diff --git a/Makefile b/Makefile index fc6d0549..23d1b3c7 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Variables APP_NAME := operator -DOCKER_USERNAME := aaronnguyenillumio +DOCKER_USERNAME := pki619 DOCKER_IMAGE := $(DOCKER_USERNAME)/$(APP_NAME) LOCAL_REGISTRY := localhost:5000 LOCAL_IMAGE := $(LOCAL_REGISTRY)/$(APP_NAME) @@ -34,13 +34,13 @@ clean: .PHONY: docker-build docker-build: @echo "Building Docker image..." - docker buildx build --platform linux/amd64,linux/arm64 --load -t $(DOCKER_IMAGE):latest . + docker buildx build --platform linux/amd64,linux/arm64 --load -t $(DOCKER_IMAGE):calicof . # Push Docker image to Docker Hub .PHONY: docker-push docker-push: @echo "Pushing Docker image to Docker Hub..." - docker push $(DOCKER_IMAGE):latest + docker push $(DOCKER_IMAGE):calicof # Deploy target (build and push Docker image to Docker Hub) .PHONY: deploy diff --git a/api/generate.go b/api/generate.go index 552fd2f3..90f9be52 100644 --- a/api/generate.go +++ b/api/generate.go @@ -5,3 +5,7 @@ package internal //go:generate buf format -w illumio/cloud/k8sclustersync/v1/k8s_info.proto //go:generate buf lint illumio/cloud/k8sclustersync/v1/k8s_info.proto //go:generate buf generate illumio/cloud/k8sclustersync/v1/k8s_info.proto + +//go:generate buf format -w illumio/cloud/goldmane/v1/goldmane.proto +//go:generate buf lint illumio/cloud/goldmane/v1/goldmane.proto +//go:generate buf generate illumio/cloud/goldmane/v1/goldmane.proto diff --git a/api/illumio/cloud/goldmane/v1/goldmane.pb.go b/api/illumio/cloud/goldmane/v1/goldmane.pb.go new file mode 100644 index 00000000..2de5bf39 --- /dev/null +++ b/api/illumio/cloud/goldmane/v1/goldmane.pb.go @@ -0,0 +1,653 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: illumio/cloud/goldmane/v1/goldmane.proto + +package v1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// StreamRequest initiates a flow stream from Goldmane +type StreamRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StreamRequest) Reset() { + *x = StreamRequest{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StreamRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StreamRequest) ProtoMessage() {} + +func (x *StreamRequest) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StreamRequest.ProtoReflect.Descriptor instead. +func (*StreamRequest) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{0} +} + +// StreamResponse contains a single flow from Goldmane +type StreamResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Flow *Flow `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StreamResponse) Reset() { + *x = StreamResponse{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StreamResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StreamResponse) ProtoMessage() {} + +func (x *StreamResponse) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StreamResponse.ProtoReflect.Descriptor instead. +func (*StreamResponse) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{1} +} + +func (x *StreamResponse) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *StreamResponse) GetFlow() *Flow { + if x != nil { + return x.Flow + } + return nil +} + +// Flow represents a network flow in Goldmane's format +type Flow struct { + state protoimpl.MessageState `protogen:"open.v1"` + Key *FlowKey `protobuf:"bytes,1,opt,name=Key,proto3" json:"Key,omitempty"` + StartTime string `protobuf:"bytes,2,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"` + EndTime string `protobuf:"bytes,3,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"` + SourceLabels []string `protobuf:"bytes,4,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty"` + DestLabels []string `protobuf:"bytes,5,rep,name=dest_labels,json=destLabels,proto3" json:"dest_labels,omitempty"` + PacketsIn string `protobuf:"bytes,6,opt,name=packets_in,json=packetsIn,proto3" json:"packets_in,omitempty"` + PacketsOut string `protobuf:"bytes,7,opt,name=packets_out,json=packetsOut,proto3" json:"packets_out,omitempty"` + BytesIn string `protobuf:"bytes,8,opt,name=bytes_in,json=bytesIn,proto3" json:"bytes_in,omitempty"` + BytesOut string `protobuf:"bytes,9,opt,name=bytes_out,json=bytesOut,proto3" json:"bytes_out,omitempty"` + NumConnectionsStarted string `protobuf:"bytes,10,opt,name=num_connections_started,json=numConnectionsStarted,proto3" json:"num_connections_started,omitempty"` + NumConnectionsCompleted string `protobuf:"bytes,11,opt,name=num_connections_completed,json=numConnectionsCompleted,proto3" json:"num_connections_completed,omitempty"` + NumConnectionsLive string `protobuf:"bytes,12,opt,name=num_connections_live,json=numConnectionsLive,proto3" json:"num_connections_live,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Flow) Reset() { + *x = Flow{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Flow) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Flow) ProtoMessage() {} + +func (x *Flow) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Flow.ProtoReflect.Descriptor instead. +func (*Flow) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{2} +} + +func (x *Flow) GetKey() *FlowKey { + if x != nil { + return x.Key + } + return nil +} + +func (x *Flow) GetStartTime() string { + if x != nil { + return x.StartTime + } + return "" +} + +func (x *Flow) GetEndTime() string { + if x != nil { + return x.EndTime + } + return "" +} + +func (x *Flow) GetSourceLabels() []string { + if x != nil { + return x.SourceLabels + } + return nil +} + +func (x *Flow) GetDestLabels() []string { + if x != nil { + return x.DestLabels + } + return nil +} + +func (x *Flow) GetPacketsIn() string { + if x != nil { + return x.PacketsIn + } + return "" +} + +func (x *Flow) GetPacketsOut() string { + if x != nil { + return x.PacketsOut + } + return "" +} + +func (x *Flow) GetBytesIn() string { + if x != nil { + return x.BytesIn + } + return "" +} + +func (x *Flow) GetBytesOut() string { + if x != nil { + return x.BytesOut + } + return "" +} + +func (x *Flow) GetNumConnectionsStarted() string { + if x != nil { + return x.NumConnectionsStarted + } + return "" +} + +func (x *Flow) GetNumConnectionsCompleted() string { + if x != nil { + return x.NumConnectionsCompleted + } + return "" +} + +func (x *Flow) GetNumConnectionsLive() string { + if x != nil { + return x.NumConnectionsLive + } + return "" +} + +// FlowKey uniquely identifies a flow +type FlowKey struct { + state protoimpl.MessageState `protogen:"open.v1"` + SourceName string `protobuf:"bytes,1,opt,name=source_name,json=sourceName,proto3" json:"source_name,omitempty"` + SourceNamespace string `protobuf:"bytes,2,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` + SourceType string `protobuf:"bytes,3,opt,name=source_type,json=sourceType,proto3" json:"source_type,omitempty"` + DestName string `protobuf:"bytes,4,opt,name=dest_name,json=destName,proto3" json:"dest_name,omitempty"` + DestNamespace string `protobuf:"bytes,5,opt,name=dest_namespace,json=destNamespace,proto3" json:"dest_namespace,omitempty"` + DestType string `protobuf:"bytes,6,opt,name=dest_type,json=destType,proto3" json:"dest_type,omitempty"` + DestPort string `protobuf:"bytes,7,opt,name=dest_port,json=destPort,proto3" json:"dest_port,omitempty"` + DestServiceName string `protobuf:"bytes,8,opt,name=dest_service_name,json=destServiceName,proto3" json:"dest_service_name,omitempty"` + DestServiceNamespace string `protobuf:"bytes,9,opt,name=dest_service_namespace,json=destServiceNamespace,proto3" json:"dest_service_namespace,omitempty"` + DestServicePortName string `protobuf:"bytes,10,opt,name=dest_service_port_name,json=destServicePortName,proto3" json:"dest_service_port_name,omitempty"` + DestServicePort string `protobuf:"bytes,11,opt,name=dest_service_port,json=destServicePort,proto3" json:"dest_service_port,omitempty"` + Proto string `protobuf:"bytes,12,opt,name=proto,proto3" json:"proto,omitempty"` + Reporter string `protobuf:"bytes,13,opt,name=reporter,proto3" json:"reporter,omitempty"` + Action string `protobuf:"bytes,14,opt,name=action,proto3" json:"action,omitempty"` + Policies *Policies `protobuf:"bytes,15,opt,name=policies,proto3" json:"policies,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *FlowKey) Reset() { + *x = FlowKey{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FlowKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FlowKey) ProtoMessage() {} + +func (x *FlowKey) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FlowKey.ProtoReflect.Descriptor instead. +func (*FlowKey) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{3} +} + +func (x *FlowKey) GetSourceName() string { + if x != nil { + return x.SourceName + } + return "" +} + +func (x *FlowKey) GetSourceNamespace() string { + if x != nil { + return x.SourceNamespace + } + return "" +} + +func (x *FlowKey) GetSourceType() string { + if x != nil { + return x.SourceType + } + return "" +} + +func (x *FlowKey) GetDestName() string { + if x != nil { + return x.DestName + } + return "" +} + +func (x *FlowKey) GetDestNamespace() string { + if x != nil { + return x.DestNamespace + } + return "" +} + +func (x *FlowKey) GetDestType() string { + if x != nil { + return x.DestType + } + return "" +} + +func (x *FlowKey) GetDestPort() string { + if x != nil { + return x.DestPort + } + return "" +} + +func (x *FlowKey) GetDestServiceName() string { + if x != nil { + return x.DestServiceName + } + return "" +} + +func (x *FlowKey) GetDestServiceNamespace() string { + if x != nil { + return x.DestServiceNamespace + } + return "" +} + +func (x *FlowKey) GetDestServicePortName() string { + if x != nil { + return x.DestServicePortName + } + return "" +} + +func (x *FlowKey) GetDestServicePort() string { + if x != nil { + return x.DestServicePort + } + return "" +} + +func (x *FlowKey) GetProto() string { + if x != nil { + return x.Proto + } + return "" +} + +func (x *FlowKey) GetReporter() string { + if x != nil { + return x.Reporter + } + return "" +} + +func (x *FlowKey) GetAction() string { + if x != nil { + return x.Action + } + return "" +} + +func (x *FlowKey) GetPolicies() *Policies { + if x != nil { + return x.Policies + } + return nil +} + +// Policies contains enforced and pending policies for a flow +type Policies struct { + state protoimpl.MessageState `protogen:"open.v1"` + EnforcedPolicies []*Policy `protobuf:"bytes,1,rep,name=enforced_policies,json=enforcedPolicies,proto3" json:"enforced_policies,omitempty"` + PendingPolicies []*Policy `protobuf:"bytes,2,rep,name=pending_policies,json=pendingPolicies,proto3" json:"pending_policies,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Policies) Reset() { + *x = Policies{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Policies) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Policies) ProtoMessage() {} + +func (x *Policies) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Policies.ProtoReflect.Descriptor instead. +func (*Policies) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{4} +} + +func (x *Policies) GetEnforcedPolicies() []*Policy { + if x != nil { + return x.EnforcedPolicies + } + return nil +} + +func (x *Policies) GetPendingPolicies() []*Policy { + if x != nil { + return x.PendingPolicies + } + return nil +} + +// Policy represents a single Calico network policy +type Policy struct { + state protoimpl.MessageState `protogen:"open.v1"` + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + Tier string `protobuf:"bytes,4,opt,name=tier,proto3" json:"tier,omitempty"` + Action string `protobuf:"bytes,5,opt,name=action,proto3" json:"action,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Policy) Reset() { + *x = Policy{} + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Policy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Policy) ProtoMessage() {} + +func (x *Policy) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Policy.ProtoReflect.Descriptor instead. +func (*Policy) Descriptor() ([]byte, []int) { + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP(), []int{5} +} + +func (x *Policy) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *Policy) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *Policy) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *Policy) GetTier() string { + if x != nil { + return x.Tier + } + return "" +} + +func (x *Policy) GetAction() string { + if x != nil { + return x.Action + } + return "" +} + +var File_illumio_cloud_goldmane_v1_goldmane_proto protoreflect.FileDescriptor + +const file_illumio_cloud_goldmane_v1_goldmane_proto_rawDesc = "" + + "\n" + + "(illumio/cloud/goldmane/v1/goldmane.proto\x12\bgoldmane\"\x0f\n" + + "\rStreamRequest\"D\n" + + "\x0eStreamResponse\x12\x0e\n" + + "\x02id\x18\x01 \x01(\tR\x02id\x12\"\n" + + "\x04flow\x18\x02 \x01(\v2\x0e.goldmane.FlowR\x04flow\"\xc9\x03\n" + + "\x04Flow\x12#\n" + + "\x03Key\x18\x01 \x01(\v2\x11.goldmane.FlowKeyR\x03Key\x12\x1d\n" + + "\n" + + "start_time\x18\x02 \x01(\tR\tstartTime\x12\x19\n" + + "\bend_time\x18\x03 \x01(\tR\aendTime\x12#\n" + + "\rsource_labels\x18\x04 \x03(\tR\fsourceLabels\x12\x1f\n" + + "\vdest_labels\x18\x05 \x03(\tR\n" + + "destLabels\x12\x1d\n" + + "\n" + + "packets_in\x18\x06 \x01(\tR\tpacketsIn\x12\x1f\n" + + "\vpackets_out\x18\a \x01(\tR\n" + + "packetsOut\x12\x19\n" + + "\bbytes_in\x18\b \x01(\tR\abytesIn\x12\x1b\n" + + "\tbytes_out\x18\t \x01(\tR\bbytesOut\x126\n" + + "\x17num_connections_started\x18\n" + + " \x01(\tR\x15numConnectionsStarted\x12:\n" + + "\x19num_connections_completed\x18\v \x01(\tR\x17numConnectionsCompleted\x120\n" + + "\x14num_connections_live\x18\f \x01(\tR\x12numConnectionsLive\"\xb1\x04\n" + + "\aFlowKey\x12\x1f\n" + + "\vsource_name\x18\x01 \x01(\tR\n" + + "sourceName\x12)\n" + + "\x10source_namespace\x18\x02 \x01(\tR\x0fsourceNamespace\x12\x1f\n" + + "\vsource_type\x18\x03 \x01(\tR\n" + + "sourceType\x12\x1b\n" + + "\tdest_name\x18\x04 \x01(\tR\bdestName\x12%\n" + + "\x0edest_namespace\x18\x05 \x01(\tR\rdestNamespace\x12\x1b\n" + + "\tdest_type\x18\x06 \x01(\tR\bdestType\x12\x1b\n" + + "\tdest_port\x18\a \x01(\tR\bdestPort\x12*\n" + + "\x11dest_service_name\x18\b \x01(\tR\x0fdestServiceName\x124\n" + + "\x16dest_service_namespace\x18\t \x01(\tR\x14destServiceNamespace\x123\n" + + "\x16dest_service_port_name\x18\n" + + " \x01(\tR\x13destServicePortName\x12*\n" + + "\x11dest_service_port\x18\v \x01(\tR\x0fdestServicePort\x12\x14\n" + + "\x05proto\x18\f \x01(\tR\x05proto\x12\x1a\n" + + "\breporter\x18\r \x01(\tR\breporter\x12\x16\n" + + "\x06action\x18\x0e \x01(\tR\x06action\x12.