description: Service name  (e.g. Kubernetes service name)
  3112              type: string
  3113            namespace:
  3114              description: Service namespace  (e.g. Kubernetes namespace)
  3115              type: string
  3116            cluster:
  3117              description: Service cluster
  3118              type: string
  3119        updateServices:
  3120          description: |
  3121            Update all services selecting the backends with their given states
  3122            (id and frontend are ignored)
  3123          type: boolean
  3124  
  3125    ServiceStatus:
  3126      description: Configuration of a service
  3127      type: object
  3128      properties:
  3129        realized:
  3130          "$ref": "#/definitions/ServiceSpec"
  3131  
  3132    StateDBQuery:
  3133      description: StateDB query
  3134      type: object
  3135      properties:
  3136        table:
  3137          description: Name of the table to query
  3138          type: string
  3139        index:
  3140          description: Index to query against
  3141          type: string
  3142        lowerbound:
  3143          description: LowerBound prefix search or full-matching Get
  3144          type: boolean
  3145        key:
  3146          description: Key to query with. Base64 encoded.
  3147          type: string
  3148  
  3149    Recorder:
  3150      description: Collection of wildcard filters for pcap recorder
  3151      type: object
  3152      properties:
  3153        spec:
  3154          "$ref": "#/definitions/RecorderSpec"
  3155        status:
  3156          "$ref": "#/definitions/RecorderStatus"
  3157    RecorderMask:
  3158      description: Individual mask for pcap recorder
  3159      type: object
  3160      properties:
  3161        status:
  3162          "$ref": "#/definitions/RecorderMaskStatus"
  3163    RecorderFilter:
  3164      description: n-tuple filter to match traffic to be recorded
  3165      type: object
  3166      properties:
  3167        src-prefix:
  3168          description: Layer 3 source CIDR
  3169          type: string
  3170        src-port:
  3171          description: Layer 4 source port, zero (or in future range)
  3172          type: string
  3173        dst-prefix:
  3174          description: Layer 3 destination CIDR
  3175          type: string
  3176        dst-port:
  3177          description: Layer 4 destination port, zero (or in future range)
  3178          type: string
  3179        protocol:
  3180          description: Layer 4 protocol
  3181          type: string
  3182          enum:
  3183          - TCP
  3184          - UDP
  3185          - SCTP
  3186          - ANY
  3187    RecorderSpec:
  3188      description: Configuration of a recorder
  3189      type: object
  3190      required:
  3191      - id
  3192      - filters
  3193      properties:
  3194        id:
  3195          description: Unique identification
  3196          type: integer
  3197        capture-length:
  3198          description: Maximum packet length or zero for full packet length
  3199          type: integer
  3200        filters:
  3201          description: List of wildcard filters for given recorder
  3202          type: array
  3203          items:
  3204            "$ref": "#/definitions/RecorderFilter"
  3205    RecorderMaskSpec:
  3206      description: Configuration of a recorder mask
  3207      type: object
  3208      properties:
  3209        users:
  3210          description: Number of users of this mask
  3211          type: integer
  3212        priority:
  3213          description: Priority of this mask
  3214          type: integer
  3215        src-prefix-mask:
  3216          description: Layer 3 source IP mask
  3217          type: string
  3218        src-port-mask:
  3219          description: Layer 4 source port mask
  3220          type: string
  3221        dst-prefix-mask:
  3222          description: Layer 3 destination IP mask
  3223          type: string
  3224        dst-port-mask:
  3225          description: Layer 4 destination port mask
  3226          type: string
  3227        protocol-mask:
  3228          description: Layer 4 protocol mask
  3229          type: string
  3230    RecorderStatus:
  3231      description: Configuration of a recorder
  3232      type: object
  3233      properties:
  3234        realized:
  3235          "$ref": "#/definitions/RecorderSpec"
  3236    RecorderMaskStatus:
  3237      description: Configuration of a recorder mask
  3238      type: object
  3239      properties:
  3240        realized:
