github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/api/v1/openapi.yaml (about) 1 --- 2 swagger: '2.0' 3 info: 4 title: Cilium API 5 description: Cilium 6 version: v1beta 7 x-schemes: 8 - unix 9 basePath: "/v1" 10 produces: 11 - application/json 12 consumes: 13 - application/json 14 paths: 15 "/cluster/nodes": 16 get: 17 summary: Get nodes information stored in the cilium-agent 18 tags: 19 - daemon 20 parameters: 21 - name: client-id 22 description: | 23 Client UUID should be used when the client wants to request 24 a diff of nodes added and / or removed since the last time 25 that client has made a request. 26 in: header 27 required: false 28 type: integer 29 responses: 30 '200': 31 description: Success 32 schema: 33 "$ref": "#/definitions/ClusterNodeStatus" 34 "/healthz": 35 get: 36 summary: Get health of Cilium daemon 37 description: | 38 Returns health and status information of the Cilium daemon and related 39 components such as the local container runtime, connected datastore, 40 Kubernetes integration. 41 tags: 42 - daemon 43 parameters: 44 - name: brief 45 description: | 46 Brief will return a brief representation of the Cilium status. 47 in: header 48 required: false 49 type: boolean 50 responses: 51 '200': 52 description: Success 53 schema: 54 "$ref": "#/definitions/StatusResponse" 55 "/config": 56 get: 57 summary: Get configuration of Cilium daemon 58 description: | 59 Returns the configuration of the Cilium daemon. 60 tags: 61 - daemon 62 responses: 63 '200': 64 description: Success 65 schema: 66 "$ref": "#/definitions/DaemonConfiguration" 67 patch: 68 summary: Modify daemon configuration 69 description: | 70 Updates the daemon configuration by applying the provided 71 ConfigurationMap and regenerates & recompiles all required datapath 72 components. 73 tags: 74 - daemon 75 parameters: 76 - name: configuration 77 in: body 78 required: true 79 schema: 80 "$ref": "#/definitions/DaemonConfigurationSpec" 81 responses: 82 '200': 83 description: Success 84 '400': 85 description: Bad configuration parameters 86 schema: 87 "$ref": "#/definitions/Error" 88 '500': 89 description: Recompilation failed 90 x-go-name: Failure 91 schema: 92 "$ref": "#/definitions/Error" 93 "/endpoint/{id}": 94 get: 95 summary: Get endpoint by endpoint ID 96 description: | 97 Returns endpoint information 98 tags: 99 - endpoint 100 parameters: 101 - "$ref": "#/parameters/endpoint-id" 102 responses: 103 '200': 104 description: Success 105 schema: 106 "$ref": "#/definitions/Endpoint" 107 '400': 108 description: Invalid endpoint ID format for specified type 109 x-go-name: Invalid 110 schema: 111 "$ref": "#/definitions/Error" 112 '404': 113 description: Endpoint not found 114 put: 115 summary: Create endpoint 116 description: | 117 Creates a new endpoint 118 tags: 119 - endpoint 120 parameters: 121 - "$ref": "#/parameters/endpoint-id" 122 - "$ref": "#/parameters/endpoint-change-request" 123 responses: 124 '201': 125 description: Created 126 '400': 127 description: Invalid endpoint in request 128 x-go-name: Invalid 129 schema: 130 "$ref": "#/definitions/Error" 131 '409': 132 description: Endpoint already exists 133 x-go-name: Exists 134 '500': 135 description: Endpoint creation failed 136 x-go-name: Failed 137 schema: 138 "$ref": "#/definitions/Error" 139 patch: 140 summary: Modify existing endpoint 141 deprecated: true 142 description: | 143 Applies the endpoint change request to an existing endpoint 144 tags: 145 - endpoint 146 parameters: 147 - "$ref": "#/parameters/endpoint-id" 148 - "$ref": "#/parameters/endpoint-change-request" 149 responses: 150 '200': 151 description: Success 152 '400': 153 description: Invalid modify endpoint request 154 x-go-name: Invalid 155 schema: 156 "$ref": "#/definitions/Error" 157 '404': 158 description: Endpoint does not exist 159 '500': 160 description: Endpoint update failed 161 x-go-name: Failed 162 schema: 163 "$ref": "#/definitions/Error" 164 delete: 165 summary: Delete endpoint 166 description: | 167 Deletes the endpoint specified by the ID. Deletion is imminent and 168 atomic, if the deletion request is valid and the endpoint exists, 169 deletion will occur even if errors are encountered in the process. If 170 errors have been encountered, the code 202 will be returned, otherwise 171 200 on success. 172 173 All resources associated with the endpoint will be freed and the 174 workload represented by the endpoint will be disconnected.It will no 175 longer be able to initiate or receive communications of any sort. 176 tags: 177 - endpoint 178 parameters: 179 - "$ref": "#/parameters/endpoint-id" 180 responses: 181 '200': 182 description: Success 183 '206': 184 description: Deleted with a number of errors encountered 185 x-go-name: Errors 186 schema: 187 type: integer 188 '400': 189 description: | 190 Invalid endpoint ID format for specified type. Details in error 191 message 192 x-go-name: Invalid 193 schema: 194 "$ref": "#/definitions/Error" 195 '404': 196 description: Endpoint not found 197 "/endpoint": 198 get: 199 summary: Retrieves a list of endpoints that have metadata matching the provided parameters. 200 description: | 201 Retrieves a list of endpoints that have metadata matching the provided parameters, or all endpoints if no parameters provided. 202 tags: 203 - endpoint 204 parameters: 205 - "$ref": "#/parameters/labels" 206 responses: 207 '200': 208 description: Success 209 schema: 210 type: array 211 items: 212 "$ref": "#/definitions/Endpoint" 213 '404': 214 description: Endpoints with provided parameters not found 215 "/endpoint/{id}/config": 216 get: 217 summary: Retrieve endpoint configuration 218 description: | 219 Retrieves the configuration of the specified endpoint. 220 tags: 221 - endpoint 222 parameters: 223 - "$ref": "#/parameters/endpoint-id" 224 responses: 225 '200': 226 description: Success 227 schema: 228 "$ref": "#/definitions/EndpointConfigurationStatus" 229 '404': 230 description: Endpoint not found 231 patch: 232 summary: Modify mutable endpoint configuration 233 description: | 234 Update the configuration of an existing endpoint and regenerates & 235 recompiles the corresponding programs automatically. 236 tags: 237 - endpoint 238 parameters: 239 - "$ref": "#/parameters/endpoint-id" 240 - name: endpoint-configuration 241 in: body 242 required: true 243 schema: 244 "$ref": "#/definitions/EndpointConfigurationSpec" 245 responses: 246 '200': 247 description: Success 248 '400': 249 description: Invalid configuration request 250 x-go-name: Invalid 251 '404': 252 description: Endpoint not found 253 '500': 254 description: Update failed. Details in message. 255 x-go-name: Failed 256 schema: 257 "$ref": "#/definitions/Error" 258 "/endpoint/{id}/labels": 259 get: 260 summary: Retrieves the list of labels associated with an endpoint. 261 tags: 262 - endpoint 263 parameters: 264 - "$ref": "#/parameters/endpoint-id" 265 responses: 266 '200': 267 description: Success 268 schema: 269 "$ref": "#/definitions/LabelConfiguration" 270 '404': 271 description: Endpoint not found 272 patch: 273 summary: Set label configuration of endpoint 274 description: | 275 Sets labels associated with an endpoint. These can be user provided or 276 derived from the orchestration system. 