From abecc33eaf1ba60623cb195545904f46297753e7 Mon Sep 17 00:00:00 2001 From: Pavan Innamuri Date: Mon, 23 Mar 2026 20:07:24 -0700 Subject: [PATCH 1/2] Add Cilium Network Policy ingestion support - Add CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy to watched resources - Add RBAC permissions for cilium.io CRDs - Add proto definitions for Cilium policy data (selectors, rules, CIDRs, ports, entities) - Add conversion logic to extract full Cilium policy specs from unstructured objects - Update watcher to handle Cilium policies specially during list and watch operations Co-Authored-By: Claude Opus 4.6 --- .../cloud/k8sclustersync/v1/k8s_info.pb.go | 1137 ++++++++++++----- .../cloud/k8sclustersync/v1/k8s_info.proto | 77 ++ cloud-operator/templates/clusterrole.yaml | 3 + internal/controller/cilium_network_policy.go | 337 +++++ .../controller/stream/resources/resources.go | 2 + .../controller/stream/resources/watcher.go | 62 +- 6 files changed, 1315 insertions(+), 303 deletions(-) create mode 100644 internal/controller/cilium_network_policy.go diff --git a/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go b/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go index 243c02f2..9ceee4fc 100644 --- a/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go +++ b/api/illumio/cloud/k8sclustersync/v1/k8s_info.pb.go @@ -361,7 +361,7 @@ func (x Port_Protocol) Number() protoreflect.EnumNumber { // Deprecated: Use Port_Protocol.Descriptor instead. func (Port_Protocol) EnumDescriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{11, 0} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{17, 0} } // Application-level keepalives. While gRPC already has an HTTP-level keepalive @@ -436,6 +436,8 @@ type KubernetesObjectData struct { // *KubernetesObjectData_Node // *KubernetesObjectData_Service // *KubernetesObjectData_NetworkPolicy + // *KubernetesObjectData_CiliumNetworkPolicy + // *KubernetesObjectData_CiliumClusterwideNetworkPolicy KindSpecific isKubernetesObjectData_KindSpecific `protobuf_oneof:"kind_specific"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -577,6 +579,24 @@ func (x *KubernetesObjectData) GetNetworkPolicy() *KubernetesNetworkPolicyData { return nil } +func (x *KubernetesObjectData) GetCiliumNetworkPolicy() *KubernetesCiliumNetworkPolicyData { + if x != nil { + if x, ok := x.KindSpecific.(*KubernetesObjectData_CiliumNetworkPolicy); ok { + return x.CiliumNetworkPolicy + } + } + return nil +} + +func (x *KubernetesObjectData) GetCiliumClusterwideNetworkPolicy() *KubernetesCiliumClusterwideNetworkPolicyData { + if x != nil { + if x, ok := x.KindSpecific.(*KubernetesObjectData_CiliumClusterwideNetworkPolicy); ok { + return x.CiliumClusterwideNetworkPolicy + } + } + return nil +} + type isKubernetesObjectData_KindSpecific interface { isKubernetesObjectData_KindSpecific() } @@ -597,6 +617,14 @@ type KubernetesObjectData_NetworkPolicy struct { NetworkPolicy *KubernetesNetworkPolicyData `protobuf:"bytes,103,opt,name=network_policy,json=networkPolicy,proto3,oneof"` } +type KubernetesObjectData_CiliumNetworkPolicy struct { + CiliumNetworkPolicy *KubernetesCiliumNetworkPolicyData `protobuf:"bytes,104,opt,name=cilium_network_policy,json=ciliumNetworkPolicy,proto3,oneof"` +} + +type KubernetesObjectData_CiliumClusterwideNetworkPolicy struct { + CiliumClusterwideNetworkPolicy *KubernetesCiliumClusterwideNetworkPolicyData `protobuf:"bytes,105,opt,name=cilium_clusterwide_network_policy,json=ciliumClusterwideNetworkPolicy,proto3,oneof"` +} + func (*KubernetesObjectData_Pod) isKubernetesObjectData_KindSpecific() {} func (*KubernetesObjectData_Node) isKubernetesObjectData_KindSpecific() {} @@ -605,6 +633,10 @@ func (*KubernetesObjectData_Service) isKubernetesObjectData_KindSpecific() {} func (*KubernetesObjectData_NetworkPolicy) isKubernetesObjectData_KindSpecific() {} +func (*KubernetesObjectData_CiliumNetworkPolicy) isKubernetesObjectData_KindSpecific() {} + +func (*KubernetesObjectData_CiliumClusterwideNetworkPolicy) isKubernetesObjectData_KindSpecific() {} + type KubernetesServiceData struct { state protoimpl.MessageState `protogen:"open.v1"` // List of IP addresses associated with the Kubernetes service @@ -782,40 +814,509 @@ func (*KubernetesPodData) Descriptor() ([]byte, []int) { return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{4} } -func (x *KubernetesPodData) GetIpAddresses() []string { +func (x *KubernetesPodData) GetIpAddresses() []string { + if x != nil { + return x.IpAddresses + } + return nil +} + +// KubernetesNetworkPolicyData contains information specific to a NetworkPolicy object. +type KubernetesNetworkPolicyData struct { + state protoimpl.MessageState `protogen:"open.v1"` + Ingress bool `protobuf:"varint,1,opt,name=ingress,proto3" json:"ingress,omitempty"` // True if Ingress policy is enabled + Egress bool `protobuf:"varint,2,opt,name=egress,proto3" json:"egress,omitempty"` // True if Egress policy is enabled + PodSelector *LabelSelector `protobuf:"bytes,3,opt,name=pod_selector,json=podSelector,proto3" json:"pod_selector,omitempty"` // Pod selector for the policy + IngressRules []*NetworkPolicyRule `protobuf:"bytes,4,rep,name=ingress_rules,json=ingressRules,proto3" json:"ingress_rules,omitempty"` // Ingress rules for the policy + EgressRules []*NetworkPolicyRule `protobuf:"bytes,5,rep,name=egress_rules,json=egressRules,proto3" json:"egress_rules,omitempty"` // Egress rules for the policy + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KubernetesNetworkPolicyData) Reset() { + *x = KubernetesNetworkPolicyData{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KubernetesNetworkPolicyData) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KubernetesNetworkPolicyData) ProtoMessage() {} + +func (x *KubernetesNetworkPolicyData) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KubernetesNetworkPolicyData.ProtoReflect.Descriptor instead. +func (*KubernetesNetworkPolicyData) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{5} +} + +func (x *KubernetesNetworkPolicyData) GetIngress() bool { + if x != nil { + return x.Ingress + } + return false +} + +func (x *KubernetesNetworkPolicyData) GetEgress() bool { + if x != nil { + return x.Egress + } + return false +} + +func (x *KubernetesNetworkPolicyData) GetPodSelector() *LabelSelector { + if x != nil { + return x.PodSelector + } + return nil +} + +func (x *KubernetesNetworkPolicyData) GetIngressRules() []*NetworkPolicyRule { + if x != nil { + return x.IngressRules + } + return nil +} + +func (x *KubernetesNetworkPolicyData) GetEgressRules() []*NetworkPolicyRule { + if x != nil { + return x.EgressRules + } + return nil +} + +// KubernetesCiliumNetworkPolicyData contains information specific to a CiliumNetworkPolicy object. +// CiliumNetworkPolicy is a namespaced policy that applies to pods selected by the endpoint selector. +// https://docs.cilium.io/en/stable/security/policy/language/#ciliumnetworkpolicy +type KubernetesCiliumNetworkPolicyData struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Endpoint selector selects the pods to which this policy applies. + // Uses Cilium's endpoint selector which supports label-based and identity-based selection. + EndpointSelector *LabelSelector `protobuf:"bytes,1,opt,name=endpoint_selector,json=endpointSelector,proto3" json:"endpoint_selector,omitempty"` + // Ingress rules define allowed/denied incoming traffic. + IngressRules []*CiliumNetworkPolicyRule `protobuf:"bytes,2,rep,name=ingress_rules,json=ingressRules,proto3" json:"ingress_rules,omitempty"` + // Egress rules define allowed/denied outgoing traffic. + EgressRules []*CiliumNetworkPolicyRule `protobuf:"bytes,3,rep,name=egress_rules,json=egressRules,proto3" json:"egress_rules,omitempty"` + // IngressDeny rules explicitly deny incoming traffic. + IngressDenyRules []*CiliumNetworkPolicyRule `protobuf:"bytes,4,rep,name=ingress_deny_rules,json=ingressDenyRules,proto3" json:"ingress_deny_rules,omitempty"` + // EgressDeny rules explicitly deny outgoing traffic. + EgressDenyRules []*CiliumNetworkPolicyRule `protobuf:"bytes,5,rep,name=egress_deny_rules,json=egressDenyRules,proto3" json:"egress_deny_rules,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KubernetesCiliumNetworkPolicyData) Reset() { + *x = KubernetesCiliumNetworkPolicyData{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KubernetesCiliumNetworkPolicyData) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KubernetesCiliumNetworkPolicyData) ProtoMessage() {} + +func (x *KubernetesCiliumNetworkPolicyData) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KubernetesCiliumNetworkPolicyData.ProtoReflect.Descriptor instead. +func (*KubernetesCiliumNetworkPolicyData) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{6} +} + +func (x *KubernetesCiliumNetworkPolicyData) GetEndpointSelector() *LabelSelector { + if x != nil { + return x.EndpointSelector + } + return nil +} + +func (x *KubernetesCiliumNetworkPolicyData) GetIngressRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.IngressRules + } + return nil +} + +func (x *KubernetesCiliumNetworkPolicyData) GetEgressRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.EgressRules + } + return nil +} + +func (x *KubernetesCiliumNetworkPolicyData) GetIngressDenyRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.IngressDenyRules + } + return nil +} + +func (x *KubernetesCiliumNetworkPolicyData) GetEgressDenyRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.EgressDenyRules + } + return nil +} + +// KubernetesCiliumClusterwideNetworkPolicyData contains information specific to a CiliumClusterwideNetworkPolicy object. +// CiliumClusterwideNetworkPolicy is a cluster-scoped policy that applies across all namespaces. +// https://docs.cilium.io/en/stable/security/policy/language/#ciliumclusterwidenetworkpolicy +type KubernetesCiliumClusterwideNetworkPolicyData struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Endpoint selector selects the pods to which this policy applies cluster-wide. + EndpointSelector *LabelSelector `protobuf:"bytes,1,opt,name=endpoint_selector,json=endpointSelector,proto3" json:"endpoint_selector,omitempty"` + // Node selector selects the nodes to which this policy applies (for host policies). + NodeSelector *LabelSelector `protobuf:"bytes,2,opt,name=node_selector,json=nodeSelector,proto3,oneof" json:"node_selector,omitempty"` + // Ingress rules define allowed/denied incoming traffic. + IngressRules []*CiliumNetworkPolicyRule `protobuf:"bytes,3,rep,name=ingress_rules,json=ingressRules,proto3" json:"ingress_rules,omitempty"` + // Egress rules define allowed/denied outgoing traffic. + EgressRules []*CiliumNetworkPolicyRule `protobuf:"bytes,4,rep,name=egress_rules,json=egressRules,proto3" json:"egress_rules,omitempty"` + // IngressDeny rules explicitly deny incoming traffic. + IngressDenyRules []*CiliumNetworkPolicyRule `protobuf:"bytes,5,rep,name=ingress_deny_rules,json=ingressDenyRules,proto3" json:"ingress_deny_rules,omitempty"` + // EgressDeny rules explicitly deny outgoing traffic. + EgressDenyRules []*CiliumNetworkPolicyRule `protobuf:"bytes,6,rep,name=egress_deny_rules,json=egressDenyRules,proto3" json:"egress_deny_rules,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) Reset() { + *x = KubernetesCiliumClusterwideNetworkPolicyData{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KubernetesCiliumClusterwideNetworkPolicyData) ProtoMessage() {} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KubernetesCiliumClusterwideNetworkPolicyData.ProtoReflect.Descriptor instead. +func (*KubernetesCiliumClusterwideNetworkPolicyData) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{7} +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetEndpointSelector() *LabelSelector { + if x != nil { + return x.EndpointSelector + } + return nil +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetNodeSelector() *LabelSelector { + if x != nil { + return x.NodeSelector + } + return nil +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetIngressRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.IngressRules + } + return nil +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetEgressRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.EgressRules + } + return nil +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetIngressDenyRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.IngressDenyRules + } + return nil +} + +func (x *KubernetesCiliumClusterwideNetworkPolicyData) GetEgressDenyRules() []*CiliumNetworkPolicyRule { + if x != nil { + return x.EgressDenyRules + } + return nil +} + +// CiliumNetworkPolicyRule defines a single Cilium ingress or egress rule. +// Cilium rules support richer selectors including identity-based and CIDR-based selection. +type CiliumNetworkPolicyRule struct { + state protoimpl.MessageState `protogen:"open.v1"` + // FromEndpoints selects source endpoints by labels (for ingress rules). + FromEndpoints []*LabelSelector `protobuf:"bytes,1,rep,name=from_endpoints,json=fromEndpoints,proto3" json:"from_endpoints,omitempty"` + // ToEndpoints selects destination endpoints by labels (for egress rules). + ToEndpoints []*LabelSelector `protobuf:"bytes,2,rep,name=to_endpoints,json=toEndpoints,proto3" json:"to_endpoints,omitempty"` + // FromCIDR allows traffic from specific CIDR ranges. + FromCidr []string `protobuf:"bytes,3,rep,name=from_cidr,json=fromCidr,proto3" json:"from_cidr,omitempty"` + // ToCIDR allows traffic to specific CIDR ranges. + ToCidr []string `protobuf:"bytes,4,rep,name=to_cidr,json=toCidr,proto3" json:"to_cidr,omitempty"` + // FromCIDRSet allows traffic from CIDR ranges with exceptions. + FromCidrSet []*CiliumCIDRSet `protobuf:"bytes,5,rep,name=from_cidr_set,json=fromCidrSet,proto3" json:"from_cidr_set,omitempty"` + // ToCIDRSet allows traffic to CIDR ranges with exceptions. + ToCidrSet []*CiliumCIDRSet `protobuf:"bytes,6,rep,name=to_cidr_set,json=toCidrSet,proto3" json:"to_cidr_set,omitempty"` + // ToPorts