  3241          "$ref": "#/definitions/RecorderMaskSpec"
  3242    ProxyStatus:
  3243      description: |-
  3244        Status of proxy
  3245  
  3246        +k8s:deepcopy-gen=true
  3247      type: object
  3248      properties:
  3249        port-range:
  3250          description: Port range used for proxying
  3251          type: string
  3252        ip:
  3253          description: IP address that the proxy listens on
  3254          type: string
  3255        total-redirects:
  3256          description: Total number of ports configured to redirect to proxies
  3257          type: integer
  3258        total-ports:
  3259          description: Total number of listening proxy ports
  3260          type: integer
  3261        redirects:
  3262          description: Detailed description of configured redirects
  3263          type: array
  3264          items:
  3265            "$ref": "#/definitions/ProxyRedirect"
  3266        envoy-deployment-mode:
  3267          description: Deployment mode of Envoy L7 proxy
  3268          type: string
  3269          enum:
  3270            - embedded
  3271            - external
  3272    IdentityRange:
  3273      description: |-
  3274        Status of identity range of the cluster
  3275  
  3276        +k8s:deepcopy-gen=true
  3277      properties:
  3278        min-identity:
  3279          description: Minimum identity of the cluster
  3280          type: integer
  3281        max-identity:
  3282          description: Maximum identity of the cluster
  3283          type: integer
  3284    ProxyRedirect:
  3285      description: Configured proxy redirection state
  3286      type: object
  3287      properties:
  3288        name:
  3289          description: Name of the proxy redirect
  3290          type: string
  3291        proxy:
  3292          description: Name of the proxy this redirect points to
  3293          type: string
  3294        proxy-port:
  3295          description: Host port that this redirect points to
  3296          type: integer
  3297    ProxyStatistics:
  3298      description: |-
  3299        Statistics of a set of proxy redirects for an endpoint
  3300  
  3301        +k8s:deepcopy-gen=true
  3302      type: object
  3303      properties:
  3304        protocol:
  3305          description: Name of the L7 protocol
  3306          type: string
  3307        port:
  3308          description: The port subject to the redirect
  3309          type: integer
  3310        allocated-proxy-port:
  3311          description: The port the proxy is listening on
  3312          type: integer
  3313        location:
  3314          description: Location of where the redirect is installed
  3315          type: string
  3316          enum:
  3317          - ingress
  3318          - egress
  3319        statistics:
  3320          description: Statistics of this set of proxy redirect
  3321          "$ref": "#/definitions/RequestResponseStatistics"
  3322    RequestResponseStatistics:
  3323      description: |-
  3324        Statistics of a proxy redirect
  3325  
  3326        +k8s:deepcopy-gen=true
  3327      type: object
  3328      properties:
  3329        requests:
  3330          "$ref": "#/definitions/MessageForwardingStatistics"
  3331        responses:
  3332          "$ref": "#/definitions/MessageForwardingStatistics"
  3333    MessageForwardingStatistics:
  3334      description: Statistics of a message forwarding entity
  3335      type: object
  3336      properties:
  3337        received:
  3338          description: Number of messages received
  3339          type: integer
  3340        denied:
  3341          description: Number of messages denied
  3342          type: integer
  3343        error:
  3344          description: Number of errors while parsing messages
  3345          type: integer
  3346        forwarded:
  3347          description: Number of messages forwarded
  3348          type: integer
  3349    IPV6BigTCP:
  3350      description: |-
  3351        Status of IPv6 BIG TCP
  3352  
  3353        +k8s:deepcopy-gen=true
  3354      type: object
  3355      properties:
  3356        enabled:
  3357          description: Is IPv6 BIG TCP enabled
  3358          type: boolean
  3359        maxGRO:
  3360          description: Maximum IPv6 GRO size
  3361          type: integer
  3362        maxGSO:
  3363          description: Maximum IPv6 GSO size
  3364          type: integer
  3365    IPV4BigTCP:
  3366      description: |-
  3367        Status of IPv4 BIG TCP
  3368  
  3369        +k8s:deepcopy-gen=true
  3370      type: object
