From 6e2b7370a70cd9acc187e95c23c802a3d5b69df9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jun 2024 14:56:11 -0400
Subject: [PATCH 01/39] deps: bump github.com/aws/aws-sdk-go-v2/service/s3 from
 1.55.2 to 1.56.0 (#490)

Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.55.2 to 1.56.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/077df5deb4f94e0cacc5c64c4538e49b6c711563"><code>077df5d</code></a>
Release 2024-06-18</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/3320b138b7ef295ad49afcaa9b04b6dca5e0e8ad"><code>3320b13</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/1315201166439e42a027b644eb29de62e5e1ecee"><code>1315201</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/8dddc9c41a16c7f622ba149d5f15b78e33ff7f1c"><code>8dddc9c</code></a>
add SDK-specific feature tracking (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2682">#2682</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.55.2...service/s3/v1.56.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.55.2&new-version=1.56.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 4630af9840..64d924e531 100644
--- a/go.mod
+++ b/go.mod
@@ -38,11 +38,11 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 // indirect
@@ -273,7 +273,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.29.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.20
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.55.2
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.15.6
 	github.com/cilium/ebpf v0.15.0
diff --git a/go.sum b/go.sum
index 50f9081cd9..d9206ac3c6 100644
--- a/go.sum
+++ b/go.sum
@@ -110,18 +110,18 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.10 h1:KPPEosyvs2q6sGbRj/LIGMpqPStDZKtEy/CEbBl+tps=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.10/go.mod h1:6pZBDPNlCwrpj79TpGfjgaliXrC3lvoFGMCg7Rtc7p8=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 h1:jJ2dythFP5oNunvwc3gBsINl3ZPt/InVm4a5OAr3tag=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11/go.mod h1:SNkot0zeLtgjP54/6BGuyG12pBcXi77jV5nbEsPgPzg=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.12 h1:77ORAasgQRiNRi1du4UVmttQg2Wf41WSe7TvpmpmDg0=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.12/go.mod h1:PsApornkaurUc1DIGUdiBzC19GfF1fy2ZH93O2JWigc=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 h1:zmKtGN1dMQDVBsfCePykMQmTfWY+jlaUTv55RF5b31w=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13/go.mod h1:1UzMv5n56AjbPR9834o5YLw5dH6baIsY60Ib84s1NCc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.10 h1:1Hmy47QP13NjScoCMOr9kJo/hqKqf+tskyGpxVgNBxU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.10/go.mod h1:8jZvhEt+MemeoHm9P4WFk/AVfIa9sCWL80OAKNDNTCM=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.55.2 h1:9UkFXpS7uU7ipUlj2sSkLtIo3Sa+LtbnObBJdx8yjd0=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.55.2/go.mod h1:Cijxa/K9vFQ9RPd16rq3cE+0Sg5hvmpEkTo+LThg43E=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 h1:QNkz5KqOUdeq1D0AP9r7Af6hNKyb0fnFa/L4DEKTp+Q=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11/go.mod h1:c7R1eDLOU5hQ4f66TYzyAT2AeLLtw5khZJpbGCo1cYU=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0 h1:NZIFz15bhrWwewGU0tdUGsisKPQxvzy3O4dL5jgBDKw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0/go.mod h1:ha/DkVoeDtS0XwRKyOiXP2J4Vzo3zpiE0yGi7Ej0X3o=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=

From 04a1a11d2d73c2d06c5da1d473dc0d6974eaded4 Mon Sep 17 00:00:00 2001
From: Jacques Massa <jac.massa0908@gmail.com>
Date: Wed, 19 Jun 2024 15:36:57 -0400
Subject: [PATCH 02/39] fix import error

---
 pkg/cilium/endpoint_client.go         | 144 --------------------------
 pkg/cilium/errors.go                  |  26 -----
 pkg/cilium/errors_test.go             |  14 ---
 pkg/cilium/identity_client.go         | 120 ---------------------
 pkg/cilium/resource.go                | 117 ---------------------
 pkg/cilium/versioned_client.go        | 121 ----------------------
 pkg/utils/testutil/cilium/resource.go |   5 +
 7 files changed, 5 insertions(+), 542 deletions(-)
 delete mode 100644 pkg/cilium/endpoint_client.go
 delete mode 100644 pkg/cilium/errors.go
 delete mode 100644 pkg/cilium/errors_test.go
 delete mode 100644 pkg/cilium/identity_client.go
 delete mode 100644 pkg/cilium/resource.go
 delete mode 100644 pkg/cilium/versioned_client.go

diff --git a/pkg/cilium/endpoint_client.go b/pkg/cilium/endpoint_client.go
deleted file mode 100644
index 7372906f8c..0000000000
--- a/pkg/cilium/endpoint_client.go
+++ /dev/null
@@ -1,144 +0,0 @@
-//go:unit
-
-package ciliumutil
-
-import (
-	"context"
-	"encoding/json"
-
-	"github.com/sirupsen/logrus"
-
-	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
-	ciliumv2 "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2"
-	"github.com/cilium/cilium/pkg/k8s/resource"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/watch"
-)
-
-// ensure all interfaces are implemented
-var _ ciliumv2.CiliumEndpointInterface = &MockEndpointClient{}
-
-type MockEndpointClient struct {
-	l               logrus.FieldLogger
-	namespace       string
-	ciliumEndpoints *MockResource[*v2.CiliumEndpoint]
-	watchers        []watch.Interface
-}
-
-func NewMockEndpointClient(l logrus.FieldLogger, namespace string, ciliumEndpoints *MockResource[*v2.CiliumEndpoint]) *MockEndpointClient {
-	return &MockEndpointClient{
-		l:               l,
-		namespace:       namespace,
-		ciliumEndpoints: ciliumEndpoints,
-		watchers:        make([]watch.Interface, 0),
-	}
-}
-
-func (m *MockEndpointClient) Create(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.CreateOptions) (*v2.CiliumEndpoint, error) {
-	m.l.Info("MockEndpointClient.Create() called")
-	_, ok, err := m.ciliumEndpoints.GetByKey(resource.NewKey(ciliumEndpoint))
-	if err != nil {
-		return nil, err
-	}
-	if ok {
-		return nil, ErrAlreadyExists
-	}
-
-	m.ciliumEndpoints.Upsert(ciliumEndpoint)
-	return ciliumEndpoint, nil
-}
-
-func (m *MockEndpointClient) Update(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
-	m.l.Info("MockEndpointClient.Update() called")
-	m.ciliumEndpoints.cache[resource.NewKey(ciliumEndpoint)] = ciliumEndpoint
-	return ciliumEndpoint, nil
-}
-
-func (m *MockEndpointClient) UpdateStatus(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
-	m.l.Warn("MockEndpointClient.UpdateStatus() called but this returns nil because it's not implemented")
-	return nil, ErrNotImplemented
-}
-
-func (m *MockEndpointClient) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
-	m.l.Info("MockEndpointClient.Delete() called")
-	_, ok, err := m.ciliumEndpoints.GetByKey(resource.Key{Name: name, Namespace: m.namespace})
-	if err != nil {
-		return err
-	}
-	if !ok {
-		return ErrNotFound{}
-	}
-	m.ciliumEndpoints.Delete(resource.Key{Name: name, Namespace: m.namespace})
-	return nil
-}
-
-func (m *MockEndpointClient) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	m.l.Warn("MockEndpointClient.DeleteCollection() called but this is not implemented")
-	return ErrNotImplemented
-}
-
-func (m *MockEndpointClient) Get(ctx context.Context, name string, opts v1.GetOptions) (*v2.CiliumEndpoint, error) {
-	m.l.Info("MockEndpointClient.Get() called")
-	item, _, err := m.ciliumEndpoints.GetByKey(resource.Key{Name: name, Namespace: m.namespace})
-	if err != nil {
-		return nil, err
-	}
-	return item, nil
-}
-
-func (m *MockEndpointClient) List(ctx context.Context, opts v1.ListOptions) (*v2.CiliumEndpointList, error) {
-	m.l.Info("MockEndpointClient.List() called")
-
-	items := make([]v2.CiliumEndpoint, len(m.ciliumEndpoints.cache))
-	for _, cep := range m.ciliumEndpoints.cache {
-		items = append(items, *cep)
-	}
-
-	return &v2.CiliumEndpointList{Items: items}, nil
-}
-
-func (m *MockEndpointClient) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
-	m.l.Warn("MockEndpointClient.Watch() called but this returns a fake watch because it's not implemented")
-
-	// not sure if watching is important for us
-	w := watch.NewFake()
-	m.watchers = append(m.watchers, w)
-	return w, nil
-}
-
-func (m *MockEndpointClient) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2.CiliumEndpoint, err error) {
-	key := resource.Key{Name: name, Namespace: m.namespace}
-	cep, ok, err := m.ciliumEndpoints.GetByKey(key)
-	if err != nil {
-		return nil, err
-	}
-
-	if !ok {
-		return nil, ErrNotFound{}
-	}
-
-	var replaceCEPStatus []JSONPatch
-	err = json.Unmarshal(data, &replaceCEPStatus)
-	if err != nil {
-		return nil, err
-	}
-
-	cep.Status = replaceCEPStatus[0].Value
-	m.ciliumEndpoints.Upsert(cep)
-	cep, ok, err = m.ciliumEndpoints.GetByKey(key)
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return nil, ErrNotFound{}
-	}
-
-	return cep, nil
-}
-
-type JSONPatch struct {
-	OP    string            `json:"op,omitempty"`
-	Path  string            `json:"path,omitempty"`
-	Value v2.EndpointStatus `json:"value"`
-}
diff --git a/pkg/cilium/errors.go b/pkg/cilium/errors.go
deleted file mode 100644
index 5b21fa8bfc..0000000000
--- a/pkg/cilium/errors.go
+++ /dev/null
@@ -1,26 +0,0 @@
-//go:unit
-
-package ciliumutil
-
-import (
-	"github.com/pkg/errors"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-var (
-	ErrAlreadyExists  = errors.New("already exists")
-	ErrNotImplemented = errors.New("not implemented")
-)
-
-type ErrNotFound struct{}
-
-func (e ErrNotFound) Error() string {
-	return "not found on API server"
-}
-
-func (e ErrNotFound) Status() v1.Status {
-	return v1.Status{
-		Reason: v1.StatusReasonNotFound,
-		Code:   404,
-	}
-}
diff --git a/pkg/cilium/errors_test.go b/pkg/cilium/errors_test.go
deleted file mode 100644
index 1a8528ed4d..0000000000
--- a/pkg/cilium/errors_test.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package ciliumutil
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-)
-
-func TestErrNotFound(t *testing.T) {
-	err := ErrNotFound{}
-	require.True(t, apierrors.IsNotFound(err))
-}
diff --git a/pkg/cilium/identity_client.go b/pkg/cilium/identity_client.go
deleted file mode 100644
index 38fa399057..0000000000
--- a/pkg/cilium/identity_client.go
+++ /dev/null
@@ -1,120 +0,0 @@
-//go:unit
-
-package ciliumutil
-
-import (
-	"context"
-
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/watch"
-
-	"github.com/sirupsen/logrus"
-
-	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
-	ciliumv2 "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2"
-)
-
-// ensure all interfaces are implemented
-var _ ciliumv2.CiliumIdentityInterface = &MockIdentityClient{}
-
-// MockIdentityClient is a mock implementation of ciliumv2.CiliumIdentityInterface.
-// We only implement what's needed. These methods are used by:
-// - CRDBackend within the Allocator within the IdentityManager
-// - identitygc cell
-type MockIdentityClient struct {
-	l logrus.FieldLogger
-	// identities maps identity name to identity
-	// namespace is irrelevant since identity names must be globally unique numbers
-	identities map[string]*v2.CiliumIdentity
-	watchers   []watch.Interface
-}
-
-func NewMockIdentityClient(l logrus.FieldLogger) *MockIdentityClient {
-	return &MockIdentityClient{
-		l:          l,
-		identities: make(map[string]*v2.CiliumIdentity),
-		watchers:   make([]watch.Interface, 0),
-	}
-}
-
-func (m *MockIdentityClient) GetIdentities() map[string]*v2.CiliumIdentity {
-	return m.identities
-}
-
-func (m *MockIdentityClient) Create(ctx context.Context, ciliumIdentity *v2.CiliumIdentity, opts v1.CreateOptions) (*v2.CiliumIdentity, error) {
-	m.l.Info("MockIdentityClient.Create() called")
-	if _, ok := m.identities[ciliumIdentity.Name]; ok {
-		return nil, ErrAlreadyExists
-	}
-
-	m.identities[ciliumIdentity.Name] = ciliumIdentity
-	return ciliumIdentity, nil
-}
-
-func (m *MockIdentityClient) Update(ctx context.Context, ciliumIdentity *v2.CiliumIdentity, opts v1.UpdateOptions) (*v2.CiliumIdentity, error) {
-	m.l.Info("MockIdentityClient.Update() called")
-
-	if _, ok := m.identities[ciliumIdentity.Name]; ok {
-		m.l.Info("MockIdentityClient.Update() found existing identity")
-	} else {
-		m.l.Info("MockIdentityClient.Update() did not find existing identity")
-	}
-
-	m.identities[ciliumIdentity.Name] = ciliumIdentity
-	return ciliumIdentity, nil
-}
-
-func (m *MockIdentityClient) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
-	m.l.Info("MockIdentityClient.Delete() called")
-
-	if _, ok := m.identities[name]; ok {
-		m.l.Info("MockIdentityClient.Delete() found existing identity")
-	} else {
-		m.l.Info("MockIdentityClient.Delete() did not find existing identity")
-	}
-
-	delete(m.identities, name)
-	return nil
-}
-
-func (m *MockIdentityClient) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	m.l.Warn("MockIdentityClient.DeleteCollection() called but this is not implemented")
-	return ErrNotImplemented
-}
-
-func (m *MockIdentityClient) Get(ctx context.Context, name string, opts v1.GetOptions) (*v2.CiliumIdentity, error) {
-	m.l.Info("MockIdentityClient.Get() called")
-
-	if identity, ok := m.identities[name]; ok {
-		m.l.Info("MockIdentityClient.Get() found existing identity")
-		return identity, nil
-	}
-
-	return nil, ErrNotFound{}
-}
-
-func (m *MockIdentityClient) List(ctx context.Context, opts v1.ListOptions) (*v2.CiliumIdentityList, error) {
-	m.l.Info("MockIdentityClient.List() called")
-
-	items := make([]v2.CiliumIdentity, len(m.identities))
-	for _, identity := range m.identities {
-		items = append(items, *identity)
-	}
-
-	return &v2.CiliumIdentityList{Items: items}, nil
-}
-
-func (m *MockIdentityClient) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
-	m.l.Warn("MockIdentityClient.Watch() called but this returns a fake watch because it's not implemented")
-
-	// not sure if watching is important for us
-	w := watch.NewFake()
-	m.watchers = append(m.watchers, w)
-	return w, nil
-}
-
-func (m *MockIdentityClient) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2.CiliumIdentity, err error) {
-	m.l.Warn("MockIdentityClient.Patch() called but this returns nil because it's not implemented")
-	return nil, ErrNotImplemented
-}
diff --git a/pkg/cilium/resource.go b/pkg/cilium/resource.go
deleted file mode 100644
index cdaef01cb8..0000000000
--- a/pkg/cilium/resource.go
+++ /dev/null
@@ -1,117 +0,0 @@
-//go:unit
-
-package ciliumutil
-
-import (
-	"context"
-
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-
-	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/tools/cache"
-
-	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
-	"github.com/cilium/cilium/pkg/k8s/resource"
-)
-
-var ErrMockStoreFailure = errors.New("mock store failure")
-
-// ensure all interfaces are implemented
-var (
-	_ resource.Resource[*ciliumv2.CiliumEndpoint] = NewMockResource[*ciliumv2.CiliumEndpoint](nil)
-	_ resource.Store[*ciliumv2.CiliumEndpoint]    = NewMockResource[*ciliumv2.CiliumEndpoint](nil)
-)
-
-// MockResource is a mock implementation of resource.Resource AND resource.Store
-// It currently only implements the methods used in the endpoint controller
-// i.e. Store() and GetByKey()
-// plus some helpers to add/remove items from the cache and error on the next call to Store()
-type MockResource[T k8sRuntime.Object] struct {
-	l                       logrus.FieldLogger
-	cache                   map[resource.Key]T
-	shouldFailNextStoreCall bool
-}
-
-func NewMockResource[T k8sRuntime.Object](l logrus.FieldLogger) *MockResource[T] {
-	return &MockResource[T]{
-		l:     l,
-		cache: make(map[resource.Key]T),
-	}
-}
-
-func (r *MockResource[T]) Upsert(obj T) {
-	r.l.Info("Upsert() called")
-	r.cache[resource.NewKey(obj)] = obj
-}
-
-func (r *MockResource[T]) Delete(k resource.Key) {
-	r.l.Info("Delete() called")
-	delete(r.cache, k)
-}
-
-// FailOnNextStoreCall will cause the next call to Store() to return an error
-func (r *MockResource[T]) FailOnNextStoreCall() {
-	r.l.Info("next call to Store() will fail")
-	r.shouldFailNextStoreCall = true
-}
-
-func (r *MockResource[T]) Observe(ctx context.Context, next func(resource.Event[T]), complete func(error)) {
-	r.l.Warn("Observe() called but this is not implemented")
-}
-
-func (r *MockResource[T]) Events(ctx context.Context, opts ...resource.EventsOpt) <-chan resource.Event[T] {
-	r.l.Warn("Events() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (r *MockResource[T]) Store(context.Context) (resource.Store[T], error) {
-	if r.shouldFailNextStoreCall {
-		r.l.Info("Store() failed")
-		r.shouldFailNextStoreCall = false
-		return nil, ErrMockStoreFailure
-	}
-
-	r.l.Info("Store() succeeded")
-	return r, nil
-}
-
-func (r *MockResource[T]) List() []T {
-	r.l.Warn("List() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (r *MockResource[T]) IterKeys() resource.KeyIter {
-	r.l.Warn("IterKeys() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (r *MockResource[T]) Get(obj T) (item T, exists bool, err error) {
-	r.l.Warn("Get() called but this returns nil because it's not implemented")
-	return obj, false, nil
-}
-
-func (r *MockResource[T]) GetByKey(key resource.Key) (item T, exists bool, err error) {
-	if _, ok := r.cache[key]; ok {
-		r.l.Info("GetByKey() called and found item")
-		return r.cache[key], true, nil
-	}
-
-	r.l.Info("GetByKey() called and no item found")
-	return item, false, nil
-}
-
-func (r *MockResource[T]) IndexKeys(indexName, indexedValue string) ([]string, error) {
-	r.l.Warn("IndexKeys() called but this returns nil because it's not implemented")
-	return nil, nil
-}
-
-func (r *MockResource[T]) ByIndex(indexName, indexedValue string) ([]T, error) {
-	r.l.Warn("ByIndex() called but this returns nil because it's not implemented")
-	return nil, nil
-}
-
-func (r *MockResource[T]) CacheStore() cache.Store {
-	r.l.Warn("CacheStore() called but this returns nil because it's not implemented")
-	return nil
-}
diff --git a/pkg/cilium/versioned_client.go b/pkg/cilium/versioned_client.go
deleted file mode 100644
index d61044fdf9..0000000000
--- a/pkg/cilium/versioned_client.go
+++ /dev/null
@@ -1,121 +0,0 @@
-//go:unit
-
-package ciliumutil
-
-import (
-	"github.com/sirupsen/logrus"
-
-	"k8s.io/client-go/rest"
-
-	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
-	"github.com/cilium/cilium/pkg/k8s/client/clientset/versioned"
-	ciliumv2 "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2"
-	ciliumv2alpha1 "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1"
-	discovery "k8s.io/client-go/discovery"
-)
-
-// ensure all interfaces are implemented
-var (
-	_ versioned.Interface        = &MockVersionedClient{}
-	_ ciliumv2.CiliumV2Interface = &MockCiliumV2Client{}
-)
-
-// MockVersionedClient is a mock implementation of versioned.Interface
-// Currently it only returns a real value for CiliumV2()
-type MockVersionedClient struct {
-	l logrus.FieldLogger
-	c *MockCiliumV2Client
-}
-
-func NewMockVersionedClient(l logrus.FieldLogger, ciliumEndpoints *MockResource[*v2.CiliumEndpoint]) *MockVersionedClient {
-	return &MockVersionedClient{
-		l: l,
-		c: NewMockCiliumV2Client(l, ciliumEndpoints),
-	}
-}
-
-func (m *MockVersionedClient) Discovery() discovery.DiscoveryInterface {
-	m.l.Warn("MockVersionedClient.Discovery() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockVersionedClient) CiliumV2() ciliumv2.CiliumV2Interface {
-	m.l.Info("MockVersionedClient.CiliumV2() called")
-	return m.c
-}
-
-func (m *MockVersionedClient) CiliumV2alpha1() ciliumv2alpha1.CiliumV2alpha1Interface {
-	m.l.Warn("MockVersionedClient.CiliumV2alpha1() called but this returns nil because it's not implemented")
-	return nil
-}
-
-// MockCiliumV2Client is a mock implementation of ciliumv2.CiliumV2Interface.
-// Currently it only returns a real value for CiliumIdentities()
-type MockCiliumV2Client struct {
-	l               logrus.FieldLogger
-	identitiyClient *MockIdentityClient
-	ciliumEndpoints *MockResource[*v2.CiliumEndpoint]
-}
-
-func NewMockCiliumV2Client(l logrus.FieldLogger, ciliumEndpoints *MockResource[*v2.CiliumEndpoint]) *MockCiliumV2Client {
-	return &MockCiliumV2Client{
-		l:               l,
-		identitiyClient: NewMockIdentityClient(l),
-		ciliumEndpoints: ciliumEndpoints,
-	}
-}
-
-func (m *MockCiliumV2Client) RESTClient() rest.Interface {
-	m.l.Warn("MockCiliumV2Client.RESTClient() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumClusterwideEnvoyConfigs() ciliumv2.CiliumClusterwideEnvoyConfigInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumClusterwideEnvoyConfigs() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumClusterwideNetworkPolicies() ciliumv2.CiliumClusterwideNetworkPolicyInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumClusterwideNetworkPolicies() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumEgressGatewayPolicies() ciliumv2.CiliumEgressGatewayPolicyInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumEgressGatewayPolicies() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumEndpoints(namespace string) ciliumv2.CiliumEndpointInterface {
-	m.l.Info("MockCiliumV2Client.CiliumEndpoints() called")
-	return NewMockEndpointClient(m.l, namespace, m.ciliumEndpoints)
-}
-
-func (m *MockCiliumV2Client) CiliumEnvoyConfigs(namespace string) ciliumv2.CiliumEnvoyConfigInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumEnvoyConfigs() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumExternalWorkloads() ciliumv2.CiliumExternalWorkloadInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumExternalWorkloads() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumIdentities() ciliumv2.CiliumIdentityInterface {
-	m.l.Info("MockCiliumV2Client.CiliumIdentities() called")
-	return m.identitiyClient
-}
-
-func (m *MockCiliumV2Client) CiliumLocalRedirectPolicies(namespace string) ciliumv2.CiliumLocalRedirectPolicyInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumLocalRedirectPolicies() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumNetworkPolicies(namespace string) ciliumv2.CiliumNetworkPolicyInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumNetworkPolicies() called but this returns nil because it's not implemented")
-	return nil
-}
-
-func (m *MockCiliumV2Client) CiliumNodes() ciliumv2.CiliumNodeInterface {
-	m.l.Warn("MockCiliumV2Client.CiliumNodes() called but this returns nil because it's not implemented")
-	return nil
-}
diff --git a/pkg/utils/testutil/cilium/resource.go b/pkg/utils/testutil/cilium/resource.go
index cdaef01cb8..0ad5adad05 100644
--- a/pkg/utils/testutil/cilium/resource.go
+++ b/pkg/utils/testutil/cilium/resource.go
@@ -115,3 +115,8 @@ func (r *MockResource[T]) CacheStore() cache.Store {
 	r.l.Warn("CacheStore() called but this returns nil because it's not implemented")
 	return nil
 }
+
+func (r *MockResource[T]) Release() {
+	// Implement the logic required by the Release method or leave it as a stub if it's just for testing/mocking
+	r.l.Warn("Release() called but this is a stub implementation")
+}