\n" + + "\bpolicies\x18\x0f \x01(\v2\x12.goldmane.PoliciesR\bpolicies\"\x86\x01\n" + + "\bPolicies\x12=\n" + + "\x11enforced_policies\x18\x01 \x03(\v2\x10.goldmane.PolicyR\x10enforcedPolicies\x12;\n" + + "\x10pending_policies\x18\x02 \x03(\v2\x10.goldmane.PolicyR\x0fpendingPolicies\"z\n" + + "\x06Policy\x12\x12\n" + + "\x04kind\x18\x01 \x01(\tR\x04kind\x12\x1c\n" + + "\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x12\n" + + "\x04name\x18\x03 \x01(\tR\x04name\x12\x12\n" + + "\x04tier\x18\x04 \x01(\tR\x04tier\x12\x16\n" + + "\x06action\x18\x05 \x01(\tR\x06action2F\n" + + "\x05Flows\x12=\n" + + "\x06Stream\x12\x17.goldmane.StreamRequest\x1a\x18.goldmane.StreamResponse0\x01B\xa0\x01\n" + + "\fcom.goldmaneB\rGoldmaneProtoP\x01ZAgithub.com/illumio/cloudsecure-operator/illumio/cloud/goldmane/v1\xa2\x02\x03GXX\xaa\x02\bGoldmane\xca\x02\bGoldmane\xe2\x02\x14Goldmane\\GPBMetadata\xea\x02\bGoldmaneb\x06proto3" + +var ( + file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescOnce sync.Once + file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescData []byte +) + +func file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescGZIP() []byte { + file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescOnce.Do(func() { + file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_illumio_cloud_goldmane_v1_goldmane_proto_rawDesc), len(file_illumio_cloud_goldmane_v1_goldmane_proto_rawDesc))) + }) + return file_illumio_cloud_goldmane_v1_goldmane_proto_rawDescData +} + +var file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_illumio_cloud_goldmane_v1_goldmane_proto_goTypes = []any{ + (*StreamRequest)(nil), // 0: goldmane.StreamRequest + (*StreamResponse)(nil), // 1: goldmane.StreamResponse + (*Flow)(nil), // 2: goldmane.Flow + (*FlowKey)(nil), // 3: goldmane.FlowKey + (*Policies)(nil), // 4: goldmane.Policies + (*Policy)(nil), // 5: goldmane.Policy +} +var file_illumio_cloud_goldmane_v1_goldmane_proto_depIdxs = []int32{ + 2, // 0: goldmane.StreamResponse.flow:type_name -> goldmane.Flow + 3, // 1: goldmane.Flow.Key:type_name -> goldmane.FlowKey + 4, // 2: goldmane.FlowKey.policies:type_name -> goldmane.Policies + 5, // 3: goldmane.Policies.enforced_policies:type_name -> goldmane.Policy + 5, // 4: goldmane.Policies.pending_policies:type_name -> goldmane.Policy + 0, // 5: goldmane.Flows.Stream:input_type -> goldmane.StreamRequest + 1, // 6: goldmane.Flows.Stream:output_type -> goldmane.StreamResponse + 6, // [6:7] is the sub-list for method output_type + 5, // [5:6] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_illumio_cloud_goldmane_v1_goldmane_proto_init() } +func file_illumio_cloud_goldmane_v1_goldmane_proto_init() { + if File_illumio_cloud_goldmane_v1_goldmane_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_illumio_cloud_goldmane_v1_goldmane_proto_rawDesc), len(file_illumio_cloud_goldmane_v1_goldmane_proto_rawDesc)), + NumEnums: 0, + NumMessages: 6, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_illumio_cloud_goldmane_v1_goldmane_proto_goTypes, + DependencyIndexes: file_illumio_cloud_goldmane_v1_goldmane_proto_depIdxs, + MessageInfos: file_illumio_cloud_goldmane_v1_goldmane_proto_msgTypes, + }.Build() + File_illumio_cloud_goldmane_v1_goldmane_proto = out.File + file_illumio_cloud_goldmane_v1_goldmane_proto_goTypes = nil + file_illumio_cloud_goldmane_v1_goldmane_proto_depIdxs = nil +} diff --git a/api/illumio/cloud/goldmane/v1/goldmane.proto b/api/illumio/cloud/goldmane/v1/goldmane.proto new file mode 100644 index 00000000..85771495 --- /dev/null +++ b/api/illumio/cloud/goldmane/v1/goldmane.proto @@ -0,0 +1,71 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +syntax = "proto3"; + +package goldmane; + +option go_package = "github.com/illumio/cloud-operator/api/illumio/cloud/goldmane/v1;goldmanepb"; + +// StreamRequest initiates a flow stream from Goldmane +message StreamRequest {} + +// StreamResponse contains a single flow from Goldmane +message StreamResponse { + string id = 1; + Flow flow = 2; +} + +// Flow represents a network flow in Goldmane's format +message Flow { + FlowKey Key = 1; + string start_time = 2; + string end_time = 3; + repeated string source_labels = 4; + repeated string dest_labels = 5; + string packets_in = 6; + string packets_out = 7; + string bytes_in = 8; + string bytes_out = 9; + string num_connections_started = 10; + string num_connections_completed = 11; + string num_connections_live = 12; +} + +// FlowKey uniquely identifies a flow +message FlowKey { + string source_name = 1; + string source_namespace = 2; + string source_type = 3; + string dest_name = 4; + string dest_namespace = 5; + string dest_type = 6; + string dest_port = 7; + string dest_service_name = 8; + string dest_service_namespace = 9; + string dest_service_port_name = 10; + string dest_service_port = 11; + string proto = 12; + string reporter = 13; + string action = 14; + Policies policies = 15; +} + +// Policies contains enforced and pending policies for a flow +message Policies { + repeated Policy enforced_policies = 1; + repeated Policy pending_policies = 2; +} + +// Policy represents a single Calico network policy +message Policy { + string kind = 1; + string namespace = 2; + string name = 3; + string tier = 4; + string action = 5; +} + +// Flows service provides network flow streaming from Goldmane +service Flows { + rpc Stream(StreamRequest) returns (stream StreamResponse); +} diff --git a/api/illumio/cloud/goldmane/v1/goldmane_grpc.pb.go b/api/illumio/cloud/goldmane/v1/goldmane_grpc.pb.go new file mode 100644 index 00000000..a2337e04 --- /dev/null +++ b/api/illumio/cloud/goldmane/v1/goldmane_grpc.pb.go @@ -0,0 +1,130 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.0 +// - protoc (unknown) +// source: illumio/cloud/goldmane/v1/goldmane.proto + +package v1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Flows_Stream_FullMethodName = "/goldmane.Flows/Stream" +) + +// FlowsClient is the client API for Flows service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// Flows service provides network flow streaming from Goldmane +type FlowsClient interface { + Stream(ctx context.Context, in *StreamRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[StreamResponse], error) +} + +type flowsClient struct { + cc grpc.ClientConnInterface +} + +func NewFlowsClient(cc grpc.ClientConnInterface) FlowsClient { + return &flowsClient{cc} +} + +func (c *flowsClient) Stream(ctx context.Context, in *StreamRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[StreamResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &Flows_ServiceDesc.Streams[0], Flows_Stream_FullMethodName, cOpts...) + if err != nil { + return nil, err + } + x := &grpc.GenericClientStream[StreamRequest, StreamResponse]{ClientStream: stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type Flows_StreamClient = grpc.ServerStreamingClient[StreamResponse] + +// FlowsServer is the server API for Flows service. +// All implementations must embed UnimplementedFlowsServer +// for forward compatibility. +// +// Flows service provides network flow streaming from Goldmane +type FlowsServer interface { + Stream(*StreamRequest, grpc.ServerStreamingServer[StreamResponse]) error + mustEmbedUnimplementedFlowsServer() +} + +// UnimplementedFlowsServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedFlowsServer struct{} + +func (UnimplementedFlowsServer) Stream(*StreamRequest, grpc.ServerStreamingServer[StreamResponse]) error { + return status.Error(codes.Unimplemented, "method Stream not implemented") +} +func (UnimplementedFlowsServer) mustEmbedUnimplementedFlowsServer() {} +func (UnimplementedFlowsServer) testEmbeddedByValue() {} + +// UnsafeFlowsServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to FlowsServer will +// result in compilation errors. +type UnsafeFlowsServer interface { + mustEmbedUnimplementedFlowsServer() +} + +func RegisterFlowsServer(s grpc.ServiceRegistrar, srv FlowsServer) { + // If the following call panics, it indicates UnimplementedFlowsServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&Flows_ServiceDesc, srv) +} + +func _Flows_Stream_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(StreamRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(FlowsServer).Stream(m, &grpc.GenericServerStream[StreamRequest, StreamResponse]{ServerStream: stream}) +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type Flows_StreamServer = grpc.ServerStreamingServer[StreamResponse] + +// Flows_ServiceDesc is the grpc.ServiceDesc for Flows service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Flows_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "goldmane.Flows", + HandlerType: (*FlowsServer)(nil), + Methods: []grpc.MethodDesc{}, + Streams: []grpc.StreamDesc{ + { + StreamName: "Stream", + Handler: _Flows_Stream_Handler, + ServerStreams: true, + }, + }, + Metadata: "illumio/cloud/goldmane/v1/goldmane.proto", +} diff --git a/api/illumio/cloud/k8sclustersync/v1/calico_flow.go b/api/illumio/cloud/k8sclustersync/v1/calico_flow.go new file mode 100644 index 00000000..350886f0 --- /dev/null +++ b/api/illumio/cloud/k8sclustersync/v1/calico_flow.go @@ -0,0 +1,52 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +package k8sclustersyncv1 + +import ( + "time" +) + +var _ Flow = &CalicoFlow{} + +// CalicoFlowKey uniquely identifies a Calico flow for deduplication purposes. +type CalicoFlowKey struct { + SourceName string + SourceNamespace string + SourceType string + DestName string + DestNamespace string + DestType string + DestPort uint32 + DestServiceName string + DestServiceNamespace string + Proto string + Reporter string + Action string +} + +// StartTimestamp returns the start time of the flow. +func (flow *CalicoFlow) StartTimestamp() time.Time { + return flow.GetStartTime().AsTime() +} + +// Key returns a comparable key for this flow used for deduplication. +func (flow *CalicoFlow) Key() any { + if flow == nil { + return nil + } + + return CalicoFlowKey{ + SourceName: flow.GetSourceName(), + SourceNamespace: flow.GetSourceNamespace(), + SourceType: flow.GetSourceType(), + DestName: flow.GetDestName(), + DestNamespace: flow.GetDestNamespace(), + DestType: flow.GetDestType(), + DestPort: flow.GetDestPort(), + DestServiceName: flow.GetDestServiceName(), + DestServiceNamespace: flow.GetDestServiceNamespace(), + Proto: flow.GetProto(), + Reporter: flow.GetReporter(), + Action: flow.GetAction(), + } +} diff --git a/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go b/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go index 243c02f2..55045b94 100644 --- a/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go +++ b/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go @@ -39,6 +39,8 @@ const ( FlowCollector_FLOW_COLLECTOR_FALCO FlowCollector = 3 // Indicates that OVN-Kubernetes is deployed and configured for collecting network flows. FlowCollector_FLOW_COLLECTOR_OVNK FlowCollector = 4 + // Indicates that Calico CNI is deployed with Goldmane and is used for collecting network flows. + FlowCollector_FLOW_COLLECTOR_CALICO FlowCollector = 5 ) // Enum value maps for FlowCollector. @@ -49,6 +51,7 @@ var ( 2: "FLOW_COLLECTOR_CILIUM", 3: "FLOW_COLLECTOR_FALCO", 4: "FLOW_COLLECTOR_OVNK", + 5: "FLOW_COLLECTOR_CALICO", } FlowCollector_value = map[string]int32{ "FLOW_COLLECTOR_UNSPECIFIED": 0, @@ -56,6 +59,7 @@ var ( "FLOW_COLLECTOR_CILIUM": 2, "FLOW_COLLECTOR_FALCO": 3, "FLOW_COLLECTOR_OVNK": 4, + "FLOW_COLLECTOR_CALICO": 5, } ) @@ -2047,6 +2051,414 @@ func (x *CiliumFlow) GetIngressDeniedBy() []*Policy { return nil } +// A flow received from Calico Goldmane using the Flows service's Stream RPC. +type CalicoFlow struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Time when the flow started. + StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"` + // Time when the flow ended. + EndTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"` + // Source workload name (aggregated with wildcard for pod hash). + SourceName string `protobuf:"bytes,3,opt,name=source_name,json=sourceName,proto3" json:"source_name,omitempty"` + // Source namespace. + SourceNamespace string `protobuf:"bytes,4,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` + // Source type (e.g., WorkloadEndpoint, Network). + SourceType string `protobuf:"bytes,5,opt,name=source_type,json=sourceType,proto3" json:"source_type,omitempty"` + // Destination workload name (aggregated with wildcard for pod hash). + DestName string `protobuf:"bytes,6,opt,name=dest_name,json=destName,proto3" json:"dest_name,omitempty"` + // Destination namespace. + DestNamespace string `protobuf:"bytes,7,opt,name=dest_namespace,json=destNamespace,proto3" json:"dest_namespace,omitempty"` + // Destination type (e.g., WorkloadEndpoint, Network). + DestType string `protobuf:"bytes,8,opt,name=dest_type,json=destType,proto3" json:"dest_type,omitempty"` + // Destination port. + DestPort uint32 `protobuf:"varint,9,opt,name=dest_port,json=destPort,proto3" json:"dest_port,omitempty"` + // Destination service name. + DestServiceName string `protobuf:"bytes,10,opt,name=dest_service_name,json=destServiceName,proto3" json:"dest_service_name,omitempty"` + // Destination service namespace. + DestServiceNamespace string `protobuf:"bytes,11,opt,name=dest_service_namespace,json=destServiceNamespace,proto3" json:"dest_service_namespace,omitempty"` + // Destination service port name. + DestServicePortName string `protobuf:"bytes,12,opt,name=dest_service_port_name,json=destServicePortName,proto3" json:"dest_service_port_name,omitempty"` + // Destination service port. + DestServicePort uint32 `protobuf:"varint,13,opt,name=dest_service_port,json=destServicePort,proto3" json:"dest_service_port,omitempty"` + // Protocol (e.g., tcp, udp). + Proto string `protobuf:"bytes,14,opt,name=proto,proto3" json:"proto,omitempty"` + // Reporter (Src or Dst). + Reporter string `protobuf:"bytes,15,opt,name=reporter,proto3" json:"reporter,omitempty"` + // Action (Allow, Deny). + Action string `protobuf:"bytes,16,opt,name=action,proto3" json:"action,omitempty"` + // Source labels. + SourceLabels []string `protobuf:"bytes,17,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty"` + // Destination labels. + DestLabels []string `protobuf:"bytes,18,rep,name=dest_labels,json=destLabels,proto3" json:"dest_labels,omitempty"` + // Packets received. + PacketsIn uint64 `protobuf:"varint,19,opt,name=packets_in,json=packetsIn,proto3" json:"packets_in,omitempty"` + // Packets sent. + PacketsOut uint64 `protobuf:"varint,20,opt,name=packets_out,json=packetsOut,proto3" json:"packets_out,omitempty"` + // Bytes received. + BytesIn uint64 `protobuf:"varint,21,opt,name=bytes_in,json=bytesIn,proto3" json:"bytes_in,omitempty"` + // Bytes sent. + BytesOut uint64 `protobuf:"varint,22,opt,name=bytes_out,json=bytesOut,proto3" json:"bytes_out,omitempty"` + // Number of connections started. + NumConnectionsStarted uint64 `protobuf:"varint,23,opt,name=num_connections_started,json=numConnectionsStarted,proto3" json:"num_connections_started,omitempty"` + // Number of connections completed. + NumConnectionsCompleted uint64 `protobuf:"varint,24,opt,name=num_connections_completed,json=numConnectionsCompleted,proto3" json:"num_connections_completed,omitempty"` + // Number of live connections. + NumConnectionsLive uint64 `protobuf:"varint,25,opt,name=num_connections_live,json=numConnectionsLive,proto3" json:"num_connections_live,omitempty"` + // Policies information. + Policies *CalicoPolicies `protobuf:"bytes,26,opt,name=policies,proto3" json:"policies,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CalicoFlow) Reset() { + *x = CalicoFlow{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CalicoFlow) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CalicoFlow) ProtoMessage() {} + +func (x *CalicoFlow) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CalicoFlow.ProtoReflect.Descriptor instead. +func (*CalicoFlow) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{21} +} + +func (x *CalicoFlow) GetStartTime() *timestamppb.Timestamp { + if x != nil { + return x.StartTime + } + return nil +} + +func (x *CalicoFlow) GetEndTime() *timestamppb.Timestamp { + if x != nil { + return x.EndTime + } + return nil +} + +func (x *CalicoFlow) GetSourceName() string { + if x != nil { + return x.SourceName + } + return "" +} + +func (x *CalicoFlow) GetSourceNamespace() string { + if x != nil { + return x.SourceNamespace + } + return "" +} + +func (x *CalicoFlow) GetSourceType() string { + if x != nil { + return x.SourceType + } + return "" +} + +func (x *CalicoFlow) GetDestName() string { + if x != nil { + return x.DestName + } + return "" +} + +func (x *CalicoFlow) GetDestNamespace() string { + if x != nil { + return x.DestNamespace + } + return "" +} + +func (x *CalicoFlow) GetDestType() string { + if x != nil { + return x.DestType + } + return "" +} + +func (x *CalicoFlow) GetDestPort() uint32 { + if x != nil { + return x.DestPort + } + return 0 +} + +func (x *CalicoFlow) GetDestServiceName() string { + if x != nil { + return x.DestServiceName + } + return "" +} + +func (x *CalicoFlow) GetDestServiceNamespace() string { + if x != nil { + return x.DestServiceNamespace + } + return "" +} + +func (x *CalicoFlow) GetDestServicePortName() string { + if x != nil { + return x.DestServicePortName + } + return "" +} + +func (x *CalicoFlow) GetDestServicePort() uint32 { + if x != nil { + return x.DestServicePort + } + return 0 +} + +func (x *CalicoFlow) GetProto() string { + if x != nil { + return x.Proto + } + return "" +} + +func (x *CalicoFlow) GetReporter() string { + if x != nil { + return x.Reporter + } + return "" +} + +func (x *CalicoFlow) GetAction() string { + if x != nil { + return x.Action + } + return "" +} + +func (x *CalicoFlow) GetSourceLabels() []string { + if x != nil { + return x.SourceLabels + } + return nil +} + +func (x *CalicoFlow) GetDestLabels() []string { + if x != nil { + return x.DestLabels + } + return nil +} + +func (x *CalicoFlow) GetPacketsIn() uint64 { + if x != nil { + return x.PacketsIn + } + return 0 +} + +func (x *CalicoFlow) GetPacketsOut() uint64 { + if x != nil { + return x.PacketsOut + } + return 0 +} + +func (x *CalicoFlow) GetBytesIn() uint64 { + if x != nil { + return x.BytesIn + } + return 0 +} + +func (x *CalicoFlow) GetBytesOut() uint64 { + if x != nil { + return x.BytesOut + } + return 0 +} + +func (x *CalicoFlow) GetNumConnectionsStarted() uint64 { + if x != nil { + return x.NumConnectionsStarted + } + return 0 +} + +func (x *CalicoFlow) GetNumConnectionsCompleted() uint64 { + if x != nil { + return x.NumConnectionsCompleted + } + return 0 +} + +func (x *CalicoFlow) GetNumConnectionsLive() uint64 { + if x != nil { + return x.NumConnectionsLive + } + return 0 +} + +func (x *CalicoFlow) GetPolicies() *CalicoPolicies { + if x != nil { + return x.Policies + } + return nil +} + +// CalicoPolicies contains the policy information for a Calico flow. +type CalicoPolicies struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Policies that were enforced for this flow. + EnforcedPolicies []*CalicoPolicy `protobuf:"bytes,1,rep,name=enforced_policies,json=enforcedPolicies,proto3" json:"enforced_policies,omitempty"` + // Policies that are pending for this flow. + PendingPolicies []*CalicoPolicy `protobuf:"bytes,2,rep,name=pending_policies,json=pendingPolicies,proto3" json:"pending_policies,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CalicoPolicies) Reset() { + *x = CalicoPolicies{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CalicoPolicies) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CalicoPolicies) ProtoMessage() {} + +func (x *CalicoPolicies) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CalicoPolicies.ProtoReflect.Descriptor instead. +func (*CalicoPolicies) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{22} +} + +func (x *CalicoPolicies) GetEnforcedPolicies() []*CalicoPolicy { + if x != nil { + return x.EnforcedPolicies + } + return nil +} + +func (x *CalicoPolicies) GetPendingPolicies() []*CalicoPolicy { + if x != nil { + return x.PendingPolicies + } + return nil +} + +// CalicoPolicy represents a single Calico network policy. +type CalicoPolicy struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Kind of policy (e.g., NetworkPolicy, Profile). + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + // Namespace of the policy (if applicable). + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + // Name of the policy. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // Tier of the policy. + Tier string `protobuf:"bytes,4,opt,name=tier,proto3" json:"tier,omitempty"` + // Action of the policy (Allow, Deny). + Action string `protobuf:"bytes,5,opt,name=action,proto3" json:"action,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CalicoPolicy) Reset() { + *x = CalicoPolicy{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CalicoPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CalicoPolicy) ProtoMessage() {} + +func (x *CalicoPolicy) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CalicoPolicy.ProtoReflect.Descriptor instead. +func (*CalicoPolicy) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{23} +} + +func (x *CalicoPolicy) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *CalicoPolicy) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *CalicoPolicy) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *CalicoPolicy) GetTier() string { + if x != nil { + return x.Tier + } + return "" +} + +func (x *CalicoPolicy) GetAction() string { + if x != nil { + return x.Action + } + return "" +} + // Service contains Service header fields of a flow. // https://pkg.go.dev/github.com/cilium/cilium/api/v1/flow#Service type Service struct { @@ -2059,7 +2471,7 @@ type Service struct { func (x *Service) Reset() { *x = Service{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2071,7 +2483,7 @@ func (x *Service) String() string { func (*Service) ProtoMessage() {} func (x *Service) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2084,7 +2496,7 @@ func (x *Service) ProtoReflect() protoreflect.Message { // Deprecated: Use Service.ProtoReflect.Descriptor instead. func (*Service) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{21} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{24} } func (x *Service) GetName() string { @@ -2114,7 +2526,7 @@ type IP struct { func (x *IP) Reset() { *x = IP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2126,7 +2538,7 @@ func (x *IP) String() string { func (*IP) ProtoMessage() {} func (x *IP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2139,7 +2551,7 @@ func (x *IP) ProtoReflect() protoreflect.Message { // Deprecated: Use IP.ProtoReflect.Descriptor instead. func (*IP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{22} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{25} } func (x *IP) GetSource() string { @@ -2181,7 +2593,7 @@ type Layer4 struct { func (x *Layer4) Reset() { *x = Layer4{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2193,7 +2605,7 @@ func (x *Layer4) String() string { func (*Layer4) ProtoMessage() {} func (x *Layer4) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2206,7 +2618,7 @@ func (x *Layer4) ProtoReflect() protoreflect.Message { // Deprecated: Use Layer4.ProtoReflect.Descriptor instead. func (*Layer4) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{23} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{26} } func (x *Layer4) GetProtocol() isLayer4_Protocol { @@ -2309,7 +2721,7 @@ type TCP struct { func (x *TCP) Reset() { *x = TCP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2321,7 +2733,7 @@ func (x *TCP) String() string { func (*TCP) ProtoMessage() {} func (x *TCP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2334,7 +2746,7 @@ func (x *TCP) ProtoReflect() protoreflect.Message { // Deprecated: Use TCP.ProtoReflect.Descriptor instead. func (*TCP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{24} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{27} } func (x *TCP) GetSourcePort() uint32 { @@ -2377,7 +2789,7 @@ type TCPFlags struct { func (x *TCPFlags) Reset() { *x = TCPFlags{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2389,7 +2801,7 @@ func (x *TCPFlags) String() string { func (*TCPFlags) ProtoMessage() {} func (x *TCPFlags) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2402,7 +2814,7 @@ func (x *TCPFlags) ProtoReflect() protoreflect.Message { // Deprecated: Use TCPFlags.ProtoReflect.Descriptor instead. func (*TCPFlags) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{25} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{28} } func (x *TCPFlags) GetFin() bool { @@ -2480,7 +2892,7 @@ type UDP struct { func (x *UDP) Reset() { *x = UDP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2492,7 +2904,7 @@ func (x *UDP) String() string { func (*UDP) ProtoMessage() {} func (x *UDP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2505,7 +2917,7 @@ func (x *UDP) ProtoReflect() protoreflect.Message { // Deprecated: Use UDP.ProtoReflect.Descriptor instead. func (*UDP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{26} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{29} } func (x *UDP) GetSourcePort() uint32 { @@ -2534,7 +2946,7 @@ type SCTP struct { func (x *SCTP) Reset() { *x = SCTP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2546,7 +2958,7 @@ func (x *SCTP) String() string { func (*SCTP) ProtoMessage() {} func (x *SCTP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2559,7 +2971,7 @@ func (x *SCTP) ProtoReflect() protoreflect.Message { // Deprecated: Use SCTP.ProtoReflect.Descriptor instead. func (*SCTP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{27} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{30} } func (x *SCTP) GetSourcePort() uint32 { @@ -2588,7 +3000,7 @@ type ICMPv4 struct { func (x *ICMPv4) Reset() { *x = ICMPv4{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2600,7 +3012,7 @@ func (x *ICMPv4) String() string { func (*ICMPv4) ProtoMessage() {} func (x *ICMPv4) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2613,7 +3025,7 @@ func (x *ICMPv4) ProtoReflect() protoreflect.Message { // Deprecated: Use ICMPv4.ProtoReflect.Descriptor instead. func (*ICMPv4) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{28} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{31} } func (x *ICMPv4) GetType() uint32 { @@ -2642,7 +3054,7 @@ type ICMPv6 struct { func (x *ICMPv6) Reset() { *x = ICMPv6{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2654,7 +3066,7 @@ func (x *ICMPv6) String() string { func (*ICMPv6) ProtoMessage() {} func (x *ICMPv6) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2667,7 +3079,7 @@ func (x *ICMPv6) ProtoReflect() protoreflect.Message { // Deprecated: Use ICMPv6.ProtoReflect.Descriptor instead. func (*ICMPv6) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{29} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{32} } func (x *ICMPv6) GetType() uint32 { @@ -2700,7 +3112,7 @@ type Endpoint struct { func (x *Endpoint) Reset() { *x = Endpoint{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2712,7 +3124,7 @@ func (x *Endpoint) String() string { func (*Endpoint) ProtoMessage() {} func (x *Endpoint) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2725,7 +3137,7 @@ func (x *Endpoint) ProtoReflect() protoreflect.Message { // Deprecated: Use Endpoint.ProtoReflect.Descriptor instead. func (*Endpoint) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{30} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{33} } func (x *Endpoint) GetUid() uint32 { @@ -2782,7 +3194,7 @@ type Workload struct { func (x *Workload) Reset() { *x = Workload{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2794,7 +3206,7 @@ func (x *Workload) String() string { func (*Workload) ProtoMessage() {} func (x *Workload) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2807,7 +3219,7 @@ func (x *Workload) ProtoReflect() protoreflect.Message { // Deprecated: Use Workload.ProtoReflect.Descriptor instead. func (*Workload) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{31} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{34} } func (x *Workload) GetName() string { @@ -2839,7 +3251,7 @@ type Policy struct { func (x *Policy) Reset() { *x = Policy{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2851,7 +3263,7 @@ func (x *Policy) String() string { func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2864,7 +3276,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{32} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{35} } func (x *Policy) GetName() string { @@ -2910,6 +3322,7 @@ type SendKubernetesNetworkFlowsRequest struct { // *SendKubernetesNetworkFlowsRequest_Keepalive // *SendKubernetesNetworkFlowsRequest_CiliumFlow // *SendKubernetesNetworkFlowsRequest_FiveTupleFlow + // *SendKubernetesNetworkFlowsRequest_CalicoFlow Request isSendKubernetesNetworkFlowsRequest_Request `protobuf_oneof:"request"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -2917,7 +3330,7 @@ type SendKubernetesNetworkFlowsRequest struct { func (x *SendKubernetesNetworkFlowsRequest) Reset() { *x = SendKubernetesNetworkFlowsRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2929,7 +3342,7 @@ func (x *SendKubernetesNetworkFlowsRequest) String() string { func (*SendKubernetesNetworkFlowsRequest) ProtoMessage() {} func (x *SendKubernetesNetworkFlowsRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2942,7 +3355,7 @@ func (x *SendKubernetesNetworkFlowsRequest) ProtoReflect() protoreflect.Message // Deprecated: Use SendKubernetesNetworkFlowsRequest.ProtoReflect.Descriptor instead. func (*SendKubernetesNetworkFlowsRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{33} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{36} } func (x *SendKubernetesNetworkFlowsRequest) GetRequest() isSendKubernetesNetworkFlowsRequest_Request { @@ -2979,6 +3392,15 @@ func (x *SendKubernetesNetworkFlowsRequest) GetFiveTupleFlow() *FiveTupleFlow { return nil } +func (x *SendKubernetesNetworkFlowsRequest) GetCalicoFlow() *CalicoFlow { + if x != nil { + if x, ok := x.Request.(*SendKubernetesNetworkFlowsRequest_CalicoFlow); ok { + return x.CalicoFlow + } + } + return nil +} + type isSendKubernetesNetworkFlowsRequest_Request interface { isSendKubernetesNetworkFlowsRequest_Request() } @@ -2995,6 +3417,10 @@ type SendKubernetesNetworkFlowsRequest_FiveTupleFlow struct { FiveTupleFlow *FiveTupleFlow `protobuf:"bytes,2,opt,name=five_tuple_flow,json=fiveTupleFlow,proto3,oneof"` } +type SendKubernetesNetworkFlowsRequest_CalicoFlow struct { + CalicoFlow *CalicoFlow `protobuf:"bytes,4,opt,name=calico_flow,json=calicoFlow,proto3,oneof"` +} + func (*SendKubernetesNetworkFlowsRequest_Keepalive) isSendKubernetesNetworkFlowsRequest_Request() {} func (*SendKubernetesNetworkFlowsRequest_CiliumFlow) isSendKubernetesNetworkFlowsRequest_Request() {} @@ -3002,6 +3428,8 @@ func (*SendKubernetesNetworkFlowsRequest_CiliumFlow) isSendKubernetesNetworkFlow func (*SendKubernetesNetworkFlowsRequest_FiveTupleFlow) isSendKubernetesNetworkFlowsRequest_Request() { } +func (*SendKubernetesNetworkFlowsRequest_CalicoFlow) isSendKubernetesNetworkFlowsRequest_Request() {} + // Message sent to the operator in a SendKubernetesNetworkFlows response stream. type SendKubernetesNetworkFlowsResponse struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -3011,7 +3439,7 @@ type SendKubernetesNetworkFlowsResponse struct { func (x *SendKubernetesNetworkFlowsResponse) Reset() { *x = SendKubernetesNetworkFlowsResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3023,7 +3451,7 @@ func (x *SendKubernetesNetworkFlowsResponse) String() string { func (*SendKubernetesNetworkFlowsResponse) ProtoMessage() {} func (x *SendKubernetesNetworkFlowsResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3036,7 +3464,7 @@ func (x *SendKubernetesNetworkFlowsResponse) ProtoReflect() protoreflect.Message // Deprecated: Use SendKubernetesNetworkFlowsResponse.ProtoReflect.Descriptor instead. func (*SendKubernetesNetworkFlowsResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{34} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{37} } // Message representing a log entry. @@ -3050,7 +3478,7 @@ type LogEntry struct { func (x *LogEntry) Reset() { *x = LogEntry{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3062,7 +3490,7 @@ func (x *LogEntry) String() string { func (*LogEntry) ProtoMessage() {} func (x *LogEntry) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3075,7 +3503,7 @@ func (x *LogEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use LogEntry.ProtoReflect.Descriptor instead. func (*LogEntry) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{35} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{38} } func (x *LogEntry) GetJsonMessage() string { @@ -3099,7 +3527,7 @@ type SendLogsRequest struct { func (x *SendLogsRequest) Reset() { *x = SendLogsRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3111,7 +3539,7 @@ func (x *SendLogsRequest) String() string { func (*SendLogsRequest) ProtoMessage() {} func (x *SendLogsRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3124,7 +3552,7 @@ func (x *SendLogsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use SendLogsRequest.ProtoReflect.Descriptor instead. func (*SendLogsRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{36} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39} } func (x *SendLogsRequest) GetRequest() isSendLogsRequest_Request { @@ -3178,7 +3606,7 @@ type SendLogsResponse struct { func (x *SendLogsResponse) Reset() { *x = SendLogsResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3190,7 +3618,7 @@ func (x *SendLogsResponse) String() string { func (*SendLogsResponse) ProtoMessage() {} func (x *SendLogsResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[40] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3203,7 +3631,7 @@ func (x *SendLogsResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use SendLogsResponse.ProtoReflect.Descriptor instead. func (*SendLogsResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{37} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{40} } // Message to encapsulate a request to send configuration updates. @@ -3219,7 +3647,7 @@ type GetConfigurationUpdatesRequest struct { func (x *GetConfigurationUpdatesRequest) Reset() { *x = GetConfigurationUpdatesRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3231,7 +3659,7 @@ func (x *GetConfigurationUpdatesRequest) String() string { func (*GetConfigurationUpdatesRequest) ProtoMessage() {} func (x *GetConfigurationUpdatesRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[41] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3244,7 +3672,7 @@ func (x *GetConfigurationUpdatesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetConfigurationUpdatesRequest.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{38} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{41} } func (x *GetConfigurationUpdatesRequest) GetRequest() isGetConfigurationUpdatesRequest_Request { @@ -3286,7 +3714,7 @@ type GetConfigurationUpdatesResponse struct { func (x *GetConfigurationUpdatesResponse) Reset() { *x = GetConfigurationUpdatesResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3298,7 +3726,7 @@ func (x *GetConfigurationUpdatesResponse) String() string { func (*GetConfigurationUpdatesResponse) ProtoMessage() {} func (x *GetConfigurationUpdatesResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3311,7 +3739,7 @@ func (x *GetConfigurationUpdatesResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetConfigurationUpdatesResponse.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{42} } func (x *GetConfigurationUpdatesResponse) GetResponse() isGetConfigurationUpdatesResponse_Response { @@ -3358,7 +3786,7 @@ type KubernetesServiceData_ServicePort struct { func (x *KubernetesServiceData_ServicePort) Reset() { *x = KubernetesServiceData_ServicePort{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3370,7 +3798,7 @@ func (x *KubernetesServiceData_ServicePort) String() string { func (*KubernetesServiceData_ServicePort) ProtoMessage() {} func (x *KubernetesServiceData_ServicePort) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3424,7 +3852,7 @@ type GetConfigurationUpdatesResponse_Configuration struct { func (x *GetConfigurationUpdatesResponse_Configuration) Reset() { *x = GetConfigurationUpdatesResponse_Configuration{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[47] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3436,7 +3864,7 @@ func (x *GetConfigurationUpdatesResponse_Configuration) String() string { func (*GetConfigurationUpdatesResponse_Configuration) ProtoMessage() {} func (x *GetConfigurationUpdatesResponse_Configuration) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[47] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3449,7 +3877,7 @@ func (x *GetConfigurationUpdatesResponse_Configuration) ProtoReflect() protorefl // Deprecated: Use GetConfigurationUpdatesResponse_Configuration.