specifies the allowed destination ports and protocols. + ToPorts []*CiliumPortRule `protobuf:"bytes,7,rep,name=to_ports,json=toPorts,proto3" json:"to_ports,omitempty"` + // FromEntities allows traffic from Cilium-defined entities (e.g., "world", "cluster", "host"). + FromEntities []string `protobuf:"bytes,8,rep,name=from_entities,json=fromEntities,proto3" json:"from_entities,omitempty"` + // ToEntities allows traffic to Cilium-defined entities. + ToEntities []string `protobuf:"bytes,9,rep,name=to_entities,json=toEntities,proto3" json:"to_entities,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CiliumNetworkPolicyRule) Reset() { + *x = CiliumNetworkPolicyRule{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CiliumNetworkPolicyRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CiliumNetworkPolicyRule) ProtoMessage() {} + +func (x *CiliumNetworkPolicyRule) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CiliumNetworkPolicyRule.ProtoReflect.Descriptor instead. +func (*CiliumNetworkPolicyRule) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{8} +} + +func (x *CiliumNetworkPolicyRule) GetFromEndpoints() []*LabelSelector { + if x != nil { + return x.FromEndpoints + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetToEndpoints() []*LabelSelector { + if x != nil { + return x.ToEndpoints + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetFromCidr() []string { + if x != nil { + return x.FromCidr + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetToCidr() []string { + if x != nil { + return x.ToCidr + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetFromCidrSet() []*CiliumCIDRSet { + if x != nil { + return x.FromCidrSet + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetToCidrSet() []*CiliumCIDRSet { + if x != nil { + return x.ToCidrSet + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetToPorts() []*CiliumPortRule { + if x != nil { + return x.ToPorts + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetFromEntities() []string { + if x != nil { + return x.FromEntities + } + return nil +} + +func (x *CiliumNetworkPolicyRule) GetToEntities() []string { + if x != nil { + return x.ToEntities + } + return nil +} + +// CiliumCIDRSet defines a CIDR range with optional exceptions. +type CiliumCIDRSet struct { + state protoimpl.MessageState `protogen:"open.v1"` + Cidr string `protobuf:"bytes,1,opt,name=cidr,proto3" json:"cidr,omitempty"` + Except []string `protobuf:"bytes,2,rep,name=except,proto3" json:"except,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CiliumCIDRSet) Reset() { + *x = CiliumCIDRSet{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CiliumCIDRSet) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CiliumCIDRSet) ProtoMessage() {} + +func (x *CiliumCIDRSet) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CiliumCIDRSet.ProtoReflect.Descriptor instead. +func (*CiliumCIDRSet) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{9} +} + +func (x *CiliumCIDRSet) GetCidr() string { + if x != nil { + return x.Cidr + } + return "" +} + +func (x *CiliumCIDRSet) GetExcept() []string { + if x != nil { + return x.Except + } + return nil +} + +// CiliumPortRule defines allowed ports and protocols for Cilium policies. +type CiliumPortRule struct { + state protoimpl.MessageState `protogen:"open.v1"` + Ports []*CiliumPort `protobuf:"bytes,1,rep,name=ports,proto3" json:"ports,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CiliumPortRule) Reset() { + *x = CiliumPortRule{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CiliumPortRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CiliumPortRule) ProtoMessage() {} + +func (x *CiliumPortRule) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[10] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CiliumPortRule.ProtoReflect.Descriptor instead. +func (*CiliumPortRule) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{10} +} + +func (x *CiliumPortRule) GetPorts() []*CiliumPort { if x != nil { - return x.IpAddresses + return x.Ports } return nil } -// KubernetesNetworkPolicyData contains information specific to a NetworkPolicy object. -type KubernetesNetworkPolicyData struct { +// CiliumPort defines a single port with protocol. +type CiliumPort struct { state protoimpl.MessageState `protogen:"open.v1"` - Ingress bool `protobuf:"varint,1,opt,name=ingress,proto3" json:"ingress,omitempty"` // True if Ingress policy is enabled - Egress bool `protobuf:"varint,2,opt,name=egress,proto3" json:"egress,omitempty"` // True if Egress policy is enabled - PodSelector *LabelSelector `protobuf:"bytes,3,opt,name=pod_selector,json=podSelector,proto3" json:"pod_selector,omitempty"` // Pod selector for the policy - IngressRules []*NetworkPolicyRule `protobuf:"bytes,4,rep,name=ingress_rules,json=ingressRules,proto3" json:"ingress_rules,omitempty"` // Ingress rules for the policy - EgressRules []*NetworkPolicyRule `protobuf:"bytes,5,rep,name=egress_rules,json=egressRules,proto3" json:"egress_rules,omitempty"` // Egress rules for the policy + Port string `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` // Port number or name + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` // TCP, UDP, SCTP, or ANY unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } -func (x *KubernetesNetworkPolicyData) Reset() { - *x = KubernetesNetworkPolicyData{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[5] +func (x *CiliumPort) Reset() { + *x = CiliumPort{} + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } -func (x *KubernetesNetworkPolicyData) String() string { +func (x *CiliumPort) String() string { return protoimpl.X.MessageStringOf(x) } -func (*KubernetesNetworkPolicyData) ProtoMessage() {} +func (*CiliumPort) ProtoMessage() {} -func (x *KubernetesNetworkPolicyData) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[5] +func (x *CiliumPort) ProtoReflect() protoreflect.Message { + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -826,44 +1327,23 @@ func (x *KubernetesNetworkPolicyData) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use KubernetesNetworkPolicyData.ProtoReflect.Descriptor instead. -func (*KubernetesNetworkPolicyData) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{5} -} - -func (x *KubernetesNetworkPolicyData) GetIngress() bool { - if x != nil { - return x.Ingress - } - return false -} - -func (x *KubernetesNetworkPolicyData) GetEgress() bool { - if x != nil { - return x.Egress - } - return false -} - -func (x *KubernetesNetworkPolicyData) GetPodSelector() *LabelSelector { - if x != nil { - return x.PodSelector - } - return nil +// Deprecated: Use CiliumPort.ProtoReflect.Descriptor instead. +func (*CiliumPort) Descriptor() ([]byte, []int) { + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{11} } -func (x *KubernetesNetworkPolicyData) GetIngressRules() []*NetworkPolicyRule { +func (x *CiliumPort) GetPort() string { if x != nil { - return x.IngressRules + return x.Port } - return nil + return "" } -func (x *KubernetesNetworkPolicyData) GetEgressRules() []*NetworkPolicyRule { +func (x *CiliumPort) GetProtocol() string { if x != nil { - return x.EgressRules + return x.Protocol } - return nil + return "" } // LabelSelector selects a k8s resource (e.g., a pod or namespace) by its labels. @@ -877,7 +1357,7 @@ type LabelSelector struct { func (x *LabelSelector) Reset() { *x = LabelSelector{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[6] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -889,7 +1369,7 @@ func (x *LabelSelector) String() string { func (*LabelSelector) ProtoMessage() {} func (x *LabelSelector) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[6] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[12] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -902,7 +1382,7 @@ func (x *LabelSelector) ProtoReflect() protoreflect.Message { // Deprecated: Use LabelSelector.ProtoReflect.Descriptor instead. func (*LabelSelector) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{6} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{12} } func (x *LabelSelector) GetMatchLabels() map[string]string { @@ -932,7 +1412,7 @@ type LabelSelectorRequirement struct { func (x *LabelSelectorRequirement) Reset() { *x = LabelSelectorRequirement{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[7] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -944,7 +1424,7 @@ func (x *LabelSelectorRequirement) String() string { func (*LabelSelectorRequirement) ProtoMessage() {} func (x *LabelSelectorRequirement) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[7] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[13] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -957,7 +1437,7 @@ func (x *LabelSelectorRequirement) ProtoReflect() protoreflect.Message { // Deprecated: Use LabelSelectorRequirement.ProtoReflect.Descriptor instead. func (*LabelSelectorRequirement) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{7} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{13} } func (x *LabelSelectorRequirement) GetKey() string { @@ -992,7 +1472,7 @@ type IPBlock struct { func (x *IPBlock) Reset() { *x = IPBlock{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[8] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1004,7 +1484,7 @@ func (x *IPBlock) String() string { func (*IPBlock) ProtoMessage() {} func (x *IPBlock) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[8] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[14] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1017,7 +1497,7 @@ func (x *IPBlock) ProtoReflect() protoreflect.Message { // Deprecated: Use IPBlock.ProtoReflect.Descriptor instead. func (*IPBlock) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{8} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{14} } func (x *IPBlock) GetCidr() string { @@ -1048,7 +1528,7 @@ type Peer struct { func (x *Peer) Reset() { *x = Peer{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[9] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1060,7 +1540,7 @@ func (x *Peer) String() string { func (*Peer) ProtoMessage() {} func (x *Peer) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[9] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1073,7 +1553,7 @@ func (x *Peer) ProtoReflect() protoreflect.Message { // Deprecated: Use Peer.ProtoReflect.Descriptor instead. func (*Peer) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{9} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{15} } func (x *Peer) GetPeer() isPeer_Peer { @@ -1132,7 +1612,7 @@ type PeerSelector struct { func (x *PeerSelector) Reset() { *x = PeerSelector{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[10] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1144,7 +1624,7 @@ func (x *PeerSelector) String() string { func (*PeerSelector) ProtoMessage() {} func (x *PeerSelector) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[10] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[16] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1157,7 +1637,7 @@ func (x *PeerSelector) ProtoReflect() protoreflect.Message { // Deprecated: Use PeerSelector.ProtoReflect.Descriptor instead. func (*PeerSelector) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{10} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{16} } func (x *PeerSelector) GetNamespaceSelector() *LabelSelector { @@ -1186,7 +1666,7 @@ type Port struct { func (x *Port) Reset() { *x = Port{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[11] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1198,7 +1678,7 @@ func (x *Port) String() string { func (*Port) ProtoMessage() {} func (x *Port) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[11] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[17] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1211,7 +1691,7 @@ func (x *Port) ProtoReflect() protoreflect.Message { // Deprecated: Use Port.ProtoReflect.Descriptor instead. func (*Port) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{11} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{17} } func (x *Port) GetProtocol() Port_Protocol { @@ -1246,7 +1726,7 @@ type NetworkPolicyRule struct { func (x *NetworkPolicyRule) Reset() { *x = NetworkPolicyRule{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[12] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1258,7 +1738,7 @@ func (x *NetworkPolicyRule) String() string { func (*NetworkPolicyRule) ProtoMessage() {} func (x *NetworkPolicyRule) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[12] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[18] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1271,7 +1751,7 @@ func (x *NetworkPolicyRule) ProtoReflect() protoreflect.Message { // Deprecated: Use NetworkPolicyRule.ProtoReflect.Descriptor instead. func (*NetworkPolicyRule) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{12} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{18} } func (x *NetworkPolicyRule) GetPeers() []*Peer { @@ -1304,7 +1784,7 @@ type KubernetesOwnerReference struct { func (x *KubernetesOwnerReference) Reset() { *x = KubernetesOwnerReference{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[13] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1316,7 +1796,7 @@ func (x *KubernetesOwnerReference) String() string { func (*KubernetesOwnerReference) ProtoMessage() {} func (x *KubernetesOwnerReference) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[13] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[19] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1329,7 +1809,7 @@ func (x *KubernetesOwnerReference) ProtoReflect() protoreflect.Message { // Deprecated: Use KubernetesOwnerReference.ProtoReflect.Descriptor instead. func (*KubernetesOwnerReference) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{13} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{19} } func (x *KubernetesOwnerReference) GetApiVersion() string { @@ -1395,7 +1875,7 @@ type KubernetesClusterMetadata