From c743352ff62e15018a475515c9bbe472f0c24450 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Thu, 20 Jun 2024 16:11:20 +0000
Subject: [PATCH 03/39] fix lint errors

---
 .golangci.yaml                                |  1 +
 operator/cmd/hubble/cells.go                  |  4 +-
 operator/cmd/hubble/cmdref.go                 |  2 +-
 operator/cmd/hubble/flags.go                  | 24 ++----
 operator/cmd/hubble/root.go                   | 21 +++--
 operator/cmd/hubble/zap.go                    | 11 ++-
 operator/cmd/legacy/deployment.go             | 25 +++---
 operator/cmd/root.go                          |  3 +-
 operator/config/config.go                     |  6 +-
 operator/v2/k8s/apis/cell.go                  |  2 +-
 operator/v2/k8s/apis/register.go              |  2 +-
 operator/v2/k8s/resource_ctors.go             |  3 +-
 .../v2/endpoint/endpoint_controller.go        | 83 +++++++++----------
 .../v2/endpoint/endpoint_controller_test.go   | 76 +++++++++--------
 .../operator/v2/endpoint/identitymanager.go   |  4 +-
 pkg/controllers/operator/v2/endpoint/types.go | 20 ++---
 pkg/utils/testutil/cilium/endpoint_client.go  | 20 ++---
 pkg/utils/testutil/cilium/identity_client.go  | 18 ++--
 pkg/utils/testutil/cilium/resource.go         |  8 +-
 pkg/utils/testutil/cilium/versioned_client.go |  6 +-
 20 files changed, 171 insertions(+), 168 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 8457366f8d..7f3cd015e7 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -12,6 +12,7 @@ linters:
   disable:
   - maligned
   - scopelint
+  - gci
   enable:
   - exportloopref
   - goconst
diff --git a/operator/cmd/hubble/cells.go b/operator/cmd/hubble/cells.go
index 063c10d0df..b0bbeefcc9 100644
--- a/operator/cmd/hubble/cells.go
+++ b/operator/cmd/hubble/cells.go
@@ -62,7 +62,7 @@ var (
 		// start sending logs to zap telemetry (if enabled)
 		cell.Invoke(setupZapHook),
 
-		cell.Provide(func(cfg config.Config, k8sCfg *rest.Config) telemetry.Config {
+		cell.Provide(func(cfg config.Config, _ *rest.Config) telemetry.Config {
 			return telemetry.Config{
 				Component:             "retina-operator",
 				EnableTelemetry:       cfg.EnableTelemetry,
@@ -133,7 +133,7 @@ var (
 
 		cell.Provide(func(
 			daemonCfg *option.DaemonConfig,
-			operatorCfg *operatorOption.OperatorConfig,
+			_ *operatorOption.OperatorConfig,
 		) identitygc.SharedConfig {
 			return identitygc.SharedConfig{
 				IdentityAllocationMode: daemonCfg.IdentityAllocationMode,
diff --git a/operator/cmd/hubble/cmdref.go b/operator/cmd/hubble/cmdref.go
index 88893bff7b..b0c3fcb3e6 100644
--- a/operator/cmd/hubble/cmdref.go
+++ b/operator/cmd/hubble/cmdref.go
@@ -14,7 +14,7 @@ func linkHandler(s string) string {
 	return s
 }
 
-func filePrepend(s string) string {
+func filePrepend(_ string) string {
 	// Prepend a HTML comment that this file is autogenerated. So that
 	// users are warned before fixing issues in the Markdown files.  Should
 	// never show up on the web.
diff --git a/operator/cmd/hubble/flags.go b/operator/cmd/hubble/flags.go
index dc59811eeb..12ced23b95 100644
--- a/operator/cmd/hubble/flags.go
+++ b/operator/cmd/hubble/flags.go
@@ -4,6 +4,7 @@
 package hubble
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -31,8 +32,8 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 	flags.BoolP(option.DebugArg, "D", false, "Enable debugging mode")
 	option.BindEnv(vp, option.DebugArg)
 
-	// NOTE: without this the option gets overriden from the default value to the zero value via option.Config.Populate(vp)
-	// specifically, here options.Config.AllocatorListTimeout gets overriden from the default value to 0s
+	// NOTE: without this the option gets overridden from the default value to the zero value via option.Config.Populate(vp)
+	// specifically, here options.Config.AllocatorListTimeout gets overridden from the default value to 0s
 	flags.Duration(option.AllocatorListTimeoutName, defaults.AllocatorListTimeout, "timeout to list initial allocator state")
 	// similar overriding happens for option.Config.KVstoreConnectivityTimeout
 	flags.Duration(option.KVstoreConnectivityTimeout, defaults.KVstoreConnectivityTimeout, "Time after which an incomplete kvstore operation  is considered failed")
@@ -53,13 +54,6 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 			`configmap example for syslog driver: {"syslog.level":"info","syslog.facility":"local4"}`)
 	option.BindEnv(vp, option.LogOpt)
 
-	flags.Bool(option.Version, false, "Print version information")
-	option.BindEnv(vp, option.Version)
-
-	flags.String(option.CMDRef, "", "Path to cmdref output directory")
-	flags.MarkHidden(option.CMDRef)
-	option.BindEnv(vp, option.CMDRef)
-
 	flags.Duration(operatorOption.LeaderElectionLeaseDuration, 15*time.Second,
 		"Duration that non-leader operator candidates will wait before forcing to acquire leadership")
 	option.BindEnv(vp, operatorOption.LeaderElectionLeaseDuration)
@@ -72,14 +66,10 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 		"Duration that LeaderElector clients should wait between retries of the actions")
 	option.BindEnv(vp, operatorOption.LeaderElectionRetryPeriod)
 
-	flags.Bool(option.EnableCiliumEndpointSlice, false, "If set to true, the CiliumEndpointSlice feature is enabled. If any CiliumEndpoints resources are created, updated, or deleted in the cluster, all those changes are broadcast as CiliumEndpointSlice updates to all of the Cilium agents.")
-	option.BindEnv(vp, option.EnableCiliumEndpointSlice)
-
-	flags.Duration(option.KVstoreLeaseTTL, defaults.KVstoreLeaseTTL, "Time-to-live for the KVstore lease.")
-	flags.MarkHidden(option.KVstoreLeaseTTL)
-	option.BindEnv(vp, option.KVstoreLeaseTTL)
-
-	vp.BindPFlags(flags)
+	err := vp.BindPFlags(flags)
+	if err != nil {
+		fmt.Printf("Failed to bind flags: %v\n", err)
+	}
 }
 
 const (
diff --git a/operator/cmd/hubble/root.go b/operator/cmd/hubble/root.go
index 6cd14f6bf6..56e5f7a7f0 100644
--- a/operator/cmd/hubble/root.go
+++ b/operator/cmd/hubble/root.go
@@ -5,7 +5,8 @@ package hubble
 
 import (
 	"context"
-	"math/rand"
+	"crypto/rand"
+	"math/big"
 	"os"
 	"path/filepath"
 	"sync"
@@ -74,7 +75,7 @@ func initEnv(vp *viper.Viper) {
 
 	// NOTE: if the flag is not provided in operator/cmd/flags.go InitGlobalFlags(), these Populate methods override
 	// the default values provided in option.Config or operatorOption.Config respectively.
-	// The values will be overriden to the "zero value".
+	// The values will be overridden to the "zero value".
 	// Maybe could create a cell.Config for these instead?
 	option.Config.Populate(vp)
 	operatorOption.Config.Populate(vp)
@@ -125,7 +126,10 @@ func runOperator(l logrus.FieldLogger, lc *LeaderLifecycle, clientset k8sClient.
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get hostname when generating lease lock identity")
 	}
-	operatorID = randomStringWithPrefix(operatorID+"-", 10)
+	operatorID, err = randomStringWithPrefix(operatorID+"-", 10)
+	if err != nil {
+		l.WithError(err).Fatal("Failed to generate random string for lease lock identity")
+	}
 
 	leResourceLock, err := resourcelock.NewFromKubeconfig(
 		resourcelock.LeasesResourceLock,
@@ -181,12 +185,15 @@ func runOperator(l logrus.FieldLogger, lc *LeaderLifecycle, clientset k8sClient.
 
 // RandomStringWithPrefix returns a random string of length n + len(prefix) with
 // the given prefix, containing upper- and lowercase runes.
-// borrowed from https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-go
-func randomStringWithPrefix(prefix string, n int) string {
+func randomStringWithPrefix(prefix string, n int) (string, error) {
 	const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	bytes := make([]byte, n)
 	for i := range bytes {
-		bytes[i] = letters[rand.Intn(len(letters))]
+		num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
+		if err != nil {
+			return "", err // Return an error if there's an issue generating the random number
+		}
+		bytes[i] = letters[num.Int64()]
 	}
-	return prefix + string(bytes)
+	return prefix + string(bytes), nil
 }
diff --git a/operator/cmd/hubble/zap.go b/operator/cmd/hubble/zap.go
index 3d7c387fd9..f6221221f5 100644
--- a/operator/cmd/hubble/zap.go
+++ b/operator/cmd/hubble/zap.go
@@ -4,6 +4,7 @@
 package hubble
 
 import (
+	"fmt"
 	"io"
 
 	zaphook "github.com/Sytten/logrus-zap-hook"
@@ -54,16 +55,20 @@ func setupZapHook(p params) {
 		zap.String("apiserver", p.K8sCfg.Host),
 	}
 
-	log.SetupZapLogger(lOpts, persistentFields...)
+	_, err := log.SetupZapLogger(lOpts, persistentFields...)
+	if err != nil {
+		fmt.Printf("failed to setup zap logger: %v", err)
+	}
 
 	namedLogger := log.Logger().Named("retina-operator-v2")
 	namedLogger.Info("Traces telemetry initialized with zapai", zap.String("version", retinaVersion), zap.String("appInsightsID", lOpts.ApplicationInsightsID))
 
-	zapHook, err := zaphook.NewZapHook(namedLogger.Logger)
+	var hook *zaphook.ZapHook
+	hook, err = zaphook.NewZapHook(namedLogger.Logger)
 	if err != nil {
 		p.Logger.WithError(err).Error("failed to create zap hook")
 		return
 	}
 
-	logging.DefaultLogger.Hooks.Add(zapHook)
+	logging.DefaultLogger.Hooks.Add(hook)
 }
diff --git a/operator/cmd/legacy/deployment.go b/operator/cmd/legacy/deployment.go
index c191d0d342..91353cf486 100644
--- a/operator/cmd/legacy/deployment.go
+++ b/operator/cmd/legacy/deployment.go
@@ -22,7 +22,6 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	crzap "sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -46,10 +45,10 @@ var (
 	mainLogger *log.ZapLogger
 	oconfig    *config.OperatorConfig
 
-	MAX_POD_CHANNEL_BUFFER                   = 250
-	MAX_METRICS_CONFIGURATION_CHANNEL_BUFFER = 50
-	MAX_TRACES_CONFIGURATION_CHANNEL_BUFFER  = 50
-	MAX_RETINA_ENDPOINT_CHANNEL_BUFFER       = 250
+	MaxPodChannelBuffer                  = 250
+	MaxMetricsConfigurationChannelBuffer = 50
+	MaxTracesConfigurationChannelBuffer  = 50
+	MaxRetinaEndpointChannelBuffer       = 250
 
 	version = "undefined"
 
@@ -206,7 +205,7 @@ func (o *Operator) Start() {
 		if oconfig.EnableRetinaEndpoint {
 			mainLogger.Info("RetinaEndpoint is enabled")
 
-			retinaendpointchannel := make(chan cache.PodCacheObject, MAX_RETINA_ENDPOINT_CHANNEL_BUFFER)
+			retinaendpointchannel := make(chan cache.PodCacheObject, MaxRetinaEndpointChannelBuffer)
 			ke := retinaendpointcontroller.New(mgr.GetClient(), retinaendpointchannel)
 			// start reconcile the cached Pod before manager starts to not miss any events
 			go ke.ReconcilePod(ctrlCtx)
@@ -255,23 +254,27 @@ func EnablePProf() {
 	pprofmux.HandleFunc("/debug/pprof/trace", pprof.Trace)
 	pprofmux.Handle("/debug/pprof/goroutine", pprof.Handler("goroutine"))
 
-	if err := http.ListenAndServe(":8082", pprofmux); err != nil {
+	if err := http.ListenAndServe(":8082", pprofmux); err != nil { //nolint:gosec // TODO replace with secure server that supports timeout
 		panic(err)
 	}
 }
 
-func initLogging(config *config.OperatorConfig, applicationInsightsID string) error {
+func initLogging(cfg *config.OperatorConfig, applicationInsightsID string) error {
 	logOpts := &log.LogOpts{
-		Level:                 config.LogLevel,
+		Level:                 cfg.LogLevel,
 		File:                  false,
 		MaxFileSizeMB:         100,
 		MaxBackups:            3,
 		MaxAgeDays:            30,
 		ApplicationInsightsID: applicationInsightsID,
-		EnableTelemetry:       config.EnableTelemetry,
+		EnableTelemetry:       cfg.EnableTelemetry,
 	}
 
-	log.SetupZapLogger(logOpts)
+	_, err := log.SetupZapLogger(logOpts)
+	if err != nil {
+		mainLogger.Error("Failed to setup zap logger", zap.Error(err))
+		return err
+	}
 
 	return nil
 }
diff --git a/operator/cmd/root.go b/operator/cmd/root.go
index 44ee7cecfe..f689f12909 100644
--- a/operator/cmd/root.go
+++ b/operator/cmd/root.go
@@ -26,7 +26,6 @@ var (
 		Short: "Retina Operator",
 		Long:  "Start Retina Operator",
 		Run: func(cmd *cobra.Command, args []string) {
-			// Do Stuff Here
 			fmt.Println("Starting Retina Operator")
 			d := legacy.NewOperator(metricsAddr, probeAddr, cfgFile, enableLeaderElection)
 			d.Start()
@@ -37,7 +36,7 @@ var (
 func init() {
 	rootCmd.Flags().StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
 	rootCmd.Flags().StringVar(&probeAddr, "probe-addr", ":8081", "The address the probe endpoint binds to.")
-	rootCmd.Flags().BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
+	rootCmd.Flags().BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager.")
 	rootCmd.Flags().StringVar(&cfgFile, "config", configFileName, "config file")
 }
 
diff --git a/operator/config/config.go b/operator/config/config.go
index 5e33a0cd8f..020d817fd1 100644
--- a/operator/config/config.go
+++ b/operator/config/config.go
@@ -26,11 +26,11 @@ func GetConfig(cfgFileName string) (*OperatorConfig, error) {
 
 	viper.AutomaticEnv()
 
-	var config OperatorConfig
+	var cfg OperatorConfig
 
 	// Check pkg/config/config.go for the explanation of setting EnableRetinaEndpoint defaults to true.
 	viper.SetDefault("EnableRetinaEndpoint", true)
-	err = viper.Unmarshal(&config)
+	err = viper.Unmarshal(&cfg)
 
-	return &config, err
+	return &cfg, err
 }
diff --git a/operator/v2/k8s/apis/cell.go b/operator/v2/k8s/apis/cell.go
index e2f7272328..0c3082d066 100644
--- a/operator/v2/k8s/apis/cell.go
+++ b/operator/v2/k8s/apis/cell.go
@@ -58,7 +58,7 @@ type params struct {
 
 func createCRDs(p params) {
 	p.Lifecycle.Append(cell.Hook{
-		OnStart: func(ctx cell.HookContext) error {
+		OnStart: func(_ cell.HookContext) error {
 			// Register the CRDs after validating that we are running on a supported
 			// version of K8s.
 			if !p.Clientset.IsEnabled() || p.Config.SkipCRDCreation {
diff --git a/operator/v2/k8s/apis/register.go b/operator/v2/k8s/apis/register.go
index f1fbd8ea50..5f52766c8c 100644
--- a/operator/v2/k8s/apis/register.go
+++ b/operator/v2/k8s/apis/register.go
@@ -78,7 +78,7 @@ func customResourceDefinitionList() (map[string]*apisclient.CRDList, error) {
 
 // createCRD creates and updates a CRD.
 // It should be called on agent startup but is idempotent and safe to call again.
-func createCRD(crdVersionedName string, crdMetaName string) func(clientset apiextensionsclient.Interface) error {
+func createCRD(crdVersionedName, crdMetaName string) func(clientset apiextensionsclient.Interface) error {
 	return func(clientset apiextensionsclient.Interface) error {
 		ciliumCRD := apisclient.GetPregeneratedCRD(crdVersionedName)
 
diff --git a/operator/v2/k8s/resource_ctors.go b/operator/v2/k8s/resource_ctors.go
index 699c92f71c..74c453a064 100644
--- a/operator/v2/k8s/resource_ctors.go
+++ b/operator/v2/k8s/resource_ctors.go
@@ -38,8 +38,7 @@ func CiliumEndpointResource(lc cell.Lifecycle, cs client.Clientset, opts ...func
 }
 
 func identityIndexFunc(obj interface{}) ([]string, error) {
-	switch t := obj.(type) {
-	case *cilium_api_v2.CiliumEndpoint:
+	if t, ok := obj.(*cilium_api_v2.CiliumEndpoint); ok {
 		if t.Status.Identity != nil {
 			id := strconv.FormatInt(t.Status.Identity.ID, 10)
 			return []string{id}, nil
diff --git a/pkg/controllers/operator/v2/endpoint/endpoint_controller.go b/pkg/controllers/operator/v2/endpoint/endpoint_controller.go
index 80e3aecf0b..29e88b1a65 100644
--- a/pkg/controllers/operator/v2/endpoint/endpoint_controller.go
+++ b/pkg/controllers/operator/v2/endpoint/endpoint_controller.go
@@ -33,8 +33,8 @@ import (
 )
 
 const (
-	REQUEST_TIMEOUT = 15 * time.Second
-	MAX_WORKERS     = 20
+	RequestTimeout = 15 * time.Second
+	MaxWorkers     = 20
 