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesResponse_Configuration) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39, 0} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{42, 0} } func (x *GetConfigurationUpdatesResponse_Configuration) GetLogLevel() LogLevel { @@ -3602,7 +4030,51 @@ const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\x10egress_denied_by\x18\r \x03(\v2'.illumio.cloud.k8sclustersync.v1.PolicyR\x0eegressDeniedBy\x12S\n" + "\x11ingress_denied_by\x18\x0e \x03(\v2'.illumio.cloud.k8sclustersync.v1.PolicyR\x0fingressDeniedByB\x12\n" + "\x10_source_endpointB\x17\n" + - "\x15_destination_endpoint\";\n" + + "\x15_destination_endpoint\"\xa7\b\n" + + "\n" + + "CalicoFlow\x129\n" + + "\n" + + "start_time\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\tstartTime\x125\n" + + "\bend_time\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\aendTime\x12\x1f\n" + + "\vsource_name\x18\x03 \x01(\tR\n" + + "sourceName\x12)\n" + + "\x10source_namespace\x18\x04 \x01(\tR\x0fsourceNamespace\x12\x1f\n" + + "\vsource_type\x18\x05 \x01(\tR\n" + + "sourceType\x12\x1b\n" + + "\tdest_name\x18\x06 \x01(\tR\bdestName\x12%\n" + + "\x0edest_namespace\x18\a \x01(\tR\rdestNamespace\x12\x1b\n" + + "\tdest_type\x18\b \x01(\tR\bdestType\x12\x1b\n" + + "\tdest_port\x18\t \x01(\rR\bdestPort\x12*\n" + + "\x11dest_service_name\x18\n" + + " \x01(\tR\x0fdestServiceName\x124\n" + + "\x16dest_service_namespace\x18\v \x01(\tR\x14destServiceNamespace\x123\n" + + "\x16dest_service_port_name\x18\f \x01(\tR\x13destServicePortName\x12*\n" + + "\x11dest_service_port\x18\r \x01(\rR\x0fdestServicePort\x12\x14\n" + + "\x05proto\x18\x0e \x01(\tR\x05proto\x12\x1a\n" + + "\breporter\x18\x0f \x01(\tR\breporter\x12\x16\n" + + "\x06action\x18\x10 \x01(\tR\x06action\x12#\n" + + "\rsource_labels\x18\x11 \x03(\tR\fsourceLabels\x12\x1f\n" + + "\vdest_labels\x18\x12 \x03(\tR\n" + + "destLabels\x12\x1d\n" + + "\n" + + "packets_in\x18\x13 \x01(\x04R\tpacketsIn\x12\x1f\n" + + "\vpackets_out\x18\x14 \x01(\x04R\n" + + "packetsOut\x12\x19\n" + + "\bbytes_in\x18\x15 \x01(\x04R\abytesIn\x12\x1b\n" + + "\tbytes_out\x18\x16 \x01(\x04R\bbytesOut\x126\n" + + "\x17num_connections_started\x18\x17 \x01(\x04R\x15numConnectionsStarted\x12:\n" + + "\x19num_connections_completed\x18\x18 \x01(\x04R\x17numConnectionsCompleted\x120\n" + + "\x14num_connections_live\x18\x19 \x01(\x04R\x12numConnectionsLive\x12K\n" + + "\bpolicies\x18\x1a \x01(\v2/.illumio.cloud.k8sclustersync.v1.CalicoPoliciesR\bpolicies\"\xc6\x01\n" + + "\x0eCalicoPolicies\x12Z\n" + + "\x11enforced_policies\x18\x01 \x03(\v2-.illumio.cloud.k8sclustersync.v1.CalicoPolicyR\x10enforcedPolicies\x12X\n" + + "\x10pending_policies\x18\x02 \x03(\v2-.illumio.cloud.k8sclustersync.v1.CalicoPolicyR\x0fpendingPolicies\"\x80\x01\n" + + "\fCalicoPolicy\x12\x12\n" + + "\x04kind\x18\x01 \x01(\tR\x04kind\x12\x1c\n" + + "\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x12\n" + + "\x04name\x18\x03 \x01(\tR\x04name\x12\x12\n" + + "\x04tier\x18\x04 \x01(\tR\x04tier\x12\x16\n" + + "\x06action\x18\x05 \x01(\tR\x06action\";\n" + "\aService\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x1c\n" + "\tnamespace\x18\x02 \x01(\tR\tnamespace\"\x89\x01\n" + @@ -3663,12 +4135,14 @@ const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x16\n" + "\x06labels\x18\x03 \x03(\tR\x06labels\x12\x1a\n" + "\brevision\x18\x04 \x01(\x04R\brevision\x12\x12\n" + - "\x04kind\x18\x05 \x01(\tR\x04kind\"\xa4\x02\n" + + "\x04kind\x18\x05 \x01(\tR\x04kind\"\xf4\x02\n" + "!SendKubernetesNetworkFlowsRequest\x12J\n" + "\tkeepalive\x18\x03 \x01(\v2*.illumio.cloud.k8sclustersync.v1.KeepaliveH\x00R\tkeepalive\x12N\n" + "\vcilium_flow\x18\x01 \x01(\v2+.illumio.cloud.k8sclustersync.v1.CiliumFlowH\x00R\n" + "ciliumFlow\x12X\n" + - "\x0ffive_tuple_flow\x18\x02 \x01(\v2..illumio.cloud.k8sclustersync.v1.FiveTupleFlowH\x00R\rfiveTupleFlowB\t\n" + + "\x0ffive_tuple_flow\x18\x02 \x01(\v2..illumio.cloud.k8sclustersync.v1.FiveTupleFlowH\x00R\rfiveTupleFlow\x12N\n" + + "\vcalico_flow\x18\x04 \x01(\v2+.illumio.cloud.k8sclustersync.v1.CalicoFlowH\x00R\n" + + "calicoFlowB\t\n" + "\arequest\"$\n" + "\"SendKubernetesNetworkFlowsResponse\"-\n" + "\bLogEntry\x12!\n" + @@ -3686,13 +4160,14 @@ const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\rConfiguration\x12F\n" + "\tlog_level\x18\x01 \x01(\x0e2).illumio.cloud.k8sclustersync.v1.LogLevelR\blogLevelB\n" + "\n" + - "\bresponse*\x9a\x01\n" + + "\bresponse*\xb5\x01\n" + "\rFlowCollector\x12\x1e\n" + "\x1aFLOW_COLLECTOR_UNSPECIFIED\x10\x00\x12\x1b\n" + "\x17FLOW_COLLECTOR_DISABLED\x10\x01\x12\x19\n" + "\x15FLOW_COLLECTOR_CILIUM\x10\x02\x12\x18\n" + "\x14FLOW_COLLECTOR_FALCO\x10\x03\x12\x17\n" + - "\x13FLOW_COLLECTOR_OVNK\x10\x04*\x8c\x01\n" + + "\x13FLOW_COLLECTOR_OVNK\x10\x04\x12\x19\n" + + "\x15FLOW_COLLECTOR_CALICO\x10\x05*\x8c\x01\n" + "\x10TrafficDirection\x12;\n" + "7TRAFFIC_DIRECTION_TRAFFIC_DIRECTION_UNKNOWN_UNSPECIFIED\x10\x00\x12\x1d\n" + "\x19TRAFFIC_DIRECTION_INGRESS\x10\x01\x12\x1c\n" + @@ -3736,7 +4211,7 @@ func file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP() []byte { } var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_enumTypes = make([]protoimpl.EnumInfo, 6) -var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes = make([]protoimpl.MessageInfo, 45) +var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes = make([]protoimpl.MessageInfo, 48) var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_goTypes = []any{ (FlowCollector)(0), // 0: illumio.cloud.k8sclustersync.v1.FlowCollector (TrafficDirection)(0), // 1: illumio.cloud.k8sclustersync.v1.TrafficDirection @@ -3765,47 +4240,50 @@ var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_goTypes = []any{ (*KubernetesResourceMutation)(nil), // 24: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation (*FiveTupleFlow)(nil), // 25: illumio.cloud.k8sclustersync.v1.FiveTupleFlow (*CiliumFlow)(nil), // 26: illumio.cloud.k8sclustersync.v1.CiliumFlow - (*Service)(nil), // 27: illumio.cloud.k8sclustersync.v1.Service - (*IP)(nil), // 28: illumio.cloud.k8sclustersync.v1.IP - (*Layer4)(nil), // 29: illumio.cloud.k8sclustersync.v1.Layer4 - (*TCP)(nil), // 30: illumio.cloud.k8sclustersync.v1.TCP - (*TCPFlags)(nil), // 31: illumio.cloud.k8sclustersync.v1.TCPFlags - (*UDP)(nil), // 32: illumio.cloud.k8sclustersync.v1.UDP - (*SCTP)(nil), // 33: illumio.cloud.k8sclustersync.v1.SCTP - (*ICMPv4)(nil), // 34: illumio.cloud.k8sclustersync.v1.ICMPv4 - (*ICMPv6)(nil), // 35: illumio.cloud.k8sclustersync.v1.ICMPv6 - (*Endpoint)(nil), // 36: illumio.cloud.k8sclustersync.v1.Endpoint - (*Workload)(nil), // 37: illumio.cloud.k8sclustersync.v1.Workload - (*Policy)(nil), // 38: illumio.cloud.k8sclustersync.v1.Policy - (*SendKubernetesNetworkFlowsRequest)(nil), // 39: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest - (*SendKubernetesNetworkFlowsResponse)(nil), // 40: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse - (*LogEntry)(nil), // 41: illumio.cloud.k8sclustersync.v1.LogEntry - (*SendLogsRequest)(nil), // 42: illumio.cloud.k8sclustersync.v1.SendLogsRequest - (*SendLogsResponse)(nil), // 43: illumio.cloud.k8sclustersync.v1.SendLogsResponse - (*GetConfigurationUpdatesRequest)(nil), // 44: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest - (*GetConfigurationUpdatesResponse)(nil), // 45: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse - nil, // 46: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry - nil, // 47: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry - (*KubernetesServiceData_ServicePort)(nil), // 48: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort - nil, // 49: illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry - (*GetConfigurationUpdatesResponse_Configuration)(nil), // 50: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration - (*timestamppb.Timestamp)(nil), // 51: google.protobuf.Timestamp - (*wrapperspb.BoolValue)(nil), // 52: google.protobuf.BoolValue + (*CalicoFlow)(nil), // 27: illumio.cloud.k8sclustersync.v1.CalicoFlow + (*CalicoPolicies)(nil), // 28: illumio.cloud.k8sclustersync.v1.CalicoPolicies + (*CalicoPolicy)(nil), // 29: illumio.cloud.k8sclustersync.v1.CalicoPolicy + (*Service)(nil), // 30: illumio.cloud.k8sclustersync.v1.Service + (*IP)(nil), // 31: illumio.cloud.k8sclustersync.v1.IP + (*Layer4)(nil), // 32: illumio.cloud.k8sclustersync.v1.Layer4 + (*TCP)(nil), // 33: illumio.cloud.k8sclustersync.v1.TCP + (*TCPFlags)(nil), // 34: illumio.cloud.k8sclustersync.v1.TCPFlags + (*UDP)(nil), // 35: illumio.cloud.k8sclustersync.v1.UDP + (*SCTP)(nil), // 36: illumio.cloud.k8sclustersync.v1.SCTP + (*ICMPv4)(nil), // 37: illumio.cloud.k8sclustersync.v1.ICMPv4 + (*ICMPv6)(nil), // 38: illumio.cloud.k8sclustersync.v1.ICMPv6 + (*Endpoint)(nil), // 39: illumio.cloud.k8sclustersync.v1.Endpoint + (*Workload)(nil), // 40: illumio.cloud.k8sclustersync.v1.Workload + (*Policy)(nil), // 41: illumio.cloud.k8sclustersync.v1.Policy + (*SendKubernetesNetworkFlowsRequest)(nil), // 42: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest + (*SendKubernetesNetworkFlowsResponse)(nil), // 43: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse + (*LogEntry)(nil), // 44: illumio.cloud.k8sclustersync.v1.LogEntry + (*SendLogsRequest)(nil), // 45: illumio.cloud.k8sclustersync.v1.SendLogsRequest + (*SendLogsResponse)(nil), // 46: illumio.cloud.k8sclustersync.v1.SendLogsResponse + (*GetConfigurationUpdatesRequest)(nil), // 47: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest + (*GetConfigurationUpdatesResponse)(nil), // 48: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse + nil, // 49: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry + nil, // 50: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry + (*KubernetesServiceData_ServicePort)(nil), // 51: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort + nil, // 52: illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry + (*GetConfigurationUpdatesResponse_Configuration)(nil), // 53: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration + (*timestamppb.Timestamp)(nil), // 54: google.protobuf.Timestamp + (*wrapperspb.BoolValue)(nil), // 55: google.protobuf.BoolValue } var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_depIdxs = []int32{ - 46, // 0: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.annotations:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry - 51, // 1: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.creation_timestamp:type_name -> google.protobuf.Timestamp - 47, // 2: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.labels:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry + 49, // 0: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.annotations:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry + 54, // 1: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.creation_timestamp:type_name -> google.protobuf.Timestamp + 50, // 2: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.labels:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry 19, // 3: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.owner_references:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesOwnerReference 10, // 4: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.pod:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesPodData 9, // 5: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.node:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesNodeData 8, // 6: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.service:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData 11, // 7: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.network_policy:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData - 48, // 8: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ports:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort + 51, // 8: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ports:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort 12, // 9: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.pod_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector 18, // 10: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.ingress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule 18, // 11: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.egress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule - 49, // 12: illumio.cloud.k8sclustersync.v1.LabelSelector.match_labels:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry + 52, // 12: illumio.cloud.k8sclustersync.v1.LabelSelector.match_labels:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry 13, // 13: illumio.cloud.k8sclustersync.v1.LabelSelector.match_expressions:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelectorRequirement 14, // 14: illumio.cloud.k8sclustersync.v1.Peer.ip_block:type_name -> illumio.cloud.k8sclustersync.v1.IPBlock 16, // 15: illumio.cloud.k8sclustersync.v1.Peer.pods:type_name -> illumio.cloud.k8sclustersync.v1.PeerSelector @@ -3823,51 +4301,57 @@ var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_depIdxs = []int32{ 7, // 27: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.create_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData 7, // 28: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.update_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData 7, // 29: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.delete_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData - 28, // 30: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP - 29, // 31: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 - 51, // 32: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.timestamp:type_name -> google.protobuf.Timestamp - 51, // 33: illumio.cloud.k8sclustersync.v1.CiliumFlow.time:type_name -> google.protobuf.Timestamp + 31, // 30: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP + 32, // 31: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 + 54, // 32: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.timestamp:type_name -> google.protobuf.Timestamp + 54, // 33: illumio.cloud.k8sclustersync.v1.CiliumFlow.time:type_name -> google.protobuf.Timestamp 1, // 34: illumio.cloud.k8sclustersync.v1.CiliumFlow.traffic_direction:type_name -> illumio.cloud.k8sclustersync.v1.TrafficDirection 2, // 35: illumio.cloud.k8sclustersync.v1.CiliumFlow.verdict:type_name -> illumio.cloud.k8sclustersync.v1.Verdict - 28, // 36: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP - 29, // 37: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 - 52, // 38: illumio.cloud.k8sclustersync.v1.CiliumFlow.is_reply:type_name -> google.protobuf.BoolValue - 36, // 39: illumio.cloud.k8sclustersync.v1.CiliumFlow.source_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint - 36, // 40: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint - 27, // 41: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_service:type_name -> illumio.cloud.k8sclustersync.v1.Service - 38, // 42: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 43: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 44: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 45: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 3, // 46: illumio.cloud.k8sclustersync.v1.IP.ip_version:type_name -> illumio.cloud.k8sclustersync.v1.IPVersion - 30, // 47: illumio.cloud.k8sclustersync.v1.Layer4.tcp:type_name -> illumio.cloud.k8sclustersync.v1.TCP - 32, // 48: illumio.cloud.k8sclustersync.v1.Layer4.udp:type_name -> illumio.cloud.k8sclustersync.v1.UDP - 34, // 49: illumio.cloud.k8sclustersync.v1.Layer4.icmpv4:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv4 - 35, // 50: illumio.cloud.k8sclustersync.v1.Layer4.icmpv6:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv6 - 33, // 51: illumio.cloud.k8sclustersync.v1.Layer4.sctp:type_name -> illumio.cloud.k8sclustersync.v1.SCTP - 31, // 52: illumio.cloud.k8sclustersync.v1.TCP.flags:type_name -> illumio.cloud.k8sclustersync.v1.TCPFlags - 37, // 53: illumio.cloud.k8sclustersync.v1.Endpoint.workloads:type_name -> illumio.cloud.k8sclustersync.v1.Workload - 6, // 54: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 26, // 55: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.cilium_flow:type_name -> illumio.cloud.k8sclustersync.v1.CiliumFlow - 25, // 56: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.five_tuple_flow:type_name -> illumio.cloud.k8sclustersync.v1.FiveTupleFlow - 6, // 57: illumio.cloud.k8sclustersync.v1.SendLogsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 41, // 58: illumio.cloud.k8sclustersync.v1.SendLogsRequest.log_entry:type_name -> illumio.cloud.k8sclustersync.v1.LogEntry - 6, // 59: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 50, // 60: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.update_configuration:type_name -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration - 4, // 61: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration.log_level:type_name -> illumio.cloud.k8sclustersync.v1.LogLevel - 21, // 62: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest - 39, // 63: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest - 42, // 64: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:input_type -> illumio.cloud.k8sclustersync.v1.SendLogsRequest - 44, // 65: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:input_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest - 23, // 66: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse - 40, // 67: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse - 43, // 68: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:output_type -> illumio.cloud.k8sclustersync.v1.SendLogsResponse - 45, // 69: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:output_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse - 66, // [66:70] is the sub-list for method output_type - 62, // [62:66] is the sub-list for method input_type - 62, // [62:62] is the sub-list for extension type_name - 62, // [62:62] is the sub-list for extension extendee - 0, // [0:62] is the sub-list for field type_name + 31, // 36: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP + 32, // 37: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 + 55, // 38: illumio.cloud.k8sclustersync.v1.CiliumFlow.is_reply:type_name -> google.protobuf.BoolValue + 39, // 39: illumio.cloud.k8sclustersync.v1.CiliumFlow.source_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint + 39, // 40: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint + 30, // 41: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_service:type_name -> illumio.cloud.k8sclustersync.v1.Service + 41, // 42: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 41, // 43: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 41, // 44: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 41, // 45: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 54, // 46: illumio.cloud.k8sclustersync.v1.CalicoFlow.start_time:type_name -> google.protobuf.Timestamp + 54, // 47: illumio.cloud.k8sclustersync.v1.CalicoFlow.end_time:type_name -> google.protobuf.Timestamp + 28, // 48: illumio.cloud.k8sclustersync.v1.CalicoFlow.policies:type_name -> illumio.cloud.k8sclustersync.v1.CalicoPolicies + 29, // 49: illumio.cloud.k8sclustersync.v1.CalicoPolicies.enforced_policies:type_name -> illumio.cloud.k8sclustersync.v1.CalicoPolicy + 29, // 50: illumio.cloud.k8sclustersync.v1.CalicoPolicies.pending_policies:type_name -> illumio.cloud.k8sclustersync.v1.CalicoPolicy + 3, // 51: illumio.cloud.k8sclustersync.v1.IP.ip_version:type_name -> illumio.cloud.k8sclustersync.v1.IPVersion + 33, // 52: illumio.cloud.k8sclustersync.v1.Layer4.tcp:type_name -> illumio.cloud.k8sclustersync.v1.TCP + 35, // 53: illumio.cloud.k8sclustersync.v1.Layer4.udp:type_name -> illumio.cloud.k8sclustersync.v1.UDP + 37, // 54: illumio.cloud.k8sclustersync.v1.Layer4.icmpv4:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv4 + 38, // 55: illumio.cloud.k8sclustersync.v1.Layer4.icmpv6:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv6 + 36, // 56: illumio.cloud.k8sclustersync.v1.Layer4.sctp:type_name -> illumio.cloud.k8sclustersync.v1.SCTP + 34, // 57: illumio.cloud.k8sclustersync.v1.TCP.flags:type_name -> illumio.cloud.k8sclustersync.v1.TCPFlags + 40, // 58: illumio.cloud.k8sclustersync.v1.Endpoint.workloads:type_name -> illumio.cloud.k8sclustersync.v1.Workload + 6, // 59: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 26, // 60: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.cilium_flow:type_name -> illumio.cloud.k8sclustersync.v1.CiliumFlow + 25, // 61: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.five_tuple_flow:type_name -> illumio.cloud.k8sclustersync.v1.FiveTupleFlow + 27, // 62: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.calico_flow:type_name -> illumio.cloud.k8sclustersync.v1.CalicoFlow + 6, // 63: illumio.cloud.k8sclustersync.v1.SendLogsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 44, // 64: illumio.cloud.k8sclustersync.v1.SendLogsRequest.log_entry:type_name -> illumio.cloud.k8sclustersync.v1.LogEntry + 6, // 65: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 53, // 66: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.update_configuration:type_name -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration + 4, // 67: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration.log_level:type_name -> illumio.cloud.k8sclustersync.v1.LogLevel + 21, // 68: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest + 42, // 69: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest + 45, // 70: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:input_type -> illumio.cloud.k8sclustersync.v1.SendLogsRequest + 47, // 71: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:input_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest + 23, // 72: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse + 43, // 73: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse + 46, // 74: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:output_type -> illumio.cloud.k8sclustersync.v1.SendLogsResponse + 48, // 75: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:output_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse + 72, // [72:76] is the sub-list for method output_type + 68, // [68:72] is the sub-list for method input_type + 68, // [68:68] is the sub-list for extension type_name + 68, // [68:68] is the sub-list for extension extendee + 0, // [0:68] is the sub-list for field type_name } func init() { file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_init() } @@ -3905,36 +4389,37 @@ func file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_init() { (*FiveTupleFlow_Timestamp)(nil), } file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20].OneofWrappers = []any{} - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26].OneofWrappers = []any{ (*Layer4_Tcp)(nil), (*Layer4_Udp)(nil), (*Layer4_Icmpv4)(nil), (*Layer4_Icmpv6)(nil), (*Layer4_Sctp)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36].OneofWrappers = []any{ (*SendKubernetesNetworkFlowsRequest_Keepalive)(nil), (*SendKubernetesNetworkFlowsRequest_CiliumFlow)(nil), (*SendKubernetesNetworkFlowsRequest_FiveTupleFlow)(nil), + (*SendKubernetesNetworkFlowsRequest_CalicoFlow)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39].OneofWrappers = []any{ (*SendLogsRequest_Keepalive)(nil), (*SendLogsRequest_LogEntry)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[41].OneofWrappers = []any{ (*GetConfigurationUpdatesRequest_Keepalive)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42].OneofWrappers = []any{ (*GetConfigurationUpdatesResponse_UpdateConfiguration)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc), len(file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc)), NumEnums: 6, - NumMessages: 45, + NumMessages: 48, NumExtensions: 0, NumServices: 1, }, diff --git a/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto b/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto index 4da8f48c..5a168665 100644 --- a/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto +++ b/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto @@ -193,6 +193,8 @@ enum FlowCollector { FLOW_COLLECTOR_FALCO = 3; // Indicates that OVN-Kubernetes is deployed and configured for collecting network flows. FLOW_COLLECTOR_OVNK = 4; + // Indicates that Calico CNI is deployed with Goldmane and is used for collecting network flows. + FLOW_COLLECTOR_CALICO = 5; } // Message sent by the operator in a KubernetesResources request stream. @@ -293,6 +295,84 @@ message CiliumFlow { repeated Policy ingress_denied_by = 14; } +// A flow received from Calico Goldmane using the Flows service's Stream RPC. +message CalicoFlow { + // Time when the flow started. + google.protobuf.Timestamp start_time = 1; + // Time when the flow ended. + google.protobuf.Timestamp end_time = 2; + // Source workload name (aggregated with wildcard for pod hash). + string source_name = 3; + // Source namespace. + string source_namespace = 4; + // Source type (e.g., WorkloadEndpoint, Network). + string source_type = 5; + // Destination workload name (aggregated with wildcard for pod hash). + string dest_name = 6; + // Destination namespace. + string dest_namespace = 7; + // Destination type (e.g., WorkloadEndpoint, Network). + string