struct { func (x *KubernetesClusterMetadata) Reset() { *x = KubernetesClusterMetadata{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[14] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1407,7 +1887,7 @@ func (x *KubernetesClusterMetadata) String() string { func (*KubernetesClusterMetadata) ProtoMessage() {} func (x *KubernetesClusterMetadata) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[14] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1420,7 +1900,7 @@ func (x *KubernetesClusterMetadata) ProtoReflect() protoreflect.Message { // Deprecated: Use KubernetesClusterMetadata.ProtoReflect.Descriptor instead. func (*KubernetesClusterMetadata) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{14} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{20} } func (x *KubernetesClusterMetadata) GetUid() string { @@ -1475,7 +1955,7 @@ type SendKubernetesResourcesRequest struct { func (x *SendKubernetesResourcesRequest) Reset() { *x = SendKubernetesResourcesRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1487,7 +1967,7 @@ func (x *SendKubernetesResourcesRequest) String() string { func (*SendKubernetesResourcesRequest) ProtoMessage() {} func (x *SendKubernetesResourcesRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1500,7 +1980,7 @@ func (x *SendKubernetesResourcesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use SendKubernetesResourcesRequest.ProtoReflect.Descriptor instead. func (*SendKubernetesResourcesRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{15} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{21} } func (x *SendKubernetesResourcesRequest) GetRequest() isSendKubernetesResourcesRequest_Request { @@ -1604,7 +2084,7 @@ type KubernetesResourceSnapshotComplete struct { func (x *KubernetesResourceSnapshotComplete) Reset() { *x = KubernetesResourceSnapshotComplete{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[16] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1616,7 +2096,7 @@ func (x *KubernetesResourceSnapshotComplete) String() string { func (*KubernetesResourceSnapshotComplete) ProtoMessage() {} func (x *KubernetesResourceSnapshotComplete) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[16] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1629,7 +2109,7 @@ func (x *KubernetesResourceSnapshotComplete) ProtoReflect() protoreflect.Message // Deprecated: Use KubernetesResourceSnapshotComplete.ProtoReflect.Descriptor instead. func (*KubernetesResourceSnapshotComplete) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{16} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{22} } // Message sent to the operator in a KubernetesResources response stream. @@ -1641,7 +2121,7 @@ type SendKubernetesResourcesResponse struct { func (x *SendKubernetesResourcesResponse) Reset() { *x = SendKubernetesResourcesResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[17] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1653,7 +2133,7 @@ func (x *SendKubernetesResourcesResponse) String() string { func (*SendKubernetesResourcesResponse) ProtoMessage() {} func (x *SendKubernetesResourcesResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[17] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1666,7 +2146,7 @@ func (x *SendKubernetesResourcesResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use SendKubernetesResourcesResponse.ProtoReflect.Descriptor instead. func (*SendKubernetesResourcesResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{17} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{23} } // A mutation to a Kubernetes resource in the cluster. @@ -1689,7 +2169,7 @@ type KubernetesResourceMutation struct { func (x *KubernetesResourceMutation) Reset() { *x = KubernetesResourceMutation{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[18] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1701,7 +2181,7 @@ func (x *KubernetesResourceMutation) String() string { func (*KubernetesResourceMutation) ProtoMessage() {} func (x *KubernetesResourceMutation) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[18] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1714,7 +2194,7 @@ func (x *KubernetesResourceMutation) ProtoReflect() protoreflect.Message { // Deprecated: Use KubernetesResourceMutation.ProtoReflect.Descriptor instead. func (*KubernetesResourceMutation) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{18} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{24} } func (x *KubernetesResourceMutation) GetMutation() isKubernetesResourceMutation_Mutation { @@ -1794,7 +2274,7 @@ type FiveTupleFlow struct { func (x *FiveTupleFlow) Reset() { *x = FiveTupleFlow{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[19] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1806,7 +2286,7 @@ func (x *FiveTupleFlow) String() string { func (*FiveTupleFlow) ProtoMessage() {} func (x *FiveTupleFlow) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[19] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1819,7 +2299,7 @@ func (x *FiveTupleFlow) ProtoReflect() protoreflect.Message { // Deprecated: Use FiveTupleFlow.ProtoReflect.Descriptor instead. func (*FiveTupleFlow) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{19} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{25} } func (x *FiveTupleFlow) GetLayer3() *IP { @@ -1921,7 +2401,7 @@ type CiliumFlow struct { func (x *CiliumFlow) Reset() { *x = CiliumFlow{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1933,7 +2413,7 @@ func (x *CiliumFlow) String() string { func (*CiliumFlow) ProtoMessage() {} func (x *CiliumFlow) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1946,7 +2426,7 @@ func (x *CiliumFlow) ProtoReflect() protoreflect.Message { // Deprecated: Use CiliumFlow.ProtoReflect.Descriptor instead. func (*CiliumFlow) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{20} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{26} } func (x *CiliumFlow) GetTime() *timestamppb.Timestamp { @@ -2059,7 +2539,7 @@ type Service struct { func (x *Service) Reset() { *x = Service{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2071,7 +2551,7 @@ func (x *Service) String() string { func (*Service) ProtoMessage() {} func (x *Service) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2084,7 +2564,7 @@ func (x *Service) ProtoReflect() protoreflect.Message { // Deprecated: Use Service.ProtoReflect.Descriptor instead. func (*Service) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{21} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{27} } func (x *Service) GetName() string { @@ -2114,7 +2594,7 @@ type IP struct { func (x *IP) Reset() { *x = IP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2126,7 +2606,7 @@ func (x *IP) String() string { func (*IP) ProtoMessage() {} func (x *IP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[22] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2139,7 +2619,7 @@ func (x *IP) ProtoReflect() protoreflect.Message { // Deprecated: Use IP.ProtoReflect.Descriptor instead. func (*IP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{22} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{28} } func (x *IP) GetSource() string { @@ -2181,7 +2661,7 @@ type Layer4 struct { func (x *Layer4) Reset() { *x = Layer4{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2193,7 +2673,7 @@ func (x *Layer4) String() string { func (*Layer4) ProtoMessage() {} func (x *Layer4) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2206,7 +2686,7 @@ func (x *Layer4) ProtoReflect() protoreflect.Message { // Deprecated: Use Layer4.ProtoReflect.Descriptor instead. func (*Layer4) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{23} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{29} } func (x *Layer4) GetProtocol() isLayer4_Protocol { @@ -2309,7 +2789,7 @@ type TCP struct { func (x *TCP) Reset() { *x = TCP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2321,7 +2801,7 @@ func (x *TCP) String() string { func (*TCP) ProtoMessage() {} func (x *TCP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2334,7 +2814,7 @@ func (x *TCP) ProtoReflect() protoreflect.Message { // Deprecated: Use TCP.ProtoReflect.Descriptor instead. func (*TCP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{24} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{30} } func (x *TCP) GetSourcePort() uint32 { @@ -2377,7 +2857,7 @@ type TCPFlags struct { func (x *TCPFlags) Reset() { *x = TCPFlags{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2389,7 +2869,7 @@ func (x *TCPFlags) String() string { func (*TCPFlags) ProtoMessage() {} func (x *TCPFlags) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2402,7 +2882,7 @@ func (x *TCPFlags) ProtoReflect() protoreflect.Message { // Deprecated: Use TCPFlags.ProtoReflect.Descriptor instead. func (*TCPFlags) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{25} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{31} } func (x *TCPFlags) GetFin() bool { @@ -2480,7 +2960,7 @@ type UDP struct { func (x *UDP) Reset() { *x = UDP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2492,7 +2972,7 @@ func (x *UDP) String() string { func (*UDP) ProtoMessage() {} func (x *UDP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2505,7 +2985,7 @@ func (x *UDP) ProtoReflect() protoreflect.Message { // Deprecated: Use UDP.ProtoReflect.Descriptor instead. func (*UDP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{26} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{32} } func (x *UDP) GetSourcePort() uint32 { @@ -2534,7 +3014,7 @@ type SCTP struct { func (x *SCTP) Reset() { *x = SCTP{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2546,7 +3026,7 @@ func (x *SCTP) String() string { func (*SCTP) ProtoMessage() {} func (x *SCTP) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[27] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2559,7 +3039,7 @@ func (x *SCTP) ProtoReflect() protoreflect.Message { // Deprecated: Use SCTP.ProtoReflect.Descriptor instead. func (*SCTP) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{27} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{33} } func (x *SCTP) GetSourcePort() uint32 { @@ -2588,7 +3068,7 @@ type ICMPv4 struct { func (x *ICMPv4) Reset() { *x = ICMPv4{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2600,7 +3080,7 @@ func (x *ICMPv4) String() string { func (*ICMPv4) ProtoMessage() {} func (x *ICMPv4) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[28] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2613,7 +3093,7 @@ func (x *ICMPv4) ProtoReflect() protoreflect.Message { // Deprecated: Use ICMPv4.ProtoReflect.Descriptor instead. func (*ICMPv4) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{28} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{34} } func (x *ICMPv4) GetType() uint32 { @@ -2642,7 +3122,7 @@ type ICMPv6 struct { func (x *ICMPv6) Reset() { *x = ICMPv6{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2654,7 +3134,7 @@ func (x *ICMPv6) String() string { func (*ICMPv6) ProtoMessage() {} func (x *ICMPv6) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2667,7 +3147,7 @@ func (x *ICMPv6) ProtoReflect() protoreflect.Message { // Deprecated: Use ICMPv6.ProtoReflect.Descriptor instead. func (*ICMPv6) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{29} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{35} } func (x *ICMPv6) GetType() uint32 { @@ -2700,7 +3180,7 @@ type Endpoint struct { func (x *Endpoint) Reset() { *x = Endpoint{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2712,7 +3192,7 @@ func (x *Endpoint) String() string { func (*Endpoint) ProtoMessage() {} func (x *Endpoint) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[30] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2725,7 +3205,7 @@ func (x *Endpoint) ProtoReflect() protoreflect.Message { // Deprecated: Use Endpoint.ProtoReflect.Descriptor instead. func (*Endpoint) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{30} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{36} } func (x *Endpoint) GetUid() uint32 { @@ -2782,7 +3262,7 @@ type Workload struct { func (x *Workload) Reset() { *x = Workload{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2794,7 +3274,7 @@ func (x *Workload) String() string { func (*Workload) ProtoMessage() {} func (x *Workload) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[31] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2807,7 +3287,7 @@ func (x *Workload) ProtoReflect() protoreflect.Message { // Deprecated: Use Workload.ProtoReflect.Descriptor instead. func (*Workload) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{31} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{37} } func (x *Workload) GetName() string { @@ -2839,7 +3319,7 @@ type Policy struct { func (x *Policy) Reset() { *x = Policy{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2851,7 +3331,7 @@ func (x *Policy) String() string { func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[32] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2864,7 +3344,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{32} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{38} } func (x *Policy) GetName() string { @@ -2917,7 +3397,7 @@ type SendKubernetesNetworkFlowsRequest struct { func (x *SendKubernetesNetworkFlowsRequest) Reset() { *x = SendKubernetesNetworkFlowsRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2929,7 +3409,7 @@ func (x *SendKubernetesNetworkFlowsRequest) String() string { func (*SendKubernetesNetworkFlowsRequest) ProtoMessage() {} func (x *SendKubernetesNetworkFlowsRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2942,7 +3422,7 @@ func (x *SendKubernetesNetworkFlowsRequest) ProtoReflect() protoreflect.Message // Deprecated: Use SendKubernetesNetworkFlowsRequest.ProtoReflect.Descriptor instead. func (*SendKubernetesNetworkFlowsRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{33} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39} } func (x *SendKubernetesNetworkFlowsRequest) GetRequest() isSendKubernetesNetworkFlowsRequest_Request { @@ -3011,7 +3491,7 @@ type SendKubernetesNetworkFlowsResponse struct { func (x *SendKubernetesNetworkFlowsResponse) Reset() { *x = SendKubernetesNetworkFlowsResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3023,7 +3503,7 @@ func (x *SendKubernetesNetworkFlowsResponse) String() string { func (*SendKubernetesNetworkFlowsResponse) ProtoMessage() {} func (x *SendKubernetesNetworkFlowsResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[34] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[40] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3036,7 +3516,7 @@ func (x *SendKubernetesNetworkFlowsResponse) ProtoReflect() protoreflect.Message // Deprecated: Use SendKubernetesNetworkFlowsResponse.ProtoReflect.Descriptor instead. func (*SendKubernetesNetworkFlowsResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{34} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{40} } // Message representing a log entry. @@ -3050,7 +3530,7 @@ type LogEntry struct { func (x *LogEntry) Reset() { *x = LogEntry{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3062,7 +3542,7 @@ func (x *LogEntry) String() string { func (*LogEntry) ProtoMessage() {} func (x *LogEntry) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[35] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[41] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3075,7 +3555,7 @@ func (x *LogEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use LogEntry.ProtoReflect.Descriptor instead. func (*LogEntry) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{35} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{41} } func (x *LogEntry) GetJsonMessage() string { @@ -3099,7 +3579,7 @@ type SendLogsRequest struct { func (x *SendLogsRequest) Reset() { *x = SendLogsRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3111,7 +3591,7 @@ func (x *SendLogsRequest) String() string { func (*SendLogsRequest) ProtoMessage() {} func (x *SendLogsRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3124,7 +3604,7 @@ func (x *SendLogsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use SendLogsRequest.ProtoReflect.Descriptor instead. func (*SendLogsRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{36} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{42} } func (x *SendLogsRequest) GetRequest() isSendLogsRequest_Request { @@ -3178,7 +3658,7 @@ type SendLogsResponse struct { func (x *SendLogsResponse) Reset() { *x = SendLogsResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3190,7 +3670,7 @@ func (x *SendLogsResponse) String() string { func (*SendLogsResponse) ProtoMessage() {} func (x *SendLogsResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[37] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[43] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3203,7 +3683,7 @@ func (x *SendLogsResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use SendLogsResponse.ProtoReflect.Descriptor instead. func (*SendLogsResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{37} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{43} } // Message to encapsulate a request to send configuration updates. @@ -3219,7 +3699,7 @@ type GetConfigurationUpdatesRequest struct { func (x *GetConfigurationUpdatesRequest) Reset() { *x = GetConfigurationUpdatesRequest{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3231,7 +3711,7 @@ func (x *GetConfigurationUpdatesRequest) String() string { func (*GetConfigurationUpdatesRequest) ProtoMessage() {} func (x *GetConfigurationUpdatesRequest) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3244,7 +3724,7 @@ func (x *GetConfigurationUpdatesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetConfigurationUpdatesRequest.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesRequest) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{38} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{44} } func (x *GetConfigurationUpdatesRequest) GetRequest() isGetConfigurationUpdatesRequest_Request { @@ -3286,7 +3766,7 @@ type GetConfigurationUpdatesResponse struct { func (x *GetConfigurationUpdatesResponse) Reset() { *x = GetConfigurationUpdatesResponse{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3298,7 +3778,7 @@ func (x *GetConfigurationUpdatesResponse) String() string { func (*GetConfigurationUpdatesResponse) ProtoMessage() {} func (x *GetConfigurationUpdatesResponse) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3311,7 +3791,7 @@ func (x *GetConfigurationUpdatesResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetConfigurationUpdatesResponse.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesResponse) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{45} } func (x *GetConfigurationUpdatesResponse) GetResponse() isGetConfigurationUpdatesResponse_Response { @@ -3358,7 +3838,7 @@ type KubernetesServiceData_ServicePort struct { func (x *KubernetesServiceData_ServicePort) Reset() { *x = KubernetesServiceData_ServicePort{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[48] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3370,7 +3850,7 @@ func (x *KubernetesServiceData_ServicePort) String() string { func (*KubernetesServiceData_ServicePort) ProtoMessage() {} func (x *KubernetesServiceData_ServicePort) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[48] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3424,7 +3904,7 @@ type GetConfigurationUpdatesResponse_Configuration struct { func (x *GetConfigurationUpdatesResponse_Configuration) Reset() { *x = GetConfigurationUpdatesResponse_Configuration{} - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[50] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3436,7 +3916,7 @@ func (x *GetConfigurationUpdatesResponse_Configuration) String() string { func (*GetConfigurationUpdatesResponse_Configuration) ProtoMessage() {} func (x *GetConfigurationUpdatesResponse_Configuration) ProtoReflect() protoreflect.Message { - mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44] + mi := &file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[50] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3449,7 +3929,7 @@ func (x *GetConfigurationUpdatesResponse_Configuration) ProtoReflect() protorefl // Deprecated: Use GetConfigurationUpdatesResponse_Configuration.ProtoReflect.Descriptor instead. func (*GetConfigurationUpdatesResponse_Configuration) Descriptor() ([]byte, []int) { - return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{39, 0} + return file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP(), []int{45, 0} } func (x *GetConfigurationUpdatesResponse_Configuration) GetLogLevel() LogLevel { @@ -3464,7 +3944,8 @@ var File_illumio_cloud_k8sclustersync_v1_k8s_info_proto protoreflect.FileDescrip const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\n" + ".illumio/cloud/k8sclustersync/v1/k8s_info.proto\x12\x1fillumio.cloud.k8sclustersync.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\v\n" + - "\tKeepalive\"\xe9\a\n" + + "\tKeepalive\"\x80\n" + + "\n" + "\x14KubernetesObjectData\x12h\n" + "\vannotations\x18\x01 \x03(\v2F.illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntryR\vannotations\x12I\n" + "\x12creation_timestamp\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\x11creationTimestamp\x12\x12\n" + @@ -3478,7 +3959,9 @@ const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\x03pod\x18d \x01(\v22.illumio.cloud.k8sclustersync.v1.KubernetesPodDataH\x00R\x03pod\x12I\n" + "\x04node\x18e \x01(\v23.illumio.cloud.k8sclustersync.v1.KubernetesNodeDataH\x00R\x04node\x12R\n" + "\aservice\x18f \x01(\v26.illumio.cloud.k8sclustersync.v1.KubernetesServiceDataH\x00R\aservice\x12e\n" + - "\x0enetwork_policy\x18g \x01(\v2<.illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyDataH\x00R\rnetworkPolicy\x1a>\n" + + "\x0enetwork_policy\x18g \x01(\v2<.illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyDataH\x00R\rnetworkPolicy\x12x\n" + + "\x15cilium_network_policy\x18h \x01(\v2B.illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyDataH\x00R\x13ciliumNetworkPolicy\x12\x9a\x01\n" + + "!cilium_clusterwide_network_policy\x18i \x01(\v2M.illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyDataH\x00R\x1eciliumClusterwideNetworkPolicy\x1a>\n" + "\x10AnnotationsEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\x1a9\n" + @@ -3512,7 +3995,41 @@ const file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc = "" + "\x06egress\x18\x02 \x01(\bR\x06egress\x12Q\n" + "\fpod_selector\x18\x03 \x01(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorR\vpodSelector\x12W\n" + "\ringress_rules\x18\x04 \x03(\v22.illumio.cloud.k8sclustersync.v1.NetworkPolicyRuleR\fingressRules\x12U\n" + - "\fegress_rules\x18\x05 \x03(\v22.illumio.cloud.k8sclustersync.v1.NetworkPolicyRuleR\vegressRules\"\x9b\x02\n" + + "\fegress_rules\x18\x05 \x03(\v22.illumio.cloud.k8sclustersync.v1.NetworkPolicyRuleR\vegressRules\"\x8a\x04\n" + + "!KubernetesCiliumNetworkPolicyData\x12[\n" + + "\x11endpoint_selector\x18\x01 \x01(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorR\x10endpointSelector\x12]\n" + + "\ringress_rules\x18\x02 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\fingressRules\x12[\n" + + "\fegress_rules\x18\x03 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\vegressRules\x12f\n" + + "\x12ingress_deny_rules\x18\x04 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\x10ingressDenyRules\x12d\n" + + "\x11egress_deny_rules\x18\x05 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\x0fegressDenyRules\"\x81\x05\n" + + ",KubernetesCiliumClusterwideNetworkPolicyData\x12[\n" + + "\x11endpoint_selector\x18\x01 \x01(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorR\x10endpointSelector\x12X\n" + + "\rnode_selector\x18\x02 \x01(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorH\x00R\fnodeSelector\x88\x01\x01\x12]\n" + + "\ringress_rules\x18\x03 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\fingressRules\x12[\n" + + "\fegress_rules\x18\x04 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\vegressRules\x12f\n" + + "\x12ingress_deny_rules\x18\x05 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\x10ingressDenyRules\x12d\n" + + "\x11egress_deny_rules\x18\x06 \x03(\v28.illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRuleR\x0fegressDenyRulesB\x10\n" + + "\x0e_node_selector\"\xaf\x04\n" + + "\x17CiliumNetworkPolicyRule\x12U\n" + + "\x0efrom_endpoints\x18\x01 \x03(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorR\rfromEndpoints\x12Q\n" + + "\fto_endpoints\x18\x02 \x03(\v2..illumio.cloud.k8sclustersync.v1.LabelSelectorR\vtoEndpoints\x12\x1b\n" + + "\tfrom_cidr\x18\x03 \x03(\tR\bfromCidr\x12\x17\n" + + "\ato_cidr\x18\x04 \x03(\tR\x06toCidr\x12R\n" + + "\rfrom_cidr_set\x18\x05 \x03(\v2..illumio.cloud.k8sclustersync.v1.CiliumCIDRSetR\vfromCidrSet\x12N\n" + + "\vto_cidr_set\x18\x06 \x03(\v2..illumio.cloud.k8sclustersync.v1.CiliumCIDRSetR\ttoCidrSet\x12J\n" + + "\bto_ports\x18\a \x03(\v2/.illumio.cloud.k8sclustersync.v1.CiliumPortRuleR\atoPorts\x12#\n" + + "\rfrom_entities\x18\b \x03(\tR\ffromEntities\x12\x1f\n" + + "\vto_entities\x18\t \x03(\tR\n" + + "toEntities\";\n" + + "\rCiliumCIDRSet\x12\x12\n" + + "\x04cidr\x18\x01 \x01(\tR\x04cidr\x12\x16\n" + + "\x06except\x18\x02 \x03(\tR\x06except\"S\n" + + "\x0eCiliumPortRule\x12A\n" + + "\x05ports\x18\x01 \x03(\v2+.illumio.cloud.k8sclustersync.v1.CiliumPortR\x05ports\"<\n" + + "\n" + + "CiliumPort\x12\x12\n" + + "\x04port\x18\x01 \x01(\tR\x04port\x12\x1a\n" + + "\bprotocol\x18\x02 \x01(\tR\bprotocol\"\x9b\x02\n" + "\rLabelSelector\x12b\n" + "\fmatch_labels\x18\x01 \x03(\v2?.illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntryR\vmatchLabels\x12f\n" + "\x11match_expressions\x18\x02 \x03(\v29.illumio.cloud.k8sclustersync.v1.LabelSelectorRequirementR\x10matchExpressions\x1a>\n" + @@ -3736,138 +4253,163 @@ func file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDescGZIP() []byte { } var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_enumTypes = make([]protoimpl.EnumInfo, 6) -var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes = make([]protoimpl.MessageInfo, 45) +var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes = make([]protoimpl.MessageInfo, 51) var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_goTypes = []any{ - (FlowCollector)(0), // 0: illumio.cloud.k8sclustersync.v1.FlowCollector - (TrafficDirection)(0), // 1: illumio.cloud.k8sclustersync.v1.TrafficDirection - (Verdict)(0), // 2: illumio.cloud.k8sclustersync.v1.Verdict - (IPVersion)(0), // 3: illumio.cloud.k8sclustersync.v1.IPVersion - (LogLevel)(0), // 4: illumio.cloud.k8sclustersync.v1.LogLevel - (Port_Protocol)(0), // 5: illumio.cloud.k8sclustersync.v1.Port.Protocol - (*Keepalive)(nil), // 6: illumio.cloud.k8sclustersync.v1.Keepalive - (*KubernetesObjectData)(nil), // 7: illumio.cloud.k8sclustersync.v1.KubernetesObjectData - (*KubernetesServiceData)(nil), // 8: illumio.cloud.k8sclustersync.v1.KubernetesServiceData - (*KubernetesNodeData)(nil), // 9: illumio.cloud.k8sclustersync.v1.KubernetesNodeData - (*KubernetesPodData)(nil), // 10: illumio.cloud.k8sclustersync.v1.KubernetesPodData - (*KubernetesNetworkPolicyData)(nil), // 11: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData - (*LabelSelector)(nil), // 12: illumio.cloud.k8sclustersync.v1.LabelSelector - (*LabelSelectorRequirement)(nil), // 13: illumio.cloud.k8sclustersync.v1.LabelSelectorRequirement - (*IPBlock)(nil), // 14: illumio.cloud.k8sclustersync.v1.IPBlock - (*Peer)(nil), // 15: illumio.cloud.k8sclustersync.v1.Peer - (*PeerSelector)(nil), // 16: illumio.cloud.k8sclustersync.v1.PeerSelector - (*Port)(nil), // 17: illumio.cloud.k8sclustersync.v1.Port - (*NetworkPolicyRule)(nil), // 18: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule - (*KubernetesOwnerReference)(nil), // 19: illumio.cloud.k8sclustersync.v1.KubernetesOwnerReference - (*KubernetesClusterMetadata)(nil), // 