277 tags: 278 - endpoint 279 parameters: 280 - "$ref": "#/parameters/endpoint-id" 281 - name: configuration 282 in: body 283 required: true 284 schema: 285 "$ref": "#/definitions/LabelConfigurationSpec" 286 responses: 287 '200': 288 description: Success 289 '404': 290 description: Endpoint not found 291 '500': 292 description: Error while updating labels 293 x-go-name: UpdateFailed 294 schema: 295 "$ref": "#/definitions/Error" 296 "/endpoint/{id}/log": 297 get: 298 summary: Retrieves the status logs associated with this endpoint. 299 tags: 300 - endpoint 301 parameters: 302 - "$ref": "#/parameters/endpoint-id" 303 responses: 304 '200': 305 description: Success 306 schema: 307 "$ref": "#/definitions/EndpointStatusLog" 308 '400': 309 description: Invalid identity provided 310 x-go-name: Invalid 311 '404': 312 description: Endpoint not found 313 314 "/endpoint/{id}/healthz": 315 get: 316 summary: Retrieves the status logs associated with this endpoint. 317 tags: 318 - endpoint 319 parameters: 320 - "$ref": "#/parameters/endpoint-id" 321 responses: 322 '200': 323 description: Success 324 schema: 325 "$ref": "#/definitions/EndpointHealth" 326 '400': 327 description: Invalid identity provided 328 x-go-name: Invalid 329 '404': 330 description: Endpoint not found 331 "/identity": 332 get: 333 summary: Retrieves a list of identities that have metadata matching the provided parameters. 334 description: | 335 Retrieves a list of identities that have metadata matching the provided parameters, or all identities if no parameters are provided. 336 tags: 337 - policy 338 parameters: 339 - "$ref": "#/parameters/labels" 340 responses: 341 '200': 342 description: Success 343 schema: 344 type: array 345 items: 346 "$ref": "#/definitions/Identity" 347 '404': 348 description: Identities with provided parameters not found 349 '520': 350 description: Identity storage unreachable. Likely a network problem. 351 x-go-name: Unreachable 352 schema: 353 "$ref": "#/definitions/Error" 354 '521': 355 description: Invalid identity format in storage 356 x-go-name: InvalidStorageFormat 357 schema: 358 "$ref": "#/definitions/Error" 359 "/identity/{id}": 360 get: 361 summary: Retrieve identity 362 tags: 363 - policy 364 parameters: 365 - "$ref": "#/parameters/identity-id" 366 responses: 367 '200': 368 description: Success 369 schema: 370 "$ref": "#/definitions/Identity" 371 '400': 372 description: Invalid identity provided 373 '404': 374 description: Identity not found 375 '520': 376 description: Identity storage unreachable. Likely a network problem. 377 x-go-name: Unreachable 378 schema: 379 "$ref": "#/definitions/Error" 380 '521': 381 description: Invalid identity format in storage 382 x-go-name: InvalidStorageFormat 383 schema: 384 "$ref": "#/definitions/Error" 385 "/identity/endpoints": 386 get: 387 summary: Retrieve identities which are being used by local endpoints 388 tags: 389 - policy 390 responses: 391 '200': 392 description: Success 393 schema: 394 type: array 395 items: 396 "$ref": "#/definitions/IdentityEndpoints" 397 '404': 398 description: Set of identities which are being used by local endpoints could not be found. 399 "/ipam": 400 post: 401 summary: Allocate an IP address 402 tags: 403 - ipam 404 parameters: 405 - "$ref": "#/parameters/ipam-family" 406 - "$ref": "#/parameters/ipam-owner" 407 - "$ref": "#/parameters/ipam-expiration" 408 responses: 409 '201': 410 description: Success 411 schema: 412 "$ref": "#/definitions/IPAMResponse" 413 '502': 414 description: Allocation failure 415 x-go-name: Failure 416 schema: 417 "$ref": "#/definitions/Error" 418 "/ipam/{ip}": 419 post: 420 summary: Allocate an IP address 421 tags: 422 - ipam 423 parameters: 424 - "$ref": "#/parameters/ipam-ip" 425 - "$ref": "#/parameters/ipam-owner" 426 responses: 427 '200': 428 description: Success 429 '400': 430 description: Invalid IP address 431 x-go-name: Invalid 432 '409': 433 description: IP already allocated 434 x-go-name: Exists 435 '500': 436 description: IP allocation failure. Details in message. 437 x-go-name: Failure 438 schema: 439 "$ref": "#/definitions/Error" 440 '501': 441 description: Allocation for address family disabled 442 x-go-name: Disabled 443 delete: 444 summary: Release an allocated IP address 445 tags: 446 - ipam 447 parameters: 448 - "$ref": "#/parameters/ipam-release-arg" 449 responses: 450 '200': 451 description: Success 452 '400': 453 description: Invalid IP address 454 x-go-name: Invalid 455 '404': 456 description: IP address not found 457 '500': 458 description: Address release failure 459 x-go-name: Failure 460 schema: 461 "$ref": "#/definitions/Error" 462 '501': 463 description: Allocation for address family disabled 464 x-go-name: Disabled 465 "/policy": 466 get: 467 summary: Retrieve entire policy tree 468 description: | 469 Returns the entire policy tree with all children. 470 tags: 471 - policy 472 parameters: 473 - name: labels 474 in: body 475 schema: 476 "$ref": "#/definitions/Labels" 477 responses: 478 '200': 479 description: Success 480 schema: 481 "$ref": "#/definitions/Policy" 482 '404': 483 description: No policy rules found 484 put: 485 summary: Create or update a policy (sub)tree 486 tags: 487 - policy 488 parameters: 489 - "$ref": "#/parameters/policy-rules" 490 responses: 491 '200': 492 description: Success 493 schema: 494 "$ref": "#/definitions/Policy" 495 '400': 496 description: Invalid policy 497 x-go-name: InvalidPolicy 498 schema: 499 "$ref": "#/definitions/Error" 500 '460': 501 description: Invalid path 502 x-go-name: InvalidPath 503 schema: 504 "$ref": "#/definitions/Error" 505 '500': 506 description: Policy import failed 507 x-go-name: Failure 508 schema: 509 "$ref": "#/definitions/Error" 510 delete: 511 summary: Delete a policy (sub)tree 512 tags: 513 - policy 514 parameters: 515 - name: labels 516 in: body 517 required: false 518 schema: 519 "$ref": "#/definitions/Labels" 520 responses: 521 '200': 522 description: Success 523 schema: 524 "$ref": "#/definitions/Policy" 525 '400': 526 description: Invalid request 527 x-go-name: Invalid 528 schema: 529 "$ref": "#/definitions/Error" 530 '404': 531 description: Policy not found 532 '500': 533 description: Error while deleting policy 534 x-go-name: Failure 535 schema: 536 "$ref": "#/definitions/Error" 537 "/policy/resolve": 538 get: 539 summary: Resolve policy for an identity context 540 tags: 541 - policy 542 parameters: 543 - "$ref": "#/parameters/trace-selector" 544 responses: 545 '200': 546 description: Success 547 schema: 548 "$ref": "#/definitions/PolicyTraceResult" 549 "/policy/selectors": 550 get: 551 summary: See what selectors match which identities 552 tags: 553 - policy 554 responses: 555 '200': 556 description: Success 557 schema: 558 "$ref": "#/definitions/SelectorCache" 559 "/service": 560 get: 561 summary: Retrieve list of all services 562 tags: 563 - service 564 responses: 565 '200': 566 description: Success 567 schema: 568 type: array 569 items: 570 "$ref": "#/definitions/Service" 571 "/service/{id}": 572 get: 573 summary: Retrieve configuration of a service 574 tags: 575 - service 576 parameters: 577 - "$ref": "#/parameters/service-id" 578 responses: 579 '200': 580 description: Success 