 	// useOwnerReferences determines whether we set the ownerReferences field on CiliumEndpoints to the Pod that it is associated with.
 	// With this, k8s will automatically delete the CiliumEndpoint when the Pod is deleted.
@@ -106,7 +106,7 @@ func registerEndpointController(p params) error {
 	return nil
 }
 
-func (r *endpointReconciler) Start(ctx cell.HookContext) error {
+func (r *endpointReconciler) Start(_ cell.HookContext) error {
 	// NOTE: we must create IdentityManager on leader election since its allocator auto-starts on creation.
 	// There is a way to disable auto-start but then there is no exposed function to simply start().
 	im, err := NewIdentityManager(r.l, r.clientset)
@@ -117,7 +117,7 @@ func (r *endpointReconciler) Start(ctx cell.HookContext) error {
 	r.identityManager = im
 
 	// making sure we have only one thread running at a time.
-	r.wp = workerpool.New(MAX_WORKERS)
+	r.wp = workerpool.New(MaxWorkers)
 
 	if err := r.wp.Submit("namespace-controller", r.runNamespaceEvents); err != nil {
 		return errors.Wrap(err, "failed to submit task to namespace workerpool")
@@ -130,7 +130,7 @@ func (r *endpointReconciler) Start(ctx cell.HookContext) error {
 	return nil
 }
 
-func (r *endpointReconciler) Stop(ctx cell.HookContext) error {
+func (r *endpointReconciler) Stop(_ cell.HookContext) error {
 	if err := r.wp.Close(); err != nil {
 		return errors.Wrap(err, "failed to stop endpoint workerpool")
 	}
@@ -173,7 +173,7 @@ func (r *endpointReconciler) run(pctx context.Context) error {
 
 func (r *endpointReconciler) runEventHandler(pctx context.Context, ev resource.Event[*slim_corev1.Pod]) error {
 	var err error
-	ctx, cancel := context.WithTimeout(pctx, REQUEST_TIMEOUT)
+	ctx, cancel := context.WithTimeout(pctx, RequestTimeout)
 	switch ev.Kind {
 	case resource.Sync:
 		// Ignore the update/
@@ -211,7 +211,7 @@ func (r *endpointReconciler) runNamespaceEvents(pctx context.Context) error {
 			}
 
 			var err error
-			ctx, cancel := context.WithTimeout(pctx, REQUEST_TIMEOUT)
+			ctx, cancel := context.WithTimeout(pctx, RequestTimeout)
 			switch ev.Kind {
 			case resource.Sync:
 				// Ignore the update/
@@ -252,11 +252,11 @@ func (r *endpointReconciler) ReconcilePodsInNamespace(ctx context.Context, names
 		}
 
 		newPEP := pod.deepCopy()
-		labels, err := r.ciliumEndpointsLabels(ctx, pod.podObj)
+		endpointsLabels, err := r.ciliumEndpointsLabels(ctx, pod.podObj)
 		if err != nil {
 			return errors.Wrap(err, "failed to get pod labels")
 		}
-		newPEP.lbls = labels
+		newPEP.lbls = endpointsLabels
 
 		r.l.Debug("upserting pod in namespace",
 			zap.String("namespace ", namespace),
@@ -305,7 +305,7 @@ func (r *endpointReconciler) reconcilePod(ctx context.Context, podKey resource.K
 	if err != nil {
 		return errors.Wrap(err, "failed to get pod labels")
 	}
-	newPEP := &podEndpoint{
+	newPEP := &PodEndpoint{
 		key:    podKey,
 		lbls:   podLabels,
 		ipv4:   pod.Status.PodIP,
@@ -350,7 +350,7 @@ func (r *endpointReconciler) handlePodDelete(ctx context.Context, n resource.Key
 
 	r.l.WithField("podKey", n.String()).Debug("deleted CiliumEndpoint")
 
-	// Identity reference count must be modified after CiliumEndpoint is successfuly deleted.
+	// Identity reference count must be modified after CiliumEndpoint is successfully deleted.
 	// Otherwise, we could decrement reference multiple times if CiliumEndpoint deletion fails and we retry this method.
 	r.identityManager.DecrementReference(ctx, pep.lbls)
 	r.store.DeletePod(n)
@@ -358,7 +358,7 @@ func (r *endpointReconciler) handlePodDelete(ctx context.Context, n resource.Key
 	return nil
 }
 
-func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEndpoint) error {
+func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *PodEndpoint) error { //nolint:gocyclo // This function is too complex and should be refactored
 	r.l.WithField("podKey", newPEP.key.String()).Trace("handling pod upsert")
 
 	oldPEP, inCache := r.store.GetPod(newPEP.key)
@@ -400,7 +400,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEnd
 					"cep":    oldCEP,
 				}).Warn("CiliumEndpoint has no ipv4 address, ignoring")
 			} else {
-				oldPEP = &podEndpoint{
+				oldPEP = &PodEndpoint{
 					key:        newPEP.key,
 					endpointID: oldCEP.Status.ID,
 					ipv4:       oldCEP.Status.Networking.Addressing[0].IPV4,
@@ -505,9 +505,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEnd
 				r.identityManager.DecrementReference(ctx, newPEP.lbls)
 			}
 
-			if !sameNetworking {
-				// FIXME release newly allocated endpoint ID
-			}
+			// TODO release newly allocated endpoint ID if networking not the same
 
 			return errors.Wrap(err, "failed to marshal status patch")
 		}
@@ -523,38 +521,35 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEnd
 			// Update the pod in cache and return
 			r.store.AddPod(newPEP)
 			return nil
-		} else {
-			if shouldAllocateNewIdentity {
-				// Decrement reference for new identity.
-				// May end up incrementing reference count for this same identity again if we try to create the CEP below.
-				// No downside to decrementing reference here and then incrementing again below (will not affect API Server).
-				r.l.WithField("podKey", newPEP.key.String()).Trace("patch unsuccessful, decrementing reference for new identity")
-				r.identityManager.DecrementReference(ctx, newPEP.lbls)
-			}
+		}
+		if shouldAllocateNewIdentity {
+			// Decrement reference for new identity.
+			// May end up incrementing reference count for this same identity again if we try to create the CEP below.
+			// No downside to decrementing reference here and then incrementing again below (will not affect API Server).
+			r.l.WithField("podKey", newPEP.key.String()).Trace("patch unsuccessful, decrementing reference for new identity")
+			r.identityManager.DecrementReference(ctx, newPEP.lbls)
+		}
 
-			if !sameNetworking {
-				// FIXME release newly allocated endpoint ID.
-				// May end up getting another endpoint ID below if we try to create the CEP below.
-				// No downside to this.
-			}
+		// TODO release newly allocated endpoint ID.
+		// May end up getting another endpoint ID below if we try to create the CEP below.
+		// No downside to this.
 
-			if !k8serrors.IsNotFound(err) && err != nil {
-				r.l.WithError(err).WithFields(logrus.Fields{
-					"podKey": newPEP.key.String(),
-					"pep":    newPEP,
-					"uid":    newPEP.uid,
-				}).Error("failed to patch CiliumEndpoint")
+		if !k8serrors.IsNotFound(err) && err != nil {
+			r.l.WithError(err).WithFields(logrus.Fields{
+				"podKey": newPEP.key.String(),
+				"pep":    newPEP,
+				"uid":    newPEP.uid,
+			}).Error("failed to patch CiliumEndpoint")
 
-				return errors.Wrap(err, "failed to patch endpoint")
-			}
+			return errors.Wrap(err, "failed to patch endpoint")
+		}
 
-			r.l.WithField("podKey", newPEP.key.String()).Debug("patch unsuccessful because CiliumEndpoint is not in API Server. now creating CiliumEndpoint")
+		r.l.WithField("podKey", newPEP.key.String()).Debug("patch unsuccessful because CiliumEndpoint is not in API Server. now creating CiliumEndpoint")
 
-			// Endpoint was not found, create it below.
-			// Make sure the pod does not exist in the cache so that we don't try to patch it again (in case of a retry after a failure below).
-			// The CEP should (eventually) not exist in the CEP store too since API Server says it does not exist.
-			r.store.DeletePod(newPEP.key)
-		}
+		// Endpoint was not found, create it below.
+		// Make sure the pod does not exist in the cache so that we don't try to patch it again (in case of a retry after a failure below).
+		// The CEP should (eventually) not exist in the CEP store too since API Server says it does not exist.
+		r.store.DeletePod(newPEP.key)
 	}
 
 	// create CEP
@@ -642,7 +637,7 @@ func (r *endpointReconciler) reconcileNamespace(ctx context.Context, namespace *
 	return nil
 }
 
-func (r *endpointReconciler) handleNamespaceDelete(ctx context.Context, namespaceName string) error {
+func (r *endpointReconciler) handleNamespaceDelete(_ context.Context, namespaceName string) error {
 	_, ok := r.store.GetNamespace(namespaceName)
 	if !ok {
 		r.l.Debug("Adding new namespace to cache", zap.String("namespace ", namespaceName))
diff --git a/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go b/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go
index ca00d1f24a..af872cd6d8 100644
--- a/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go
+++ b/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go
@@ -2,6 +2,7 @@ package endpointcontroller
 
 import (
 	"context"
+	"fmt"
 	"sync"
 	"testing"
 	"time"
@@ -42,9 +43,9 @@ func podTestX() (resource.Key, *v1.Pod) {
 		}
 }
 
-func createNamespace(c corev1.CoreV1Interface, name string) {
+func createNamespace(c corev1.CoreV1Interface) {
 	// Create the namespace.
-	c.Namespaces().Create(context.TODO(), &v1.Namespace{
+	err, _ := c.Namespaces().Create(context.TODO(), &v1.Namespace{
 		ObjectMeta: slim_metav1.ObjectMeta{
 			Name: "test",
 		},
@@ -54,12 +55,15 @@ func createNamespace(c corev1.CoreV1Interface, name string) {
 			APIVersion: "v1",
 		},
 	})
+	if err != nil {
+		fmt.Printf("Error creating namespace %s:\n", err)
+	}
 }
 
 func TestPodCreate(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -71,7 +75,7 @@ func TestPodCreate(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*podEndpoint{
+	expectedCache := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -131,9 +135,9 @@ func TestPodCreate(t *testing.T) {
 }
 
 func TestPodDelete(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -143,9 +147,9 @@ func TestPodDelete(t *testing.T) {
 }
 
 func TestPodDeleteNoOp(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 	pod = nil
 
@@ -154,9 +158,9 @@ func TestPodDeleteNoOp(t *testing.T) {
 }
 
 func TestPodLabelsChanged(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -168,7 +172,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*podEndpoint{
+	expectedCache := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -237,7 +241,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.NotNil(t, pep)
 	require.NotEqual(t, identityID, pep.identityID)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*podEndpoint{
+	expectedCacheNew := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -302,9 +306,9 @@ func TestPodLabelsChanged(t *testing.T) {
 }
 
 func TestPodNetworkingChanged(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 	var expectedEndpointID int64 = 1
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -350,7 +354,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*podEndpoint{
+	expectedCacheNew := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -417,7 +421,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew = map[resource.Key]*podEndpoint{
+	expectedCacheNew = map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -476,9 +480,9 @@ func TestPodNetworkingChanged(t *testing.T) {
 }
 
 func TestNamespaceDelete(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -496,9 +500,9 @@ func TestNamespaceDelete(t *testing.T) {
 }
 
 func TestNamespaceUpdate(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
@@ -545,31 +549,31 @@ func TestNamespaceUpdate(t *testing.T) {
 	require.Equal(t, expectedCEP, cep)
 }
 
-func TestUpdateFailurePodLabelsChanged(t *testing.T) {
+func TestUpdateFailurePodLabelsChanged(_ *testing.T) {
 }
 
-func TestUpdateFailurePodNetworkingChanged(t *testing.T) {
+func TestUpdateFailurePodNetworkingChanged(_ *testing.T) {
 }
 
-func TestBootupNoOp(t *testing.T) {
+func TestBootupNoOp(_ *testing.T) {
 }
 
-func TestBootupPodLabelsChanged(t *testing.T) {
+func TestBootupPodLabelsChanged(_ *testing.T) {
 }
 
-func TestBootupPodNetworkingChanged(t *testing.T) {
+func TestBootupPodNetworkingChanged(_ *testing.T) {
 }
 
-func TestBootupUpdateFailurePodLabelsChanged(t *testing.T) {
+func TestBootupUpdateFailurePodLabelsChanged(_ *testing.T) {
 }
 
-func TestBootupUpdateFailurePodNetworkingChanged(t *testing.T) {
+func TestBootupUpdateFailurePodNetworkingChanged(_ *testing.T) {
 }
 
 func TestPodWithoutIP(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 
 	podKey, pod := podTestX()
 	pod.Status.PodIP = ""
@@ -583,19 +587,19 @@ func TestPodWithoutIP(t *testing.T) {
 }
 
 func TestStoreFailure(t *testing.T) {
-	r, ciliumEndpoints := newTestEndpointReconciler(t, nil)
+	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
 	ciliumEndpoints.FailOnNextStoreCall()
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
 	require.Error(t, r.ReconcilePod(context.TODO(), podKey, pod))
 }
 
 func TestSortedLabels(t *testing.T) {
-	r, _ := newTestEndpointReconciler(t, nil)
+	r, _ := newTestEndpointReconciler(t)
 
-	createNamespace(r.ciliumSlimClientSet.CoreV1(), "test")
+	createNamespace(r.ciliumSlimClientSet.CoreV1())
 
 	pod := cache.PodCacheObject{
 		Key: resource.Key{
@@ -661,7 +665,7 @@ func TestSortedLabels(t *testing.T) {
 	require.Equal(t, "k8s:io.cilium.k8s.policy.cluster,k8s:io.kubernetes.pod.namespace=test,k8s:k1=v1,k8s:k2=v2,k8s:k3=v3,k8s:k4=v4,k8s:k5=v5", lbls.String())
 }
 
-func newTestEndpointReconciler(t *testing.T, podEvents chan cache.PodCacheObject) (*endpointReconciler, *ciliumutil.MockResource[*ciliumv2.CiliumEndpoint]) {
+func newTestEndpointReconciler(t *testing.T) (*endpointReconciler, *ciliumutil.MockResource[*ciliumv2.CiliumEndpoint]) {
 	t.Helper()
 	l := logrus.New()
 	l.SetLevel(logrus.DebugLevel)
@@ -673,7 +677,7 @@ func newTestEndpointReconciler(t *testing.T, podEvents chan cache.PodCacheObject
 	r := &endpointReconciler{
 		l:                   l,
 		clientset:           m,
-		podEvents:           podEvents,
+		podEvents:           nil,
 		ciliumEndpoints:     ciliumEndpoints,
 		ciliumSlimClientSet: fakeClientSet.SlimFakeClientset,
 		store:               NewStore(),
diff --git a/pkg/controllers/operator/v2/endpoint/identitymanager.go b/pkg/controllers/operator/v2/endpoint/identitymanager.go
index 0b352179fa..f7be8e16c6 100644
--- a/pkg/controllers/operator/v2/endpoint/identitymanager.go
+++ b/pkg/controllers/operator/v2/endpoint/identitymanager.go
@@ -13,7 +13,7 @@ import (
 	"github.com/cilium/cilium/pkg/option"
 )
 
-// IdentityManager is analagous to Cilium Daemon's identity allocation.
+// IdentityManager is analogous to Cilium Daemon's identity allocation.
 // Cilium has an IPCacche holding IP to Identity mapping.
 // In IPCache.InjectLabels(), IPCacche is told of IPs which have been updated.
 // Within this function, identities are allocated/released via CachingIdentityAllocator.
@@ -34,7 +34,7 @@ type IdentityManager struct {
 type owner struct{}
 
 // UpdateIdentities is a callback when identities are updated
-func (o *owner) UpdateIdentities(added, deleted icache.IdentityCache) {
+func (o *owner) UpdateIdentities(_, _ icache.IdentityCache) {
 	// no-op
 }
 
diff --git a/pkg/controllers/operator/v2/endpoint/types.go b/pkg/controllers/operator/v2/endpoint/types.go
index 961248955a..9671c333bd 100644
--- a/pkg/controllers/operator/v2/endpoint/types.go
+++ b/pkg/controllers/operator/v2/endpoint/types.go
@@ -14,7 +14,7 @@ import (
 )
 
 // podEndpoint represents a Pod/CiliumEndpoint
-type podEndpoint struct {
+type PodEndpoint struct {
 	key        resource.Key
 	endpointID int64
 	identityID int64
@@ -35,7 +35,7 @@ type podEndpoint struct {
 	podObj *slim_corev1.Pod
 }
 
-func (pep *podEndpoint) endpointStatus() ciliumv2.EndpointStatus {
+func (pep *PodEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	return ciliumv2.EndpointStatus{
 		ID: pep.endpointID,
 		Identity: &ciliumv2.EndpointIdentity{
@@ -55,8 +55,8 @@ func (pep *podEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	}
 }
 
-func (pep *podEndpoint) deepCopy() *podEndpoint {
-	return &podEndpoint{
+func (pep *PodEndpoint) deepCopy() *PodEndpoint {
+	return &PodEndpoint{
 		key:               pep.key,
 		endpointID:        pep.endpointID,
 		identityID:        pep.identityID,
@@ -69,13 +69,13 @@ func (pep *podEndpoint) deepCopy() *podEndpoint {
 	}
 }
 
-type Store struct {
+type Store struct { //nolint:gocritic // This should be rewritten to limit exposure of mutex to external packages.
 	*sync.RWMutex
 
 	// Pods is a map of Pod key to podEndpoint
 	// this is the expected endpoint state for the pod
 	// and is used to determine if the pod needs to be updated
-	Pods map[resource.Key]*podEndpoint
+	Pods map[resource.Key]*PodEndpoint
 
 	// Namespaces is a map of Namespace name to Namespace
 	// this is used to determine if the namespace needs to be updated
@@ -85,12 +85,12 @@ type Store struct {
 func NewStore() *Store {
 	return &Store{
 		RWMutex:    &sync.RWMutex{},
-		Pods:       make(map[resource.Key]*podEndpoint),
+		Pods:       make(map[resource.Key]*PodEndpoint),
 		Namespaces: make(map[string]*slim_corev1.Namespace),
 	}
 }
 
-func (s *Store) AddPod(pod *podEndpoint) {
+func (s *Store) AddPod(pod *PodEndpoint) {
 	s.Lock()
 	defer s.Unlock()
 	s.Pods[pod.key] = pod
@@ -102,14 +102,14 @@ func (s *Store) AddNamespace(namespace *slim_corev1.Namespace) {
 	s.Namespaces[namespace.GetName()] = namespace
 }
 
-func (s *Store) GetPod(key resource.Key) (*podEndpoint, bool) {
+func (s *Store) GetPod(key resource.Key) (*PodEndpoint, bool) {
 	s.RLock()
 	defer s.RUnlock()
 	pod, ok := s.Pods[key]
 	return pod, ok
 }
 
-func (s *Store) GetToDeletePod(key resource.Key) (*podEndpoint, bool) {
+func (s *Store) GetToDeletePod(key resource.Key) (*PodEndpoint, bool) {
 	s.Lock()
 	defer s.Unlock()
 	pod, ok := s.Pods[key]
diff --git a/pkg/utils/testutil/cilium/endpoint_client.go b/pkg/utils/testutil/cilium/endpoint_client.go
index 7372906f8c..44db910a32 100644
--- a/pkg/utils/testutil/cilium/endpoint_client.go
+++ b/pkg/utils/testutil/cilium/endpoint_client.go
@@ -35,7 +35,7 @@ func NewMockEndpointClient(l logrus.FieldLogger, namespace string, ciliumEndpoin
 	}
 }
 