20: illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata - (*SendKubernetesResourcesRequest)(nil), // 21: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest - (*KubernetesResourceSnapshotComplete)(nil), // 22: illumio.cloud.k8sclustersync.v1.KubernetesResourceSnapshotComplete - (*SendKubernetesResourcesResponse)(nil), // 23: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse - (*KubernetesResourceMutation)(nil), // 24: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation - (*FiveTupleFlow)(nil), // 25: illumio.cloud.k8sclustersync.v1.FiveTupleFlow - (*CiliumFlow)(nil), // 26: illumio.cloud.k8sclustersync.v1.CiliumFlow - (*Service)(nil), // 27: illumio.cloud.k8sclustersync.v1.Service - (*IP)(nil), // 28: illumio.cloud.k8sclustersync.v1.IP - (*Layer4)(nil), // 29: illumio.cloud.k8sclustersync.v1.Layer4 - (*TCP)(nil), // 30: illumio.cloud.k8sclustersync.v1.TCP - (*TCPFlags)(nil), // 31: illumio.cloud.k8sclustersync.v1.TCPFlags - (*UDP)(nil), // 32: illumio.cloud.k8sclustersync.v1.UDP - (*SCTP)(nil), // 33: illumio.cloud.k8sclustersync.v1.SCTP - (*ICMPv4)(nil), // 34: illumio.cloud.k8sclustersync.v1.ICMPv4 - (*ICMPv6)(nil), // 35: illumio.cloud.k8sclustersync.v1.ICMPv6 - (*Endpoint)(nil), // 36: illumio.cloud.k8sclustersync.v1.Endpoint - (*Workload)(nil), // 37: illumio.cloud.k8sclustersync.v1.Workload - (*Policy)(nil), // 38: illumio.cloud.k8sclustersync.v1.Policy - (*SendKubernetesNetworkFlowsRequest)(nil), // 39: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest - (*SendKubernetesNetworkFlowsResponse)(nil), // 40: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse - (*LogEntry)(nil), // 41: illumio.cloud.k8sclustersync.v1.LogEntry - (*SendLogsRequest)(nil), // 42: illumio.cloud.k8sclustersync.v1.SendLogsRequest - (*SendLogsResponse)(nil), // 43: illumio.cloud.k8sclustersync.v1.SendLogsResponse - (*GetConfigurationUpdatesRequest)(nil), // 44: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest - (*GetConfigurationUpdatesResponse)(nil), // 45: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse - nil, // 46: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry - nil, // 47: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry - (*KubernetesServiceData_ServicePort)(nil), // 48: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort - nil, // 49: illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry - (*GetConfigurationUpdatesResponse_Configuration)(nil), // 50: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration - (*timestamppb.Timestamp)(nil), // 51: google.protobuf.Timestamp - (*wrapperspb.BoolValue)(nil), // 52: google.protobuf.BoolValue + (FlowCollector)(0), // 0: illumio.cloud.k8sclustersync.v1.FlowCollector + (TrafficDirection)(0), // 1: illumio.cloud.k8sclustersync.v1.TrafficDirection + (Verdict)(0), // 2: illumio.cloud.k8sclustersync.v1.Verdict + (IPVersion)(0), // 3: illumio.cloud.k8sclustersync.v1.IPVersion + (LogLevel)(0), // 4: illumio.cloud.k8sclustersync.v1.LogLevel + (Port_Protocol)(0), // 5: illumio.cloud.k8sclustersync.v1.Port.Protocol + (*Keepalive)(nil), // 6: illumio.cloud.k8sclustersync.v1.Keepalive + (*KubernetesObjectData)(nil), // 7: illumio.cloud.k8sclustersync.v1.KubernetesObjectData + (*KubernetesServiceData)(nil), // 8: illumio.cloud.k8sclustersync.v1.KubernetesServiceData + (*KubernetesNodeData)(nil), // 9: illumio.cloud.k8sclustersync.v1.KubernetesNodeData + (*KubernetesPodData)(nil), // 10: illumio.cloud.k8sclustersync.v1.KubernetesPodData + (*KubernetesNetworkPolicyData)(nil), // 11: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData + (*KubernetesCiliumNetworkPolicyData)(nil), // 12: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData + (*KubernetesCiliumClusterwideNetworkPolicyData)(nil), // 13: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData + (*CiliumNetworkPolicyRule)(nil), // 14: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + (*CiliumCIDRSet)(nil), // 15: illumio.cloud.k8sclustersync.v1.CiliumCIDRSet + (*CiliumPortRule)(nil), // 16: illumio.cloud.k8sclustersync.v1.CiliumPortRule + (*CiliumPort)(nil), // 17: illumio.cloud.k8sclustersync.v1.CiliumPort + (*LabelSelector)(nil), // 18: illumio.cloud.k8sclustersync.v1.LabelSelector + (*LabelSelectorRequirement)(nil), // 19: illumio.cloud.k8sclustersync.v1.LabelSelectorRequirement + (*IPBlock)(nil), // 20: illumio.cloud.k8sclustersync.v1.IPBlock + (*Peer)(nil), // 21: illumio.cloud.k8sclustersync.v1.Peer + (*PeerSelector)(nil), // 22: illumio.cloud.k8sclustersync.v1.PeerSelector + (*Port)(nil), // 23: illumio.cloud.k8sclustersync.v1.Port + (*NetworkPolicyRule)(nil), // 24: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule + (*KubernetesOwnerReference)(nil), // 25: illumio.cloud.k8sclustersync.v1.KubernetesOwnerReference + (*KubernetesClusterMetadata)(nil), // 26: illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata + (*SendKubernetesResourcesRequest)(nil), // 27: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest + (*KubernetesResourceSnapshotComplete)(nil), // 28: illumio.cloud.k8sclustersync.v1.KubernetesResourceSnapshotComplete + (*SendKubernetesResourcesResponse)(nil), // 29: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse + (*KubernetesResourceMutation)(nil), // 30: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation + (*FiveTupleFlow)(nil), // 31: illumio.cloud.k8sclustersync.v1.FiveTupleFlow + (*CiliumFlow)(nil), // 32: illumio.cloud.k8sclustersync.v1.CiliumFlow + (*Service)(nil), // 33: illumio.cloud.k8sclustersync.v1.Service + (*IP)(nil), // 34: illumio.cloud.k8sclustersync.v1.IP + (*Layer4)(nil), // 35: illumio.cloud.k8sclustersync.v1.Layer4 + (*TCP)(nil), // 36: illumio.cloud.k8sclustersync.v1.TCP + (*TCPFlags)(nil), // 37: illumio.cloud.k8sclustersync.v1.TCPFlags + (*UDP)(nil), // 38: illumio.cloud.k8sclustersync.v1.UDP + (*SCTP)(nil), // 39: illumio.cloud.k8sclustersync.v1.SCTP + (*ICMPv4)(nil), // 40: illumio.cloud.k8sclustersync.v1.ICMPv4 + (*ICMPv6)(nil), // 41: illumio.cloud.k8sclustersync.v1.ICMPv6 + (*Endpoint)(nil), // 42: illumio.cloud.k8sclustersync.v1.Endpoint + (*Workload)(nil), // 43: illumio.cloud.k8sclustersync.v1.Workload + (*Policy)(nil), // 44: illumio.cloud.k8sclustersync.v1.Policy + (*SendKubernetesNetworkFlowsRequest)(nil), // 45: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest + (*SendKubernetesNetworkFlowsResponse)(nil), // 46: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse + (*LogEntry)(nil), // 47: illumio.cloud.k8sclustersync.v1.LogEntry + (*SendLogsRequest)(nil), // 48: illumio.cloud.k8sclustersync.v1.SendLogsRequest + (*SendLogsResponse)(nil), // 49: illumio.cloud.k8sclustersync.v1.SendLogsResponse + (*GetConfigurationUpdatesRequest)(nil), // 50: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest + (*GetConfigurationUpdatesResponse)(nil), // 51: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse + nil, // 52: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry + nil, // 53: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry + (*KubernetesServiceData_ServicePort)(nil), // 54: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort + nil, // 55: illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry + (*GetConfigurationUpdatesResponse_Configuration)(nil), // 56: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration + (*timestamppb.Timestamp)(nil), // 57: google.protobuf.Timestamp + (*wrapperspb.BoolValue)(nil), // 58: google.protobuf.BoolValue } var file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_depIdxs = []int32{ - 46, // 0: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.annotations:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry - 51, // 1: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.creation_timestamp:type_name -> google.protobuf.Timestamp - 47, // 2: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.labels:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry - 19, // 3: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.owner_references:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesOwnerReference + 52, // 0: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.annotations:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.AnnotationsEntry + 57, // 1: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.creation_timestamp:type_name -> google.protobuf.Timestamp + 53, // 2: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.labels:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData.LabelsEntry + 25, // 3: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.owner_references:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesOwnerReference 10, // 4: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.pod:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesPodData 9, // 5: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.node:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesNodeData 8, // 6: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.service:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData 11, // 7: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.network_policy:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData - 48, // 8: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ports:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort - 12, // 9: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.pod_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector - 18, // 10: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.ingress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule - 18, // 11: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.egress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule - 49, // 12: illumio.cloud.k8sclustersync.v1.LabelSelector.match_labels:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry - 13, // 13: illumio.cloud.k8sclustersync.v1.LabelSelector.match_expressions:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelectorRequirement - 14, // 14: illumio.cloud.k8sclustersync.v1.Peer.ip_block:type_name -> illumio.cloud.k8sclustersync.v1.IPBlock - 16, // 15: illumio.cloud.k8sclustersync.v1.Peer.pods:type_name -> illumio.cloud.k8sclustersync.v1.PeerSelector - 12, // 16: illumio.cloud.k8sclustersync.v1.PeerSelector.namespace_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector - 12, // 17: illumio.cloud.k8sclustersync.v1.PeerSelector.pod_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector - 5, // 18: illumio.cloud.k8sclustersync.v1.Port.protocol:type_name -> illumio.cloud.k8sclustersync.v1.Port.Protocol - 15, // 19: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule.peers:type_name -> illumio.cloud.k8sclustersync.v1.Peer - 17, // 20: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule.ports:type_name -> illumio.cloud.k8sclustersync.v1.Port - 0, // 21: illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata.flow_collector:type_name -> illumio.cloud.k8sclustersync.v1.FlowCollector - 6, // 22: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 20, // 23: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.cluster_metadata:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata - 7, // 24: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.resource_data:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData - 22, // 25: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.resource_snapshot_complete:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesResourceSnapshotComplete - 24, // 26: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.kubernetes_resource_mutation:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation - 7, // 27: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.create_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData - 7, // 28: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.update_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData - 7, // 29: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.delete_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData - 28, // 30: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP - 29, // 31: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 - 51, // 32: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.timestamp:type_name -> google.protobuf.Timestamp - 51, // 33: illumio.cloud.k8sclustersync.v1.CiliumFlow.time:type_name -> google.protobuf.Timestamp - 1, // 34: illumio.cloud.k8sclustersync.v1.CiliumFlow.traffic_direction:type_name -> illumio.cloud.k8sclustersync.v1.TrafficDirection - 2, // 35: illumio.cloud.k8sclustersync.v1.CiliumFlow.verdict:type_name -> illumio.cloud.k8sclustersync.v1.Verdict - 28, // 36: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP - 29, // 37: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 - 52, // 38: illumio.cloud.k8sclustersync.v1.CiliumFlow.is_reply:type_name -> google.protobuf.BoolValue - 36, // 39: illumio.cloud.k8sclustersync.v1.CiliumFlow.source_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint - 36, // 40: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint - 27, // 41: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_service:type_name -> illumio.cloud.k8sclustersync.v1.Service - 38, // 42: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 43: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 44: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 38, // 45: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy - 3, // 46: illumio.cloud.k8sclustersync.v1.IP.ip_version:type_name -> illumio.cloud.k8sclustersync.v1.IPVersion - 30, // 47: illumio.cloud.k8sclustersync.v1.Layer4.tcp:type_name -> illumio.cloud.k8sclustersync.v1.TCP - 32, // 48: illumio.cloud.k8sclustersync.v1.Layer4.udp:type_name -> illumio.cloud.k8sclustersync.v1.UDP - 34, // 49: illumio.cloud.k8sclustersync.v1.Layer4.icmpv4:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv4 - 35, // 50: illumio.cloud.k8sclustersync.v1.Layer4.icmpv6:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv6 - 33, // 51: illumio.cloud.k8sclustersync.v1.Layer4.sctp:type_name -> illumio.cloud.k8sclustersync.v1.SCTP - 31, // 52: illumio.cloud.k8sclustersync.v1.TCP.flags:type_name -> illumio.cloud.k8sclustersync.v1.TCPFlags - 37, // 53: illumio.cloud.k8sclustersync.v1.Endpoint.workloads:type_name -> illumio.cloud.k8sclustersync.v1.Workload - 6, // 54: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 26, // 55: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.cilium_flow:type_name -> illumio.cloud.k8sclustersync.v1.CiliumFlow - 25, // 56: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.five_tuple_flow:type_name -> illumio.cloud.k8sclustersync.v1.FiveTupleFlow - 6, // 57: illumio.cloud.k8sclustersync.v1.SendLogsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 41, // 58: illumio.cloud.k8sclustersync.v1.SendLogsRequest.log_entry:type_name -> illumio.cloud.k8sclustersync.v1.LogEntry - 6, // 59: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive - 50, // 60: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.update_configuration:type_name -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration - 4, // 61: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration.log_level:type_name -> illumio.cloud.k8sclustersync.v1.LogLevel - 21, // 62: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest - 39, // 63: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest - 42, // 64: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:input_type -> illumio.cloud.k8sclustersync.v1.SendLogsRequest - 44, // 65: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:input_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest - 23, // 66: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse - 40, // 67: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse - 43, // 68: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:output_type -> illumio.cloud.k8sclustersync.v1.SendLogsResponse - 45, // 69: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:output_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse - 66, // [66:70] is the sub-list for method output_type - 62, // [62:66] is the sub-list for method input_type - 62, // [62:62] is the sub-list for extension type_name - 62, // [62:62] is the sub-list for extension extendee - 0, // [0:62] is the sub-list for field type_name + 12, // 8: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.cilium_network_policy:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData + 13, // 9: illumio.cloud.k8sclustersync.v1.KubernetesObjectData.cilium_clusterwide_network_policy:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData + 54, // 10: illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ports:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesServiceData.ServicePort + 18, // 11: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.pod_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 24, // 12: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.ingress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule + 24, // 13: illumio.cloud.k8sclustersync.v1.KubernetesNetworkPolicyData.egress_rules:type_name -> illumio.cloud.k8sclustersync.v1.NetworkPolicyRule + 18, // 14: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData.endpoint_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 14, // 15: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData.ingress_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 16: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData.egress_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 17: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData.ingress_deny_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 18: illumio.cloud.k8sclustersync.v1.KubernetesCiliumNetworkPolicyData.egress_deny_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 18, // 19: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.endpoint_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 18, // 20: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.node_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 14, // 21: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.ingress_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 22: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.egress_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 23: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.ingress_deny_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 14, // 24: illumio.cloud.k8sclustersync.v1.KubernetesCiliumClusterwideNetworkPolicyData.egress_deny_rules:type_name -> illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule + 18, // 25: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule.from_endpoints:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 18, // 26: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule.to_endpoints:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 15, // 27: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule.from_cidr_set:type_name -> illumio.cloud.k8sclustersync.v1.CiliumCIDRSet + 15, // 28: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule.to_cidr_set:type_name -> illumio.cloud.k8sclustersync.v1.CiliumCIDRSet + 16, // 29: illumio.cloud.k8sclustersync.v1.CiliumNetworkPolicyRule.to_ports:type_name -> illumio.cloud.k8sclustersync.v1.CiliumPortRule + 17, // 30: illumio.cloud.k8sclustersync.v1.CiliumPortRule.ports:type_name -> illumio.cloud.k8sclustersync.v1.CiliumPort + 55, // 31: illumio.cloud.k8sclustersync.v1.LabelSelector.match_labels:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector.MatchLabelsEntry + 19, // 32: illumio.cloud.k8sclustersync.v1.LabelSelector.match_expressions:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelectorRequirement + 20, // 33: illumio.cloud.k8sclustersync.v1.Peer.ip_block:type_name -> illumio.cloud.k8sclustersync.v1.IPBlock + 22, // 34: illumio.cloud.k8sclustersync.v1.Peer.pods:type_name -> illumio.cloud.k8sclustersync.v1.PeerSelector + 18, // 35: illumio.cloud.k8sclustersync.v1.PeerSelector.namespace_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 18, // 36: illumio.cloud.k8sclustersync.v1.PeerSelector.pod_selector:type_name -> illumio.cloud.k8sclustersync.v1.LabelSelector + 5, // 37: illumio.cloud.k8sclustersync.v1.Port.protocol:type_name -> illumio.cloud.k8sclustersync.v1.Port.Protocol + 21, // 38: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule.peers:type_name -> illumio.cloud.k8sclustersync.v1.Peer + 23, // 39: illumio.cloud.k8sclustersync.v1.NetworkPolicyRule.ports:type_name -> illumio.cloud.k8sclustersync.v1.Port + 0, // 40: illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata.flow_collector:type_name -> illumio.cloud.k8sclustersync.v1.FlowCollector + 6, // 41: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 26, // 42: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.cluster_metadata:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesClusterMetadata + 7, // 43: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.resource_data:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData + 28, // 44: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.resource_snapshot_complete:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesResourceSnapshotComplete + 30, // 45: illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest.kubernetes_resource_mutation:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation + 7, // 46: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.create_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData + 7, // 47: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.update_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData + 7, // 48: illumio.cloud.k8sclustersync.v1.KubernetesResourceMutation.delete_resource:type_name -> illumio.cloud.k8sclustersync.v1.KubernetesObjectData + 34, // 49: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP + 35, // 50: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 + 57, // 51: illumio.cloud.k8sclustersync.v1.FiveTupleFlow.timestamp:type_name -> google.protobuf.Timestamp + 57, // 52: illumio.cloud.k8sclustersync.v1.CiliumFlow.time:type_name -> google.protobuf.Timestamp + 1, // 53: illumio.cloud.k8sclustersync.v1.CiliumFlow.traffic_direction:type_name -> illumio.cloud.k8sclustersync.v1.TrafficDirection + 2, // 54: illumio.cloud.k8sclustersync.v1.CiliumFlow.verdict:type_name -> illumio.cloud.k8sclustersync.v1.Verdict + 34, // 55: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer3:type_name -> illumio.cloud.k8sclustersync.v1.IP + 35, // 56: illumio.cloud.k8sclustersync.v1.CiliumFlow.layer4:type_name -> illumio.cloud.k8sclustersync.v1.Layer4 + 58, // 57: illumio.cloud.k8sclustersync.v1.CiliumFlow.is_reply:type_name -> google.protobuf.BoolValue + 42, // 58: illumio.cloud.k8sclustersync.v1.CiliumFlow.source_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint + 42, // 59: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_endpoint:type_name -> illumio.cloud.k8sclustersync.v1.Endpoint + 33, // 60: illumio.cloud.k8sclustersync.v1.CiliumFlow.destination_service:type_name -> illumio.cloud.k8sclustersync.v1.Service + 44, // 61: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 44, // 62: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_allowed_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 44, // 63: illumio.cloud.k8sclustersync.v1.CiliumFlow.egress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 44, // 64: illumio.cloud.k8sclustersync.v1.CiliumFlow.ingress_denied_by:type_name -> illumio.cloud.k8sclustersync.v1.Policy + 3, // 65: illumio.cloud.k8sclustersync.v1.IP.ip_version:type_name -> illumio.cloud.k8sclustersync.v1.IPVersion + 36, // 66: illumio.cloud.k8sclustersync.v1.Layer4.tcp:type_name -> illumio.cloud.k8sclustersync.v1.TCP + 38, // 67: illumio.cloud.k8sclustersync.v1.Layer4.udp:type_name -> illumio.cloud.k8sclustersync.v1.UDP + 40, // 68: illumio.cloud.k8sclustersync.v1.Layer4.icmpv4:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv4 + 41, // 69: illumio.cloud.k8sclustersync.v1.Layer4.icmpv6:type_name -> illumio.cloud.k8sclustersync.v1.ICMPv6 + 39, // 70: illumio.cloud.k8sclustersync.v1.Layer4.sctp:type_name -> illumio.cloud.k8sclustersync.v1.SCTP + 37, // 71: illumio.cloud.k8sclustersync.v1.TCP.flags:type_name -> illumio.cloud.k8sclustersync.v1.TCPFlags + 43, // 72: illumio.cloud.k8sclustersync.v1.Endpoint.workloads:type_name -> illumio.cloud.k8sclustersync.v1.Workload + 6, // 73: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 32, // 74: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.cilium_flow:type_name -> illumio.cloud.k8sclustersync.v1.CiliumFlow + 31, // 75: illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest.five_tuple_flow:type_name -> illumio.cloud.k8sclustersync.v1.FiveTupleFlow + 6, // 76: illumio.cloud.k8sclustersync.v1.SendLogsRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 47, // 77: illumio.cloud.k8sclustersync.v1.SendLogsRequest.log_entry:type_name -> illumio.cloud.k8sclustersync.v1.LogEntry + 6, // 78: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest.keepalive:type_name -> illumio.cloud.k8sclustersync.v1.Keepalive + 56, // 79: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.update_configuration:type_name -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration + 4, // 80: illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse.Configuration.log_level:type_name -> illumio.cloud.k8sclustersync.v1.LogLevel + 27, // 81: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesRequest + 45, // 82: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:input_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsRequest + 48, // 83: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:input_type -> illumio.cloud.k8sclustersync.v1.SendLogsRequest + 50, // 84: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:input_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesRequest + 29, // 85: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesResources:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesResourcesResponse + 46, // 86: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendKubernetesNetworkFlows:output_type -> illumio.cloud.k8sclustersync.v1.SendKubernetesNetworkFlowsResponse + 49, // 87: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.SendLogs:output_type -> illumio.cloud.k8sclustersync.v1.SendLogsResponse + 51, // 88: illumio.cloud.k8sclustersync.v1.KubernetesInfoService.GetConfigurationUpdates:output_type -> illumio.cloud.k8sclustersync.v1.GetConfigurationUpdatesResponse + 85, // [85:89] is the sub-list for method output_type + 81, // [81:85] is the sub-list for method input_type + 81, // [81:81] is the sub-list for extension type_name + 81, // [81:81] is the sub-list for extension extendee + 0, // [0:81] is the sub-list for field type_name } func init() { file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_init() } @@ -3880,61 +4422,64 @@ func file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_init() { (*KubernetesObjectData_Node)(nil), (*KubernetesObjectData_Service)(nil), (*KubernetesObjectData_NetworkPolicy)(nil), + (*KubernetesObjectData_CiliumNetworkPolicy)(nil), + (*KubernetesObjectData_CiliumClusterwideNetworkPolicy)(nil), } file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[2].OneofWrappers = []any{} - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[9].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[7].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15].OneofWrappers = []any{ (*Peer_IpBlock)(nil), (*Peer_Pods)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[10].OneofWrappers = []any{} - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[11].OneofWrappers = []any{} - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[15].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[16].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[17].