581 schema: 582 "$ref": "#/definitions/Service" 583 '404': 584 description: Service not found 585 put: 586 summary: Create or update service 587 tags: 588 - service 589 parameters: 590 - "$ref": "#/parameters/service-id" 591 - "$ref": "#/parameters/service-config" 592 responses: 593 '200': 594 description: Updated 595 '201': 596 description: Created 597 '460': 598 description: Invalid frontend in service configuration 599 x-go-name: InvalidFrontend 600 schema: 601 "$ref": "#/definitions/Error" 602 '461': 603 description: Invalid backend in service configuration 604 x-go-name: InvalidBackend 605 schema: 606 "$ref": "#/definitions/Error" 607 '500': 608 description: Error while creating service 609 x-go-name: Failure 610 schema: 611 "$ref": "#/definitions/Error" 612 delete: 613 summary: Delete a service 614 tags: 615 - service 616 parameters: 617 - "$ref": "#/parameters/service-id" 618 responses: 619 '200': 620 description: Success 621 '404': 622 description: Service not found 623 '500': 624 description: Service deletion failed 625 x-go-name: Failure 626 schema: 627 "$ref": "#/definitions/Error" 628 "/prefilter": 629 get: 630 summary: Retrieve list of CIDRs 631 tags: 632 - prefilter 633 responses: 634 '200': 635 description: Success 636 schema: 637 "$ref": "#/definitions/Prefilter" 638 '500': 639 description: Prefilter get failed 640 x-go-name: Failure 641 schema: 642 "$ref": "#/definitions/Error" 643 patch: 644 summary: Update list of CIDRs 645 tags: 646 - prefilter 647 parameters: 648 - "$ref": "#/parameters/prefilter-spec" 649 responses: 650 '200': 651 description: Updated 652 schema: 653 "$ref": "#/definitions/Prefilter" 654 '461': 655 description: Invalid CIDR prefix 656 x-go-name: InvalidCIDR 657 schema: 658 "$ref": "#/definitions/Error" 659 '500': 660 description: Prefilter update failed 661 x-go-name: Failure 662 schema: 663 "$ref": "#/definitions/Error" 664 delete: 665 summary: Delete list of CIDRs 666 tags: 667 - prefilter 668 parameters: 669 - "$ref": "#/parameters/prefilter-spec" 670 responses: 671 '200': 672 description: Deleted 673 schema: 674 "$ref": "#/definitions/Prefilter" 675 '461': 676 description: Invalid CIDR prefix 677 x-go-name: InvalidCIDR 678 schema: 679 "$ref": "#/definitions/Error" 680 '500': 681 description: Prefilter delete failed 682 x-go-name: Failure 683 schema: 684 "$ref": "#/definitions/Error" 685 "/debuginfo": 686 get: 687 summary: Retrieve information about the agent and evironment for debugging 688 tags: 689 - daemon 690 responses: 691 '200': 692 description: Success 693 schema: 694 "$ref": "#/definitions/DebugInfo" 695 '500': 696 description: DebugInfo get failed 697 x-go-name: Failure 698 schema: 699 "$ref": "#/definitions/Error" 700 "/map": 701 get: 702 summary: List all open maps 703 tags: 704 - daemon 705 responses: 706 '200': 707 description: Success 708 schema: 709 "$ref": "#/definitions/BPFMapList" 710 "/map/{name}": 711 get: 712 summary: Retrieve contents of BPF map 713 tags: 714 - daemon 715 parameters: 716 - "$ref": "#/parameters/map-name" 717 responses: 718 '200': 719 description: Success 720 schema: 721 "$ref": "#/definitions/BPFMap" 722 '404': 723 description: Map not found 724 725 "/metrics/": 726 get: 727 summary: Retrieve cilium metrics 728 tags: 729 - metrics 730 parameters: [] 731 responses: 732 '200': 733 description: Success 734 schema: 735 type: array 736 items: 737 "$ref": "#/definitions/Metric" 738 '500': 739 description: Metrics cannot be retrieved 740 741 "/fqdn/cache": 742 get: 743 summary: Retrieves the list of DNS lookups intercepted from all endpoints. 744 description: | 745 Retrieves the list of DNS lookups intercepted from endpoints, 746 optionally filtered by endpoint id, DNS name, or CIDR IP range. 747 tags: 748 - policy 749 parameters: 750 - "$ref": "#/parameters/matchpattern" 751 - "$ref": "#/parameters/cidr" 752 responses: 753 '200': 754 description: Success 755 schema: 756 type: array 757 items: 758 "$ref": "#/definitions/DNSLookup" 759 '400': 760 description: Invalid request (error parsing parameters) 761 schema: 762 "$ref": "#/definitions/Error" 763 '404': 764 description: No DNS data with provided parameters found 765 delete: 766 summary: Deletes matching DNS lookups from the policy-generation cache. 767 description: | 768 Deletes matching DNS lookups from the cache, optionally restricted by 769 DNS name. The removed IP data will no longer be used in generated 770 policies. 771 tags: 772 - policy 773 parameters: 774 - "$ref": "#/parameters/matchpattern" 775 responses: 776 '200': 777 description: Success 778 '400': 779 description: Invalid request (error parsing parameters) 780 schema: 781 "$ref": "#/definitions/Error" 782 783 "/fqdn/cache/{id}": 784 get: 785 summary: Retrieves the list of DNS lookups intercepted from an endpoint. 786 description: | 787 Retrieves the list of DNS lookups intercepted from endpoints, 788 optionally filtered by endpoint id, DNS name, or CIDR IP range. 789 tags: 790 - policy 791 parameters: 792 - "$ref": "#/parameters/endpoint-id" 793 - "$ref": "#/parameters/matchpattern" 794 - "$ref": "#/parameters/cidr" 795 responses: 796 '200': 797 description: Success 798 schema: 799 type: array 800 items: 801 "$ref": "#/definitions/DNSLookup" 802 '400': 803 description: Invalid request (error parsing parameters) 804 schema: 805 "$ref": "#/definitions/Error" 806 '404': 807 description: No DNS data with provided parameters found 808 809 parameters: 810 endpoint-id: 811 name: id 812 description: | 813 String describing an endpoint with the format ``[prefix:]id``. If no prefix 814 is specified, a prefix of ``cilium-local:`` is assumed. Not all endpoints 815 will be addressable by all endpoint ID prefixes with the exception of the 816 local Cilium UUID which is assigned to all endpoints. 817 818 Supported endpoint id prefixes: 819 - cilium-local: Local Cilium endpoint UUID, e.g. cilium-local:3389595 820 - cilium-global: Global Cilium endpoint UUID, e.g. cilium-global:cluster1:nodeX:452343 821 - container-id: Container runtime ID, e.g. container-id:22222 822 - container-name: Container name, e.g. container-name:foobar 823 - pod-name: pod name for this container if K8s is enabled, e.g. pod-name:default:foobar 824 - docker-endpoint: Docker libnetwork endpoint ID, e.g. docker-endpoint:4444 825 in: path 826 required: true 827 type: string 828 endpoint-change-request: 829 name: endpoint 830 in: body 831 required: true 832 schema: 833 "$ref": "#/definitions/EndpointChangeRequest" 834 identity-id: 835 name: id 836 description: | 837 Cluster wide unique identifier of a security identity. 