  3371      properties:
  3372        enabled:
  3373          description: Is IPv4 BIG TCP enabled
  3374          type: boolean
  3375        maxGRO:
  3376          description: Maximum IPv4 GRO size
  3377          type: integer
  3378        maxGSO:
  3379          description: Maximum IPv4 GSO size
  3380          type: integer
  3381    BandwidthManager:
  3382      description: |-
  3383        Status of bandwidth manager
  3384  
  3385        +k8s:deepcopy-gen=true
  3386      type: object
  3387      properties:
  3388        enabled:
  3389          description: Is bandwidth manager enabled
  3390          type: boolean
  3391        devices:
  3392          type: array
  3393          items:
  3394            type: string
  3395        congestionControl:
  3396          type: string
  3397          enum:
  3398          - cubic
  3399          - bbr
  3400    Masquerading:
  3401      description: |-
  3402        Status of masquerading
  3403  
  3404        +k8s:deepcopy-gen=true
  3405      type: object
  3406      properties:
  3407        enabled:
  3408          type: boolean
  3409        enabledProtocols:
  3410          description: Is masquerading enabled
  3411          type: object
  3412          properties:
  3413            ipv4:
  3414              description: Is masquerading enabled for IPv4 traffic
  3415              type: boolean
  3416            ipv6:
  3417              description: Is masquerading enabled for IPv6 traffic
  3418              type: boolean
  3419        mode:
  3420          type: string
  3421          enum:
  3422          - BPF
  3423          - iptables
  3424        ip-masq-agent:
  3425          description: Is BPF ip-masq-agent enabled
  3426          type: boolean
  3427        snat-exclusion-cidr:
  3428          description: |-
  3429            This field is obsolete, please use snat-exclusion-cidr-v4 or snat-exclusion-cidr-v6.
  3430          type: string
  3431        snat-exclusion-cidr-v4:
  3432          description: |-
  3433            SnatExclusionCIDRv4 exempts SNAT from being performed on any packet sent to
  3434            an IPv4 address that belongs to this CIDR.
  3435          type: string
  3436        snat-exclusion-cidr-v6:
  3437          description: |-
  3438            SnatExclusionCIDRv6 exempts SNAT from being performed on any packet sent to
  3439            an IPv6 address that belongs to this CIDR.
  3440            For IPv6 we only do masquerading in iptables mode.
  3441          type: string
  3442    ClockSource:
  3443      description: |-
  3444        Status of BPF clock source
  3445  
  3446        +k8s:deepcopy-gen=true
  3447      type: object
  3448      properties:
  3449        mode:
  3450          description: Datapath clock source
  3451          type: string
  3452          enum:
  3453          - ktime
  3454          - jiffies
  3455        hertz:
  3456          description: Kernel Hz
  3457          type: integer
  3458    Routing:
  3459      description: |-
  3460        Status of routing
  3461  
  3462        +k8s:deepcopy-gen=true
  3463      type: object
  3464      properties:
  3465        inter-host-routing-mode:
  3466          description: Datapath routing mode for cross-cluster connectivity
  3467          type: string
  3468          enum:
  3469          - Native
  3470          - Tunnel
  3471        intra-host-routing-mode:
  3472          description: Datapath routing mode for connectivity within the host
  3473          type: string
  3474          enum:
  3475          - BPF
  3476          - Legacy
  3477        tunnel-protocol:
  3478          description: Tunnel protocol in use for cross-cluster connectivity
  3479          type: string
  3480    ControllerStatuses:
  3481      description: Collection of controller statuses
  3482      type: array
  3483      items:
  3484        "$ref": "#/definitions/ControllerStatus"
  3485    ControllerStatus:
  3486      description: |-
  3487        Status of a controller
  3488  
  3489        +k8s:deepcopy-gen=true
  3490      type: object
  3491      properties:
  3492        name:
  3493          description: Name of controller
  3494          type: string
  3495        uuid:
  3496          description: UUID of controller
  3497          type: string
  3498          format: uuid
  3499        configuration:
  3500          description: |-
  3501            Configuration of controller
  3502  
  3503            +deepequal-gen=true
  3504            +k8s:deepcopy-gen=true
  3505          type: object
  3506          properties:
  3507            interval:
  3508              description: Regular synchronization interval
  3509              type: string
  3510              format: duration
  3511            error-retry-base:
  3512              description: Base error retry back-off time
  3513              type: string
  3514              format: duration
  3515            error-retry:
  3516              description: Retry on error
  3517              type: boolean
  3518        status:
  3519          description: |-
  3520            Current status of controller
  3521  
  3522            +k8s:deepcopy-gen=true
  3523          type: object
  3524          properties:
  3525            success-count:
  3526              description: Total number of successful runs
  3527              type: integer
  3528            last-success-timestamp:
  3529              description: Timestamp of last success
  3530              type: string
  3531              format: date-time
  3532            failure-count:
  3533              description: Total number of failed runs
  3534              type: integer
  3535            last-failure-timestamp:
  3536              description: Timestamp of last error
  3537              type: string
  3538              format: date-time
  3539            consecutive-failure-count:
  3540              description: Number of consecutive errors since last success
  3541              type: integer
  3542            last-failure-msg:
  3543              description: Error message of last failed run
  3544              type: string
  3545    MapEvent:
  3546      description: Event on Map
  3547      type: object
  3548      properties:
  3549        timestamp:
  3550          description: Timestamp when the event occurred
  3551          type: string
  3552          format: date-time
  3553        key:
  3554          description: Map key on which the event occured
  3555          type: string
  3556        value:
  3557          description: Map value on which the event occured
  3558          type: string
  3559        action:
  3560          description: Action type for event
  3561          type: string
  3562          enum:
  3563          - update
  3564          - delete
  3565        desired-action:
  3566          description: Desired action to be performed after this event
  3567          type: string
  3568          enum:
  3569          - ok
  3570          - insert
  3571          - delete
  3572        last-error:
  3573          description: Last error seen while performing desired action
  3574          type: string
  3575    BPFMapList:
  3576      description: List of BPF Maps
  3577      type: object
  3578      properties:
  3579        maps:
  3580          description: Array of open BPF map lists
  3581          type: array
  3582          items:
  3583            "$ref": "#/definitions/BPFMap"
  3584    BPFMap:
  3585      description: BPF map definition and content
  3586      type: object
  3587      properties:
  3588        path:
  3589          description: Path to BPF map
  3590          type: string
  3591        cache:
  3592          description: Contents of cache
  3593          type: array
  3594          items:
  3595            "$ref": "#/definitions/BPFMapEntry"
  3596    BPFMapEntry:
  3597      description: BPF map cache entry
  3598      type: object
  3599      properties:
  3600        key:
  3601          description: Key of map entry
  3602          type: string
  3603        value:
  3604          description: Value of map entry
  3605          type: string
  3606        desired-action:
  3607          description: Desired action to be performed
  3608          type: string
  3609          enum:
  3610          - ok
  3611          - insert
  3612          - delete
  3613        last-error:
  3614          description: Last error seen while performing desired action
  3615          type: string
  3616    BPFMapProperties:
  3617      description: BPF map properties
  3618      type: object
  3619      properties:
  3620        name:
  3621          description: Name of the BPF map
  3622          type: string
  3623        size:
  3624          description: Size of the BPF map
  3625          type: integer
  3626    BPFMapStatus:
  3627      description: |
  3628        BPF map status
  3629  
  3630        +k8s:deepcopy-gen=true
  3631      type: object
  3632      properties:
  3633        dynamic-size-ratio:
  3634          description: Ratio of total system memory to use for dynamic sizing of BPF maps
  3635          type: number
  3636        maps:
  3637          description: BPF maps