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[21].OneofWrappers = []any{ (*SendKubernetesResourcesRequest_Keepalive)(nil), (*SendKubernetesResourcesRequest_ClusterMetadata)(nil), (*SendKubernetesResourcesRequest_ResourceData)(nil), (*SendKubernetesResourcesRequest_ResourceSnapshotComplete)(nil), (*SendKubernetesResourcesRequest_KubernetesResourceMutation)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[18].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[24].OneofWrappers = []any{ (*KubernetesResourceMutation_CreateResource)(nil), (*KubernetesResourceMutation_UpdateResource)(nil), (*KubernetesResourceMutation_DeleteResource)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[19].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[25].OneofWrappers = []any{ (*FiveTupleFlow_Time)(nil), (*FiveTupleFlow_Timestamp)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[20].OneofWrappers = []any{} - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[23].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[26].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[29].OneofWrappers = []any{ (*Layer4_Tcp)(nil), (*Layer4_Udp)(nil), (*Layer4_Icmpv4)(nil), (*Layer4_Icmpv6)(nil), (*Layer4_Sctp)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[33].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39].OneofWrappers = []any{ (*SendKubernetesNetworkFlowsRequest_Keepalive)(nil), (*SendKubernetesNetworkFlowsRequest_CiliumFlow)(nil), (*SendKubernetesNetworkFlowsRequest_FiveTupleFlow)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[36].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42].OneofWrappers = []any{ (*SendLogsRequest_Keepalive)(nil), (*SendLogsRequest_LogEntry)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[38].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[44].OneofWrappers = []any{ (*GetConfigurationUpdatesRequest_Keepalive)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[39].OneofWrappers = []any{ + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[45].OneofWrappers = []any{ (*GetConfigurationUpdatesResponse_UpdateConfiguration)(nil), } - file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[42].OneofWrappers = []any{} + file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_msgTypes[48].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc), len(file_illumio_cloud_k8sclustersync_v1_k8s_info_proto_rawDesc)), NumEnums: 6, - NumMessages: 45, + NumMessages: 51, NumExtensions: 0, NumServices: 1, }, diff --git a/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto b/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto index 4da8f48c..00f38fde 100644 --- a/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto +++ b/api/illumio/cloud/k8sclustersync/v1/k8s_info.proto @@ -45,6 +45,8 @@ message KubernetesObjectData { KubernetesNodeData node = 101; KubernetesServiceData service = 102; KubernetesNetworkPolicyData network_policy = 103; + KubernetesCiliumNetworkPolicyData cilium_network_policy = 104; + KubernetesCiliumClusterwideNetworkPolicyData cilium_clusterwide_network_policy = 105; } } @@ -97,6 +99,81 @@ message KubernetesNetworkPolicyData { repeated NetworkPolicyRule egress_rules = 5; // Egress rules for the policy } +// KubernetesCiliumNetworkPolicyData contains information specific to a CiliumNetworkPolicy object. +// CiliumNetworkPolicy is a namespaced policy that applies to pods selected by the endpoint selector. +// https://docs.cilium.io/en/stable/security/policy/language/#ciliumnetworkpolicy +message KubernetesCiliumNetworkPolicyData { + // Endpoint selector selects the pods to which this policy applies. + // Uses Cilium's endpoint selector which supports label-based and identity-based selection. + LabelSelector endpoint_selector = 1; + // Ingress rules define allowed/denied incoming traffic. + repeated CiliumNetworkPolicyRule ingress_rules = 2; + // Egress rules define allowed/denied outgoing traffic. + repeated CiliumNetworkPolicyRule egress_rules = 3; + // IngressDeny rules explicitly deny incoming traffic. + repeated CiliumNetworkPolicyRule ingress_deny_rules = 4; + // EgressDeny rules explicitly deny outgoing traffic. + repeated CiliumNetworkPolicyRule egress_deny_rules = 5; +} + +// KubernetesCiliumClusterwideNetworkPolicyData contains information specific to a CiliumClusterwideNetworkPolicy object. +// CiliumClusterwideNetworkPolicy is a cluster-scoped policy that applies across all namespaces. +// https://docs.cilium.io/en/stable/security/policy/language/#ciliumclusterwidenetworkpolicy +message KubernetesCiliumClusterwideNetworkPolicyData { + // Endpoint selector selects the pods to which this policy applies cluster-wide. + LabelSelector endpoint_selector = 1; + // Node selector selects the nodes to which this policy applies (for host policies). + optional LabelSelector node_selector = 2; + // Ingress rules define allowed/denied incoming traffic. + repeated CiliumNetworkPolicyRule ingress_rules = 3; + // Egress rules define allowed/denied outgoing traffic. + repeated CiliumNetworkPolicyRule egress_rules = 4; + // IngressDeny rules explicitly deny incoming traffic. + repeated CiliumNetworkPolicyRule ingress_deny_rules = 5; + // EgressDeny rules explicitly deny outgoing traffic. + repeated CiliumNetworkPolicyRule egress_deny_rules = 6; +} + +// CiliumNetworkPolicyRule defines a single Cilium ingress or egress rule. +// Cilium rules support richer selectors including identity-based and CIDR-based selection. +message CiliumNetworkPolicyRule { + // FromEndpoints selects source endpoints by labels (for ingress rules). + repeated LabelSelector from_endpoints = 1; + // ToEndpoints selects destination endpoints by labels (for egress rules). + repeated LabelSelector to_endpoints = 2; + // FromCIDR allows traffic from specific CIDR ranges. + repeated string from_cidr = 3; + // ToCIDR allows traffic to specific CIDR ranges. + repeated string to_cidr = 4; + // FromCIDRSet allows traffic from CIDR ranges with exceptions. + repeated CiliumCIDRSet from_cidr_set = 5; + // ToCIDRSet allows traffic to CIDR ranges with exceptions. + repeated CiliumCIDRSet to_cidr_set = 6; + // ToPorts specifies the allowed destination ports and protocols. + repeated CiliumPortRule to_ports = 7; + // FromEntities allows traffic from Cilium-defined entities (e.g., "world", "cluster", "host"). + repeated string from_entities = 8; + // ToEntities allows traffic to Cilium-defined entities. + repeated string to_entities = 9; +} + +// CiliumCIDRSet defines a CIDR range with optional exceptions. +message CiliumCIDRSet { + string cidr = 1; + repeated string except = 2; +} + +// CiliumPortRule defines allowed ports and protocols for Cilium policies. +message CiliumPortRule { + repeated CiliumPort ports = 1; +} + +// CiliumPort defines a single port with protocol. +message CiliumPort { + string port = 1; // Port number or name + string protocol = 2; // TCP, UDP, SCTP, or ANY +} + // LabelSelector selects a k8s resource (e.g., a pod or namespace) by its labels. message LabelSelector { map match_labels = 1; diff --git a/cloud-operator/templates/clusterrole.yaml b/cloud-operator/templates/clusterrole.yaml index 4580585d..98298e63 100644 --- a/cloud-operator/templates/clusterrole.yaml +++ b/cloud-operator/templates/clusterrole.yaml @@ -19,6 +19,9 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["networkpolicies", "ingresses", "ingressclasses"] verbs: ["get", "list", "watch"] +- apiGroups: ["cilium.io"] + resources: ["ciliumnetworkpolicies", "ciliumclusterwidenetworkpolicies"] + verbs: ["get", "list", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "watch"] diff --git a/internal/controller/cilium_network_policy.go b/internal/controller/cilium_network_policy.go new file mode 100644 index 00000000..63b4691e --- /dev/null +++ b/internal/controller/cilium_network_policy.go @@ -0,0 +1,337 @@ +// Copyright 2024 Illumio, Inc. All Rights Reserved. + +package controller + +import ( + "google.golang.org/protobuf/types/known/timestamppb" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + pb "github.com/illumio/cloud-operator/api/illumio/cloud/k8sclustersync/v1" +) + +// IsCiliumPolicy returns true if the resource kind is a Cilium network policy. +func IsCiliumPolicy(kind string) bool { + return kind == "CiliumNetworkPolicy" || kind == "CiliumClusterwideNetworkPolicy" +} + +// ConvertUnstructuredToCiliumPolicy converts an unstructured Cilium policy to a KubernetesObjectData proto. +// This handles both CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy. +func ConvertUnstructuredToCiliumPolicy(obj *unstructured.Unstructured) *pb.KubernetesObjectData { + if obj == nil { + return nil + } + + kind := obj.GetKind() + + objMetadata := &pb.KubernetesObjectData{ + Annotations: obj.GetAnnotations(), + CreationTimestamp: timestamppb.New(obj.GetCreationTimestamp().Time), + Kind: kind, + Labels: obj.GetLabels(), + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + OwnerReferences: convertOwnerReferences(obj.GetOwnerReferences()), + ResourceVersion: obj.GetResourceVersion(), + Uid: string(obj.GetUID()), + } + + spec, found, err := unstructured.NestedMap(obj.Object, "spec") + if err != nil || !found { + return objMetadata + } + + switch kind { + case "CiliumNetworkPolicy": + ciliumPolicy := convertCiliumNetworkPolicySpec(spec) + objMetadata.KindSpecific = &pb.KubernetesObjectData_CiliumNetworkPolicy{CiliumNetworkPolicy: ciliumPolicy} + case "CiliumClusterwideNetworkPolicy": + ciliumPolicy := convertCiliumClusterwideNetworkPolicySpec(spec) + objMetadata.KindSpecific = &pb.KubernetesObjectData_CiliumClusterwideNetworkPolicy{CiliumClusterwideNetworkPolicy: ciliumPolicy} + } + + return objMetadata +} + +// convertCiliumNetworkPolicySpec converts a CiliumNetworkPolicy spec to proto. +func convertCiliumNetworkPolicySpec(spec map[string]any) *pb.KubernetesCiliumNetworkPolicyData { + policy := &pb.KubernetesCiliumNetworkPolicyData{} + + // Extract endpoint selector + if endpointSelector, found, _ := unstructured.NestedMap(spec, "endpointSelector"); found { + policy.EndpointSelector = convertCiliumLabelSelector(endpointSelector) + } + + // Extract ingress rules + if ingress, found, _ := unstructured.NestedSlice(spec, "ingress"); found { + policy.IngressRules = convertCiliumRules(ingress) + } + + // Extract egress rules + if egress, found, _ := unstructured.NestedSlice(spec, "egress"); found { + policy.EgressRules = convertCiliumRules(egress) + } + + // Extract ingress deny rules + if ingressDeny, found, _ := unstructured.NestedSlice(spec, "ingressDeny"); found { + policy.IngressDenyRules = convertCiliumRules(ingressDeny) + } + + // Extract egress deny rules + if egressDeny, found, _ := unstructured.NestedSlice(spec, "egressDeny"); found { + policy.EgressDenyRules = convertCiliumRules(egressDeny) + } + + return policy +} + +// convertCiliumClusterwideNetworkPolicySpec converts a CiliumClusterwideNetworkPolicy spec to proto. +func convertCiliumClusterwideNetworkPolicySpec(spec map[string]any) *pb.KubernetesCiliumClusterwideNetworkPolicyData { + policy := &pb.KubernetesCiliumClusterwideNetworkPolicyData{} + + // Extract endpoint selector + if endpointSelector, found, _ := unstructured.NestedMap(spec, "endpointSelector"); found { + policy.EndpointSelector = convertCiliumLabelSelector(endpointSelector) + } + + // Extract node selector (specific to clusterwide policies) + if nodeSelector, found, _ := unstructured.NestedMap(spec, "nodeSelector"); found { + policy.NodeSelector = convertCiliumLabelSelector(nodeSelector) + } + + // Extract ingress rules + if ingress, found, _ := unstructured.NestedSlice(spec, "ingress"); found { + policy.IngressRules = convertCiliumRules(ingress) + } + + // Extract egress rules + if egress, found, _ := unstructured.NestedSlice(spec, "egress"); found { + policy.EgressRules = convertCiliumRules(egress) + } + + // Extract ingress deny rules + if ingressDeny, found, _ := unstructured.NestedSlice(spec, "ingressDeny"); found { + policy.IngressDenyRules = convertCiliumRules(ingressDeny) + } + + // Extract egress deny rules + if egressDeny, found, _ := unstructured.NestedSlice(spec, "egressDeny"); found { + policy.EgressDenyRules = convertCiliumRules(egressDeny) + } + + return policy +} + +// convertCiliumLabelSelector converts a Cilium label selector from unstructured to proto. +func convertCiliumLabelSelector(selector map[string]any) *pb.LabelSelector { + if selector == nil { + return nil + } + + result := &pb.LabelSelector{} + + // Extract matchLabels + if matchLabels, found, _ := unstructured.NestedStringMap(selector, "matchLabels"); found { + result.MatchLabels = matchLabels + } + + // Extract matchExpressions + if matchExpressions, found, _ := unstructured.NestedSlice(selector, "matchExpressions"); found { + result.MatchExpressions = convertCiliumMatchExpressions(matchExpressions) + } + + return result +} + +// convertCiliumMatchExpressions converts match expressions from unstructured to proto. +func convertCiliumMatchExpressions(expressions []any) []*pb.LabelSelectorRequirement { + if len(expressions) == 0 { + return nil + } + + result := make([]*pb.LabelSelectorRequirement, 0, len(expressions)) + for _, expr := range expressions { + exprMap, ok := expr.(map[string]any) + if !ok { + continue + } + + req := &pb.LabelSelectorRequirement{} + if key, found, _ := unstructured.NestedString(exprMap, "key"); found { + req.Key = key + } + if operator, found, _ := unstructured.NestedString(exprMap, "operator"); found { + req.Operator = operator + } + if values, found, _ := unstructured.NestedStringSlice(exprMap, "values"); found { + req.Values = values + } + + result = append(result, req) + } + + return result +} + +// convertCiliumRules converts Cilium ingress/egress rules from unstructured to proto. +func convertCiliumRules(rules []any) []*pb.CiliumNetworkPolicyRule { + if len(rules) == 0 { + return nil + } + + result := make([]*pb.CiliumNetworkPolicyRule, 0, len(rules)) + for _, rule := range rules { + ruleMap, ok := rule.