{ "description": "CiliumEndpoint is the status of a Cilium policy rule.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "status": { "description": "EndpointStatus is the status of a Cilium endpoint.", "properties": { "controllers": { "description": "Controllers is the list of failing controllers for this endpoint.", "items": { "description": "ControllerStatus is the status of a failing controller.", "properties": { "configuration": { "description": "Configuration is the controller configuration", "properties": { "error-retry": { "description": "Retry on error", "type": "boolean" }, "error-retry-base": { "description": "Base error retry back-off time\nFormat: duration", "format": "int64", "type": "integer" }, "interval": { "description": "Regular synchronization interval\nFormat: duration", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name is the name of the controller", "type": "string" }, "status": { "description": "Status is the status of the controller", "properties": { "consecutive-failure-count": { "format": "int64", "type": "integer" }, "failure-count": { "format": "int64", "type": "integer" }, "last-failure-msg": { "type": "string" }, "last-failure-timestamp": { "type": "string" }, "last-success-timestamp": { "type": "string" }, "success-count": { "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false }, "uuid": { "description": "UUID is the UUID of the controller", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "encryption": { "description": "Encryption is the encryption configuration of the node", "properties": { "key": { "description": "Key is the index to the key to use for encryption or 0 if encryption is\ndisabled.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "external-identifiers": { "description": "ExternalIdentifiers is a set of identifiers to identify the endpoint\napart from the pod name. This includes container runtime IDs.", "properties": { "cni-attachment-id": { "description": "ID assigned to this attachment by container runtime", "type": "string" }, "container-id": { "description": "ID assigned by container runtime (deprecated, may not be unique)", "type": "string" }, "container-name": { "description": "Name assigned to container (deprecated, may not be unique)", "type": "string" }, "docker-endpoint-id": { "description": "Docker endpoint ID", "type": "string" }, "docker-network-id": { "description": "Docker network ID", "type": "string" }, "k8s-namespace": { "description": "K8s namespace for this endpoint (deprecated, may not be unique)", "type": "string" }, "k8s-pod-name": { "description": "K8s pod name for this endpoint (deprecated, may not be unique)", "type": "string" }, "pod-name": { "description": "K8s pod for this endpoint (deprecated, may not be unique)", "type": "string" } }, "type": "object", "additionalProperties": false }, "health": { "description": "Health is the overall endpoint & subcomponent health.", "properties": { "bpf": { "description": "bpf", "type": "string" }, "connected": { "description": "Is this endpoint reachable", "type": "boolean" }, "overallHealth": { "description": "overall health", "type": "string" }, "policy": { "description": "policy", "type": "string" } }, "type": "object", "additionalProperties": false }, "id": { "description": "ID is the cilium-agent-local ID of the endpoint.", "format": "int64", "type": "integer" }, "identity": { "description": "Identity is the security identity associated with the endpoint", "properties": { "id": { "description": "ID is the numeric identity of the endpoint", "format": "int64", "type": "integer" }, "labels": { "description": "Labels is the list of labels associated with the identity", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "log": { "description": "Log is the list of the last few warning and error log entries", "items": { "description": "EndpointStatusChange Indication of a change of status\n\nswagger:model EndpointStatusChange", "properties": { "code": { "description": "Code indicate type of status change\nEnum: [\"ok\",\"failed\"]", "type": "string" }, "message": { "description": "Status message", "type": "string" }, "state": { "description": "state", "type": "string" }, "timestamp": { "description": "Timestamp when status change occurred", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "named-ports": { "description": "NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network\nPolicy specs.\n\nswagger:model NamedPorts", "items": { "description": "Port Layer 4 port / protocol pair\n\nswagger:model Port", "properties": { "name": { "description": "Optional layer 4 port name", "type": "string" }, "port": { "description": "Layer 4 port number", "type": "integer" }, "protocol": { "description": "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "networking": { "description": "Networking is the networking properties of the endpoint.", "properties": { "addressing": { "description": "IP4/6 addresses assigned to this Endpoint", "items": { "description": "AddressPair is a pair of IPv4 and/or IPv6 address.", "properties": { "ipv4": { "type": "string" }, "ipv6": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "node": { "description": "NodeIP is the IP of the node the endpoint is running on. The IP must\nbe reachable between nodes.", "type": "string" } }, "required": [ "addressing" ], "type": "object", "additionalProperties": false }, "policy": { "description": "EndpointPolicy represents the endpoint's policy by listing all allowed\ningress and egress identities in combination with L4 port and protocol.", "properties": { "egress": { "description": "EndpointPolicyDirection is the list of allowed identities per direction.", "properties": { "adding": { "description": "Deprecated", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "allowed": { "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are\nallowed.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "denied": { "description": "DenyIdentityList is a list of IdentityTuples that species peers that are\ndenied.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "enforcing": { "type": "boolean" }, "removing": { "description": "Deprecated", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "state": { "description": "EndpointPolicyState defines the state of the Policy mode: \"enforcing\", \"non-enforcing\", \"disabled\"", "type": "string" } }, "required": [ "enforcing" ], "type": "object", "additionalProperties": false }, "ingress": { "description": "EndpointPolicyDirection is the list of allowed identities per direction.", "properties": { "adding": { "description": "Deprecated", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "allowed": { "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are\nallowed.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "denied": { "description": "DenyIdentityList is a list of IdentityTuples that species peers that are\ndenied.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "enforcing": { "type": "boolean" }, "removing": { "description": "Deprecated", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { "dest-port": { "type": "integer" }, "identity": { "format": "int64", "type": "integer" }, "identity-labels": { "additionalProperties": { "type": "string" }, "type": "object" }, "protocol": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "state": { "description": "EndpointPolicyState defines the state of the Policy mode: \"enforcing\", \"non-enforcing\", \"disabled\"", "type": "string" } }, "required": [ "enforcing" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "service-account": { "description": "ServiceAccount is the service account associated with the endpoint", "type": "string" }, "state": { "description": "State is the state of the endpoint.", "enum": [ "creating", "waiting-for-identity", "not-ready", "waiting-to-regenerate", "regenerating", "restoring", "ready", "disconnecting", "disconnected", "invalid" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "metadata" ], "type": "object" }