-func (m *MockEndpointClient) Create(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.CreateOptions) (*v2.CiliumEndpoint, error) {
+func (m *MockEndpointClient) Create(_ context.Context, ciliumEndpoint *v2.CiliumEndpoint, _ v1.CreateOptions) (*v2.CiliumEndpoint, error) {
 	m.l.Info("MockEndpointClient.Create() called")
 	_, ok, err := m.ciliumEndpoints.GetByKey(resource.NewKey(ciliumEndpoint))
 	if err != nil {
@@ -49,18 +49,18 @@ func (m *MockEndpointClient) Create(ctx context.Context, ciliumEndpoint *v2.Cili
 	return ciliumEndpoint, nil
 }
 
-func (m *MockEndpointClient) Update(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
+func (m *MockEndpointClient) Update(_ context.Context, ciliumEndpoint *v2.CiliumEndpoint, _ v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
 	m.l.Info("MockEndpointClient.Update() called")
 	m.ciliumEndpoints.cache[resource.NewKey(ciliumEndpoint)] = ciliumEndpoint
 	return ciliumEndpoint, nil
 }
 
-func (m *MockEndpointClient) UpdateStatus(ctx context.Context, ciliumEndpoint *v2.CiliumEndpoint, opts v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
+func (m *MockEndpointClient) UpdateStatus(_ context.Context, _ *v2.CiliumEndpoint, _ v1.UpdateOptions) (*v2.CiliumEndpoint, error) {
 	m.l.Warn("MockEndpointClient.UpdateStatus() called but this returns nil because it's not implemented")
 	return nil, ErrNotImplemented
 }
 
-func (m *MockEndpointClient) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+func (m *MockEndpointClient) Delete(_ context.Context, name string, _ v1.DeleteOptions) error {
 	m.l.Info("MockEndpointClient.Delete() called")
 	_, ok, err := m.ciliumEndpoints.GetByKey(resource.Key{Name: name, Namespace: m.namespace})
 	if err != nil {
@@ -73,12 +73,12 @@ func (m *MockEndpointClient) Delete(ctx context.Context, name string, opts v1.De
 	return nil
 }
 
-func (m *MockEndpointClient) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+func (m *MockEndpointClient) DeleteCollection(_ context.Context, _ v1.DeleteOptions, _ v1.ListOptions) error {
 	m.l.Warn("MockEndpointClient.DeleteCollection() called but this is not implemented")
 	return ErrNotImplemented
 }
 
-func (m *MockEndpointClient) Get(ctx context.Context, name string, opts v1.GetOptions) (*v2.CiliumEndpoint, error) {
+func (m *MockEndpointClient) Get(_ context.Context, name string, _ v1.GetOptions) (*v2.CiliumEndpoint, error) {
 	m.l.Info("MockEndpointClient.Get() called")
 	item, _, err := m.ciliumEndpoints.GetByKey(resource.Key{Name: name, Namespace: m.namespace})
 	if err != nil {
@@ -87,10 +87,10 @@ func (m *MockEndpointClient) Get(ctx context.Context, name string, opts v1.GetOp
 	return item, nil
 }
 
-func (m *MockEndpointClient) List(ctx context.Context, opts v1.ListOptions) (*v2.CiliumEndpointList, error) {
+func (m *MockEndpointClient) List(_ context.Context, _ v1.ListOptions) (*v2.CiliumEndpointList, error) {
 	m.l.Info("MockEndpointClient.List() called")
 
-	items := make([]v2.CiliumEndpoint, len(m.ciliumEndpoints.cache))
+	items := make([]v2.CiliumEndpoint, 0, len(m.ciliumEndpoints.cache))
 	for _, cep := range m.ciliumEndpoints.cache {
 		items = append(items, *cep)
 	}
@@ -98,7 +98,7 @@ func (m *MockEndpointClient) List(ctx context.Context, opts v1.ListOptions) (*v2
 	return &v2.CiliumEndpointList{Items: items}, nil
 }
 
-func (m *MockEndpointClient) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+func (m *MockEndpointClient) Watch(_ context.Context, _ v1.ListOptions) (watch.Interface, error) {
 	m.l.Warn("MockEndpointClient.Watch() called but this returns a fake watch because it's not implemented")
 
 	// not sure if watching is important for us
@@ -107,7 +107,7 @@ func (m *MockEndpointClient) Watch(ctx context.Context, opts v1.ListOptions) (wa
 	return w, nil
 }
 
-func (m *MockEndpointClient) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2.CiliumEndpoint, err error) {
+func (m *MockEndpointClient) Patch(_ context.Context, name string, _ types.PatchType, data []byte, _ v1.PatchOptions, _ ...string) (result *v2.CiliumEndpoint, err error) {
 	key := resource.Key{Name: name, Namespace: m.namespace}
 	cep, ok, err := m.ciliumEndpoints.GetByKey(key)
 	if err != nil {
diff --git a/pkg/utils/testutil/cilium/identity_client.go b/pkg/utils/testutil/cilium/identity_client.go
index 38fa399057..625c990c81 100644
--- a/pkg/utils/testutil/cilium/identity_client.go
+++ b/pkg/utils/testutil/cilium/identity_client.go
@@ -42,7 +42,7 @@ func (m *MockIdentityClient) GetIdentities() map[string]*v2.CiliumIdentity {
 	return m.identities
 }
 
-func (m *MockIdentityClient) Create(ctx context.Context, ciliumIdentity *v2.CiliumIdentity, opts v1.CreateOptions) (*v2.CiliumIdentity, error) {
+func (m *MockIdentityClient) Create(_ context.Context, ciliumIdentity *v2.CiliumIdentity, _ v1.CreateOptions) (*v2.CiliumIdentity, error) {
 	m.l.Info("MockIdentityClient.Create() called")
 	if _, ok := m.identities[ciliumIdentity.Name]; ok {
 		return nil, ErrAlreadyExists
@@ -52,7 +52,7 @@ func (m *MockIdentityClient) Create(ctx context.Context, ciliumIdentity *v2.Cili
 	return ciliumIdentity, nil
 }
 
-func (m *MockIdentityClient) Update(ctx context.Context, ciliumIdentity *v2.CiliumIdentity, opts v1.UpdateOptions) (*v2.CiliumIdentity, error) {
+func (m *MockIdentityClient) Update(_ context.Context, ciliumIdentity *v2.CiliumIdentity, _ v1.UpdateOptions) (*v2.CiliumIdentity, error) {
 	m.l.Info("MockIdentityClient.Update() called")
 
 	if _, ok := m.identities[ciliumIdentity.Name]; ok {
@@ -65,7 +65,7 @@ func (m *MockIdentityClient) Update(ctx context.Context, ciliumIdentity *v2.Cili
 	return ciliumIdentity, nil
 }
 
-func (m *MockIdentityClient) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+func (m *MockIdentityClient) Delete(_ context.Context, name string, _ v1.DeleteOptions) error {
 	m.l.Info("MockIdentityClient.Delete() called")
 
 	if _, ok := m.identities[name]; ok {
@@ -78,12 +78,12 @@ func (m *MockIdentityClient) Delete(ctx context.Context, name string, opts v1.De
 	return nil
 }
 
-func (m *MockIdentityClient) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+func (m *MockIdentityClient) DeleteCollection(_ context.Context, _ v1.DeleteOptions, _ v1.ListOptions) error {
 	m.l.Warn("MockIdentityClient.DeleteCollection() called but this is not implemented")
 	return ErrNotImplemented
 }
 
-func (m *MockIdentityClient) Get(ctx context.Context, name string, opts v1.GetOptions) (*v2.CiliumIdentity, error) {
+func (m *MockIdentityClient) Get(_ context.Context, name string, _ v1.GetOptions) (*v2.CiliumIdentity, error) {
 	m.l.Info("MockIdentityClient.Get() called")
 
 	if identity, ok := m.identities[name]; ok {
@@ -94,10 +94,10 @@ func (m *MockIdentityClient) Get(ctx context.Context, name string, opts v1.GetOp
 	return nil, ErrNotFound{}
 }
 
-func (m *MockIdentityClient) List(ctx context.Context, opts v1.ListOptions) (*v2.CiliumIdentityList, error) {
+func (m *MockIdentityClient) List(_ context.Context, _ v1.ListOptions) (*v2.CiliumIdentityList, error) {
 	m.l.Info("MockIdentityClient.List() called")
 
-	items := make([]v2.CiliumIdentity, len(m.identities))
+	items := make([]v2.CiliumIdentity, 0, len(m.identities))
 	for _, identity := range m.identities {
 		items = append(items, *identity)
 	}
@@ -105,7 +105,7 @@ func (m *MockIdentityClient) List(ctx context.Context, opts v1.ListOptions) (*v2
 	return &v2.CiliumIdentityList{Items: items}, nil
 }
 
-func (m *MockIdentityClient) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+func (m *MockIdentityClient) Watch(_ context.Context, _ v1.ListOptions) (watch.Interface, error) {
 	m.l.Warn("MockIdentityClient.Watch() called but this returns a fake watch because it's not implemented")
 
 	// not sure if watching is important for us
@@ -114,7 +114,7 @@ func (m *MockIdentityClient) Watch(ctx context.Context, opts v1.ListOptions) (wa
 	return w, nil
 }
 
-func (m *MockIdentityClient) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2.CiliumIdentity, err error) {
+func (m *MockIdentityClient) Patch(_ context.Context, _ string, _ types.PatchType, _ []byte, _ v1.PatchOptions, _ ...string) (result *v2.CiliumIdentity, err error) {
 	m.l.Warn("MockIdentityClient.Patch() called but this returns nil because it's not implemented")
 	return nil, ErrNotImplemented
 }
diff --git a/pkg/utils/testutil/cilium/resource.go b/pkg/utils/testutil/cilium/resource.go
index 0ad5adad05..fa2e4d3a08 100644
--- a/pkg/utils/testutil/cilium/resource.go
+++ b/pkg/utils/testutil/cilium/resource.go
@@ -56,11 +56,11 @@ func (r *MockResource[T]) FailOnNextStoreCall() {
 	r.shouldFailNextStoreCall = true
 }
 
-func (r *MockResource[T]) Observe(ctx context.Context, next func(resource.Event[T]), complete func(error)) {
+func (r *MockResource[T]) Observe(_ context.Context, _ func(resource.Event[T]), _ func(error)) {
 	r.l.Warn("Observe() called but this is not implemented")
 }
 
-func (r *MockResource[T]) Events(ctx context.Context, opts ...resource.EventsOpt) <-chan resource.Event[T] {
+func (r *MockResource[T]) Events(_ context.Context, _ ...resource.EventsOpt) <-chan resource.Event[T] {
 	r.l.Warn("Events() called but this returns nil because it's not implemented")
 	return nil
 }
@@ -101,12 +101,12 @@ func (r *MockResource[T]) GetByKey(key resource.Key) (item T, exists bool, err e
 	return item, false, nil
 }
 
-func (r *MockResource[T]) IndexKeys(indexName, indexedValue string) ([]string, error) {
+func (r *MockResource[T]) IndexKeys(_, _ string) ([]string, error) {
 	r.l.Warn("IndexKeys() called but this returns nil because it's not implemented")
 	return nil, nil
 }
 
-func (r *MockResource[T]) ByIndex(indexName, indexedValue string) ([]T, error) {
+func (r *MockResource[T]) ByIndex(_, _ string) ([]T, error) {
 	r.l.Warn("ByIndex() called but this returns nil because it's not implemented")
 	return nil, nil
 }
diff --git a/pkg/utils/testutil/cilium/versioned_client.go b/pkg/utils/testutil/cilium/versioned_client.go
index d61044fdf9..1a3de98557 100644
--- a/pkg/utils/testutil/cilium/versioned_client.go
+++ b/pkg/utils/testutil/cilium/versioned_client.go
@@ -90,7 +90,7 @@ func (m *MockCiliumV2Client) CiliumEndpoints(namespace string) ciliumv2.CiliumEn
 	return NewMockEndpointClient(m.l, namespace, m.ciliumEndpoints)
 }
 
-func (m *MockCiliumV2Client) CiliumEnvoyConfigs(namespace string) ciliumv2.CiliumEnvoyConfigInterface {
+func (m *MockCiliumV2Client) CiliumEnvoyConfigs(_ string) ciliumv2.CiliumEnvoyConfigInterface {
 	m.l.Warn("MockCiliumV2Client.CiliumEnvoyConfigs() called but this returns nil because it's not implemented")
 	return nil
 }
@@ -105,12 +105,12 @@ func (m *MockCiliumV2Client) CiliumIdentities() ciliumv2.CiliumIdentityInterface
 	return m.identitiyClient
 }
 
-func (m *MockCiliumV2Client) CiliumLocalRedirectPolicies(namespace string) ciliumv2.CiliumLocalRedirectPolicyInterface {
+func (m *MockCiliumV2Client) CiliumLocalRedirectPolicies(_ string) ciliumv2.CiliumLocalRedirectPolicyInterface {
 	m.l.Warn("MockCiliumV2Client.CiliumLocalRedirectPolicies() called but this returns nil because it's not implemented")
 	return nil
 }
 
-func (m *MockCiliumV2Client) CiliumNetworkPolicies(namespace string) ciliumv2.CiliumNetworkPolicyInterface {
+func (m *MockCiliumV2Client) CiliumNetworkPolicies(_ string) ciliumv2.CiliumNetworkPolicyInterface {
 	m.l.Warn("MockCiliumV2Client.CiliumNetworkPolicies() called but this returns nil because it's not implemented")
 	return nil
 }

From ab6849173d58a0ed1b0a65575a49350fcfea3414 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Jun 2024 21:59:52 -0400
Subject: [PATCH 04/39] deps: bump github.com/aws/aws-sdk-go-v2/config from
 1.27.20 to 1.27.21 (#493)

Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2)
from 1.27.20 to 1.27.21.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/2d43b815f645eae163e7521c9789554dfe60e40c"><code>2d43b81</code></a>
Release 2024-06-19</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/812bc72fb0611de5a988fc08c7352640bb6513ea"><code>812bc72</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/12e26483a56e94cb4f58d8632526d175ecebee09"><code>12e2648</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/5df426acd2fbd5c0b52c0fcc2c20cfd42492d26c"><code>5df426a</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/78777b63b91f22f973a5613595f15d32ff42080b"><code>78777b6</code></a>
add implicit global region to internal partition metadata (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2688">#2688</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.20...config/v1.27.21">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/config&package-manager=go_modules&previous-version=1.27.20&new-version=1.27.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 20 ++++++++++----------
 go.sum | 40 ++++++++++++++++++++--------------------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 64d924e531..3425651518 100644
--- a/go.mod
+++ b/go.mod
@@ -34,18 +34,18 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -270,9 +270,9 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
-	github.com/aws/aws-sdk-go-v2 v1.29.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.20
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
+	github.com/aws/aws-sdk-go-v2 v1.30.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.21
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.15.6
diff --git a/go.sum b/go.sum
index d9206ac3c6..3eda74771f 100644
--- a/go.sum
+++ b/go.sum
@@ -94,20 +94,20 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.29.0 h1:uMlEecEwgp2gs6CsM6ugquNHr6mg0LHylPBR8u5Ojac=
-github.com/aws/aws-sdk-go-v2 v1.29.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
+github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
-github.com/aws/aws-sdk-go-v2/config v1.27.20 h1:oQSn/KNUMV54X0FBEDQQ2ymNfcKyMT81ar8gyvMzzqs=
-github.com/aws/aws-sdk-go-v2/config v1.27.20/go.mod h1:IbEMotJrWc3Bh7++HXZDlviHZP7kHrkHU3PNl9e17po=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20 h1:VYTCplAeOeBv5InTtrmF61OIwD4aHKryg3KZ6hf7dsI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20/go.mod h1:ktubcFYvbN8++72jVM9IJoQH6Q2TP+Z7r2VbV1AaESU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 h1:54QUEXjkE1SlxHmRA3gBXA52j/ZSAgdOfAFGv1NsPCY=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7/go.mod h1:bQRjJsdSMzmo/qbtGeBtPbIMp1IgQ+9R9jYJLm12uJA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 h1:ltkhl3I9ddcRR3Dsy+7bOFFq546O8OYsfNEXVIyuOSE=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11/go.mod h1:H4D8JoCFNJwnT7U5U8iwgG24n71Fx2I/ZP/18eYFr9g=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80z/yZIJX+e0jnNxjMLVyfpSXM0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
+github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
+github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 h1:jJ2dythFP5oNunvwc3gBsINl3ZPt/InVm4a5OAr3tag=
@@ -116,18 +116,18 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 h1:zmKtGN1dMQDVBsfCePykMQmTfWY+jlaUTv55RF5b31w=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13/go.mod h1:1UzMv5n56AjbPR9834o5YLw5dH6baIsY60Ib84s1NCc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 h1:QNkz5KqOUdeq1D0AP9r7Af6hNKyb0fnFa/L4DEKTp+Q=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11/go.mod h1:c7R1eDLOU5hQ4f66TYzyAT2AeLLtw5khZJpbGCo1cYU=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0 h1:NZIFz15bhrWwewGU0tdUGsisKPQxvzy3O4dL5jgBDKw=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0/go.mod h1:ha/DkVoeDtS0XwRKyOiXP2J4Vzo3zpiE0yGi7Ej0X3o=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0/go.mod h1:B3G77bQDCmhp0RV0P/J9Kd4/qsymdWVhzTe3btAtywE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 h1:dqW4XRwPE/poWSqVntpeXLHzpPK6AOfKmL9QWDYl9aw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0/go.mod h1:j8+hrxlmLR8ZQo6ytTAls/JFrt5bVisuS6PD8gw2VBw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 6aadcddae3c2b3a00982f6ac3b99ad58aba043ec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2024 02:29:16 +0000
Subject: [PATCH 05/39] deps: bump github.com/aws/aws-sdk-go-v2/service/s3 from
 1.56.0 to 1.56.1 (#494)

Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.56.0 to 1.56.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/2d43b815f645eae163e7521c9789554dfe60e40c"><code>2d43b81</code></a>
Release 2024-06-19</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/812bc72fb0611de5a988fc08c7352640bb6513ea"><code>812bc72</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/12e26483a56e94cb4f58d8632526d175ecebee09"><code>12e2648</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/5df426acd2fbd5c0b52c0fcc2c20cfd42492d26c"><code>5df426a</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/78777b63b91f22f973a5613595f15d32ff42080b"><code>78777b6</code></a>
add implicit global region to internal partition metadata (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2688">#2688</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.56.0...service/s3/v1.56.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.56.0&new-version=1.56.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 3425651518..c3a466f99f 100644
--- a/go.mod
+++ b/go.mod
@@ -38,11 +38,11 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect
@@ -273,7 +273,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.30.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.21
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.15.6
 	github.com/cilium/ebpf v0.15.0
diff --git a/go.sum b/go.sum
index 3eda74771f..cd7b0d3a68 100644
--- a/go.sum
+++ b/go.sum
@@ -110,18 +110,18 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZ
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11 h1:jJ2dythFP5oNunvwc3gBsINl3ZPt/InVm4a5OAr3tag=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.11/go.mod h1:SNkot0zeLtgjP54/6BGuyG12pBcXi77jV5nbEsPgPzg=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13 h1:zmKtGN1dMQDVBsfCePykMQmTfWY+jlaUTv55RF5b31w=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.13/go.mod h1:1UzMv5n56AjbPR9834o5YLw5dH6baIsY60Ib84s1NCc=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11 h1:QNkz5KqOUdeq1D0AP9r7Af6hNKyb0fnFa/L4DEKTp+Q=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.11/go.mod h1:c7R1eDLOU5hQ4f66TYzyAT2AeLLtw5khZJpbGCo1cYU=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0 h1:NZIFz15bhrWwewGU0tdUGsisKPQxvzy3O4dL5jgBDKw=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.0/go.mod h1:ha/DkVoeDtS0XwRKyOiXP2J4Vzo3zpiE0yGi7Ej0X3o=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ=

From e50d9e98d70202d7ec8f66eaec5abfc010e4f9e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2024 14:03:27 +0000
Subject: [PATCH 06/39] deps: bump
 github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.6.0 to 1.7.0 (#497)