838 in: path 839 required: true 840 type: string 841 labels: 842 name: labels 843 description: | 844 List of labels 845 in: body 846 required: false 847 schema: 848 "$ref": "#/definitions/Labels" 849 policy-rules: 850 name: policy 851 description: Policy rules 852 required: true 853 in: body 854 schema: 855 type: string 856 pod-name: 857 name: pod 858 description: | 859 K8s pod name 860 required: true 861 in: path 862 type: string 863 trace-selector: 864 name: trace-selector 865 description: Context to provide policy evaluation on 866 in: body 867 schema: 868 "$ref": "#/definitions/TraceSelector" 869 service-id: 870 name: id 871 description: ID of service 872 required: true 873 in: path 874 type: integer 875 service-address: 876 name: address 877 description: Service address configuration 878 in: body 879 schema: 880 "$ref": "#/definitions/FrontendAddress" 881 service-config: 882 name: config 883 description: Service configuration 884 in: body 885 required: true 886 schema: 887 "$ref": "#/definitions/ServiceSpec" 888 prefilter-spec: 889 name: prefilter-spec 890 description: List of CIDR ranges for filter table 891 required: true 892 in: body 893 schema: 894 "$ref": "#/definitions/PrefilterSpec" 895 ipam-ip: 896 name: ip 897 description: IP address 898 in: path 899 required: true 900 type: string 901 ipam-release-arg: 902 name: ip 903 description: IP address or owner name 904 in: path 905 required: true 906 type: string 907 ipam-family: 908 name: family 909 in: query 910 type: string 911 enum: 912 - ipv4 913 - ipv6 914 ipam-owner: 915 name: owner 916 in: query 917 type: string 918 ipam-expiration: 919 name: expiration 920 in: header 921 type: boolean 922 map-name: 923 name: name 924 description: Name of map 925 required: true 926 in: path 927 type: string 928 matchpattern: 929 name: matchpattern 930 description: A toFQDNs compatible matchPattern expression 931 required: false 932 in: query 933 type: string 934 cidr: 935 name: cidr 936 description: A CIDR range of IPs 937 required: false 938 in: query 939 type: string 940 941 942 definitions: 943 Endpoint: 944 description: An endpoint is a namespaced network interface to which cilium applies policies 945 type: object 946 properties: 947 id: 948 description: The cilium-agent-local ID of the endpoint 949 type: integer 950 spec: 951 description: The desired configuration state of the endpoint 952 "$ref": "#/definitions/EndpointConfigurationSpec" 953 status: 954 description: The desired and realized configuration state of the endpoint 955 "$ref": "#/definitions/EndpointStatus" 956 EndpointChangeRequest: 957 description: | 958 Structure which contains the mutable elements of an Endpoint. 959 type: object 960 required: 961 - state 962 properties: 963 id: 964 description: Local endpoint ID 965 type: integer 966 container-id: 967 description: ID assigned by container runtime 968 type: string 969 container-name: 970 description: Name assigned to container 971 type: string 972 docker-endpoint-id: 973 description: Docker endpoint ID 974 type: string 975 labels: 976 description: Labels describing the identity 977 "$ref": "#/definitions/Labels" 978 docker-network-id: 979 description: Docker network ID 980 type: string 981 interface-name: 982 description: Name of network device 983 type: string 984 interface-index: 985 description: Index of network device 986 type: integer 987 state: 988 description: Current state of endpoint 989 "$ref": "#/definitions/EndpointState" 990 mac: 991 description: MAC address 992 type: string 993 host-mac: 994 description: MAC address 995 type: string 996 addressing: 997 "$ref": "#/definitions/AddressPair" 998 k8s-pod-name: 999 description: Kubernetes pod name 1000 type: string 1001 k8s-namespace: 1002 description: Kubernetes namespace name 1003 type: string 1004 datapath-map-id: 1005 description: ID of datapath tail call map 1006 type: integer 1007 policy-enabled: 1008 description: Whether policy enforcement is enabled or not 1009 type: boolean 1010 pid: 1011 description: Process ID of the workload belonging to this endpoint 1012 type: integer 1013 sync-build-endpoint: 1014 description: | 1015 Whether to build an endpoint synchronously 1016 type: boolean 1017 datapath-configuration: 1018 "$ref": "#/definitions/EndpointDatapathConfiguration" 1019 EndpointDatapathConfiguration: 1020 description: Datapath configuration to be used for the endpoint 1021 type: object 1022 properties: 1023 require-arp-passthrough: 1024 description: Enable ARP passthrough mode 1025 type: boolean 1026 require-egress-prog: 1027 description: > 1028 Endpoint requires a host-facing egress program to be attached to 1029 implement ingress policy and reverse NAT. 1030 type: boolean 1031 external-ipam: 1032 description: > 1033 Indicates that IPAM is done external to Cilium. This will prevent the 1034 IP from being released and re-allocation of the IP address is skipped 1035 on restore. 1036 type: boolean 1037 require-routing: 1038 description: > 1039 Endpoint requires BPF routing to be enabled, when disabled, routing 1040 is delegated to Linux routing. 1041 type: boolean 1042 default: true 1043 install-endpoint-route: 1044 description: > 1045 Installs a route in the Linux routing table pointing to the device of 1046 the endpoint's interface. 1047 type: boolean 1048 EndpointStatus: 1049 description: The current state and configuration of the endpoint, its policy & datapath, and subcomponents 1050 type: object 1051 required: 1052 - state 1053 properties: 1054 external-identifiers: 1055 description: Unique identifiers for this endpoint from outside cilium 1056 "$ref": "#/definitions/EndpointIdentifiers" 1057 identity: 1058 description: The security identity for this endpoint 1059 "$ref": "#/definitions/Identity" 1060 labels: 1061 description: Labels applied to this endpoint 1062 "$ref": "#/definitions/LabelConfigurationStatus" 1063 realized: 1064 description: The configuration in effect on this endpoint 1065 "$ref": "#/definitions/EndpointConfigurationSpec" 1066 networking: 1067 description: Networking properties of the endpoint 1068 "$ref": "#/definitions/EndpointNetworking" 1069 policy: 1070 description: The policy applied to this endpoint from the policy repository 1071 "$ref": "#/definitions/EndpointPolicyStatus" 1072 log: 1073 description: Most recent status log. See endpoint/{id}/log for the complete log. 1074 "$ref": "#/definitions/EndpointStatusLog" 1075 controllers: 1076 description: Status of internal controllers attached to this endpoint 1077 "$ref": "#/definitions/ControllerStatuses" 1078 state: 1079 description: Current state of endpoint 1080 "$ref": "#/definitions/EndpointState" 1081 health: 1082 description: Summary overall endpoint & subcomponent health 1083 "$ref": "#/definitions/EndpointHealth" 1084 EndpointState: 1085 description: State of endpoint 1086 type: string 1087 enum: 1088 - creating 1089 - waiting-for-identity 1090 - not-ready 1091 - waiting-to-regenerate 1092 - regenerating 1093 - restoring 1094 - ready 1095 - disconnecting 1096 - disconnected 1097 - invalid 1098 EndpointHealth: 1099 description: Health of the endpoint 1100 type: object 1101 properties: 1102 overallHealth: 1103 "$ref": "#/definitions/EndpointHealthStatus" 1104 bpf: 1105 "$ref": "#/definitions/EndpointHealthStatus" 1106 policy: 1107 "$ref": "#/definitions/EndpointHealthStatus" 1108 connected: 1109 description: Is this endpoint reachable 1110 type: boolean 1111 EndpointHealthStatus: 1112 description: > 1113 A common set of statuses for endpoint health 1114 * ``OK`` = All components operational 1115 * ``Bootstrap`` = This component is being created 1116 * ``Pending`` = A change is being processed to be applied 1117 * ``Warning`` = This component is not applying up-to-date policies (but is still applying the previous version) 1118 * ``Failure`` = An error has occurred and no