  3638          type: array
  3639          items:
  3640            "$ref": "#/definitions/BPFMapProperties"
  3641    Metric:
  3642      description: Metric information
  3643      type: object
  3644      properties:
  3645        name:
  3646          description: Name of the metric
  3647          type: string
  3648        value:
  3649          description: Value of the metric
  3650          type: number
  3651        labels:
  3652          description: Labels of the metric
  3653          type: object
  3654          additionalProperties:
  3655            type: string
  3656    Error:
  3657      type: string
  3658    NameManager:
  3659      description: Internal state about DNS names in relation to policy subsystem
  3660      type: object
  3661      properties:
  3662        DNSPollNames:
  3663          description: Names to poll for DNS Poller
  3664          type: array
  3665          items:
  3666            type: string
  3667        FQDNPolicySelectors:
  3668          description: Mapping of FQDNSelectors to corresponding regular expressions
  3669          type: array
  3670          items:
  3671            "$ref": "#/definitions/SelectorEntry"
  3672    SelectorEntry:
  3673      description: Mapping of FQDNSelector to corresponding regular expression
  3674      type: object
  3675      properties:
  3676        selectorString:
  3677          description: FQDNSelector in string representation
  3678          type: string
  3679        regexString:
  3680          description: String representation of regular expression form of FQDNSelector
  3681          type: string
  3682    DNSLookup:
  3683      description: An IP -> DNS mapping, with metadata
  3684      type: object
  3685      properties:
  3686        ips:
  3687          description: IP addresses returned in this lookup
  3688          type: array
  3689          items:
  3690            type: string
  3691        fqdn:
  3692          description: DNS name
  3693          type: string
  3694        ttl:
  3695          description: The TTL in the DNS response
  3696          type: integer
  3697        lookup-time:
  3698          description: The absolute time when this data was received
  3699          type: string
  3700          format: date-time
  3701        expiration-time:
  3702          description: The absolute time when this data will expire in this cache
  3703          type: string
  3704          format: date-time
  3705        endpoint-id:
  3706          description: The endpoint that made this lookup, or 0 for the agent itself.
  3707          type: integer
  3708        source:
  3709          description: The reason this FQDN IP association exists. Either a DNS lookup or an ongoing connection to an IP that was created by a DNS lookup.
  3710          type: string
  3711    NodeID:
  3712      description: Node ID with associated node IP addresses
  3713      type: object
  3714      required:
  3715        - id
  3716        - ips
  3717      properties:
  3718        id:
  3719          description: ID allocated by the agent for the node
  3720          type: integer
  3721        ips:
  3722          description: IP addresses of the node associated with the ID in the agent
  3723          type: array
  3724          items:
  3725              type: string
  3726    IPListEntry:
  3727      description: IP entry with metadata
  3728      type: object
  3729      required:
  3730        - cidr
  3731        - identity
  3732      properties:
  3733        cidr:
  3734          description: Key of the entry in the form of a CIDR range
  3735          type: string
  3736        identity:
  3737          description: Numerical identity assigned to the IP
  3738          type: integer
  3739        hostIP:
  3740          description: IP address of the host
  3741          type: string
  3742        encryptKey:
  3743          description: The context ID for the encryption session
  3744          type: integer
  3745        metadata:
  3746          "$ref": "#/definitions/IPListEntryMetadata"
  3747    IPListEntryMetadata:
  3748      description: Additional metadata assigned to an IP list entry
  3749      type: object
  3750      properties:
  3751        source:
  3752          description: Source of the IP entry and its metadata
  3753          type: string
  3754          example: k8s
  3755        namespace:
  3756          description: Namespace of the IP (e.g. Kubernetes namespace)
  3757          type: string
  3758        name:
  3759          description: Name assigned to the IP (e.g. Kubernetes pod name)