Bumps
[github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go)
from 1.6.0 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Azure/azure-sdk-for-go/releases">github.com/Azure/azure-sdk-for-go/sdk/azidentity's
releases</a>.</em></p>
<blockquote>
<h2>sdk/messaging/azservicebus/v1.7.0</h2>
<h2>1.7.0 (2024-04-02)</h2>
<h3>Features Added</h3>
<ul>
<li>Add in ability to handle emulator connection strings.
(PR#22663)</li>
</ul>
<h2>sdk/internal/v1.7.0</h2>
<h2>1.7.0 (2024-05-01)</h2>
<h3>Features Added</h3>
<ul>
<li>
<p>Support for local repo override (via presence of
eng/target_proxy_version.txt) of invoked test-proxy version.</p>
</li>
<li>
<p><code>RemoveRegisteredSanitizers</code> selectively disables
sanitizers the test proxy enables by
default since version 1.0.0-dev.20240422.1</p>
</li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>Deprecated the <code>go-vcr</code> based test recording API. Its
methods now return errors or panic.</li>
<li>Changed value of <code>recording.SanitizedValue</code> from
&quot;sanitized&quot; to &quot;Sanitized&quot; to match the
test proxy</li>
</ul>
<h2>sdk/azidentity/v1.7.0</h2>
<h2>1.7.0 (2024-06-20)</h2>
<h3>Features Added</h3>
<ul>
<li><code>AzurePipelinesCredential</code> authenticates an Azure
Pipelines service connection with
workload identity federation</li>
</ul>
<h3>Breaking Changes</h3>
<blockquote>
<p>These changes affect only code written against a beta version such as
v1.7.0-beta.1</p>
</blockquote>
<ul>
<li>Removed the persistent token caching API. It will return in
v1.8.0-beta.1</li>
</ul>
<h2>sdk/azidentity/v1.7.0-beta.1</h2>
<h2>1.7.0-beta.1 (2024-06-10)</h2>
<h3>Features Added</h3>
<ul>
<li>Restored <code>AzurePipelinesCredential</code> and persistent token
caching API</li>
</ul>
<h2>Breaking Changes</h2>
<blockquote>
<p>These changes affect only code written against a beta version such as
v1.6.0-beta.4</p>
</blockquote>
<ul>
<li>Values which <code>NewAzurePipelinesCredential</code> read from
environment variables in
prior versions are now parameters</li>
<li>Renamed
<code>AzurePipelinesServiceConnectionCredentialOptions</code> to
<code>AzurePipelinesCredentialOptions</code></li>
</ul>
<h3>Bugs Fixed</h3>
<ul>
<li>Managed identity bug fixes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/624babab3d2e3a95628afa61d1474a035cc7d094"><code>624baba</code></a>
bump azcore version number</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/ce7217c3f5f5a2f88f3a5d1ded48da338f3d8d06"><code>ce7217c</code></a>
Prep for azcore v1.7.0 release (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21149">#21149</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/62a8079d41783914d9a5f585bcdb6f6b91223e5c"><code>62a8079</code></a>
Add support for shallow cloning azcore.Client instances (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21065">#21065</a>)
(<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21098">#21098</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/47286b065b0e3aa7d367fb20212aad3a143e6343"><code>47286b0</code></a>
Add flag to enable skipping of dependency checks (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21146">#21146</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/ee762d4420eb57051cdebe55e55b107dae4f6bfc"><code>ee762d4</code></a>
Fix populating module name in telemetry policy (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/20967">#20967</a>)
(<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/20971">#20971</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/02431759c00a99a31e159e9905c392b8f430c897"><code>0243175</code></a>
Prep azcore v1.6.1 for release (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/20961">#20961</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/9c9d62a1d612cf1f9e6902ddd3c538abd90b955c"><code>9c9d62a</code></a>
Increment package version after release of azcore (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/20740">#20740</a>)</li>
<li>See full diff in <a
href="https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Azure/azure-sdk-for-go/sdk/azidentity&package-manager=go_modules&previous-version=1.6.0&new-version=1.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c3a466f99f..6954c6859d 100644
--- a/go.mod
+++ b/go.mod
@@ -262,7 +262,7 @@ require (
 	github.com/Azure/azure-container-networking/zapai v0.0.3
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dashboard/armdashboard v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0
diff --git a/go.sum b/go.sum
index cd7b0d3a68..5b0eadad38 100644
--- a/go.sum
+++ b/go.sum
@@ -12,8 +12,8 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns=

From 7f52ce401e16a0c09536ffc03109bcc9a87042f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2024 10:55:59 -0400
Subject: [PATCH 07/39] deps: bump
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5
 from 5.1.1 to 5.2.0 (#498)

Bumps
[github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5](https://github.com/Azure/azure-sdk-for-go)
from 5.1.1 to 5.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Azure/azure-sdk-for-go/releases">github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5's
releases</a>.</em></p>
<blockquote>
<h2>sdk/resourcemanager/network/armnetwork/v5.2.0</h2>
<h2>5.2.0 (2024-06-21)</h2>
<h3>Features Added</h3>
<ul>
<li>New value <code>EndpointTypeAzureArcNetwork</code> added to enum
type <code>EndpointType</code></li>
<li>New enum type <code>ApplicationGatewaySKUFamily</code> with values
<code>ApplicationGatewaySKUFamilyGeneration1</code>,
<code>ApplicationGatewaySKUFamilyGeneration2</code></li>
<li>New enum type <code>InboundSecurityRuleType</code> with values
<code>InboundSecurityRuleTypeAutoExpire</code>,
<code>InboundSecurityRuleTypePermanent</code></li>
<li>New enum type <code>NicTypeInRequest</code> with values
<code>NicTypeInRequestPrivateNic</code>,
<code>NicTypeInRequestPublicNic</code></li>
<li>New enum type <code>NicTypeInResponse</code> with values
<code>NicTypeInResponseAdditionalNic</code>,
<code>NicTypeInResponsePrivateNic</code>,
<code>NicTypeInResponsePublicNic</code></li>
<li>New enum type <code>SharingScope</code> with values
<code>SharingScopeDelegatedServices</code>,
<code>SharingScopeTenant</code></li>
<li>New function
<code>*ClientFactory.NewFirewallPolicyDeploymentsClient()
*FirewallPolicyDeploymentsClient</code></li>
<li>New function <code>*ClientFactory.NewFirewallPolicyDraftsClient()
*FirewallPolicyDraftsClient</code></li>
<li>New function
<code>*ClientFactory.NewFirewallPolicyRuleCollectionGroupDraftsClient()
*FirewallPolicyRuleCollectionGroupDraftsClient</code></li>
<li>New function <code>NewFirewallPolicyDeploymentsClient(string,
azcore.TokenCredential, *arm.ClientOptions)
(*FirewallPolicyDeploymentsClient, error)</code></li>
<li>New function
<code>*FirewallPolicyDeploymentsClient.BeginDeploy(context.Context,
string, string, *FirewallPolicyDeploymentsClientBeginDeployOptions)
(*runtime.Poller[FirewallPolicyDeploymentsClientDeployResponse],
error)</code></li>
<li>New function <code>NewFirewallPolicyDraftsClient(string,
azcore.TokenCredential, *arm.ClientOptions)
(*FirewallPolicyDraftsClient, error)</code></li>
<li>New function
<code>*FirewallPolicyDraftsClient.CreateOrUpdate(context.Context,
string, string, FirewallPolicyDraft,
*FirewallPolicyDraftsClientCreateOrUpdateOptions)
(FirewallPolicyDraftsClientCreateOrUpdateResponse, error)</code></li>
<li>New function
<code>*FirewallPolicyDraftsClient.Delete(context.Context, string,
string, *FirewallPolicyDraftsClientDeleteOptions)
(FirewallPolicyDraftsClientDeleteResponse, error)</code></li>
<li>New function <code>*FirewallPolicyDraftsClient.Get(context.Context,
string, string, *FirewallPolicyDraftsClientGetOptions)
(FirewallPolicyDraftsClientGetResponse, error)</code></li>
<li>New function
<code>NewFirewallPolicyRuleCollectionGroupDraftsClient(string,
azcore.TokenCredential, *arm.ClientOptions)
(*FirewallPolicyRuleCollectionGroupDraftsClient, error)</code></li>
<li>New function
<code>*FirewallPolicyRuleCollectionGroupDraftsClient.CreateOrUpdate(context.Context,
string, string, string, FirewallPolicyRuleCollectionGroupDraft,
*FirewallPolicyRuleCollectionGroupDraftsClientCreateOrUpdateOptions)
(FirewallPolicyRuleCollectionGroupDraftsClientCreateOrUpdateResponse,
error)</code></li>
<li>New function
<code>*FirewallPolicyRuleCollectionGroupDraftsClient.Delete(context.Context,
string, string, string,
*FirewallPolicyRuleCollectionGroupDraftsClientDeleteOptions)
(FirewallPolicyRuleCollectionGroupDraftsClientDeleteResponse,
error)</code></li>
<li>New function
<code>*FirewallPolicyRuleCollectionGroupDraftsClient.Get(context.Context,
string, string, string,
*FirewallPolicyRuleCollectionGroupDraftsClientGetOptions)
(FirewallPolicyRuleCollectionGroupDraftsClientGetResponse,
error)</code></li>
<li>New function
<code>*VirtualAppliancesClient.BeginRestart(context.Context, string,
string, *VirtualAppliancesClientBeginRestartOptions)
(*runtime.Poller[VirtualAppliancesClientRestartResponse],
error)</code></li>
<li>New struct
<code>ConnectionMonitorEndpointLocationDetails</code></li>
<li>New struct <code>FirewallPolicyDraft</code></li>
<li>New struct <code>FirewallPolicyDraftProperties</code></li>
<li>New struct <code>FirewallPolicyRuleCollectionGroupDraft</code></li>
<li>New struct
<code>FirewallPolicyRuleCollectionGroupDraftProperties</code></li>
<li>New struct <code>HeaderValueMatcher</code></li>
<li>New struct <code>PacketCaptureSettings</code></li>
<li>New struct <code>VirtualApplianceIPConfiguration</code></li>
<li>New struct
<code>VirtualApplianceIPConfigurationProperties</code></li>
<li>New struct <code>VirtualApplianceInstanceIDs</code></li>
<li>New struct
<code>VirtualApplianceNetworkInterfaceConfiguration</code></li>
<li>New struct
<code>VirtualApplianceNetworkInterfaceConfigurationProperties</code></li>
<li>New struct
<code>VirtualAppliancePropertiesFormatNetworkProfile</code></li>
<li>New field <code>HeaderValueMatcher</code> in struct
<code>ApplicationGatewayHeaderConfiguration</code></li>
<li>New field <code>Family</code> in struct
<code>ApplicationGatewaySKU</code></li>
<li>New field <code>LocationDetails</code>, <code>SubscriptionID</code>
in struct <code>ConnectionMonitorEndpoint</code></li>
<li>New field <code>EnableDirectPortRateLimit</code> in struct
<code>ExpressRouteCircuitPropertiesFormat</code></li>
<li>New field <code>RuleType</code> in struct
<code>InboundSecurityRuleProperties</code></li>
<li>New field <code>AppliesOn</code>,
<code>DestinationPortRanges</code>, <code>Name</code> in struct
<code>InboundSecurityRules</code></li>
<li>New field <code>PrivateIPAddressPrefixLength</code> in struct
<code>InterfaceIPConfigurationPropertiesFormat</code></li>
<li>New field <code>CaptureSettings</code>,
<code>ContinuousCapture</code> in struct
<code>PacketCaptureParameters</code></li>
<li>New field <code>CaptureSettings</code>,
<code>ContinuousCapture</code> in struct
<code>PacketCaptureResultProperties</code></li>
<li>New field <code>LocalPath</code> in struct
<code>PacketCaptureStorageLocation</code></li>
<li>New field <code>JsChallengeCookieExpirationInMins</code> in struct
<code>PolicySettings</code></li>
<li>New field <code>SharingScope</code> in struct
<code>SubnetPropertiesFormat</code></li>
<li>New field <code>DpdTimeoutSeconds</code> in struct
<code>VPNSiteLinkConnectionProperties</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/20751203d34092d595f29e5bd2e1fd3bb98155f7"><code>2075120</code></a>
[Release] sdk/resourcemanager/compute/armcompute/5.2.0 (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21533">#21533</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/40b4a5358834809faac6381137b42c9c7f3f5a50"><code>40b4a53</code></a>
Return specific errors when parsing connection strings (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21586">#21586</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/b356b4a41dfd71441f38c7c59c228d6d89dc352e"><code>b356b4a</code></a>
Don't recreate body after reading (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21580">#21580</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/0872c8042db81c92737f0fc99561d1bbadd40cc6"><code>0872c80</code></a>
Deprecated sdk/resourcemanager/servicefabricmesh/armservicefabricmesh
(<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21583">#21583</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/e4491a8e239619b14612d49d621cbb7c2652b745"><code>e4491a8</code></a>
generator tools add --force-stable-version flag (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21582">#21582</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/d82c2b83d410593d501f39c5c4651934761eab7c"><code>d82c2b8</code></a>
Move the HMAC auth policy to an internal package (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21579">#21579</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/b2c13bb29371890521943c1347df8bb8bffa9288"><code>b2c13bb</code></a>
Clean up azdatalake pending version number (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21575">#21575</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/fa976efb239f5ba81d1286fa89dd6f59c3af3209"><code>fa976ef</code></a>
Serilaize with depth (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21568">#21568</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/b2e324fc5c38463f95eebac87ea937ce9359b443"><code>b2e324f</code></a>
azblob: STG 90 Preview (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21574">#21574</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-go/commit/400ace9928229820b314c7b4fa52552054e3b838"><code>400ace9</code></a>
Updating Module Version + Changelog (<a
href="https://redirect.github.com/Azure/azure-sdk-for-go/issues/21565">#21565</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/Azure/azure-sdk-for-go/compare/sdk/resourcemanager/network/armnetwork/v5.1.1...sdk/resourcemanager/compute/armcompute/v5.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5&package-manager=go_modules&previous-version=5.1.1&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6954c6859d..770ca5948a 100644
--- a/go.mod
+++ b/go.mod
@@ -266,7 +266,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dashboard/armdashboard v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
diff --git a/go.sum b/go.sum
index 5b0eadad38..c563d35529 100644
--- a/go.sum
+++ b/go.sum
@@ -22,12 +22,14 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dashboard/armdashboard v1.
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dashboard/armdashboard v1.2.0/go.mod h1:xYrOYxajQvXMlp6M1E3amlaqPDXspyJxmjqTsGo6Jmw=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0 h1:Ds0KRF8ggpEGg4Vo42oX1cIt/IfOhHWJBikksZbVxeg=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0/go.mod h1:jj6P8ybImR+5topJ+eH6fgcemSFBmU6/6bFF8KkwuDI=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1 h1:QZY6o3E/KX0QhgQpvat4UxAsXuBIb4efrFtZcqCUTbs=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1/go.mod h1:8gv2PVzO0a+f4aWpe940Ouz0r4ifLj8H+/jxRXgwPxg=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 h1:qBlqTo40ARdI7Pmq+enBiTnejZk2BF+PHgktgG8k3r8=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0/go.mod h1:UmyOatRyQodVpp55Jr5WJmnkmVW4wKfo85uHFmMEjfM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70=

From d74be0e6c15f0846dc8e9f8baeae6c8e5bb79a87 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 24 Jun 2024 13:22:24 +0000
Subject: [PATCH 08/39] udpate cmd name and remove license

---
 operator/cmd/hubble_linux.go |  16 +--
 operator/v2/k8s/LICENSE      | 201 -----------------------------------
 2 files changed, 8 insertions(+), 209 deletions(-)
 delete mode 100644 operator/v2/k8s/LICENSE

diff --git a/operator/cmd/hubble_linux.go b/operator/cmd/hubble_linux.go
index ec7ffa31d0..0ff5c416a4 100644
--- a/operator/cmd/hubble_linux.go
+++ b/operator/cmd/hubble_linux.go
@@ -13,8 +13,8 @@ import (
 )
 
 var (
-	h         = hive.New(hubble.Operator)
-	hubbleCmd = &cobra.Command{
+	h   = hive.New(hubble.Operator)
+	cmd = &cobra.Command{
 		Use:   "v2",
 		Short: "Start the Retina operator V2",
 		Run: func(cobraCmd *cobra.Command, _ []string) {
@@ -27,23 +27,23 @@ var (
 )
 
 func init() {
-	h.RegisterFlags(hubbleCmd.Flags())
-	hubbleCmd.AddCommand(h.Command())
+	h.RegisterFlags(cmd.Flags())
+	cmd.AddCommand(h.Command())
 
-	hubble.InitGlobalFlags(hubbleCmd, h.Viper())
+	hubble.InitGlobalFlags(cmd, h.Viper())
 
 	// Enable fallback to direct API probing to check for support of Leases in
 	// case Discovery API fails.
 	h.Viper().Set(option.K8sEnableAPIDiscovery, true)
 
-	hubbleCmd.AddCommand(
+	cmd.AddCommand(
 		hubble.MetricsCmd,
 		h.Command(),
 	)
 	// not sure where flags hooks is set
 	for _, hook := range hubble.FlagsHooks {
-		hook.RegisterProviderFlag(hubbleCmd, h.Viper())
+		hook.RegisterProviderFlag(cmd, h.Viper())
 	}
 
-	rootCmd.AddCommand(hubbleCmd)
+	rootCmd.AddCommand(cmd)
 }
diff --git a/operator/v2/k8s/LICENSE b/operator/v2/k8s/LICENSE
deleted file mode 100644
index 32ce978c33..0000000000
--- a/operator/v2/k8s/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} Authors of Retina and Cilium
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
\ No newline at end of file

From 7907eeb4e234a8a78771919be1a0b3c2ea0b08d0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jun 2024 11:36:46 -0400
Subject: [PATCH 09/39] deps: bump github.com/safchain/ethtool from 0.4.0 to
 0.4.1 (#500)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/safchain/ethtool](https://github.com/safchain/ethtool)
from 0.4.0 to 0.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/safchain/ethtool/releases">github.com/safchain/ethtool's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Conditionally inject supportedCapabilities by <a
href="https://github.com/gavinbunney"><code>@​gavinbunney</code></a> in
<a
href="https://redirect.github.com/safchain/ethtool/pull/81">safchain/ethtool#81</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/gavinbunney"><code>@​gavinbunney</code></a>
made their first contribution in <a
href="https://redirect.github.com/safchain/ethtool/pull/81">safchain/ethtool#81</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/safchain/ethtool/compare/v0.4.0...v0.4.1">https://github.com/safchain/ethtool/compare/v0.4.0...v0.4.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/safchain/ethtool/commit/6585e3fce8548c018758658cd643350c648af6fa"><code>6585e3f</code></a>
Merge pull request <a
href="https://redirect.github.com/safchain/ethtool/issues/81">#81</a>
from gavinbunney/master</li>
<li><a
href="https://github.com/safchain/ethtool/commit/5dfe5f52d33163443e28611fd06c74a53517036f"><code>5dfe5f5</code></a>
Conditionally inject supportedCapabilities</li>
<li>See full diff in <a
href="https://github.com/safchain/ethtool/compare/v0.4.0...v0.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/safchain/ethtool&package-manager=go_modules&previous-version=0.4.0&new-version=0.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 770ca5948a..44c84175aa 100644
--- a/go.mod
+++ b/go.mod
@@ -289,7 +289,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.54.0
-	github.com/safchain/ethtool v0.4.0
+	github.com/safchain/ethtool v0.4.1
 	github.com/spf13/viper v1.19.0
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
 	go.opentelemetry.io/otel v1.27.0
diff --git a/go.sum b/go.sum
index c563d35529..eb8592e56b 100644
--- a/go.sum
+++ b/go.sum
@@ -724,8 +724,8 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/s3rj1k/go-fanotify/fanotify v0.0.0-20210917134616-9c00a300bb7a h1:np2nR32/A/VcOG9Hn+IOPA8kMk1gbBzK5LpSsgq5pJI=
 github.com/s3rj1k/go-fanotify/fanotify v0.0.0-20210917134616-9c00a300bb7a/go.mod h1:wiP6GQ2T378F+YIyuNw7yXtBxJZR+fqrrn1Z6UHZi0Q=
-github.com/safchain/ethtool v0.4.0 h1:vq1i2HCjshJNywOXFZ1BpwIjyeFR/kvNdHiRzqSElDI=
-github.com/safchain/ethtool v0.4.0/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48=
+github.com/safchain/ethtool v0.4.1 h1:S6mEleTADqgynileXoiapt/nKnatyR6bmIHoF+h2ADo=
+github.com/safchain/ethtool v0.4.1/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=

From 22868e17cdfb439943ee7cdad44fc925f658d7dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jun 2024 23:50:02 -0400
Subject: [PATCH 10/39] deps: bump github.com/hashicorp/go-retryablehttp from
 0.7.5 to 0.7.7 in /hack/tools in the go_modules group (#504)

Bumps the go_modules group in /hack/tools with 1 update:
[github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp).