(map[string]any) + if !ok { + continue + } + + protoRule := &pb.CiliumNetworkPolicyRule{} + + // FromEndpoints + if fromEndpoints, found, _ := unstructured.NestedSlice(ruleMap, "fromEndpoints"); found { + protoRule.FromEndpoints = convertCiliumEndpointSelectors(fromEndpoints) + } + + // ToEndpoints + if toEndpoints, found, _ := unstructured.NestedSlice(ruleMap, "toEndpoints"); found { + protoRule.ToEndpoints = convertCiliumEndpointSelectors(toEndpoints) + } + + // FromCIDR + if fromCIDR, found, _ := unstructured.NestedStringSlice(ruleMap, "fromCIDR"); found { + protoRule.FromCidr = fromCIDR + } + + // ToCIDR + if toCIDR, found, _ := unstructured.NestedStringSlice(ruleMap, "toCIDR"); found { + protoRule.ToCidr = toCIDR + } + + // FromCIDRSet + if fromCIDRSet, found, _ := unstructured.NestedSlice(ruleMap, "fromCIDRSet"); found { + protoRule.FromCidrSet = convertCiliumCIDRSets(fromCIDRSet) + } + + // ToCIDRSet + if toCIDRSet, found, _ := unstructured.NestedSlice(ruleMap, "toCIDRSet"); found { + protoRule.ToCidrSet = convertCiliumCIDRSets(toCIDRSet) + } + + // ToPorts + if toPorts, found, _ := unstructured.NestedSlice(ruleMap, "toPorts"); found { + protoRule.ToPorts = convertCiliumPortRules(toPorts) + } + + // FromEntities + if fromEntities, found, _ := unstructured.NestedStringSlice(ruleMap, "fromEntities"); found { + protoRule.FromEntities = fromEntities + } + + // ToEntities + if toEntities, found, _ := unstructured.NestedStringSlice(ruleMap, "toEntities"); found { + protoRule.ToEntities = toEntities + } + + result = append(result, protoRule) + } + + return result +} + +// convertCiliumEndpointSelectors converts endpoint selectors from unstructured to proto. +func convertCiliumEndpointSelectors(selectors []any) []*pb.LabelSelector { + if len(selectors) == 0 { + return nil + } + + result := make([]*pb.LabelSelector, 0, len(selectors)) + for _, selector := range selectors { + selectorMap, ok := selector.(map[string]any) + if !ok { + continue + } + + result = append(result, convertCiliumLabelSelector(selectorMap)) + } + + return result +} + +// convertCiliumCIDRSets converts CIDR sets from unstructured to proto. +func convertCiliumCIDRSets(cidrSets []any) []*pb.CiliumCIDRSet { + if len(cidrSets) == 0 { + return nil + } + + result := make([]*pb.CiliumCIDRSet, 0, len(cidrSets)) + for _, cidrSet := range cidrSets { + cidrSetMap, ok := cidrSet.(map[string]any) + if !ok { + continue + } + + protoSet := &pb.CiliumCIDRSet{} + if cidr, found, _ := unstructured.NestedString(cidrSetMap, "cidr"); found { + protoSet.Cidr = cidr + } + if except, found, _ := unstructured.NestedStringSlice(cidrSetMap, "except"); found { + protoSet.Except = except + } + + result = append(result, protoSet) + } + + return result +} + +// convertCiliumPortRules converts port rules from unstructured to proto. +func convertCiliumPortRules(portRules []any) []*pb.CiliumPortRule { + if len(portRules) == 0 { + return nil + } + + result := make([]*pb.CiliumPortRule, 0, len(portRules)) + for _, portRule := range portRules { + portRuleMap, ok := portRule.(map[string]any) + if !ok { + continue + } + + protoRule := &pb.CiliumPortRule{} + + if ports, found, _ := unstructured.NestedSlice(portRuleMap, "ports"); found { + protoRule.Ports = convertCiliumPorts(ports) + } + + result = append(result, protoRule) + } + + return result +} + +// convertCiliumPorts converts ports from unstructured to proto. +func convertCiliumPorts(ports []any) []*pb.CiliumPort { + if len(ports) == 0 { + return nil + } + + result := make([]*pb.CiliumPort, 0, len(ports)) + for _, port := range ports { + portMap, ok := port.(map[string]any) + if !ok { + continue + } + + protoPort := &pb.CiliumPort{} + if portVal, found, _ := unstructured.NestedString(portMap, "port"); found { + protoPort.Port = portVal + } + if protocol, found, _ := unstructured.NestedString(portMap, "protocol"); found { + protoPort.Protocol = protocol + } + + result = append(result, protoPort) + } + + return result +} diff --git a/internal/controller/stream/resources/resources.go b/internal/controller/stream/resources/resources.go index 196e1a5b..f15526c6 100644 --- a/internal/controller/stream/resources/resources.go +++ b/internal/controller/stream/resources/resources.go @@ -20,6 +20,8 @@ import ( ) var resourceList = []string{ + "ciliumclusterwidenetworkpolicies", + "ciliumnetworkpolicies", "cronjobs", "customresourcedefinitions", "daemonsets", diff --git a/internal/controller/stream/resources/watcher.go b/internal/controller/stream/resources/watcher.go index 33e2c7cd..38b69d6e 100644 --- a/internal/controller/stream/resources/watcher.go +++ b/internal/controller/stream/resources/watcher.go @@ -90,6 +90,11 @@ func (r *Watcher) WatchK8sResources(ctx context.Context, cancel context.CancelFu func (r *Watcher) DynamicListResources(ctx context.Context, logger *zap.Logger, apiGroup string) (string, error) { objGVR := schema.GroupVersionResource{Group: apiGroup, Version: "v1", Resource: r.resourceName} + // For Cilium policies, we need the full unstructured object to extract the spec + if controller.IsCiliumPolicy(removeListSuffix(r.resourceName)) { + return r.listCiliumResources(ctx, logger, objGVR) + } + objs, resourceListVersion, resourceK8sKind, err := r.ListResources(ctx, objGVR, metav1.NamespaceAll) if err != nil { return "", err @@ -117,6 +122,36 @@ func (r *Watcher) DynamicListResources(ctx context.Context, logger *zap.Logger, return resourceListVersion, nil } +// listCiliumResources handles listing Cilium network policies with full spec conversion. +func (r *Watcher) listCiliumResources(ctx context.Context, logger *zap.Logger, objGVR schema.GroupVersionResource) (string, error) { + unstructuredResources, err := r.FetchResources(ctx, objGVR, metav1.NamespaceAll) + if err != nil { + return "", err + } + + for i := range unstructuredResources.Items { + item := &unstructuredResources.Items[i] + metadataObj := controller.ConvertUnstructuredToCiliumPolicy(item) + + err = r.streamManager.SendObjectData(logger, metadataObj) + if err != nil { + r.logger.Error("Cannot send Cilium policy metadata", zap.Error(err)) + + return "", err + } + } + + r.logger.Debug("Successfully sent Cilium policies", zap.Int("count", len(unstructuredResources.Items))) + + select { + case <-ctx.Done(): + return "", ctx.Err() + default: + } + + return unstructuredResources.GetResourceVersion(), nil +} + //nolint:gocognit // function is complex by nature (watch loop) func (r *Watcher) watchEvents(ctx context.Context, resourceVersion string, mutationChan chan *pb.KubernetesResourceMutation) error { logger := r.logger @@ -351,13 +386,26 @@ func getResourceVersionFromBookmark(event watch.Event) (string, error) { } func (r *Watcher) processMutation(ctx context.Context, event watch.Event, mutationChan chan *pb.KubernetesResourceMutation) (string, error) { - convertedData, err := controller.GetObjectMetadataFromRuntimeObject(event.Object) - if err != nil { - return "", fmt.Errorf("failed to convert runtime.Object to metav1.ObjectMeta: %w", err) - } - resource := event.Object.GetObjectKind().GroupVersionKind().Kind - metadataObj := controller.ConvertMetaObjectToMetadata(ctx, *convertedData, r.clientset, resource) + + var metadataObj *pb.KubernetesObjectData + + // Handle Cilium policies specially to extract full spec + if controller.IsCiliumPolicy(resource) { + unstructuredObj, ok := event.Object.(*unstructured.Unstructured) + if !ok { + return "", fmt.Errorf("failed to convert event object to unstructured for Cilium policy") + } + + metadataObj = controller.ConvertUnstructuredToCiliumPolicy(unstructuredObj) + } else { + convertedData, err := controller.GetObjectMetadataFromRuntimeObject(event.Object) + if err != nil { + return "", fmt.Errorf("failed to convert runtime.Object to metav1.ObjectMeta: %w", err) + } + + metadataObj = controller.ConvertMetaObjectToMetadata(ctx, *convertedData, r.clientset, resource) + } mutation := r.streamManager.CreateMutationObject(metadataObj, event.Type) @@ -367,5 +415,5 @@ func (r *Watcher) processMutation(ctx context.Context, event watch.Event, mutati case mutationChan <- mutation: } - return convertedData.GetResourceVersion(), nil + return metadataObj.GetResourceVersion(), nil } From a78e731d19235f506e508898d133b217f49684f8 Mon Sep 17 00:00:00 2001 From: Pavan Innamuri Date: Tue, 31 Mar 2026 13:42:57 -0700 Subject: [PATCH 2/2] Add API version handling for Cilium v2 - Add apiGroupVersions map to support non-v1 API versions - Handle cilium.io resources with v2 API version - Add resources_test.go for testing API version logic - Fix mutation channel handling with proper close check --- .../controller/stream/resources/resources.go | 23 +++++++- .../stream/resources/resources_test.go | 53 +++++++++++++++++++ .../controller/stream/resources/watcher.go | 11 ++-- 3 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 internal/controller/stream/resources/resources_test.go diff --git a/internal/controller/stream/resources/resources.go b/internal/controller/stream/resources/resources.go index f15526c6..731898fa 100644 --- a/internal/controller/stream/resources/resources.go +++ b/internal/controller/stream/resources/resources.go @@ -46,6 +46,22 @@ var resourceList = []string{ var resourceAPIGroupMap = make(map[string]string) +// apiGroupVersions defines API versions for resource groups that don't use v1. +// All other groups default to v1. +var apiGroupVersions = map[string]string{ + "cilium.io": "v2", + "networking.k8s.aws": "v1alpha1", // future: EKS +} + +// getVersionForGroup returns the API version for a given API group. +// Returns "v1" for standard Kubernetes resources. +func getVersionForGroup(group string) string { + if version, ok := apiGroupVersions[group]; ok { + return version + } + return "v1" +} + // Stream handles the resource stream. func Stream(ctx context.Context, sm *stream.Manager, logger *zap.Logger, cancel context.CancelFunc, keepalivePeriod time.Duration) error { defer cancel() @@ -160,7 +176,12 @@ func Stream(ctx context.Context, sm *stream.Manager, logger *zap.Logger, cancel if err != nil { return err } - case mutation := <-mutationChan: + case mutation, ok := <-mutationChan: + if !ok { + // Channel closed, all watchers finished + return nil + } + request := &pb.SendKubernetesResourcesRequest{ Request: &pb.SendKubernetesResourcesRequest_KubernetesResourceMutation{ KubernetesResourceMutation: mutation, diff --git a/internal/controller/stream/resources/resources_test.go b/internal/controller/stream/resources/resources_test.go new file mode 100644 index 00000000..c8ce26a1 --- /dev/null +++ b/internal/controller/stream/resources/resources_test.go @@ -0,0 +1,53 @@ +// Copyright 2026 Illumio, Inc. All Rights Reserved. + +package resources + +import "testing" + +func TestGetVersionForGroup(t *testing.T) { + tests := []struct { + name string + group string + expected string + }{ + { + name: "core API group returns v1", + group: "", + expected: "v1", + }, + { + name: "apps group returns v1", + group: "apps", + expected: "v1", + }, + { + name: "networking.k8s.io group returns v1", + group: "networking.k8s.io", + expected: "v1", + }, + { + name: "cilium.io group returns v2", + group: "cilium.io", + expected: "v2", + }, + { + name: "networking.k8s.aws group returns v1alpha1", + group: "networking.k8s.aws", + expected: "v1alpha1", + }, + { + name: "unknown group returns v1", + group: "unknown.io", + expected: "v1", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := getVersionForGroup(tt.group) + if got != tt.expected { + t.Errorf("getVersionForGroup(%q) = %q, want %q", tt.group, got, tt.expected) + } + }) + } +} diff --git a/internal/controller/stream/resources/watcher.go b/internal/controller/stream/resources/watcher.go index 38b69d6e..3d3d89da 100644 --- a/internal/controller/stream/resources/watcher.go +++ b/internal/controller/stream/resources/watcher.go @@ -88,7 +88,7 @@ func (r *Watcher) WatchK8sResources(ctx context.Context, cancel context.CancelFu // DynamicListResources lists a specified resource dynamically and sends down the current gRPC stream. func (r *Watcher) DynamicListResources(ctx context.Context, logger *zap.Logger, apiGroup string) (string, error) { - objGVR := schema.GroupVersionResource{Group: apiGroup, Version: "v1", Resource: r.resourceName} + objGVR := schema.GroupVersionResource{Group: apiGroup, Version: getVersionForGroup(apiGroup), Resource: r.resourceName} // For Cilium policies, we need the full unstructured object to extract the spec if controller.IsCiliumPolicy(removeListSuffix(r.resourceName)) { @@ -133,6 +133,11 @@ func (r *Watcher) listCiliumResources(ctx context.Context, logger *zap.Logger, o item := &unstructuredResources.Items[i] metadataObj := controller.ConvertUnstructuredToCiliumPolicy(item) + r.logger.Info("Sending Cilium policy", + zap.String("name", item.GetName()), + zap.String("namespace", item.GetNamespace()), + zap.String("kind", item.GetKind())) + err = r.streamManager.SendObjectData(logger, metadataObj) if err != nil { r.logger.Error("Cannot send Cilium policy metadata", zap.Error(err)) @@ -141,7 +146,7 @@ func (r *Watcher) listCiliumResources(ctx context.Context, logger *zap.Logger, o } } - r.logger.Debug("Successfully sent Cilium policies", zap.Int("count", len(unstructuredResources.Items))) + r.logger.Info("Successfully sent Cilium policies", zap.Int("count", len(unstructuredResources.Items))) select { case <-ctx.Done(): @@ -304,7 +309,7 @@ func (r *Watcher) newWatcher(ctx context.Context, resourceVersion string, logger AllowWatchBookmarks: true, } - objGVR := schema.GroupVersionResource{Group: r.apiGroup, Version: "v1", Resource: r.resourceName} + objGVR := schema.GroupVersionResource{Group: r.apiGroup, Version: getVersionForGroup(r.apiGroup), Resource: r.resourceName} w, err := r.dynamicClient.Resource(objGVR).Namespace(metav1.NamespaceAll).Watch(ctx, watchOptions) if err != nil {