  3760          type: string
  3761    NamedPorts:
  3762      description: |-
  3763        List of named Layer 4 port and protocol pairs which will be used in Network
  3764        Policy specs.
  3765  
  3766        +deepequal-gen=true
  3767        +k8s:deepcopy-gen=true
  3768      type: array
  3769      items:
  3770        "$ref": "#/definitions/Port"
  3771    EncryptionStatus:
  3772      description: |-
  3773        Status of transparent encryption
  3774  
  3775        +k8s:deepcopy-gen=true
  3776      properties:
  3777        mode:
  3778          type: string
  3779          enum:
  3780            - Disabled
  3781            - IPsec
  3782            - Wireguard
  3783        msg:
  3784          type: string
  3785          description: Human readable error/warning message
  3786        ipsec:
  3787          description: Status of the IPsec agent
  3788          "$ref": "#/definitions/IPsecStatus"
  3789        wireguard:
  3790          description: Status of the WireGuard agent
  3791          "$ref": "#/definitions/WireguardStatus"
  3792    CNIChainingStatus:
  3793      description: |-
  3794        Status of CNI chaining
  3795  
  3796        +k8s:deepcopy-gen=true
  3797      properties:
  3798        mode:
  3799          type: string
  3800          enum:
  3801            - none
  3802            - aws-cni
  3803            - flannel
  3804            - generic-veth
  3805            - portmap
  3806    IPsecStatus:
  3807      description: |-
  3808        Status of the IPsec agent
  3809  
  3810        +k8s:deepcopy-gen=true
  3811      properties:
  3812        decrypt-interfaces:
  3813          description: IPsec decryption interfaces
  3814          type: array
  3815          items:
  3816            type: string
  3817        max-seq-number:
  3818          description: IPsec max sequence number
  3819          type: string
  3820        keys-in-use:
  3821          description: IPsec keys in use
  3822          type: integer
  3823        error-count:
  3824          description: IPsec error count
  3825          type: integer
  3826        xfrm-errors:
  3827          description: IPsec XFRM errors
  3828          type: object
  3829          additionalProperties:
  3830            type: integer
  3831    WireguardStatus:
  3832      description: |-
  3833        Status of the WireGuard agent
  3834  
  3835        +k8s:deepcopy-gen=true
  3836      properties:
  3837        node-encryption:
  3838          description: Node Encryption status
  3839          type: string
  3840        interfaces:
  3841          description: WireGuard interfaces managed by this Cilium instance
  3842          type: array
  3843          items:
  3844            "$ref": "#/definitions/WireguardInterface"
  3845    WireguardInterface:
  3846      description: |-
  3847        Status of a WireGuard interface
  3848  
  3849        +k8s:deepcopy-gen=true
  3850      properties:
  3851        name:
  3852          description: Name of the interface
  3853          type: string
  3854        public-key:
  3855          description: Public key of this interface
  3856          type: string
  3857        listen-port:
  3858          description: Port on which the WireGuard endpoint is exposed
  3859          type: integer
  3860        peer-count:
  3861          description: Number of peers configured on this interface
  3862          type: integer
  3863        peers:
  3864          description: Optional list of WireGuard peers
  3865          type: array
  3866          items:
  3867            "$ref": "#/definitions/WireguardPeer"
  3868    WireguardPeer:
  3869      description: |-
  3870        Status of a WireGuard peer
  3871  
  3872        +k8s:deepcopy-gen=true
  3873      properties:
  3874        public-key:
  3875          description: Public key of this peer
  3876          type: string
  3877        endpoint:
  3878          description: Endpoint on which we are connected to this peer
  3879          type: string
  3880        last-handshake-time:
  3881          description: Timestamp of the last handshake with this peer
  3882          type: string
  3883          format: date-time
  3884        transfer-tx:
  3885          description: Number of sent bytes
  3886          type: integer
  3887        transfer-rx:
  3888          description: Number of received bytes
  3889          type: integer
  3890        allowed-ips:
  3891          description: List of IPs which may be routed through this peer
  3892          type: array
  3893          items:
  3894            type: string
  3895    BgpPeer:
  3896      description: |-
  3897        State of a BGP Peer
  3898  
  3899        +k8s:deepcopy-gen=true
  3900      properties:
  3901        local-asn:
  3902          description: Local AS Number
  3903          type: integer
  3904        peer-asn:
  3905          description: Peer AS Number
  3906          type: integer
  3907        peer-address:
  3908          description: IP Address of peer
  3909          type: string
  3910        tcp-password-enabled:
  3911          description: Set when a TCP password is configured for communications with this peer
  3912          type: boolean
  3913        ebgp-multihop-ttl:
  3914          description: |
  3915            Time To Live (TTL) value used in BGP packets sent to the eBGP neighbor.
  3916            1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed).
  3917          type: integer
  3918        peer-port:
  3919          description: TCP port number of peer
  3920          type: integer
  3921          minimum: 1
  3922          maximum: 65535
  3923        session-state:
  3924          description: |
  3925            BGP peer operational state as described here
  3926            https://www.rfc-editor.org/rfc/rfc4271#section-8.2.2
  3927          type: string
  3928        uptime-nanoseconds:
  3929          description: BGP peer connection uptime in nano seconds.