Updates `github.com/hashicorp/go-retryablehttp` from 0.7.5 to 0.7.7
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md">github.com/hashicorp/go-retryablehttp's
changelog</a>.</em></p>
<blockquote>
<h2>0.7.7 (May 30, 2024)</h2>
<p>BUG FIXES:</p>
<ul>
<li>client: avoid potentially leaking URL-embedded basic authentication
credentials in logs (<a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a>)</li>
</ul>
<h2>0.7.6 (May 9, 2024)</h2>
<p>ENHANCEMENTS:</p>
<ul>
<li>client: support a <code>RetryPrepare</code> function for modifying
the request before retrying (<a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/216">#216</a>)</li>
<li>client: support HTTP-date values for <code>Retry-After</code> header
value (<a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/138">#138</a>)</li>
<li>client: avoid reading entire body when the body is a
<code>*bytes.Reader</code> (<a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/197">#197</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>client: fix a broken check for invalid server certificate in go
1.20+ (<a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/210">#210</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb"><code>1542b31</code></a>
v0.7.7</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac"><code>defb9f4</code></a>
v0.7.7</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a"><code>a99f07b</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a>
from dany74q/danny/redacted-url-in-logs</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411"><code>8a28c57</code></a>
Merge branch 'main' into danny/redacted-url-in-logs</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348"><code>86e852d</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/227">#227</a>
from hashicorp/dependabot/github_actions/actions/chec...</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53"><code>47fe99e</code></a>
Bump actions/checkout from 4.1.5 to 4.1.6</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d"><code>490fc06</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/226">#226</a>
from testwill/ioutil</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692"><code>f3e9417</code></a>
chore: remove refs to deprecated io/ioutil</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055"><code>d969eaa</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/225">#225</a>
from hashicorp/manicminer-patch-2</li>
<li><a
href="https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298"><code>2ad8ed4</code></a>
v0.7.6</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-retryablehttp/compare/v0.7.5...v0.7.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-retryablehttp&package-manager=go_modules&previous-version=0.7.5&new-version=0.7.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/retina/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 hack/tools/go.mod | 2 +-
 hack/tools/go.sum | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/hack/tools/go.mod b/hack/tools/go.mod
index 3b96fe7aab..daec5024bc 100644
--- a/hack/tools/go.mod
+++ b/hack/tools/go.mod
@@ -230,7 +230,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
diff --git a/hack/tools/go.sum b/hack/tools/go.sum
index 21c375c197..b7f44cac7b 100644
--- a/hack/tools/go.sum
+++ b/hack/tools/go.sum
@@ -584,14 +584,13 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
 github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=

From 482c40df79625cbad0be7e42b49e869e5ebf2a37 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Tue, 25 Jun 2024 12:43:21 +0000
Subject: [PATCH 11/39] refacto

---
 operator/{v2 => cilium-crds}/config/config.go |   0
 operator/cilium-crds/k8s/LICENSE              | 201 ++++++++++++++++++
 operator/{v2 => cilium-crds}/k8s/apis/cell.go |   0
 .../{v2 => cilium-crds}/k8s/apis/register.go  |   0
 .../{v2 => cilium-crds}/k8s/resource_ctors.go |   0
 operator/{v2 => cilium-crds}/k8s/resources.go |   0
 .../cmd/{hubble_linux.go => cilium-crds.go}   |  28 ++-
 operator/cmd/cilium-crds/LICENSE              | 201 ++++++++++++++++++
 operator/cmd/{hubble => cilium-crds}/cells.go |  20 +-
 .../cmd/{hubble => cilium-crds}/cmdref.go     |   8 +-
 operator/cmd/{hubble => cilium-crds}/flags.go |  37 +---
 operator/cmd/cilium-crds/flags_provider.go    |  19 ++
 .../cmd/{hubble => cilium-crds}/lifecycle.go  |  12 +-
 .../cmd/{hubble => cilium-crds}/metrics.go    |   8 +-
 operator/cmd/{hubble => cilium-crds}/root.go  |  12 +-
 operator/cmd/{hubble => cilium-crds}/zap.go   |   4 +-
 operator/cmd/hubble/flags_provider.go         |  13 --
 operator/config/config.go                     |   2 -
 .../{v2 => cilium-crds}/cache/types.go        |   0
 .../{v2 => cilium-crds}/endpoint/cell.go      |   0
 .../endpoint/endpoint_controller.go           |  10 +-
 .../endpoint/endpoint_controller_test.go      |  12 +-
 .../endpoint/identitymanager.go               |   0
 .../endpoint/identitymanager_test.go          |   0
 .../{v2 => cilium-crds}/endpoint/types.go     |  18 +-
 25 files changed, 498 insertions(+), 107 deletions(-)
 rename operator/{v2 => cilium-crds}/config/config.go (100%)
 create mode 100644 operator/cilium-crds/k8s/LICENSE
 rename operator/{v2 => cilium-crds}/k8s/apis/cell.go (100%)
 rename operator/{v2 => cilium-crds}/k8s/apis/register.go (100%)
 rename operator/{v2 => cilium-crds}/k8s/resource_ctors.go (100%)
 rename operator/{v2 => cilium-crds}/k8s/resources.go (100%)
 rename operator/cmd/{hubble_linux.go => cilium-crds.go} (53%)
 create mode 100644 operator/cmd/cilium-crds/LICENSE
 rename operator/cmd/{hubble => cilium-crds}/cells.go (93%)
 rename operator/cmd/{hubble => cilium-crds}/cmdref.go (81%)
 rename operator/cmd/{hubble => cilium-crds}/flags.go (73%)
 create mode 100644 operator/cmd/cilium-crds/flags_provider.go
 rename operator/cmd/{hubble => cilium-crds}/lifecycle.go (51%)
 rename operator/cmd/{hubble => cilium-crds}/metrics.go (64%)
 rename operator/cmd/{hubble => cilium-crds}/root.go (95%)
 rename operator/cmd/{hubble => cilium-crds}/zap.go (96%)
 delete mode 100644 operator/cmd/hubble/flags_provider.go
 rename pkg/controllers/operator/{v2 => cilium-crds}/cache/types.go (100%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/cell.go (100%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/endpoint_controller.go (98%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/endpoint_controller_test.go (98%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/identitymanager.go (100%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/identitymanager_test.go (100%)
 rename pkg/controllers/operator/{v2 => cilium-crds}/endpoint/types.go (88%)

diff --git a/operator/v2/config/config.go b/operator/cilium-crds/config/config.go
similarity index 100%
rename from operator/v2/config/config.go
rename to operator/cilium-crds/config/config.go
diff --git a/operator/cilium-crds/k8s/LICENSE b/operator/cilium-crds/k8s/LICENSE
new file mode 100644
index 0000000000..931b48fd07
--- /dev/null
+++ b/operator/cilium-crds/k8s/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} Authors of Cilium and Retina
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/operator/v2/k8s/apis/cell.go b/operator/cilium-crds/k8s/apis/cell.go
similarity index 100%
rename from operator/v2/k8s/apis/cell.go
rename to operator/cilium-crds/k8s/apis/cell.go
diff --git a/operator/v2/k8s/apis/register.go b/operator/cilium-crds/k8s/apis/register.go
similarity index 100%
rename from operator/v2/k8s/apis/register.go
rename to operator/cilium-crds/k8s/apis/register.go
diff --git a/operator/v2/k8s/resource_ctors.go b/operator/cilium-crds/k8s/resource_ctors.go
similarity index 100%
rename from operator/v2/k8s/resource_ctors.go
rename to operator/cilium-crds/k8s/resource_ctors.go
diff --git a/operator/v2/k8s/resources.go b/operator/cilium-crds/k8s/resources.go
similarity index 100%
rename from operator/v2/k8s/resources.go
rename to operator/cilium-crds/k8s/resources.go
diff --git a/operator/cmd/hubble_linux.go b/operator/cmd/cilium-crds.go
similarity index 53%
rename from operator/cmd/hubble_linux.go
rename to operator/cmd/cilium-crds.go
index 0ff5c416a4..e2b6fb5a84 100644
--- a/operator/cmd/hubble_linux.go
+++ b/operator/cmd/cilium-crds.go
@@ -8,42 +8,40 @@ import (
 
 	"github.com/cilium/cilium/pkg/hive"
 	"github.com/cilium/cilium/pkg/option"
-	"github.com/microsoft/retina/operator/cmd/hubble"
+	ciliumcrds "github.com/microsoft/retina/operator/cmd/cilium-crds"
 	"github.com/spf13/cobra"
 )
 
 var (
-	h   = hive.New(hubble.Operator)
+	h   = hive.New(ciliumcrds.Operator)
 	cmd = &cobra.Command{
-		Use:   "v2",
-		Short: "Start the Retina operator V2",
+		Use:   "manage-cilium-crds",
+		Short: "Start the Retina operator for Hubble control plane",
 		Run: func(cobraCmd *cobra.Command, _ []string) {
-			if v, _ := cobraCmd.Flags().GetBool("version"); v {
-				fmt.Println("Starting Retina Operator V2")
-			}
-			hubble.Execute(cobraCmd, h)
+			fmt.Println("Starting Retina Operator with Cilium CRDs")
+			ciliumcrds.Execute(cobraCmd, h)
 		},
 	}
 )
 
 func init() {
 	h.RegisterFlags(cmd.Flags())
-	cmd.AddCommand(h.Command())
+	cmd.AddCommand(h.Command(), ciliumcrds.MetricsCmd)
 
-	hubble.InitGlobalFlags(cmd, h.Viper())
+	ciliumcrds.InitGlobalFlags(cmd, h.Viper())
 
 	// Enable fallback to direct API probing to check for support of Leases in
 	// case Discovery API fails.
 	h.Viper().Set(option.K8sEnableAPIDiscovery, true)
 
-	cmd.AddCommand(
-		hubble.MetricsCmd,
-		h.Command(),
-	)
 	// not sure where flags hooks is set
-	for _, hook := range hubble.FlagsHooks {
+	for _, hook := range ciliumcrds.FlagsHooks {
 		hook.RegisterProviderFlag(cmd, h.Viper())
 	}
 
+	cobra.OnInitialize(
+		option.InitConfig(cmd, "Retina-Operator", "retina-operators", h.Viper()),
+	)
+
 	rootCmd.AddCommand(cmd)
 }
diff --git a/operator/cmd/cilium-crds/LICENSE b/operator/cmd/cilium-crds/LICENSE
new file mode 100644
index 0000000000..931b48fd07
--- /dev/null
+++ b/operator/cmd/cilium-crds/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} Authors of Cilium and Retina
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/operator/cmd/hubble/cells.go b/operator/cmd/cilium-crds/cells.go
similarity index 93%
rename from operator/cmd/hubble/cells.go
rename to operator/cmd/cilium-crds/cells.go
index b0bbeefcc9..cb2feb4a4e 100644
--- a/operator/cmd/hubble/cells.go
+++ b/operator/cmd/cilium-crds/cells.go
@@ -1,7 +1,10 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: separated the cells from root.go into this file.
+// See other note in root.go for modification info.
+
+package ciliumcrds
 
 import (
 	"context"
@@ -12,15 +15,14 @@ import (
 	k8sruntime "k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	zapf "sigs.k8s.io/controller-runtime/pkg/log/zap"
 
-	"github.com/microsoft/retina/operator/v2/config"
-	operatorK8s "github.com/microsoft/retina/operator/v2/k8s"
-	"github.com/microsoft/retina/operator/v2/k8s/apis"
-	endpointcontroller "github.com/microsoft/retina/pkg/controllers/operator/v2/endpoint"
+	"github.com/microsoft/retina/operator/cilium-crds/config"
+	operatorK8s "github.com/microsoft/retina/operator/cilium-crds/k8s"
+	"github.com/microsoft/retina/operator/cilium-crds/k8s/apis"
+	endpointcontroller "github.com/microsoft/retina/pkg/controllers/operator/cilium-crds/endpoint"
 
 	"github.com/cilium/cilium/operator/auth"
 	"github.com/cilium/cilium/operator/endpointgc"
@@ -62,7 +64,7 @@ var (
 		// start sending logs to zap telemetry (if enabled)
 		cell.Invoke(setupZapHook),
 
-		cell.Provide(func(cfg config.Config, _ *rest.Config) telemetry.Config {
+		cell.Provide(func(cfg config.Config) telemetry.Config {
 			return telemetry.Config{
 				Component:             "retina-operator",
 				EnableTelemetry:       cfg.EnableTelemetry,
diff --git a/operator/cmd/hubble/cmdref.go b/operator/cmd/cilium-crds/cmdref.go
similarity index 81%
rename from operator/cmd/hubble/cmdref.go
rename to operator/cmd/cilium-crds/cmdref.go
index b0c3fcb3e6..f6f7de578e 100644
--- a/operator/cmd/hubble/cmdref.go
+++ b/operator/cmd/cilium-crds/cmdref.go
@@ -1,7 +1,9 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: copied and modified to say retina-operator instead
+
+package ciliumcrds
 
 import (
 	"fmt"
diff --git a/operator/cmd/hubble/flags.go b/operator/cmd/cilium-crds/flags.go
similarity index 73%
rename from operator/cmd/hubble/flags.go
rename to operator/cmd/cilium-crds/flags.go
index 12ced23b95..cc544d3005 100644
--- a/operator/cmd/hubble/flags.go
+++ b/operator/cmd/cilium-crds/flags.go
@@ -1,14 +1,15 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: copied and slimmed down for our use case
+
+package ciliumcrds
 
 import (
 	"fmt"
 	"time"
 
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 
 	operatorOption "github.com/cilium/cilium/operator/option"
@@ -71,31 +72,3 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 		fmt.Printf("Failed to bind flags: %v\n", err)
 	}
 }
-
-const (
-	// pprofOperator enables pprof debugging endpoint for the operator
-	pprofOperator = "operator-pprof"
-
-	// pprofAddress is the port that the pprof listens on
-	pprofAddress = "operator-pprof-address"
-
-	// pprofPort is the port that the pprof listens on
-	pprofPort = "operator-pprof-port"
-)
-
-// operatorPprofConfig holds the configuration for the operator pprof cell.
-// Differently from the agent and the clustermesh-apiserver, the operator prefixes
-// the pprof related flags with the string "operator-".
-// To reuse the same cell, we need a different config type to map the same fields
-// to the operator-specific pprof flag names.
-type operatorPprofConfig struct {
-	OperatorPprof        bool
-	OperatorPprofAddress string
-	OperatorPprofPort    uint16
-}
-
-func (def operatorPprofConfig) Flags(flags *pflag.FlagSet) {
-	flags.Bool(pprofOperator, def.OperatorPprof, "Enable serving pprof debugging API")
-	flags.String(pprofAddress, def.OperatorPprofAddress, "Address that pprof listens on")
-	flags.Uint16(pprofPort, def.OperatorPprofPort, "Port that pprof listens on")
-}
diff --git a/operator/cmd/cilium-crds/flags_provider.go b/operator/cmd/cilium-crds/flags_provider.go
new file mode 100644
index 0000000000..f4285fd845
--- /dev/null
+++ b/operator/cmd/cilium-crds/flags_provider.go
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
+
+// NOTE: we could reference this file Cilium's code, but it is a small file.
+// Referencing Cilium's code requires importing dependencies
+// we don't need from their operator, which has BGP dependencies for instance.
+// This is currently resulting in an error in go mod tidy:
+// module go.universe.tf/metallb@latest found (v0.13.12), but does not contain package go.universe.tf/metallb/pkg/speaker
+
+package ciliumcrds
+
+import (
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+type ProviderFlagsHooks interface {
+	RegisterProviderFlag(cmd *cobra.Command, vp *viper.Viper)
+}
diff --git a/operator/cmd/hubble/lifecycle.go b/operator/cmd/cilium-crds/lifecycle.go
similarity index 51%
rename from operator/cmd/hubble/lifecycle.go
rename to operator/cmd/cilium-crds/lifecycle.go
index 0edcb82654..f348ec88b5 100644
--- a/operator/cmd/hubble/lifecycle.go
+++ b/operator/cmd/cilium-crds/lifecycle.go
@@ -1,7 +1,13 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: we could reference this file Cilium's code, but it is a small file.
+// If we were to import this code from Cilium's operator/cmd/ package,
+// that would require dependencies we don't need from their operator (for instance, BGP dependencies).
+// At time of writing, trying to import that code was also resulting in an error in go mod tidy:
+// module go.universe.tf/metallb@latest found (v0.13.12), but does not contain package go.universe.tf/metallb/pkg/speaker
+
+package ciliumcrds
 
 import (
 	"github.com/cilium/cilium/pkg/hive/cell"
diff --git a/operator/cmd/hubble/metrics.go b/operator/cmd/cilium-crds/metrics.go
similarity index 64%
rename from operator/cmd/hubble/metrics.go
rename to operator/cmd/cilium-crds/metrics.go
index f3c4a55b49..902bcae56b 100644
--- a/operator/cmd/hubble/metrics.go
+++ b/operator/cmd/cilium-crds/metrics.go
@@ -1,7 +1,9 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: changed to say networkobservability_operator
+
+package ciliumcrds
 
 import (
 	"github.com/spf13/cobra"
diff --git a/operator/cmd/hubble/root.go b/operator/cmd/cilium-crds/root.go
similarity index 95%
rename from operator/cmd/hubble/root.go
rename to operator/cmd/cilium-crds/root.go
index 56e5f7a7f0..b01489c143 100644
--- a/operator/cmd/hubble/root.go
+++ b/operator/cmd/cilium-crds/root.go
@@ -1,7 +1,11 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium and Retina
 
-package hubble
+// NOTE: this file was originally a modified/slimmed-down version of Cilium's operator
+// to provide Retina with a hive to run Cilium's garbage collection Cells.
+// Now, it contains Retina-related code ported into Cells.
+
+package ciliumcrds
 
 import (
 	"context"
@@ -39,8 +43,6 @@ var (
 )
 
 func Execute(cmd *cobra.Command, h *hive.Hive) {
-	fn := option.InitConfig(cmd, "Retina-Operator", "retina-operators", h.Viper())
-	fn()
 	initEnv(h.Viper())
 
 	if err := h.Run(); err != nil {
diff --git a/operator/cmd/hubble/zap.go b/operator/cmd/cilium-crds/zap.go
similarity index 96%
rename from operator/cmd/hubble/zap.go
rename to operator/cmd/cilium-crds/zap.go
index f6221221f5..77cff4a516 100644
--- a/operator/cmd/hubble/zap.go
+++ b/operator/cmd/cilium-crds/zap.go
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
-package hubble
+package ciliumcrds
 
 import (
 	"fmt"
@@ -16,7 +16,7 @@ import (
 	"go.uber.org/zap"
 	"k8s.io/client-go/rest"
 
-	"github.com/microsoft/retina/operator/v2/config"
+	"github.com/microsoft/retina/operator/cilium-crds/config"
 )
 
 // TODO refactor to another package? Like shared/telemetry/
diff --git a/operator/cmd/hubble/flags_provider.go b/operator/cmd/hubble/flags_provider.go
deleted file mode 100644
index aab7f98d68..0000000000
--- a/operator/cmd/hubble/flags_provider.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-
-package hubble
-
-import (
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-type ProviderFlagsHooks interface {
-	RegisterProviderFlag(cmd *cobra.Command, vp *viper.Viper)
-}
diff --git a/operator/config/config.go b/operator/config/config.go
index 020d817fd1..60391b79dd 100644
--- a/operator/config/config.go
+++ b/operator/config/config.go
@@ -27,8 +27,6 @@ func GetConfig(cfgFileName string) (*OperatorConfig, error) {
 	viper.AutomaticEnv()
 
 	var cfg OperatorConfig
-
-	// Check pkg/config/config.go for the explanation of setting EnableRetinaEndpoint defaults to true.
 	viper.SetDefault("EnableRetinaEndpoint", true)
 	err = viper.Unmarshal(&cfg)
 
diff --git a/pkg/controllers/operator/v2/cache/types.go b/pkg/controllers/operator/cilium-crds/cache/types.go
similarity index 100%
rename from pkg/controllers/operator/v2/cache/types.go
rename to pkg/controllers/operator/cilium-crds/cache/types.go
diff --git a/pkg/controllers/operator/v2/endpoint/cell.go b/pkg/controllers/operator/cilium-crds/endpoint/cell.go
similarity index 100%
rename from pkg/controllers/operator/v2/endpoint/cell.go
rename to pkg/controllers/operator/cilium-crds/endpoint/cell.go
diff --git a/pkg/controllers/operator/v2/endpoint/endpoint_controller.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
similarity index 98%
rename from pkg/controllers/operator/v2/endpoint/endpoint_controller.go
rename to pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
index 29e88b1a65..118bd5cf5f 100644
--- a/pkg/controllers/operator/v2/endpoint/endpoint_controller.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
@@ -11,7 +11,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/microsoft/retina/pkg/controllers/operator/v2/cache"
+	"github.com/microsoft/retina/pkg/controllers/operator/cilium-crds/cache"
 