policy is being applied 1119 * ``Disabled`` = This endpoint is disabled and will not handle traffic 1120 type: string 1121 enum: 1122 - OK 1123 - Bootstrap 1124 - Pending 1125 - Warning 1126 - Failure 1127 - Disabled 1128 EndpointStatusLog: 1129 description: Status log of endpoint 1130 type: array 1131 items: 1132 "$ref": "#/definitions/EndpointStatusChange" 1133 EndpointStatusChange: 1134 description: Indication of a change of status 1135 type: object 1136 properties: 1137 timestamp: 1138 description: Timestamp when status change occurred 1139 type: string 1140 code: 1141 description: Code indicate type of status change 1142 type: string 1143 enum: 1144 - ok 1145 - failed 1146 message: 1147 description: Status message 1148 type: string 1149 state: 1150 "$ref": "#/definitions/EndpointState" 1151 EndpointPolicyStatus: 1152 description: Policy information of an endpoint 1153 type: object 1154 properties: 1155 spec: 1156 description: The policy that should apply to this endpoint 1157 "$ref": "#/definitions/EndpointPolicy" 1158 realized: 1159 description: The policy in the datapath for this endpoint 1160 "$ref": "#/definitions/EndpointPolicy" 1161 proxy-policy-revision: 1162 description: The policy revision currently enforced in the proxy for this endpoint 1163 type: integer 1164 proxy-statistics: 1165 description: Statistics of the proxy redirects configured for this endpoint 1166 type: array 1167 items: 1168 "$ref": "#/definitions/ProxyStatistics" 1169 EndpointPolicyEnabled: 1170 description: Whether policy enforcement is enabled (ingress, egress, both or none) 1171 type: string 1172 enum: 1173 - none 1174 - ingress 1175 - egress 1176 - both 1177 1178 EndpointPolicy: 1179 description: Policy information of an endpoint 1180 type: object 1181 properties: 1182 policy-revision: 1183 description: The agent-local policy revision 1184 type: integer 1185 id: 1186 description: Own identity of endpoint 1187 type: integer 1188 policy-enabled: 1189 description: Whether policy enforcement is enabled (ingress, egress, both or none) 1190 "$ref": "#/definitions/EndpointPolicyEnabled" 1191 build: 1192 description: Build number of calculated policy in use 1193 type: integer 1194 allowed-ingress-identities: 1195 description: | 1196 List of identities allowed to communicate to this endpoint 1197 type: array 1198 items: 1199 type: integer 1200 allowed-egress-identities: 1201 description: | 1202 List of identities to which this endpoint is allowed to communicate 1203 type: array 1204 items: 1205 type: integer 1206 l4: 1207 "$ref": "#/definitions/L4Policy" 1208 cidr-policy: 1209 "$ref": "#/definitions/CIDRPolicy" 1210 PolicyRule: 1211 description: A policy rule including the rule labels it derives from 1212 properties: 1213 rule: 1214 description: The policy rule as json 1215 type: string 1216 derived-from-rules: 1217 description: The policy rule labels identifying the policy rules this rule derives from 1218 type: array 1219 items: 1220 type: array 1221 items: 1222 type: string 1223 L4Policy: 1224 description: L4 endpoint policy 1225 type: object 1226 properties: 1227 ingress: 1228 description: List of L4 ingress rules 1229 type: array 1230 items: 1231 "$ref": "#/definitions/PolicyRule" 1232 egress: 1233 description: List of L4 egress rules 1234 type: array 1235 items: 1236 "$ref": "#/definitions/PolicyRule" 1237 CIDRPolicy: 1238 description: CIDR endpoint policy 1239 type: object 1240 properties: 1241 ingress: 1242 description: List of CIDR ingress rules 1243 type: array 1244 items: 1245 "$ref": "#/definitions/PolicyRule" 1246 egress: 1247 description: List of CIDR egress rules 1248 type: array 1249 items: 1250 "$ref": "#/definitions/PolicyRule" 1251 1252 Prefilter: 1253 description: Collection of endpoints to be served 1254 type: object 1255 properties: 1256 spec: 1257 "$ref": "#/definitions/PrefilterSpec" 1258 status: 1259 "$ref": "#/definitions/PrefilterStatus" 1260 PrefilterSpec: 1261 description: CIDR ranges implemented in the Prefilter 1262 type: object 1263 properties: 1264 revision: 1265 type: integer 1266 deny: 1267 type: array 1268 items: 1269 type: string 1270 PrefilterStatus: 1271 description: CIDR ranges implemented in the Prefilter 1272 type: object 1273 properties: 1274 realized: 1275 "$ref": "#/definitions/PrefilterSpec" 1276 1277 CIDRList: 1278 description: List of CIDRs 1279 type: object 1280 properties: 1281 revision: 1282 type: integer 1283 list: 1284 type: array 1285 items: 1286 type: string 1287 DebugInfo: 1288 description: groups some debugging related information on the agent 1289 type: object 1290 properties: 1291 cilium-version: 1292 type: string 1293 kernel-version: 1294 type: string 1295 cilium-status: 1296 "$ref": "#/definitions/StatusResponse" 1297 endpoint-list: 1298 type: array 1299 items: 1300 "$ref": "#/definitions/Endpoint" 1301 service-list: 1302 type: array 1303 items: 1304 "$ref": "#/definitions/Service" 1305 policy: 1306 "$ref": "#/definitions/Policy" 1307 cilium-memory-map: 1308 type: string 1309 cilium-nodemonitor-memory-map: 1310 type: string 1311 environment-variables: 1312 type: array 1313 items: 1314 type: string 1315 subsystem: 1316 type: object 1317 additionalProperties: 1318 type: string 1319 IPAMResponse: 1320 description: IPAM configuration of an endpoint 1321 type: object 1322 required: 1323 - address 1324 - host-addressing 1325 properties: 1326 address: 1327 "$ref": "#/definitions/AddressPair" 1328 ipv4: 1329 "$ref": "#/definitions/IPAMAddressResponse" 1330 ipv6: 1331 "$ref": "#/definitions/IPAMAddressResponse" 1332 host-addressing: 1333 "$ref": "#/definitions/NodeAddressing" 1334 IPAMAddressResponse: 1335 description: IPAM configuration of an individual address family 1336 type: object 1337 properties: 1338 ip: 1339 description: Allocated IP for endpoint 1340 type: string 1341 gateway: 1342 description: IP of gateway 1343 type: string 1344 cidrs: 1345 description: List of CIDRs out of which IPs are allocated 1346 type: array 1347 items: 1348 type: string 1349 master-mac: 1350 type: string 1351 description: MAC of master interface if address is a slave/secondary of a master interface 1352 expiration-uuid: 1353 type: string 1354 description: | 1355 The UUID for the expiration timer. Set when expiration has been 1356 enabled while allocating. 