  3930          type: integer
  3931        graceful-restart:
  3932          description: Graceful restart capability
  3933          "$ref": "#/definitions/BgpGracefulRestart"
  3934        families:
  3935          description: BGP peer address family state
  3936          type: array
  3937          items:
  3938            "$ref": "#/definitions/BgpPeerFamilies"
  3939        connect-retry-time-seconds:
  3940          description: Initial value for the BGP ConnectRetryTimer (RFC 4271, Section 8) in seconds
  3941          type: integer
  3942        configured-hold-time-seconds:
  3943          description: |
  3944            Configured initial value for the BGP HoldTimer (RFC 4271, Section 4.2) in seconds.
  3945            The configured value will be used for negotiation with the peer during the BGP session establishment.
  3946          type: integer
  3947        applied-hold-time-seconds:
  3948          description: |
  3949            Applied initial value for the BGP HoldTimer (RFC 4271, Section 4.2) in seconds.
  3950            The applied value holds the value that is in effect on the current BGP session.
  3951          type: integer
  3952        configured-keep-alive-time-seconds:
  3953          description: |
  3954            Configured initial value for the BGP KeepaliveTimer (RFC 4271, Section 8) in seconds.
  3955            The applied value may be different than the configured value, as it depends on the negotiated hold time interval.
  3956          type: integer
  3957        applied-keep-alive-time-seconds:
  3958          description: |
  3959            Applied initial value for the BGP KeepaliveTimer (RFC 4271, Section 8) in seconds.
  3960            The applied value holds the value that is in effect on the current BGP session.
  3961          type: integer
  3962    BgpPeerFamilies:
  3963      description: |-
  3964        BGP AFI SAFI state of the peer
  3965  
  3966        +k8s:deepcopy-gen=true
  3967      properties:
  3968        afi:
  3969          description: BGP address family indicator
  3970          type: string
  3971        safi:
  3972          description: BGP subsequent address family indicator
  3973          type: string
  3974        received:
  3975          description: Number of routes received from the peer of this address family
  3976          type: integer
  3977        accepted:
  3978          description: Number of routes accepted from the peer of this address family
  3979          type: integer
  3980        advertised:
  3981          description: Number of routes advertised of this address family to the peer
  3982          type: integer
  3983    BgpGracefulRestart:
  3984      description: |-
  3985        BGP graceful restart parameters negotiated with the peer.
  3986  
  3987        +k8s:deepcopy-gen=true
  3988      properties:
  3989        enabled:
  3990          description: |-
  3991            When set, graceful restart capability is negotiated for all AFI/SAFIs of
  3992            this peer.
  3993          type: boolean
  3994        restart-time-seconds:
  3995          description: |-
  3996            This is the time advertised to peer for the BGP session to be re-established
  3997            after a restart. After this period, peer will remove stale routes.