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -305,7 +305,7 @@ func (r *endpointReconciler) reconcilePod(ctx context.Context, podKey resource.K
 	if err != nil {
 		return errors.Wrap(err, "failed to get pod labels")
 	}
-	newPEP := &PodEndpoint{
+	newPEP := &podEndpoint{
 		key:    podKey,
 		lbls:   podLabels,
 		ipv4:   pod.Status.PodIP,
@@ -358,7 +358,7 @@ func (r *endpointReconciler) handlePodDelete(ctx context.Context, n resource.Key
 	return nil
 }
 
-func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *PodEndpoint) error { //nolint:gocyclo // This function is too complex and should be refactored
+func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEndpoint) error { //nolint:gocyclo // This function is too complex and should be refactored
 	r.l.WithField("podKey", newPEP.key.String()).Trace("handling pod upsert")
 
 	oldPEP, inCache := r.store.GetPod(newPEP.key)
@@ -400,7 +400,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *PodEnd
 					"cep":    oldCEP,
 				}).Warn("CiliumEndpoint has no ipv4 address, ignoring")
 			} else {
-				oldPEP = &PodEndpoint{
+				oldPEP = &podEndpoint{
 					key:        newPEP.key,
 					endpointID: oldCEP.Status.ID,
 					ipv4:       oldCEP.Status.Networking.Addressing[0].IPV4,
@@ -530,7 +530,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *PodEnd
 			r.identityManager.DecrementReference(ctx, newPEP.lbls)
 		}
 
-		// TODO release newly allocated endpoint ID.
+		// TODO if networking changed, release newly allocated endpoint ID.
 		// May end up getting another endpoint ID below if we try to create the CEP below.
 		// No downside to this.
 
diff --git a/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
similarity index 98%
rename from pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go
rename to pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
index af872cd6d8..f2a6e24f30 100644
--- a/pkg/controllers/operator/v2/endpoint/endpoint_controller_test.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
@@ -15,7 +15,7 @@ import (
 	corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/client/clientset/versioned/typed/core/v1"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/option"
-	"github.com/microsoft/retina/pkg/controllers/operator/v2/cache"
+	"github.com/microsoft/retina/pkg/controllers/operator/cilium-crds/cache"
 	ciliumutil "github.com/microsoft/retina/pkg/utils/testutil/cilium"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
@@ -75,7 +75,7 @@ func TestPodCreate(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*PodEndpoint{
+	expectedCache := map[resource.Key]*podEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -172,7 +172,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*PodEndpoint{
+	expectedCache := map[resource.Key]*podEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -241,7 +241,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.NotNil(t, pep)
 	require.NotEqual(t, identityID, pep.identityID)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*PodEndpoint{
+	expectedCacheNew := map[resource.Key]*podEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -354,7 +354,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*PodEndpoint{
+	expectedCacheNew := map[resource.Key]*podEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -421,7 +421,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew = map[resource.Key]*PodEndpoint{
+	expectedCacheNew = map[resource.Key]*podEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
diff --git a/pkg/controllers/operator/v2/endpoint/identitymanager.go b/pkg/controllers/operator/cilium-crds/endpoint/identitymanager.go
similarity index 100%
rename from pkg/controllers/operator/v2/endpoint/identitymanager.go
rename to pkg/controllers/operator/cilium-crds/endpoint/identitymanager.go
diff --git a/pkg/controllers/operator/v2/endpoint/identitymanager_test.go b/pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go
similarity index 100%
rename from pkg/controllers/operator/v2/endpoint/identitymanager_test.go
rename to pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go
diff --git a/pkg/controllers/operator/v2/endpoint/types.go b/pkg/controllers/operator/cilium-crds/endpoint/types.go
similarity index 88%
rename from pkg/controllers/operator/v2/endpoint/types.go
rename to pkg/controllers/operator/cilium-crds/endpoint/types.go
index 9671c333bd..25dd5da3bf 100644
--- a/pkg/controllers/operator/v2/endpoint/types.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/types.go
@@ -14,7 +14,7 @@ import (
 )
 
 // podEndpoint represents a Pod/CiliumEndpoint
-type PodEndpoint struct {
+type podEndpoint struct {
 	key        resource.Key
 	endpointID int64
 	identityID int64
@@ -35,7 +35,7 @@ type PodEndpoint struct {
 	podObj *slim_corev1.Pod
 }
 
-func (pep *PodEndpoint) endpointStatus() ciliumv2.EndpointStatus {
+func (pep *podEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	return ciliumv2.EndpointStatus{
 		ID: pep.endpointID,
 		Identity: &ciliumv2.EndpointIdentity{
@@ -55,8 +55,8 @@ func (pep *PodEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	}
 }
 
-func (pep *PodEndpoint) deepCopy() *PodEndpoint {
-	return &PodEndpoint{
+func (pep *podEndpoint) deepCopy() *podEndpoint {
+	return &podEndpoint{
 		key:               pep.key,
 		endpointID:        pep.endpointID,
 		identityID:        pep.identityID,
@@ -75,7 +75,7 @@ type Store struct { //nolint:gocritic // This should be rewritten to limit expos
 	// Pods is a map of Pod key to podEndpoint
 	// this is the expected endpoint state for the pod
 	// and is used to determine if the pod needs to be updated
-	Pods map[resource.Key]*PodEndpoint
+	Pods map[resource.Key]*podEndpoint
 
 	// Namespaces is a map of Namespace name to Namespace
 	// this is used to determine if the namespace needs to be updated
@@ -85,12 +85,12 @@ type Store struct { //nolint:gocritic // This should be rewritten to limit expos
 func NewStore() *Store {
 	return &Store{
 		RWMutex:    &sync.RWMutex{},
-		Pods:       make(map[resource.Key]*PodEndpoint),
+		Pods:       make(map[resource.Key]*podEndpoint),
 		Namespaces: make(map[string]*slim_corev1.Namespace),
 	}
 }
 
-func (s *Store) AddPod(pod *PodEndpoint) {
+func (s *Store) AddPod(pod *podEndpoint) {
 	s.Lock()
 	defer s.Unlock()
 	s.Pods[pod.key] = pod
@@ -102,14 +102,14 @@ func (s *Store) AddNamespace(namespace *slim_corev1.Namespace) {
 	s.Namespaces[namespace.GetName()] = namespace
 }
 
-func (s *Store) GetPod(key resource.Key) (*PodEndpoint, bool) {
+func (s *Store) GetPod(key resource.Key) (*podEndpoint, bool) {
 	s.RLock()
 	defer s.RUnlock()
 	pod, ok := s.Pods[key]
 	return pod, ok
 }
 
-func (s *Store) GetToDeletePod(key resource.Key) (*PodEndpoint, bool) {
+func (s *Store) GetToDeletePod(key resource.Key) (*podEndpoint, bool) {
 	s.Lock()
 	defer s.Unlock()
 	pod, ok := s.Pods[key]

From d4b3f17794dfe9d7cc8f3780718c23fed0bf92fd Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Tue, 25 Jun 2024 13:28:44 +0000
Subject: [PATCH 12/39] fix lint

---
 operator/cilium-crds/k8s/apis/register.go       | 17 +++++++++++++----
 operator/cmd/cilium-crds/flags.go               | 12 +++++++++---
 operator/cmd/cilium-crds/root.go                | 10 ++++++----
 operator/cmd/cilium-crds/zap.go                 | 12 +++++++++---
 operator/cmd/legacy/deployment.go               | 16 +++++++++++-----
 operator/config/config.go                       |  6 ++++--
 .../cilium-crds/endpoint/endpoint_controller.go |  3 +--
 .../endpoint/endpoint_controller_test.go        |  3 +--
 .../endpoint/identitymanager_test.go            | 16 ++++++++--------
 pkg/shared/config/config.go                     |  4 +++-
 pkg/utils/testutil/cilium/endpoint_client.go    |  3 ++-
 pkg/utils/testutil/cilium/errors.go             |  4 +++-
 12 files changed, 70 insertions(+), 36 deletions(-)

diff --git a/operator/cilium-crds/k8s/apis/register.go b/operator/cilium-crds/k8s/apis/register.go
index 5f52766c8c..fcd7d5cf43 100644
--- a/operator/cilium-crds/k8s/apis/register.go
+++ b/operator/cilium-crds/k8s/apis/register.go
@@ -30,10 +30,19 @@ var necessaryCRDNames = []string{
 	synced.CRDResourceName(k8sconstv2.CIDName),
 }
 
+// Define a custom error type for missing CRDs
+type CRDNotFoundError struct {
+	CRDName string
+}
+
+func (e *CRDNotFoundError) Error() string {
+	return "CRD not found: " + e.CRDName
+}
+
 // RegisterCRDs registers all CRDs with the K8s apiserver.
 func RegisterCRDs(clientset client.Clientset) error {
 	if err := createCustomResourceDefinitions(clientset); err != nil {
-		return fmt.Errorf("Unable to create custom resource definition: %s", err)
+		return fmt.Errorf("Unable to create custom resource definition: %w", err)
 	}
 
 	return nil
@@ -46,7 +55,7 @@ func createCustomResourceDefinitions(clientset apiextensionsclient.Interface) er
 
 	crds, err := customResourceDefinitionList()
 	if err != nil {
-		return err
+		return fmt.Errorf("Unable to get CRD list: %w", err)
 	}
 
 	for _, crd := range crds {
@@ -56,7 +65,7 @@ func createCustomResourceDefinitions(clientset apiextensionsclient.Interface) er
 		})
 	}
 
-	return g.Wait()
+	return fmt.Errorf("Unable to create CRD: %w", g.Wait())
 }
 
 func customResourceDefinitionList() (map[string]*apisclient.CRDList, error) {
@@ -67,7 +76,7 @@ func customResourceDefinitionList() (map[string]*apisclient.CRDList, error) {
 	for _, crdName := range necessaryCRDNames {
 		crd, ok := crds[crdName]
 		if !ok {
-			return nil, fmt.Errorf("CRD not found: %s", crdName)
+			return nil, fmt.Errorf("%w", &CRDNotFoundError{CRDName: crdName})
 		}
 
 		necessaryCRDs[crdName] = crd
diff --git a/operator/cmd/cilium-crds/flags.go b/operator/cmd/cilium-crds/flags.go
index cc544d3005..c2d6e1482a 100644
--- a/operator/cmd/cilium-crds/flags.go
+++ b/operator/cmd/cilium-crds/flags.go
@@ -17,6 +17,12 @@ import (
 	"github.com/cilium/cilium/pkg/option"
 )
 
+var (
+	durationLeaderElector     = 2 * time.Second
+	durationNonLeaderOperator = 15 * time.Second
+	durationActingMaster      = 10 * time.Second
+)
+
 func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 	flags := cmd.Flags()
 
@@ -55,15 +61,15 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 			`configmap example for syslog driver: {"syslog.level":"info","syslog.facility":"local4"}`)
 	option.BindEnv(vp, option.LogOpt)
 
-	flags.Duration(operatorOption.LeaderElectionLeaseDuration, 15*time.Second,
+	flags.Duration(operatorOption.LeaderElectionLeaseDuration, durationNonLeaderOperator,
 		"Duration that non-leader operator candidates will wait before forcing to acquire leadership")
 	option.BindEnv(vp, operatorOption.LeaderElectionLeaseDuration)
 
-	flags.Duration(operatorOption.LeaderElectionRenewDeadline, 10*time.Second,
+	flags.Duration(operatorOption.LeaderElectionRenewDeadline, durationActingMaster,
 		"Duration that current acting master will retry refreshing leadership in before giving up the lock")
 	option.BindEnv(vp, operatorOption.LeaderElectionRenewDeadline)
 
-	flags.Duration(operatorOption.LeaderElectionRetryPeriod, 2*time.Second,
+	flags.Duration(operatorOption.LeaderElectionRetryPeriod, durationLeaderElector,
 		"Duration that LeaderElector clients should wait between retries of the actions")
 	option.BindEnv(vp, operatorOption.LeaderElectionRetryPeriod)
 
diff --git a/operator/cmd/cilium-crds/root.go b/operator/cmd/cilium-crds/root.go
index b01489c143..b28ad2b183 100644
--- a/operator/cmd/cilium-crds/root.go
+++ b/operator/cmd/cilium-crds/root.go
@@ -10,6 +10,7 @@ package ciliumcrds
 import (
 	"context"
 	"crypto/rand"
+	"fmt"
 	"math/big"
 	"os"
 	"path/filepath"
@@ -38,8 +39,9 @@ var (
 	retinaVersion         string
 
 	// set logger field: subsys=retina-operator
-	binaryName = filepath.Base(os.Args[0])
-	logger     = logging.DefaultLogger.WithField(logfields.LogSubsys, binaryName)
+	binaryName       = filepath.Base(os.Args[0])
+	logger           = logging.DefaultLogger.WithField(logfields.LogSubsys, binaryName)
+	operatorIdLength = 10
 )
 
 func Execute(cmd *cobra.Command, h *hive.Hive) {
@@ -128,7 +130,7 @@ func runOperator(l logrus.FieldLogger, lc *LeaderLifecycle, clientset k8sClient.
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get hostname when generating lease lock identity")
 	}
-	operatorID, err = randomStringWithPrefix(operatorID+"-", 10)
+	operatorID, err = randomStringWithPrefix(operatorID+"-", operatorIdLength)
 	if err != nil {
 		l.WithError(err).Fatal("Failed to generate random string for lease lock identity")
 	}
@@ -193,7 +195,7 @@ func randomStringWithPrefix(prefix string, n int) (string, error) {
 	for i := range bytes {
 		num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
 		if err != nil {
-			return "", err // Return an error if there's an issue generating the random number
+			return "", fmt.Errorf("failed to generate random number: %w", err)
 		}
 		bytes[i] = letters[num.Int64()]
 	}
diff --git a/operator/cmd/cilium-crds/zap.go b/operator/cmd/cilium-crds/zap.go
index 77cff4a516..9f31d4df34 100644
--- a/operator/cmd/cilium-crds/zap.go
+++ b/operator/cmd/cilium-crds/zap.go
@@ -23,6 +23,12 @@ import (
 
 const logFileName = "retina-operator.log"
 
+var (
+	MaxFileSizeMB = 100
+	MaxBackups    = 3
+	MaxAgeDays    = 30
+)
+
 type params struct {
 	cell.In
 
@@ -43,9 +49,9 @@ func setupZapHook(p params) {
 		Level:                 p.DaemonCfg.LogOpt[logging.LevelOpt],
 		File:                  false,
 		FileName:              logFileName,
-		MaxFileSizeMB:         100,
-		MaxBackups:            3,
-		MaxAgeDays:            30,
+		MaxFileSizeMB:         MaxFileSizeMB,
+		MaxBackups:            MaxBackups,
+		MaxAgeDays:            MaxAgeDays,
 		ApplicationInsightsID: applicationInsightsID,
 		EnableTelemetry:       p.OperatorCfg.EnableTelemetry,
 	}
diff --git a/operator/cmd/legacy/deployment.go b/operator/cmd/legacy/deployment.go
index 91353cf486..0e875cb269 100644
--- a/operator/cmd/legacy/deployment.go
+++ b/operator/cmd/legacy/deployment.go
@@ -50,6 +50,12 @@ var (
 	MaxTracesConfigurationChannelBuffer  = 50
 	MaxRetinaEndpointChannelBuffer       = 250
 
+	MaxFileSizeMB = 100
+	MaxBackups    = 3
+	MaxAgeDays    = 30
+
+	HeartbeatFrequency = 5 * time.Minute
+
 	version = "undefined"
 
 	// applicationInsightsID is the instrumentation key for Azure Application Insights
@@ -242,7 +248,7 @@ func (o *Operator) Start() {
 	}
 
 	// start heartbeat goroutine for application insights
-	go tel.Heartbeat(ctx, 5*time.Minute)
+	go tel.Heartbeat(ctx, HeartbeatFrequency)
 }
 
 func EnablePProf() {
@@ -263,9 +269,9 @@ func initLogging(cfg *config.OperatorConfig, applicationInsightsID string) error
 	logOpts := &log.LogOpts{
 		Level:                 cfg.LogLevel,
 		File:                  false,
-		MaxFileSizeMB:         100,
-		MaxBackups:            3,
-		MaxAgeDays:            30,
+		MaxFileSizeMB:         MaxFileSizeMB,
+		MaxBackups:            MaxBackups,
+		MaxAgeDays:            MaxAgeDays,
 		ApplicationInsightsID: applicationInsightsID,
 		EnableTelemetry:       cfg.EnableTelemetry,
 	}
@@ -273,7 +279,7 @@ func initLogging(cfg *config.OperatorConfig, applicationInsightsID string) error
 	_, err := log.SetupZapLogger(logOpts)
 	if err != nil {
 		mainLogger.Error("Failed to setup zap logger", zap.Error(err))
-		return err
+		return fmt.Errorf("failed to setup zap logger: %w", err)
 	}
 
 	return nil
diff --git a/operator/config/config.go b/operator/config/config.go
index 60391b79dd..8cec17beac 100644
--- a/operator/config/config.go
+++ b/operator/config/config.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"fmt"
+
 	"github.com/microsoft/retina/pkg/config"
 	"github.com/spf13/viper"
 )
@@ -21,7 +23,7 @@ func GetConfig(cfgFileName string) (*OperatorConfig, error) {
 	viper.SetConfigFile(cfgFileName)
 	err := viper.ReadInConfig()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("error reading config file: %w", err)
 	}
 
 	viper.AutomaticEnv()
@@ -30,5 +32,5 @@ func GetConfig(cfgFileName string) (*OperatorConfig, error) {
 	viper.SetDefault("EnableRetinaEndpoint", true)
 	err = viper.Unmarshal(&cfg)
 
-	return &cfg, err
+	return &cfg, fmt.Errorf("error unmarshalling config: %w", err)
 }
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
index 118bd5cf5f..35ac922361 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
@@ -6,7 +6,6 @@ package endpointcontroller
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"reflect"
 	"sync"
 	"time"
@@ -632,7 +631,7 @@ func (r *endpointReconciler) reconcileNamespace(ctx context.Context, namespace *
 	// now get all pods and update them as well
 	err := r.ReconcilePodsInNamespace(ctx, namespace.GetName())
 	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to reconcile pods in namespace %s", namespace.GetName()))
+		return errors.Wrap(err, "failed to reconcile pods in namespace"+namespace.GetName())
 	}
 	return nil
 }
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
index f2a6e24f30..f6851d5f9d 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
@@ -151,7 +151,6 @@ func TestPodDeleteNoOp(t *testing.T) {
 
 	createNamespace(r.ciliumSlimClientSet.CoreV1())
 	podKey, pod := podTestX()
-	pod = nil
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
 	assertCEPDoesNotExist(t, ciliumEndpoints, podKey)
@@ -493,7 +492,7 @@ func TestNamespaceDelete(t *testing.T) {
 		},
 	}))
 
-	require.Equal(t, 0, len(r.store.Namespaces))
+	require.Empty(t, r.store.Namespaces)
 	// deleting namespace does not delete the endpoint in cache.
 	// we will let pod controller delete the endpoint
 	_ = getAndAssertCEPExists(t, ciliumEndpoints, pod)
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go b/pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go
index a83fd47c57..719f6a29c5 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/identitymanager_test.go
@@ -2,7 +2,7 @@ package endpointcontroller
 
 import (
 	"context"
-	"fmt"
+	"strconv"
 	"testing"
 
 	ciliumutil "github.com/microsoft/retina/pkg/utils/testutil/cilium"
@@ -45,9 +45,9 @@ func TestGetIdentities(t *testing.T) {
 	require.Greater(t, int(id), 0)
 
 	// identity should be in API Server
-	idObj, err := m.CiliumV2().CiliumIdentities().Get(context.TODO(), fmt.Sprint(id), metav1.GetOptions{})
+	idObj, err := m.CiliumV2().CiliumIdentities().Get(context.TODO(), strconv.FormatInt(id, 10), metav1.GetOptions{})
 	require.NoError(t, err)
-	require.Equal(t, fmt.Sprint(id), idObj.Name)
+	require.Equal(t, strconv.FormatInt(id, 10), idObj.Name)
 	idLabels := map[string]string{
 		"k1":                          "v1",
 		"io.kubernetes.pod.namespace": "x",
@@ -88,9 +88,9 @@ func TestGetIdentities(t *testing.T) {
 	require.Greater(t, int(id), 0)
 