1357 AddressPair: 1358 description: Addressing information of an endpoint 1359 type: object 1360 properties: 1361 ipv4: 1362 description: IPv4 address 1363 type: string 1364 ipv4-expiration-uuid: 1365 description: UUID of IPv4 expiration timer 1366 type: string 1367 ipv6: 1368 description: IPv6 address 1369 type: string 1370 ipv6-expiration-uuid: 1371 description: UUID of IPv6 expiration timer 1372 type: string 1373 Address: 1374 description: IP address 1375 type: string 1376 ClusterNodesResponse: 1377 properties: 1378 self: 1379 description: Name of local node (if available) 1380 type: string 1381 nodes: 1382 description: List of known nodes 1383 type: array 1384 items: 1385 "$ref": "#/definitions/NodeElement" 1386 Identity: 1387 description: Security identity 1388 type: object 1389 properties: 1390 id: 1391 description: Unique identifier 1392 type: integer 1393 labels: 1394 description: Labels describing the identity 1395 "$ref": "#/definitions/Labels" 1396 labelsSHA256: 1397 description: SHA256 of labels 1398 type: string 1399 IdentityEndpoints: 1400 description: Security identities owned by endpoints on the local node 1401 type: object 1402 properties: 1403 identity: 1404 description: Security identity 1405 "$ref": "#/definitions/Identity" 1406 refCount: 1407 description: number of endpoints consuming this identity locally (should always be > 0) 1408 type: integer 1409 EndpointNetworking: 1410 description: Unique identifiers for this endpoint from outside cilium 1411 type: object 1412 properties: 1413 addressing: 1414 description: IP4/6 addresses assigned to this Endpoint 1415 type: array 1416 items: 1417 "$ref": "#/definitions/AddressPair" 1418 host-addressing: 1419 "$ref": "#/definitions/NodeAddressing" 1420 host-mac: 1421 description: MAC address 1422 type: string 1423 mac: 1424 description: MAC address 1425 type: string 1426 interface-name: 1427 description: Name of network device 1428 type: string 1429 interface-index: 1430 description: Index of network device 1431 type: integer 1432 EndpointIdentifiers: 1433 description: Unique identifiers for this endpoint from outside cilium 1434 type: object 1435 properties: 1436 container-id: 1437 description: ID assigned by container runtime 1438 type: string 1439 container-name: 1440 description: Name assigned to container 1441 type: string 1442 docker-endpoint-id: 1443 description: Docker endpoint ID 1444 type: string 1445 docker-network-id: 1446 description: Docker network ID 1447 type: string 1448 pod-name: 1449 description: K8s pod for this endpoint 1450 type: string 1451 Labels: 1452 description: Set of labels 1453 type: array 1454 items: 1455 type: string 1456 LabelConfiguration: 1457 description: Label configuration of an endpoint 1458 type: object 1459 properties: 1460 spec: 1461 description: The user provided desired configuration 1462 "$ref": "#/definitions/LabelConfigurationSpec" 1463 status: 1464 description: The current configuration 1465 "$ref": "#/definitions/LabelConfigurationStatus" 1466 LabelConfigurationSpec: 1467 description: User desired Label configuration of an endpoint 1468 type: object 1469 properties: 1470 user: 1471 description: "Custom labels in addition to orchestration system labels." 1472 "$ref": "#/definitions/Labels" 1473 LabelConfigurationStatus: 1474 description: Labels and label configuration of an endpoint 1475 type: object 1476 properties: 1477 realized: 1478 description: The current configuration 1479 "$ref": "#/definitions/LabelConfigurationSpec" 1480 security-relevant: 1481 description: "Labels derived from orchestration system that are used in computing a security identity" 1482 "$ref": "#/definitions/Labels" 1483 derived: 1484 description: "All labels derived from the orchestration system" 1485 "$ref": "#/definitions/Labels" 1486 disabled: 1487 description: "Labels derived from orchestration system which have been disabled." 1488 "$ref": "#/definitions/Labels" 1489 StatusResponse: 1490 description: Health and status information of daemon 1491 type: object 1492 properties: 1493 cilium: 1494 description: Status of Cilium daemon 1495 "$ref": "#/definitions/Status" 1496 kvstore: 1497 description: Status of key/value datastore 1498 "$ref": "#/definitions/Status" 1499 container-runtime: 1500 description: Status of local container runtime 1501 "$ref": "#/definitions/Status" 1502 kubernetes: 1503 description: Status of Kubernetes integration 1504 "$ref": "#/definitions/K8sStatus" 1505 ipam: 1506 description: Status of IP address management 1507 "$ref": "#/definitions/IPAMStatus" 1508 nodeMonitor: 1509 description: Status of the node monitor 1510 "$ref": "#/definitions/MonitorStatus" 1511 cluster: 1512 description: Status of cluster 1513 "$ref": "#/definitions/ClusterStatus" 1514 controllers: 1515 description: Status of all endpoint controllers 1516 "$ref": "#/definitions/ControllerStatuses" 1517 proxy: 1518 description: Status of proxy 1519 "$ref": "#/definitions/ProxyStatus" 1520 stale: 1521 description: List of stale information in the status 1522 type: object 1523 additionalProperties: 1524 description: Timestamp when the probe was started 1525 type: string 1526 format: date-time 1527 client-id: 1528 description: | 1529 When supported by the API, this client ID should be used by the 1530 client when making another request to the server. 1531 See for example "/cluster/nodes". 1532 type: integer 1533 1534 Status: 1535 description: Status of an individual component 1536 type: object 1537 properties: 1538 state: 1539 type: string 1540 description: State the component is in 1541 enum: 1542 - Ok 1543 - Warning 1544 - Failure 1545 - Disabled 1546 msg: 1547 type: string 1548 description: Human readable status/error/warning message 1549 K8sStatus: 1550 description: Status of Kubernetes integration 1551 type: object 1552 properties: 1553 state: 1554 type: string 1555 description: State the component is in 1556 enum: 1557 - Ok 1558 - Warning 1559 - Failure 1560 - Disabled 1561 k8s-api-versions: 1562 type: array 1563 items: 1564 type: string 1565 msg: 1566 type: string 1567 description: Human readable status/error/warning message 1568 AllocationMap: 1569 description: | 1570 Map of allocated IPs 1571 type: object 1572 additionalProperties: 1573 type: string 1574 IPAMStatus: 1575 description: Status of IP address management 1576 properties: 1577 allocations: 1578 "$ref": "#/definitions/AllocationMap" 1579 ipv4: 1580 type: array 1581 items: 1582 type: string 1583 ipv6: 1584 type: array 1585 items: 1586 type: string 1587 status: 1588 type: string 1589 ClusterStatus: 1590 description: Status of cluster 1591 properties: 1592 ciliumHealth: 1593 description: Status of local cilium-health daemon 1594 "$ref": "#/definitions/Status" 1595 self: 1596 description: Name of local node (if available) 1597 type: string 1598 nodes: 1599 description: List of known nodes 1600 type: array 1601 items: 1602 "$ref": "#/definitions/NodeElement" 1603 ClusterNodeStatus: 1604 description: Status of cluster 1605 properties: 1606 self: 1607 description: Name of local node (if available) 1608 type: string 1609 nodes-added: 1610 description: List of known nodes 1611 type: array 1612 items: 1613 "$ref": "#/definitions/NodeElement" 1614 nodes-removed: 1615 description: List of known nodes 1616 type: array 1617 items: 1618 "$ref": "#/definitions/NodeElement" 1619 client-id: 1620 description: ID that should be used by the client to receive a diff from the previous request 1621 type: integer 1622 MonitorStatus: 1623 description: Status of the node monitor 1624 properties: 1625 cpus: 1626 description: Number of CPUs to listen on for events. 1627 type: integer 1628 npages: 1629 description: Number of pages used for the perf ring buffer. 1630 type: integer 1631 pagesize: 1632 description: Pages size used for the perf ring buffer. 1633 type: integer 1634 lost: 1635 description: Number of samples lost by perf. 1636 type: integer 1637 unknown: 1638 description: Number of unknown samples. 