dest_type = 8; + // Destination port. + uint32 dest_port = 9; + // Destination service name. + string dest_service_name = 10; + // Destination service namespace. + string dest_service_namespace = 11; + // Destination service port name. + string dest_service_port_name = 12; + // Destination service port. + uint32 dest_service_port = 13; + // Protocol (e.g., tcp, udp). + string proto = 14; + // Reporter (Src or Dst). + string reporter = 15; + // Action (Allow, Deny). + string action = 16; + // Source labels. + repeated string source_labels = 17; + // Destination labels. + repeated string dest_labels = 18; + // Packets received. + uint64 packets_in = 19; + // Packets sent. + uint64 packets_out = 20; + // Bytes received. + uint64 bytes_in = 21; + // Bytes sent. + uint64 bytes_out = 22; + // Number of connections started. + uint64 num_connections_started = 23; + // Number of connections completed. + uint64 num_connections_completed = 24; + // Number of live connections. + uint64 num_connections_live = 25; + // Policies information. + CalicoPolicies policies = 26; +} + +// CalicoPolicies contains the policy information for a Calico flow. +message CalicoPolicies { + // Policies that were enforced for this flow. + repeated CalicoPolicy enforced_policies = 1; + // Policies that are pending for this flow. + repeated CalicoPolicy pending_policies = 2; +} + +// CalicoPolicy represents a single Calico network policy. +message CalicoPolicy { + // Kind of policy (e.g., NetworkPolicy, Profile). + string kind = 1; + // Namespace of the policy (if applicable). + string namespace = 2; + // Name of the policy. + string name = 3; + // Tier of the policy. + string tier = 4; + // Action of the policy (Allow, Deny). + string action = 5; +} + // Service contains Service header fields of a flow. // https://pkg.go.dev/github.com/cilium/cilium/api/v1/flow#Service message Service { @@ -435,6 +515,7 @@ message SendKubernetesNetworkFlowsRequest { CiliumFlow cilium_flow = 1; FiveTupleFlow five_tuple_flow = 2; + CalicoFlow calico_flow = 4; } } diff --git a/cloud-operator/templates/cloud-operator-deployment.yaml b/cloud-operator/templates/cloud-operator-deployment.yaml index 13461f4c..fef6ad3c 100644 --- a/cloud-operator/templates/cloud-operator-deployment.yaml +++ b/cloud-operator/templates/cloud-operator-deployment.yaml @@ -95,6 +95,8 @@ spec: value: "{{ .Values.env.httpsProxy | default "" }}" - name: OVNK_NAMESPACE value: "{{ .Values.openshift.ovnkNamespace }}" + - name: CALICO_NAMESPACE + value: "{{ .Values.calico.namespace }}" - name: IPFIX_COLLECTOR_PORT value: "{{ .Values.env.ipfixCollectorPort }}" - name: VERBOSE_DEBUGGING diff --git a/cloud-operator/templates/role.yaml b/cloud-operator/templates/role.yaml index 00ce58c2..0c6ba236 100644 --- a/cloud-operator/templates/role.yaml +++ b/cloud-operator/templates/role.yaml @@ -35,4 +35,22 @@ rules: resources: ["secrets"] resourceNames: ["hubble-relay-client-certs"] verbs: ["get"] +{{- end }} +{{- if (lookup "v1" "Namespace" "" .Values.calico.namespace) }} +--- +# Role to read Goldmane service and secret in Calico namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: goldmane-reader + namespace: {{ .Values.calico.namespace }} +rules: +- apiGroups: [""] + resources: ["services"] + resourceNames: ["goldmane"] + verbs: ["get"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["goldmane-key-pair"] + verbs: ["get"] {{- end }} \ No newline at end of file diff --git a/cloud-operator/templates/rolebinding.yaml b/cloud-operator/templates/rolebinding.yaml index d4b0d20e..32f2c38c 100644 --- a/cloud-operator/templates/rolebinding.yaml +++ b/cloud-operator/templates/rolebinding.yaml @@ -42,4 +42,21 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: hubble-client-certs-reader +{{- end }} +{{- if (lookup "v1" "Namespace" "" .Values.calico.namespace) }} +--- +# RoleBinding for Goldmane access in Calico namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloud-operator-goldmane-reader + namespace: {{ .Values.calico.namespace }} +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: goldmane-reader {{- end }} \ No newline at end of file diff --git a/cloud-operator/tests/cloud-operator-deployment_test.yaml b/cloud-operator/tests/cloud-operator-deployment_test.yaml index 0e49d196..b7e461ee 100644 --- a/cloud-operator/tests/cloud-operator-deployment_test.yaml +++ b/cloud-operator/tests/cloud-operator-deployment_test.yaml @@ -98,15 +98,21 @@ tests: value: "openshift-ovn-kubernetes" - equal: path: spec.template.spec.containers[0].env[15].name - value: "IPFIX_COLLECTOR_PORT" + value: "CALICO_NAMESPACE" - equal: path: spec.template.spec.containers[0].env[15].value - value: "4739" + value: "calico-system" - equal: path: spec.template.spec.containers[0].env[16].name - value: "VERBOSE_DEBUGGING" + value: "IPFIX_COLLECTOR_PORT" - equal: path: spec.template.spec.containers[0].env[16].value + value: "4739" + - equal: + path: spec.template.spec.containers[0].env[17].name + value: "VERBOSE_DEBUGGING" + - equal: + path: spec.template.spec.containers[0].env[17].value value: "false" # Test for replicaCount value diff --git a/cloud-operator/values.schema.json b/cloud-operator/values.schema.json index 461e681b..775c69a5 100644 --- a/cloud-operator/values.schema.json +++ b/cloud-operator/values.schema.json @@ -5,6 +5,14 @@ "affinity": { "type": "object" }, + "calico": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + } + } + }, "clusterCredsSecret": { "type": "object", "properties": { diff --git a/cloud-operator/values.yaml b/cloud-operator/values.yaml index 9c76f568..66fcf3b7 100644 --- a/cloud-operator/values.yaml +++ b/cloud-operator/values.yaml @@ -61,6 +61,11 @@ openshift: # OpenShift with OVN-k, because port 4739 is not open in that case. workerNodeCidrs: [] +calico: + # The namespace in which Calico's Goldmane service is deployed. + # cloud-operator uses this to discover and connect to Goldmane for flow collection. + namespace: "calico-system" + falco: enabled: false namespace: falco diff --git a/cmd/main.go b/cmd/main.go index 0de6fad8..4bb3d85a 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -85,6 +85,7 @@ func main() { // Bind specific environment variables to keys bindEnv(logger, "cluster_creds", "CLUSTER_CREDS_SECRET") bindEnv(logger, "cilium_namespaces", "CILIUM_NAMESPACES") + bindEnv(logger, "calico_namespace", "CALICO_NAMESPACE") bindEnv(logger, "https_proxy", "HTTPS_PROXY") bindEnv(logger, "ipfix_collector_port", "IPFIX_COLLECTOR_PORT") bindEnv(logger, "onboarding_client_id", "ONBOARDING_CLIENT_ID") @@ -105,6 +106,7 @@ func main() { // Set default values viper.SetDefault("cluster_creds", "clustercreds") viper.SetDefault("cilium_namespaces", []string{"kube-system", "gke-managed-dpv2-observability"}) + viper.SetDefault("calico_namespace", "calico-system") viper.SetDefault("https_proxy", "") viper.SetDefault("ipfix_collector_port", "4739") viper.SetDefault("onboarding_endpoint", "https://dev.cloud.ilabs.io/api/v1/k8s_cluster/onboard") @@ -124,6 +126,7 @@ func main() { envConfig := controller.EnvironmentConfig{ ClusterCreds: viper.GetString("cluster_creds"), CiliumNamespaces: viper.GetStringSlice("cilium_namespaces"), + CalicoNamespace: viper.GetString("calico_namespace"), HttpsProxy: viper.GetString("https_proxy"), IPFIXCollectorPort: viper.GetString("ipfix_collector_port"), OnboardingClientID: viper.GetString("onboarding_client_id"), @@ -149,6 +152,7 @@ func main() { logger.Info("Starting application", zap.String("cluster_creds_secret", envConfig.ClusterCreds), zap.Strings("cilium_namespaces", envConfig.CiliumNamespaces), + zap.String("calico_namespace", envConfig.CalicoNamespace), zap.String("https_proxy", envConfig.HttpsProxy), zap.String("onboarding_client_id", envConfig.OnboardingClientID), zap.String("onboarding_endpoint", envConfig.OnboardingEndpoint), diff --git a/internal/controller/calico_flow_collector.go b/internal/controller/calico_flow_collector.go new file mode 100644 index 00000000..402cfe86 --- /dev/null +++ b/internal/controller/calico_flow_collector.go @@ -0,0 +1,247 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +package controller + +import ( + "context" + "fmt" + "strconv" + + "go.uber.org/zap" + "google.golang.org/grpc" + "google.golang.org/protobuf/types/known/timestamppb" + + goldmanepb "github.com/illumio/cloud-operator/api/illumio/cloud/goldmane/v1" + pb "github.com/illumio/cloud-operator/api/illumio/cloud/k8sclustersync/v1" + "github.com/illumio/cloud-operator/internal/controller/goldmane" +) + +// CalicoFlowCollector collects flows from Calico Goldmane running in this cluster. +type CalicoFlowCollector struct { + logger *zap.Logger + client goldmanepb.FlowsClient + conn *grpc.ClientConn +} + +// newCalicoFlowCollector connects to Calico Goldmane, sets up a Flows client, +// and returns a new Collector using it. +func newCalicoFlowCollector(ctx context.Context, logger *zap.Logger, calicoNamespace string) (*CalicoFlowCollector, error) { + clientset, err := NewClientSet() + if err != nil { + return nil, fmt.Errorf("failed to create new client set: %w", err) + } + + // Step 1: Discover Goldmane service + service, err := goldmane.DiscoverGoldmane(ctx, calicoNamespace, clientset, logger) + if err != nil { + return nil, fmt.Errorf("failed to discover Goldmane: %w", err) + } + + goldmaneAddress := goldmane.GetAddressFromService(service) + + // Step 2: Get TLS config from secret + tlsConfig, err := goldmane.GetTLSConfig(ctx, clientset, logger, calicoNamespace) + if err != nil { + return nil, fmt.Errorf("failed to get Goldmane TLS config: %w", err) + } + + // Step 3: Connect to Goldmane + conn, err := goldmane.ConnectToGoldmane(logger, goldmaneAddress, tlsConfig) + if err != nil { + return nil, fmt.Errorf("failed to connect to Goldmane: %w", err) + } + + flowsClient := goldmanepb.NewFlowsClient(conn) + + return &CalicoFlowCollector{logger: logger, client: flowsClient, conn: conn}, nil +} + +// Close closes the gRPC connection to Goldmane. +func (c *CalicoFlowCollector) Close() error { + if c.conn != nil { + return c.conn.Close() + } + + return nil +} + +// exportCalicoFlows streams flows from Goldmane and sends them to the flow cache. +func (c *CalicoFlowCollector) exportCalicoFlows(ctx context.Context, sm *streamManager) error { + req := &goldmanepb.StreamRequest{} + + stream, err := c.client.Stream(ctx, req) + if err != nil { + c.logger.Error("Error starting Goldmane flow stream", zap.Error(err)) + + return err + } + + for { + select { + case <-ctx.Done(): + c.logger.Warn("Context cancelled, stopping Calico flow export") + + return ctx.Err() + default: + } + + resp, err := stream.Recv() + if err != nil { + c.logger.Warn("Failed to receive flow from Goldmane stream", zap.Error(err)) + + return err + } + + calicoFlow := convertGoldmaneFlow(resp) + if calicoFlow == nil { + continue + } + + err = sm.FlowCache.CacheFlow(ctx, calicoFlow) + if err != nil { + c.logger.Error("Failed to cache Calico flow", zap.Error(err)) + + return err + } + } +} + +// convertGoldmaneFlow converts a Goldmane StreamResponse to a CalicoFlow. +func convertGoldmaneFlow(resp *goldmanepb.StreamResponse) *pb.CalicoFlow { + if resp == nil || resp.GetFlow() == nil || resp.GetFlow().GetKey() == nil { + return nil + } + + flow := resp.GetFlow() + key := flow.GetKey() + + // Parse timestamps (Goldmane returns Unix timestamps as strings) + startTime := parseUnixTimestamp(flow.GetStartTime()) + endTime := parseUnixTimestamp(flow.GetEndTime()) + + // Parse destination port + destPort := parseUint32(key.GetDestPort()) + destServicePort := parseUint32(key.GetDestServicePort()) + + // Parse statistics + packetsIn := parseUint64(flow.GetPacketsIn()) + packetsOut := parseUint64(flow.GetPacketsOut()) + bytesIn := parseUint64(flow.GetBytesIn()) + bytesOut := parseUint64(flow.GetBytesOut()) + numConnectionsStarted := parseUint64(flow.GetNumConnectionsStarted()) + numConnectionsCompleted := parseUint64(flow.GetNumConnectionsCompleted()) + numConnectionsLive := parseUint64(flow.GetNumConnectionsLive()) + + // Convert policies + var policies *pb.CalicoPolicies + if key.GetPolicies() != nil { + policies = convertGoldmanePolicies(key.GetPolicies()) + } + + calicoFlow := &pb.CalicoFlow{ + StartTime: startTime, + EndTime: endTime, + SourceName: key.GetSourceName(), + SourceNamespace: key.GetSourceNamespace(), + SourceType: key.GetSourceType(), + DestName: key.GetDestName(), + DestNamespace: key.GetDestNamespace(), + DestType: key.GetDestType(), + DestPort: destPort, + DestServiceName: key.GetDestServiceName(), + DestServiceNamespace: key.GetDestServiceNamespace(), + DestServicePortName: key.GetDestServicePortName(), + DestServicePort: destServicePort, + Proto: key.GetProto(), + Reporter: key.GetReporter(), + Action: key.GetAction(), + SourceLabels: flow.GetSourceLabels(), + DestLabels: flow.GetDestLabels(), + PacketsIn: packetsIn, + PacketsOut: packetsOut, + BytesIn: bytesIn, + BytesOut: bytesOut, + NumConnectionsStarted: numConnectionsStarted, + NumConnectionsCompleted: numConnectionsCompleted, + NumConnectionsLive: numConnectionsLive, + Policies: policies, + } + + return calicoFlow +} + +// convertGoldmanePolicies converts Goldmane Policies to CalicoPolicies. +func convertGoldmanePolicies(policies *goldmanepb.Policies) *pb.CalicoPolicies { + if policies == nil { + return nil + } + + enforcedPolicies := make([]*pb.CalicoPolicy, 0, len(policies.GetEnforcedPolicies())) + for _, p := range policies.GetEnforcedPolicies() { + enforcedPolicies = append(enforcedPolicies, &pb.CalicoPolicy{ + Kind: p.GetKind(), + Namespace: p.GetNamespace(), + Name: p.GetName(), + Tier: p.GetTier(), + Action: p.GetAction(), + }) + } + + pendingPolicies := make([]*pb.CalicoPolicy, 0, len(policies.GetPendingPolicies())) + for _, p := range policies.GetPendingPolicies() { + pendingPolicies = append(pendingPolicies, &pb.CalicoPolicy{ + Kind: p.GetKind(), + Namespace: p.GetNamespace(), + Name: p.GetName(), + Tier: p.GetTier(), + Action: p.GetAction(), + }) + } + + return &pb.CalicoPolicies{ + EnforcedPolicies: enforcedPolicies, + PendingPolicies: pendingPolicies, + } +} + +// parseUnixTimestamp parses a Unix timestamp string to a protobuf Timestamp. +func parseUnixTimestamp(s string) *timestamppb.Timestamp { + if s == "" { + return nil + } + + seconds, err := strconv.ParseInt(s, 10, 64) + if err != nil { + return nil + } + + return ×tamppb.Timestamp{Seconds: seconds} +} + +// parseUint32 parses a string to uint32. +func parseUint32(s string) uint32 { + if s == "" { + return 0 + } + + val, err := strconv.ParseUint(s, 10, 32) + if err != nil { + return 0 + } + + return uint32(val) +} + +// parseUint64 parses a string to uint64. +func parseUint64(s string) uint64 { + if s == "" { + return 0 + } + + val, err := strconv.ParseUint(s, 10, 64) + if err != nil { + return 0 + } + + return val +} diff --git a/internal/controller/goldmane/goldmane.go b/internal/controller/goldmane/goldmane.go new file mode 100644 index 00000000..b7aa76b8 --- /dev/null +++ b/internal/controller/goldmane/goldmane.go @@ -0,0 +1,121 @@ +// Copyright 2025 Illumio, Inc. All Rights Reserved. + +package goldmane + +import ( + "context" + "crypto/tls" + "crypto/x509" + "errors" + "fmt" + + "go.uber.org/zap" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" +) + +const ( + // GoldmaneServiceName is the name of the Goldmane service in Kubernetes. + GoldmaneServiceName = "goldmane" + // GoldmaneServicePort is the port of the Goldmane service. + GoldmaneServicePort = 7443 + // GoldmaneMTLSSecretName is the name of the secret containing the mTLS certificates. + GoldmaneMTLSSecretName = "goldmane-key-pair" +) + +var ( + // ErrGoldmaneNotFound indicates that the Goldmane service was not found in the cluster. + ErrGoldmaneNotFound = errors.New("goldmane service not found; disabling Calico flow collection") + // ErrCertDataMissingInSecret indicates required certificate data is missing from the secret. + ErrCertDataMissingInSecret = errors.New("required certificate data (tls.crt or tls.key) not found in secret") +) + +// DiscoverGoldmane discovers the Goldmane service in the given namespace. +func DiscoverGoldmane(ctx context.Context, calicoNamespace string, clientset kubernetes.Interface, logger *zap.Logger) (*v1.Service, error) { + logger.Debug("Discovering Goldmane service", zap.String("namespace", calicoNamespace)) + + service, err := clientset.CoreV1().Services(calicoNamespace).Get(ctx, GoldmaneServiceName, metav1.GetOptions{}) + if err != nil { + logger.Debug("Goldmane service not found", zap.String("namespace", calicoNamespace), zap.Error(err)) + + return nil, ErrGoldmaneNotFound + } + + logger.Debug("Goldmane service discovered", + zap.String("name", service.Name), + zap.String("namespace", service.Namespace)) + + return service, nil +} + +// GetAddressFromService returns the address of the Goldmane service to connect a gRPC client to. +func GetAddressFromService(service *v1.Service) string { + return fmt.Sprintf("%s.%s.svc:%d", service.Name, service.Namespace, GoldmaneServicePort) +} + +// GetTLSConfig retrieves the TLS configuration from the Goldmane secret. +func GetTLSConfig(ctx context.Context, clientset kubernetes.Interface, logger *zap.Logger, calicoNamespace string) (*tls.Config, error) { + logger.Debug("Getting Goldmane TLS config", zap.String("namespace", calicoNamespace)) + + secret, err := clientset.CoreV1().Secrets(calicoNamespace).Get(ctx, GoldmaneMTLSSecretName, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get Goldmane secret '%s' in namespace '%s': %w", GoldmaneMTLSSecretName, calicoNamespace, err) + } + + // Extract certificate and key from secret + certPEM, ok := secret.Data["tls.crt"] + if !ok || len(certPEM) == 0 { + return nil, fmt.Errorf("%w: 'tls.crt' key", ErrCertDataMissingInSecret) + } + + logger.Debug("Successfully retrieved tls.crt from secret") + + keyPEM, ok := secret.Data["tls.key"] + if !ok || len(keyPEM) == 0 { + return nil, fmt.Errorf("%w: 'tls.key' key", ErrCertDataMissingInSecret) + } + + logger.Debug("Successfully retrieved tls.key from secret") + + // Parse the certificate and key + cert, err := tls.X509KeyPair(certPEM, keyPEM) + if err != nil { + return nil, fmt.Errorf("failed to parse certificate and key: %w", err) + } + + // Create a CA cert pool using the same certificate as the CA + // (Goldmane uses self-signed certificates) + caCertPool := x509.NewCertPool() + if !caCertPool.AppendCertsFromPEM(certPEM) { + return nil, errors.New("failed to add CA certificate to pool") + } + + tlsConfig := &tls.Config{ + Certificates: []tls.Certificate{cert}, + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + + return tlsConfig, nil +} + +// ConnectToGoldmane establishes a gRPC connection to the Goldmane service. +func ConnectToGoldmane(logger *zap.Logger, address string, tlsConfig *tls.Config) (*grpc.ClientConn, error) { + logger.Debug("Connecting to Goldmane", zap.String("address", address)) + + creds := credentials.NewTLS(tlsConfig) + + conn, err := grpc.NewClient(address, + grpc.WithTransportCredentials(creds), + ) + if err != nil { + return nil, fmt.Errorf("failed to connect to Goldmane: %w", err) + } + + logger.Info("Successfully connected to Calico Goldmane", zap.String("address", address)) + + return conn, nil +} diff --git a/internal/controller/streams.go b/internal/controller/streams.go index e35dbb79..73704de5 100644 --- a/internal/controller/streams.go +++ b/internal/controller/streams.go @@ -26,6 +26,7 @@ import ( "k8s.io/client-go/rest" pb "github.com/illumio/cloud-operator/api/illumio/cloud/k8sclustersync/v1" + "github.com/illumio/cloud-operator/internal/controller/goldmane" "github.com/illumio/cloud-operator/internal/controller/hubble" "github.com/illumio/cloud-operator/internal/pkg/tls" ) @@ -41,11 +42,13 @@ const ( type streamClient struct { ciliumNamespaces []string + calicoNamespace string conn *grpc.ClientConn client pb.KubernetesInfoServiceClient falcoEventChan chan string ipfixCollectorPort string disableNetworkFlowsCilium bool + disableNetworkFlowsCalico bool tlsAuthProperties tls.AuthProperties flowCollector pb.FlowCollector logStream pb.KubernetesInfoService_SendLogsClient @@ -88,6 +91,8 @@ type watcherInfo struct { type EnvironmentConfig struct { // Namespaces of Cilium. CiliumNamespaces []string + // Namespace of Calico. + CalicoNamespace string // K8s cluster secret name. ClusterCreds string // Client ID for onboarding. "" if not specified, i.e. if the operator is not meant to onboard itself. @@ -543,7 +548,6 @@ func (sm *streamManager) findHubbleRelay(ctx context.Context, logger *zap.Logger // StreamCiliumNetworkFlows handles the cilium network flow stream. func (sm *streamManager) StreamCiliumNetworkFlows(ctx context.Context, logger *zap.Logger) error { - // TODO: Add logic for a discoveribility function to decide which CNI to use. ciliumFlowCollector := sm.findHubbleRelay(ctx, logger) if ciliumFlowCollector == nil { logger.Info("Failed to initialize Cilium Hubble Relay flow collector; disabling flow collector") @@ -562,6 +566,45 @@ func (sm *streamManager) StreamCiliumNetworkFlows(ctx context.Context, logger *z return nil } +// findGoldmane returns a *CalicoFlowCollector if Goldmane is found in the given namespace. +func (sm *streamManager) findGoldmane(ctx context.Context, logger *zap.Logger) *CalicoFlowCollector { + calicoFlowCollector, err := newCalicoFlowCollector(ctx, logger, sm.streamClient.calicoNamespace) + if err != nil { + logger.Debug("Failed to create Calico flow collector", zap.Error(err)) + + return nil + } + + return calicoFlowCollector +} + +// StreamCalicoNetworkFlows handles the calico network flow stream. +func (sm *streamManager) StreamCalicoNetworkFlows(ctx context.Context, logger *zap.Logger) error { + calicoFlowCollector := sm.findGoldmane(ctx, logger) + if calicoFlowCollector == nil { + logger.Info("Failed to initialize Calico Goldmane flow collector; disabling flow collector") + + return goldmane.ErrGoldmaneNotFound + } + + defer func() { + if err := calicoFlowCollector.Close(); err != nil { + logger.Warn("Failed to close Goldmane gRPC connection", zap.Error(err)) + } + }() + + err := calicoFlowCollector.exportCalicoFlows(ctx, sm) + if err != nil { + logger.Warn("Failed to collect and export flows from Calico Goldmane", zap.Error(err)) + + sm.streamClient.disableNetworkFlowsCalico = true + + return err + } + + return nil +} + // StreamFalcoNetworkFlows handles the falco network flow stream. func (sm *streamManager) StreamFalcoNetworkFlows(ctx context.Context, logger *zap.Logger) error { for { @@ -648,6 +691,26 @@ func (sm *streamManager) connectAndStreamCiliumNetworkFlows(logger *zap.Logger, return nil } +// connectAndStreamCalicoNetworkFlows creates networkFlowsStream client and +// begins the streaming of Calico network flows. +func (sm *streamManager) connectAndStreamCalicoNetworkFlows(logger *zap.Logger, _ time.Duration) error { + calicoCtx, calicoCancel := context.WithCancel(context.Background()) + defer calicoCancel() + + err := sm.StreamCalicoNetworkFlows(calicoCtx, logger) + if err != nil { + if errors.Is(err, goldmane.ErrGoldmaneNotFound) { + logger.Warn("Disabling Calico flow collection", zap.Error(err)) + + return ErrStopRetries + } + + return err + } + + return nil +} + // connectAndStreamFalcoNetworkFlows creates networkFlowsStream client and // begins the streaming of network flows. func (sm *streamManager) connectAndStreamFalcoNetworkFlows(logger *zap.Logger, _ time.Duration) error { @@ -814,6 +877,7 @@ func (sm *streamManager) manageStream( } // determineFlowCollector determines the flow collector type and returns the flow collector type, stream function, and the corresponding networkFlowsDone channel. +// The priority order is: Cilium > Calico > OVN-K > Falco. func determineFlowCollector(ctx context.Context, logger *zap.Logger, sm *streamManager, envMap EnvironmentConfig, clientset *kubernetes.Clientset) (pb.FlowCollector, func(*zap.Logger, time.Duration) error, chan struct{}) { switch { case sm.findHubbleRelay(ctx, logger) != nil && !sm.streamClient.disableNetworkFlowsCilium: @@ -821,6 +885,8 @@ func determineFlowCollector(ctx context.Context, logger *zap.Logger, sm *streamM sm.streamClient.tlsAuthProperties.DisableTLS = false return pb.FlowCollector_FLOW_COLLECTOR_CILIUM, sm.connectAndStreamCiliumNetworkFlows, make(chan struct{}) + case sm.findGoldmane(ctx, logger) != nil && !sm.streamClient.disableNetworkFlowsCalico: + return pb.FlowCollector_FLOW_COLLECTOR_CALICO, sm.connectAndStreamCalicoNetworkFlows, make(chan struct{}) case sm.isOVNKDeployed(ctx, logger, envMap.OVNKNamespace, clientset): return pb.FlowCollector_FLOW_COLLECTOR_OVNK, sm.connectAndStreamOVNKNetworkFlows, make(chan struct{}) default: @@ -908,6 +974,7 @@ func ConnectStreams(ctx context.Context, logger *zap.Logger, envMap EnvironmentC conn: authConn, client: client, ciliumNamespaces: envMap.CiliumNamespaces, + calicoNamespace: envMap.CalicoNamespace, falcoEventChan: falcoEventChan, ipfixCollectorPort: envMap.IPFIXCollectorPort, } diff --git a/internal/controller/streams_helper.go b/internal/controller/streams_helper.go index 5550728e..3bcf7e19 100644 --- a/internal/controller/streams_helper.go +++ b/internal/controller/streams_helper.go @@ -51,6 +51,12 @@ func (sm *streamManager) sendNetworkFlowRequest(logger *zap.Logger, flow interfa CiliumFlow: f, }, } + case *pb.CalicoFlow: + request = &pb.SendKubernetesNetworkFlowsRequest{ + Request: &pb.SendKubernetesNetworkFlowsRequest_CalicoFlow{ + CalicoFlow: f, + }, + } default: return fmt.Errorf("unsupported flow type: %T", flow) }