  3998            (RFC 4724 section 4.2)
  3999          type: integer
  4000    BgpRoute:
  4001      description: Single BGP route retrieved from the RIB of underlying router
  4002      properties:
  4003        router-asn:
  4004          description: Autonomous System Number (ASN) identifying a BGP virtual router instance
  4005          type: integer
  4006        neighbor:
  4007          description: IP address specifying a BGP neighbor if the source table type is adj-rib-in or adj-rib-out
  4008          type: string
  4009        prefix:
  4010          description: IP prefix of the route
  4011          type: string
  4012        paths:
  4013          description: List of routing paths leading towards the prefix
  4014          type: array
  4015          items:
  4016            "$ref": "#/definitions/BgpPath"
  4017    BgpPath:
  4018      description: Single BGP routing Path containing BGP Network Layer Reachability Information (NLRI) and path attributes
  4019      properties:
  4020        family:
  4021          description: Address Family Indicator (AFI) and Subsequent Address Family Indicator (SAFI) of the path
  4022          "$ref": "#/definitions/BgpFamily"
  4023        nlri:
  4024          description: Network Layer Reachability Information of the path
  4025          "$ref": "#/definitions/BgpNlri"
  4026        path-attributes:
  4027          description: List of BGP path attributes specific for the path
  4028          type: array
  4029          items:
  4030            "$ref": "#/definitions/BgpPathAttribute"
  4031        age-nanoseconds:
  4032          description: Age of the path (time since its creation) in nanoseconds
  4033          type: integer
  4034        best:
  4035          description: True value flags the best path towards the destination prefix
  4036          type: boolean
  4037        stale:
  4038          description: True value marks the path as stale
  4039          type: boolean
  4040    BgpFamily:
  4041      description: Address Family Indicator (AFI) and Subsequent Address Family Indicator (SAFI) of the path
  4042      properties:
  4043        afi:
  4044          description: Address Family Indicator (AFI) of the path
  4045          type: string
  4046        safi:
  4047          description: Subsequent Address Family Indicator (SAFI) of the path
  4048          type: string
  4049    BgpNlri:
  4050      description: Network Layer Reachability Information (NLRI) of the path
  4051      properties:
  4052        base64:
  4053          description: Base64-encoded NLRI in the BGP UPDATE message format
  4054          type: string
  4055    BgpPathAttribute:
  4056      description: Single BGP path attribute specific for the path
  4057      properties:
  4058        base64:
  4059          description: Base64-encoded BGP path attribute in the BGP UPDATE message format
  4060          type: string
  4061    BgpRoutePolicy:
  4062      description: Single BGP route policy retrieved from the underlying router
  4063      properties:
  4064        router-asn:
  4065          description: Autonomous System Number (ASN) identifying a BGP virtual router instance
  4066          type: integer
  4067        name:
  4068          description: Name of the route policy
  4069          type: string
  4070        type:
  4071          description: Type of the route policy
  4072          type: string
  4073          enum:
  4074            - export
  4075            - import
  4076        statements:
  4077          description: List of the route policy statements
  4078          type: array
  4079          items:
  4080            "$ref": "#/definitions/BgpRoutePolicyStatement"
  4081    BgpRoutePolicyStatement:
  4082      description: Single BGP route policy statement
  4083      properties:
  4084        match-neighbors:
  4085          description: Matches any of the provided BGP neighbor IP addresses. If empty matches all neighbors.
  4086          type: array
  4087          items:
  4088            type: string
  4089        match-prefixes:
  4090          description:  Matches any of the provided prefixes. If empty matches all prefixes.
  4091          type: array
  4092          items:
  4093            "$ref": "#/definitions/BgpRoutePolicyPrefixMatch"
  4094        route-action:
  4095          description: RIB processing action taken on the matched route
  4096          type: string
  4097          enum:
  4098            - none
  4099            - accept
  4100            - reject
  4101        add-communities:
  4102          description:  List of BGP standard community values to be added to the matched route
  4103          type: array
  4104          items:
  4105            type: string
  4106        add-large-communities:
  4107          description:  List of BGP large community values to be added to the matched route
  4108          type: array
  4109          items:
  4110            type: string
  4111        set-local-preference:
  4112          description: BGP local preference value to be set on the matched route
  4113          type: integer
  4114    BgpRoutePolicyPrefixMatch:
  4115      description: Matches a CIDR prefix in a BGP route policy
  4116      properties:
  4117        cidr:
  4118          description: CIDR prefix to match with
  4119          type: string
  4120        prefix-len-min:
  4121          description: Minimal prefix length that will match if it falls under CIDR
  4122          type: integer
  4123        prefix-len-max:
  4124          description: Maximal prefix length that will match if it falls under CIDR
  4125          type: integer
  4126    Label:
  4127      description: Label is the Cilium's representation of a container label
  4128      type: object
  4129      properties:
  4130        key:
  4131          type: string
  4132        value:
  4133          type: string
  4134        source:
  4135          description: Source can be one of the above values (e.g. LabelSourceContainer)
  4136          type: string
  4137    LabelArray:
  4138      description: LabelArray is an array of labels forming a set
  4139      type: array
  4140      items:
  4141        "$ref": "#/definitions/Label"