1639 type: integer 1640 KVstoreConfiguration: 1641 description: Configuration used for the kvstore 1642 properties: 1643 type: 1644 description: Type of kvstore 1645 type: string 1646 options: 1647 description: Configuration options 1648 type: object 1649 additionalProperties: 1650 type: string 1651 DaemonConfiguration: 1652 description: | 1653 Response to a daemon configuration request. 1654 type: object 1655 properties: 1656 spec: 1657 description: Changeable configuration 1658 "$ref": "#/definitions/DaemonConfigurationSpec" 1659 status: 1660 description: | 1661 Current daemon configuration related status.Contains the addressing 1662 information, k8s, node monitor and immutable and mutable 1663 configuration settings. 1664 "$ref": "#/definitions/DaemonConfigurationStatus" 1665 DaemonConfigurationSpec: 1666 description: The controllable configuration of the daemon. 1667 type: object 1668 properties: 1669 options: 1670 description: Changeable configuration 1671 "$ref": "#/definitions/ConfigurationMap" 1672 policy-enforcement: 1673 description: "The policy-enforcement mode" 1674 type: string 1675 enum: 1676 - default 1677 - always 1678 - never 1679 DaemonConfigurationStatus: 1680 description: | 1681 Response to a daemon configuration request. Contains the addressing 1682 information, k8s, node monitor and immutable and mutable configuration 1683 settings. 1684 type: object 1685 properties: 1686 realized: 1687 description: Currently applied configuration 1688 "$ref": "#/definitions/DaemonConfigurationSpec" 1689 immutable: 1690 description: Immutable configuration (read-only) 1691 "$ref": "#/definitions/ConfigurationMap" 1692 addressing: 1693 "$ref": "#/definitions/NodeAddressing" 1694 k8s-endpoint: 1695 type: string 1696 k8s-configuration: 1697 type: string 1698 nodeMonitor: 1699 description: Status of the node monitor 1700 "$ref": "#/definitions/MonitorStatus" 1701 kvstoreConfiguration: 1702 "$ref": "#/definitions/KVstoreConfiguration" 1703 deviceMTU: 1704 description: MTU on workload facing devices 1705 type: integer 1706 routeMTU: 1707 description: MTU for network facing routes 1708 type: integer 1709 datapathMode: 1710 "$ref": "#/definitions/DatapathMode" 1711 ipvlanConfiguration: 1712 "$ref": "#/definitions/IpvlanConfiguration" 1713 ipam-mode: 1714 description: Configured IPAM mode 1715 type: string 1716 masquerade: 1717 description: Status of masquerading feature 1718 type: boolean 1719 DatapathMode: 1720 description: Datapath mode 1721 type: string 1722 enum: 1723 - veth 1724 - ipvlan 1725 IpvlanConfiguration: 1726 description: Setup for datapath when operating in ipvlan mode. 1727 type: object 1728 properties: 1729 masterDeviceIndex: 1730 description: Workload facing ipvlan master device ifindex. 1731 type: integer 1732 operationMode: 1733 description: Mode in which ipvlan setup operates. 1734 type: string 1735 enum: 1736 - L3 1737 - L3S 1738 EndpointConfigurationSpec: 1739 description: An endpoint's configuration 1740 type: object 1741 properties: 1742 options: 1743 description: Changeable configuration 1744 "$ref": "#/definitions/ConfigurationMap" 1745 label-configuration: 1746 description: the endpoint's labels 1747 "$ref": "#/definitions/LabelConfigurationSpec" 1748 EndpointConfigurationStatus: 1749 description: An endpoint's configuration 1750 type: object 1751 properties: 1752 realized: 1753 description: currently applied changeable configuration 1754 "$ref": "#/definitions/EndpointConfigurationSpec" 1755 immutable: 1756 description: Immutable configuration (read-only) 1757 "$ref": "#/definitions/ConfigurationMap" 1758 error: 1759 description: Most recent error, if applicable 1760 "$ref": "#/definitions/Error" 1761 ConfigurationMap: 1762 description: | 1763 Map of configuration key/value pairs. 1764 type: object 1765 additionalProperties: 1766 type: string 1767 NodeElement: 1768 description: Known node in the cluster 1769 properties: 1770 name: 1771 type: string 1772 description: | 1773 Name of the node including the cluster association. This is typically 1774 <clustername>/<hostname>. 1775 primary-address: 1776 description: Primary address used for intra-cluster communication 1777 "$ref": "#/definitions/NodeAddressing" 1778 secondary-addresses: 1779 description: Alternative addresses assigned to the node 1780 type: array 1781 items: 1782 "$ref": "#/definitions/NodeAddressingElement" 1783 health-endpoint-address: 1784 description: Address used for probing cluster connectivity 1785 "$ref": "#/definitions/NodeAddressing" 1786 NodeAddressing: 1787 description: Addressing information of a node for all address families 1788 type: object 1789 properties: 1790 ipv6: 1791 "$ref": "#/definitions/NodeAddressingElement" 1792 ipv4: 1793 "$ref": "#/definitions/NodeAddressingElement" 1794 NodeAddressingElement: 1795 description: Addressing information 1796 type: object 1797 properties: 1798 enabled: 1799 description: True if address family is enabled 1800 type: boolean 1801 ip: 1802 description: IP address of node 1803 type: string 1804 alloc-range: 1805 description: Address pool to be used for local endpoints 1806 type: string 1807 address-type: 1808 description: Node address type, one of HostName, ExternalIP or InternalIP 1809 type: string 1810 Policy: 1811 description: Policy definition 1812 type: object 1813 properties: 1814 revision: 1815 description: | 1816 Revision number of the policy. Incremented each time the policy is 1817 changed in the agent's repository 1818 type: integer 1819 policy: 1820 description: Policy definition as JSON. 1821 type: string 1822 PolicyTraceResult: 1823 description: Response to a policy resolution process 1824 type: object 1825 properties: 1826 verdict: 1827 type: string 1828 log: 1829 type: string 1830 Port: 1831 description: Layer 4 port / protocol pair 1832 type: object 1833 properties: 1834 protocol: 1835 description: Layer 4 protocol 1836 type: string 1837 enum: 1838 - TCP 1839 - UDP 1840 - ANY 1841 port: 1842 description: Layer 4 port number 1843 type: integer 1844 format: uint16 1845 SelectorCache: 1846 description: cache of which identities match selectors in the policy repository 1847 type: array 1848 items: 1849 "$ref": "#/definitions/SelectorIdentityMapping" 1850 SelectorIdentityMapping: 1851 description: mapping of selector to identities which match it 1852 type: object 1853 properties: 1854 selector: 1855 description: string form of selector 1856 type: string 1857 identities: 1858 description: identities mapping to this selector 1859 type: array 1860 items: 1861 type: integer 1862 users: 1863 description: number of users of this selector in the cache 1864 type: integer 1865 TraceSelector: 1866 description: Context describing a pair of source and destination identity 1867 type: object 1868 properties: 1869 from: 1870 "$ref": "#/definitions/TraceFrom" 1871 to: 1872 "$ref": "#/definitions/TraceTo" 1873 verbose: 1874 description: | 1875 Enable verbose tracing. 1876 type: boolean 1877 TraceFrom: 1878 type: object 1879 properties: 1880 labels: 1881 "$ref": "#/definitions/Labels" 1882 TraceTo: 1883 type: object 1884 properties: 1885 labels: 1886 "$ref": "#/definitions/Labels" 1887 dports: 1888 description: | 1889 List of Layer 4 port and protocol pairs which will be used in communication 1890 from the source identity to the destination identity. 