Endpoint CRD

When managing pods in Kubernetes, Cilium will create a Custom Resource Definition (CRD) of Kind CiliumEndpoint. One CiliumEndpoint is created for each pod managed by Cilium, with the same name and in the same namespace. The CiliumEndpoint objects contain the same information as the json output of cilium-dbg endpoint get under the .status field, but can be fetched for all pods in the cluster. Adding the -o json will export more information about each endpoint. This includes the endpoint’s labels, security identity and the policy in effect on it.

For example:

$ kubectl get ciliumendpoints --all-namespaces
NAMESPACE     NAME                     AGE
default       app1-55d7944bdd-l7c8j    1h
default       app1-55d7944bdd-sn9xj    1h
default       app2                     1h
default       app3                     1h
kube-system   cilium-health-minikube   1h
kube-system   microscope               1h

Note

Each cilium-agent pod will create a CiliumEndpoint to represent its own inter-agent health-check endpoint. These are not pods in Kubernetes and are in the kube-system namespace. They are named as cilium-health-<node-name>