1891 type: array 1892 items: 1893 "$ref": "#/definitions/Port" 1894 1895 FrontendAddress: 1896 description: | 1897 Layer 4 address. The protocol is currently ignored, all services will 1898 behave as if protocol any is specified. To restrict to a particular 1899 protocol, use policy. 1900 type: object 1901 properties: 1902 ip: 1903 description: Layer 3 address 1904 type: string 1905 protocol: 1906 description: Layer 4 protocol 1907 type: string 1908 enum: 1909 - tcp 1910 - udp 1911 - any 1912 port: 1913 description: Layer 4 port number 1914 type: integer 1915 format: uint16 1916 BackendAddress: 1917 description: Service backend address 1918 type: object 1919 required: 1920 - ip 1921 properties: 1922 ip: 1923 description: Layer 3 address 1924 type: string 1925 port: 1926 description: Layer 4 port number 1927 type: integer 1928 format: uint16 1929 weight: 1930 description: Weight for Round Robin 1931 type: integer 1932 format: uint16 1933 Service: 1934 description: Collection of endpoints to be served 1935 type: object 1936 properties: 1937 spec: 1938 "$ref": "#/definitions/ServiceSpec" 1939 status: 1940 "$ref": "#/definitions/ServiceStatus" 1941 ServiceSpec: 1942 description: Configuration of a service 1943 type: object 1944 required: 1945 - frontend-address 1946 properties: 1947 id: 1948 description: Unique identification 1949 type: integer 1950 frontend-address: 1951 description: Frontend address 1952 "$ref": "#/definitions/FrontendAddress" 1953 backend-addresses: 1954 description: List of backend addresses 1955 type: array 1956 items: 1957 "$ref": "#/definitions/BackendAddress" 1958 flags: 1959 description: Optional service configuration flags 1960 type: object 1961 properties: 1962 active-frontend: 1963 description: Frontend to backend translation activated 1964 type: boolean 1965 direct-server-return: 1966 description: Perform direct server return 1967 type: boolean 1968 node-port: 1969 description: Service is of Nodeport type 1970 type: boolean 1971 ServiceStatus: 1972 description: Configuration of a service 1973 type: object 1974 properties: 1975 realized: 1976 "$ref": "#/definitions/ServiceSpec" 1977 ProxyStatus: 1978 description: Status of proxy 1979 type: object 1980 properties: 1981 port-range: 1982 description: Port range used for proxying 1983 type: string 1984 ip: 1985 description: IP address that the proxy listens on 1986 type: string 1987 ProxyStatistics: 1988 description: Statistics of a set of proxy redirects for an endpoint 1989 type: object 1990 properties: 1991 protocol: 1992 description: Name of the L7 protocol 1993 type: string 1994 port: 1995 description: The port subject to the redirect 1996 type: integer 1997 allocated-proxy-port: 1998 description: The port the proxy is listening on 1999 type: integer 2000 location: 2001 description: Location of where the redirect is installed 2002 type: string 2003 enum: 2004 - ingress 2005 - egress 2006 statistics: 2007 description: Statistics of this set of proxy redirect 2008 "$ref": "#/definitions/RequestResponseStatistics" 2009 RequestResponseStatistics: 2010 description: Statistics of a proxy redirect 2011 type: object 2012 properties: 2013 requests: 2014 "$ref": "#/definitions/MessageForwardingStatistics" 2015 responses: 2016 "$ref": "#/definitions/MessageForwardingStatistics" 2017 MessageForwardingStatistics: 2018 description: Statistics of a message forwarding entity 2019 type: object 2020 properties: 2021 received: 2022 description: Number of messages received 2023 type: integer 2024 denied: 2025 description: Number of messages denied 2026 type: integer 2027 error: 2028 description: Number of errors while parsing messages 2029 type: integer 2030 forwarded: 2031 description: Number of messages forwarded 2032 type: integer 2033 ControllerStatuses: 2034 description: Collection of controller statuses 2035 type: array 2036 items: 2037 "$ref": "#/definitions/ControllerStatus" 2038 ControllerStatus: 2039 description: Status of a controller 2040 type: object 2041 properties: 2042 name: 2043 description: Name of controller 2044 type: string 2045 uuid: 2046 description: UUID of controller 2047 type: string 2048 format: uuid 2049 configuration: 2050 description: Configuration of controller 2051 type: object 2052 properties: 2053 interval: 2054 description: Regular synchronization interval 2055 type: string 2056 format: duration 2057 error-retry-base: 2058 description: Base error retry back-off time 2059 type: string 2060 format: duration 2061 error-retry: 2062 description: Retry on error 2063 type: boolean 2064 status: 2065 description: Current status of controller 2066 type: object 2067 properties: 2068 success-count: 2069 description: Total number of successful runs 2070 type: integer 2071 last-success-timestamp: 2072 description: Timestamp of last success 2073 type: string 2074 format: date-time 2075 failure-count: 2076 description: Total number of failed runs 2077 type: integer 2078 last-failure-timestamp: 2079 description: Timestamp of last error 2080 type: string 2081 format: date-time 2082 consecutive-failure-count: 2083 description: Number of consecutive errors since last success 2084 type: integer 2085 last-failure-msg: 2086 description: Error message of last failed run 2087 type: string 2088 BPFMapList: 2089 description: List of BPF Maps 2090 type: object 2091 properties: 2092 maps: 2093 description: Array of open BPF map lists 2094 type: array 2095 items: 2096 "$ref": "#/definitions/BPFMap" 2097 BPFMap: 2098 description: BPF map definition and content 2099 type: object 2100 properties: 2101 path: 2102 description: Path to BPF map 2103 type: string 2104 cache: 2105 description: Contents of cache 2106 type: array 2107 items: 2108 "$ref": "#/definitions/BPFMapEntry" 2109 BPFMapEntry: 2110 description: BPF map cache entry" 2111 type: object 2112 properties: 2113 key: 2114 description: Key of map entry 2115 type: string 2116 value: 2117 description: Value of map entry 2118 type: string 2119 desired-action: 2120 description: Desired action to be performed 2121 type: string 2122 enum: 2123 - ok 2124 - insert 2125 - delete 2126 last-error: 2127 description: Last error seen while performing desired action 2128 type: string 2129 Metric: 2130 description: Metric information 2131 type: object 2132 properties: 2133 name: 2134 description: Name of the metric 2135 type: string 2136 value: 2137 description: Value of the metric 2138 type: number 2139 labels: 2140 description: Labels of the metric 2141 type: object 2142 additionalProperties: 2143 type: string 2144 Error: 2145 type: string 2146 DNSLookup: 2147 description: An IP -> DNS mapping, with metadata 2148 type: object 2149 properties: 2150 ips: 2151 description: IP addresses returned in this lookup 2152 type: array 2153 items: 2154 type: string 2155 fqdn: 2156 description: DNS name 2157 type: string 2158 ttl: 2159 description: The TTL in the DNS response 2160 type: integer 2161 lookup-time: 2162 description: The absolute time when this data was recieved 2163 type: string 2164 format: date-time 2165 expiration-time: 2166 description: The absolute time when this data will expire in this cache 2167 type: string 2168 format: date-time 2169 endpoint-id: 2170 description: The endpoint that made this lookup, or 0 for the agent itself. 2171 type: integer