 	// identity should be in API Server
-	idObj, err = m.CiliumV2().CiliumIdentities().Get(context.TODO(), fmt.Sprint(id3), metav1.GetOptions{})
+	idObj, err = m.CiliumV2().CiliumIdentities().Get(context.TODO(), strconv.FormatInt(id3, 10), metav1.GetOptions{})
 	require.NoError(t, err)
-	require.Equal(t, fmt.Sprint(id3), idObj.Name)
+	require.Equal(t, strconv.FormatInt(id3, 10), idObj.Name)
 	idLabels = map[string]string{
 		"k1":                          "v1",
 		"k2":                          "v2",
@@ -131,12 +131,12 @@ func TestDecrementReference(t *testing.T) {
 
 	// no more references. identity should be deleted
 	im.DecrementReference(context.TODO(), lbls)
-	require.Len(t, im.labelIdentities, 0)
+	require.Empty(t, im.labelIdentities)
 
 	// IdentityManager's allocator should not delete the identity (identitygc cell does garbage collection)
-	idObj, err := m.CiliumV2().CiliumIdentities().Get(context.TODO(), fmt.Sprint(id), metav1.GetOptions{})
+	idObj, err := m.CiliumV2().CiliumIdentities().Get(context.TODO(), strconv.FormatInt(id, 10), metav1.GetOptions{})
 	require.NoError(t, err)
-	require.Equal(t, fmt.Sprint(id), idObj.Name)
+	require.Equal(t, strconv.FormatInt(id, 10), idObj.Name)
 	idLabels := map[string]string{
 		"k1":                          "v1",
 		"io.kubernetes.pod.namespace": "x",
diff --git a/pkg/shared/config/config.go b/pkg/shared/config/config.go
index 9c0198e717..c559f9294f 100644
--- a/pkg/shared/config/config.go
+++ b/pkg/shared/config/config.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"fmt"
+
 	"github.com/cilium/cilium/pkg/hive/cell"
 	"k8s.io/client-go/rest"
 	kcfg "sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -15,7 +17,7 @@ var Cell = cell.Module(
 func GetK8sConfig() (*rest.Config, error) {
 	k8sCfg, err := kcfg.GetConfig()
 	if err != nil {
-		return &rest.Config{}, err
+		return &rest.Config{}, fmt.Errorf("error getting k8s config: %w", err)
 	}
 	return k8sCfg, nil
 }
diff --git a/pkg/utils/testutil/cilium/endpoint_client.go b/pkg/utils/testutil/cilium/endpoint_client.go
index 44db910a32..dc57a5e240 100644
--- a/pkg/utils/testutil/cilium/endpoint_client.go
+++ b/pkg/utils/testutil/cilium/endpoint_client.go
@@ -5,6 +5,7 @@ package ciliumutil
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 
 	"github.com/sirupsen/logrus"
 
@@ -121,7 +122,7 @@ func (m *MockEndpointClient) Patch(_ context.Context, name string, _ types.Patch
 	var replaceCEPStatus []JSONPatch
 	err = json.Unmarshal(data, &replaceCEPStatus)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to unmarshal patch data: %w", err)
 	}
 
 	cep.Status = replaceCEPStatus[0].Value
diff --git a/pkg/utils/testutil/cilium/errors.go b/pkg/utils/testutil/cilium/errors.go
index 5b21fa8bfc..91e05a443d 100644
--- a/pkg/utils/testutil/cilium/errors.go
+++ b/pkg/utils/testutil/cilium/errors.go
@@ -12,6 +12,8 @@ var (
 	ErrNotImplemented = errors.New("not implemented")
 )
 
+const ErrCodeNotFound = 404
+
 type ErrNotFound struct{}
 
 func (e ErrNotFound) Error() string {
@@ -21,6 +23,6 @@ func (e ErrNotFound) Error() string {
 func (e ErrNotFound) Status() v1.Status {
 	return v1.Status{
 		Reason: v1.StatusReasonNotFound,
-		Code:   404,
+		Code:   ErrCodeNotFound,
 	}
 }

From e24aae74af5c4b7b2d4fffd003dbb8961528409f Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Tue, 25 Jun 2024 16:30:24 +0000
Subject: [PATCH 13/39] fix lint errors

---
 operator/cmd/cilium-crds.go                   |  2 +-
 operator/cmd/cilium-crds/cmdref.go            | 32 -------------------
 operator/cmd/cilium-crds/root.go              |  7 ++--
 .../endpoint/endpoint_controller.go           | 10 +++---
 .../endpoint/endpoint_controller_test.go      | 11 ++++---
 .../operator/cilium-crds/endpoint/types.go    | 22 ++++++-------
 6 files changed, 26 insertions(+), 58 deletions(-)
 delete mode 100644 operator/cmd/cilium-crds/cmdref.go

diff --git a/operator/cmd/cilium-crds.go b/operator/cmd/cilium-crds.go
index e2b6fb5a84..701be12166 100644
--- a/operator/cmd/cilium-crds.go
+++ b/operator/cmd/cilium-crds.go
@@ -19,7 +19,7 @@ var (
 		Short: "Start the Retina operator for Hubble control plane",
 		Run: func(cobraCmd *cobra.Command, _ []string) {
 			fmt.Println("Starting Retina Operator with Cilium CRDs")
-			ciliumcrds.Execute(cobraCmd, h)
+			ciliumcrds.Execute(h)
 		},
 	}
 )
diff --git a/operator/cmd/cilium-crds/cmdref.go b/operator/cmd/cilium-crds/cmdref.go
deleted file mode 100644
index f6f7de578e..0000000000
--- a/operator/cmd/cilium-crds/cmdref.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright Authors of Cilium and Retina
-
-// NOTE: copied and modified to say retina-operator instead
-
-package ciliumcrds
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/cobra/doc"
-)
-
-func linkHandler(s string) string {
-	return s
-}
-
-func filePrepend(_ string) string {
-	// Prepend a HTML comment that this file is autogenerated. So that
-	// users are warned before fixing issues in the Markdown files.  Should
-	// never show up on the web.
-	return fmt.Sprintf("%s\n\n", "<!-- This file was autogenerated via retina-operator --cmdref, do not edit manually-->")
-}
-
-func genMarkdown(cmd *cobra.Command, cmdRefDir string) {
-	// Remove the line 'Auto generated by spf13/cobra on ...'
-	cmd.DisableAutoGenTag = true
-	if err := doc.GenMarkdownTreeCustom(cmd, cmdRefDir, filePrepend, linkHandler); err != nil {
-		logger.Fatal(err)
-	}
-}
diff --git a/operator/cmd/cilium-crds/root.go b/operator/cmd/cilium-crds/root.go
index b28ad2b183..f078d3c182 100644
--- a/operator/cmd/cilium-crds/root.go
+++ b/operator/cmd/cilium-crds/root.go
@@ -27,7 +27,6 @@ import (
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/client-go/tools/leaderelection"
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
@@ -41,10 +40,10 @@ var (
 	// set logger field: subsys=retina-operator
 	binaryName       = filepath.Base(os.Args[0])
 	logger           = logging.DefaultLogger.WithField(logfields.LogSubsys, binaryName)
-	operatorIdLength = 10
+	operatorIDLength = 10
 )
 
-func Execute(cmd *cobra.Command, h *hive.Hive) {
+func Execute(h *hive.Hive) {
 	initEnv(h.Viper())
 
 	if err := h.Run(); err != nil {
@@ -130,7 +129,7 @@ func runOperator(l logrus.FieldLogger, lc *LeaderLifecycle, clientset k8sClient.
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get hostname when generating lease lock identity")
 	}
-	operatorID, err = randomStringWithPrefix(operatorID+"-", operatorIdLength)
+	operatorID, err = randomStringWithPrefix(operatorID+"-", operatorIDLength)
 	if err != nil {
 		l.WithError(err).Fatal("Failed to generate random string for lease lock identity")
 	}
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
index 35ac922361..0609d28084 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller.go
@@ -63,7 +63,7 @@ type endpointReconciler struct {
 	identityManager *IdentityManager
 
 	// store of processed pods and namespaces
-	// processedPodCache map in store pod key to podEndpoint.
+	// processedPodCache map in store pod key to PodEndpoint.
 	// It contains only pods which we have processed via Pod events.
 	// It contains endpoint goal state, and is independent of ciliumEndpoints store.
 	// When endpointReconciler is leading, all endpoint state should be in API Server.
@@ -304,7 +304,7 @@ func (r *endpointReconciler) reconcilePod(ctx context.Context, podKey resource.K
 	if err != nil {
 		return errors.Wrap(err, "failed to get pod labels")
 	}
-	newPEP := &podEndpoint{
+	newPEP := &PodEndpoint{
 		key:    podKey,
 		lbls:   podLabels,
 		ipv4:   pod.Status.PodIP,
@@ -357,7 +357,7 @@ func (r *endpointReconciler) handlePodDelete(ctx context.Context, n resource.Key
 	return nil
 }
 
-func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEndpoint) error { //nolint:gocyclo // This function is too complex and should be refactored
+func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *PodEndpoint) error { //nolint:gocyclo // This function is too complex and should be refactored
 	r.l.WithField("podKey", newPEP.key.String()).Trace("handling pod upsert")
 
 	oldPEP, inCache := r.store.GetPod(newPEP.key)
@@ -366,7 +366,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEnd
 		r.l.WithFields(logrus.Fields{
 			"podKey": newPEP.key.String(),
 			"pep":    oldPEP,
-		}).Trace("podEndpoint found in cache")
+		}).Trace("PodEndpoint found in cache")
 	} else {
 		// this call will block until the store is synced with API Server
 		store, err := r.ciliumEndpoints.Store(ctx)
@@ -399,7 +399,7 @@ func (r *endpointReconciler) handlePodUpsert(ctx context.Context, newPEP *podEnd
 					"cep":    oldCEP,
 				}).Warn("CiliumEndpoint has no ipv4 address, ignoring")
 			} else {
-				oldPEP = &podEndpoint{
+				oldPEP = &PodEndpoint{
 					key:        newPEP.key,
 					endpointID: oldCEP.Status.ID,
 					ipv4:       oldCEP.Status.Networking.Addressing[0].IPV4,
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
index f6851d5f9d..7990e43764 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
@@ -75,7 +75,7 @@ func TestPodCreate(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*podEndpoint{
+	expectedCache := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -153,6 +153,7 @@ func TestPodDeleteNoOp(t *testing.T) {
 	podKey, pod := podTestX()
 
 	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
+	pod = nil
 	assertCEPDoesNotExist(t, ciliumEndpoints, podKey)
 }
 
@@ -171,7 +172,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.Greater(t, identityID, int64(0))
 
 	var expectedEndpointID int64 = 1 // FIXME switch to mock allocator once endpoint IDs are allocated by the operator
-	expectedCache := map[resource.Key]*podEndpoint{
+	expectedCache := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -240,7 +241,7 @@ func TestPodLabelsChanged(t *testing.T) {
 	require.NotNil(t, pep)
 	require.NotEqual(t, identityID, pep.identityID)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*podEndpoint{
+	expectedCacheNew := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -353,7 +354,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew := map[resource.Key]*podEndpoint{
+	expectedCacheNew := map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
@@ -420,7 +421,7 @@ func TestPodNetworkingChanged(t *testing.T) {
 	require.True(t, ok)
 	require.NotNil(t, pep)
 	identityID = pep.identityID
-	expectedCacheNew = map[resource.Key]*podEndpoint{
+	expectedCacheNew = map[resource.Key]*PodEndpoint{
 		key: {
 			key:        key,
 			endpointID: expectedEndpointID,
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/types.go b/pkg/controllers/operator/cilium-crds/endpoint/types.go
index 25dd5da3bf..72f931aa2e 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/types.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/types.go
@@ -13,8 +13,8 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 )
 
-// podEndpoint represents a Pod/CiliumEndpoint
-type podEndpoint struct {
+// PodEndpoint represents a Pod/CiliumEndpoint
+type PodEndpoint struct {
 	key        resource.Key
 	endpointID int64
 	identityID int64
@@ -35,7 +35,7 @@ type podEndpoint struct {
 	podObj *slim_corev1.Pod
 }
 
-func (pep *podEndpoint) endpointStatus() ciliumv2.EndpointStatus {
+func (pep *PodEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	return ciliumv2.EndpointStatus{
 		ID: pep.endpointID,
 		Identity: &ciliumv2.EndpointIdentity{
@@ -55,8 +55,8 @@ func (pep *podEndpoint) endpointStatus() ciliumv2.EndpointStatus {
 	}
 }
 
-func (pep *podEndpoint) deepCopy() *podEndpoint {
-	return &podEndpoint{
+func (pep *PodEndpoint) deepCopy() *PodEndpoint {
+	return &PodEndpoint{
 		key:               pep.key,
 		endpointID:        pep.endpointID,
 		identityID:        pep.identityID,
@@ -72,10 +72,10 @@ func (pep *podEndpoint) deepCopy() *podEndpoint {
 type Store struct { //nolint:gocritic // This should be rewritten to limit exposure of mutex to external packages.
 	*sync.RWMutex
 
-	// Pods is a map of Pod key to podEndpoint
+	// Pods is a map of Pod key to PodEndpoint
 	// this is the expected endpoint state for the pod
 	// and is used to determine if the pod needs to be updated
-	Pods map[resource.Key]*podEndpoint
+	Pods map[resource.Key]*PodEndpoint
 
 	// Namespaces is a map of Namespace name to Namespace
 	// this is used to determine if the namespace needs to be updated
@@ -85,12 +85,12 @@ type Store struct { //nolint:gocritic // This should be rewritten to limit expos
 func NewStore() *Store {
 	return &Store{
 		RWMutex:    &sync.RWMutex{},
-		Pods:       make(map[resource.Key]*podEndpoint),
+		Pods:       make(map[resource.Key]*PodEndpoint),
 		Namespaces: make(map[string]*slim_corev1.Namespace),
 	}
 }
 
-func (s *Store) AddPod(pod *podEndpoint) {
+func (s *Store) AddPod(pod *PodEndpoint) {
 	s.Lock()
 	defer s.Unlock()
 	s.Pods[pod.key] = pod
@@ -102,14 +102,14 @@ func (s *Store) AddNamespace(namespace *slim_corev1.Namespace) {
 	s.Namespaces[namespace.GetName()] = namespace
 }
 
-func (s *Store) GetPod(key resource.Key) (*podEndpoint, bool) {
+func (s *Store) GetPod(key resource.Key) (*PodEndpoint, bool) {
 	s.RLock()
 	defer s.RUnlock()
 	pod, ok := s.Pods[key]
 	return pod, ok
 }
 
-func (s *Store) GetToDeletePod(key resource.Key) (*podEndpoint, bool) {
+func (s *Store) GetToDeletePod(key resource.Key) (*PodEndpoint, bool) {
 	s.Lock()
 	defer s.Unlock()
 	pod, ok := s.Pods[key]

From 1251afafb4afbb12dc5a5a8dc2c75a1800148be4 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Tue, 25 Jun 2024 17:44:50 +0000
Subject: [PATCH 14/39] fix lint

---
 operator/cilium-crds/k8s/apis/register.go        |  6 +++++-
 operator/cilium-crds/k8s/resource_ctors.go       |  4 +++-
 operator/cmd/cilium-crds/cells.go                | 16 ++++++++++++++--
 operator/cmd/legacy/deployment.go                |  5 ++++-
 .../endpoint/endpoint_controller_test.go         |  5 ++---
 5 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/operator/cilium-crds/k8s/apis/register.go b/operator/cilium-crds/k8s/apis/register.go
index fcd7d5cf43..8e4b5c8476 100644
--- a/operator/cilium-crds/k8s/apis/register.go
+++ b/operator/cilium-crds/k8s/apis/register.go
@@ -91,13 +91,17 @@ func createCRD(crdVersionedName, crdMetaName string) func(clientset apiextension
 	return func(clientset apiextensionsclient.Interface) error {
 		ciliumCRD := apisclient.GetPregeneratedCRD(crdVersionedName)
 
-		return crdhelpers.CreateUpdateCRD(
+		err := crdhelpers.CreateUpdateCRD(
 			clientset,
 			constructV1CRD(crdMetaName, ciliumCRD),
 			crdhelpers.NewDefaultPoller(),
 			k8sconst.CustomResourceDefinitionSchemaVersionKey,
 			versioncheck.MustVersion(k8sconst.CustomResourceDefinitionSchemaVersion),
 		)
+		if err != nil {
+			return fmt.Errorf("Unable to create CRD %s: %w", crdMetaName, err)
+		}
+		return nil
 	}
 }
 
diff --git a/operator/cilium-crds/k8s/resource_ctors.go b/operator/cilium-crds/k8s/resource_ctors.go
index 74c453a064..0437830c90 100644
--- a/operator/cilium-crds/k8s/resource_ctors.go
+++ b/operator/cilium-crds/k8s/resource_ctors.go
@@ -21,6 +21,8 @@ import (
 	"github.com/cilium/cilium/pkg/k8s/utils"
 )
 
+var ErrNotACiliumEndpoint = errors.New("object is not a *cilium_api_v2.CiliumEndpoint")
+
 func CiliumEndpointResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumEndpoint], error) {
 	if !cs.IsEnabled() {
 		return nil, nil
@@ -45,7 +47,7 @@ func identityIndexFunc(obj interface{}) ([]string, error) {
 		}
 		return []string{"0"}, nil
 	}
-	return nil, fmt.Errorf("%w - found %T", errors.New("object is not a *cilium_api_v2.CiliumEndpoint"), obj)
+	return nil, fmt.Errorf("%w - found %T", ErrNotACiliumEndpoint, obj)
 }
 
 func CiliumEndpointSliceResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice], error) {
diff --git a/operator/cmd/cilium-crds/cells.go b/operator/cmd/cilium-crds/cells.go
index cb2feb4a4e..7ff9489327 100644
--- a/operator/cmd/cilium-crds/cells.go
+++ b/operator/cmd/cilium-crds/cells.go
@@ -8,6 +8,7 @@ package ciliumcrds
 
 import (
 	"context"
+	"fmt"
 	"sync/atomic"
 
 	"github.com/microsoft/retina/pkg/shared/telemetry"
@@ -119,7 +120,13 @@ var (
 		"Operator Control Plane",
 
 		cell.Config(cmtypes.DefaultClusterInfo),
-		cell.Invoke(func(cinfo cmtypes.ClusterInfo) error { return cinfo.Validate() }),
+		cell.Invoke(func(cinfo cmtypes.ClusterInfo) error {
+			err := cinfo.Validate()
+			if err != nil {
+				return fmt.Errorf("error validating cluster info: %w", err)
+			}
+			return nil
+		}),
 
 		cell.Invoke(
 			registerOperatorHooks,
@@ -182,7 +189,8 @@ var (
 			cell.Provide(func(scheme *k8sruntime.Scheme) (ctrl.Manager, error) {
 				// controller-runtime requires its own logger
 				logf.SetLogger(zapf.New())
-				return ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+
+				manager, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 					Scheme: scheme,
 					// Metrics: server.Options{
 					// 	BindAddress: metricsAddr,
@@ -192,6 +200,10 @@ var (
 					// Port:                   9443,
 					// HealthProbeBindAddress: probeAddr,
 				})
+				if err != nil {
+					return nil, fmt.Errorf("failed to create manager: %w", err)
+				}
+				return manager, nil
 			}),
 			endpointcontroller.Cell,
 
diff --git a/operator/cmd/legacy/deployment.go b/operator/cmd/legacy/deployment.go
index 0e875cb269..dd2dfe07ab 100644
--- a/operator/cmd/legacy/deployment.go
+++ b/operator/cmd/legacy/deployment.go
@@ -17,6 +17,7 @@ import (
 	// to ensure that exec-entrypoint and run can make use of them.
 
 	"go.uber.org/zap"
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apiextv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	k8sruntime "k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -155,7 +156,9 @@ func (o *Operator) Start() {
 
 	if oconfig.InstallCRDs {
 		mainLogger.Sugar().Infof("Installing CRDs")
-		crds, err := deploy.InstallOrUpdateCRDs(ctx, oconfig.EnableRetinaEndpoint, clientset)
+
+		var crds map[string]*v1.CustomResourceDefinition
+		crds, err = deploy.InstallOrUpdateCRDs(ctx, oconfig.EnableRetinaEndpoint, clientset)
 		if err != nil {
 			mainLogger.Error("unable to register CRDs", zap.Error(err))
 			os.Exit(1)
diff --git a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
index 7990e43764..3fe9ea4631 100644
--- a/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
+++ b/pkg/controllers/operator/cilium-crds/endpoint/endpoint_controller_test.go
@@ -150,10 +150,9 @@ func TestPodDeleteNoOp(t *testing.T) {
 	r, ciliumEndpoints := newTestEndpointReconciler(t)
 
 	createNamespace(r.ciliumSlimClientSet.CoreV1())
-	podKey, pod := podTestX()
+	podKey, _ := podTestX()
 
-	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, pod))
-	pod = nil
+	require.NoError(t, r.ReconcilePod(context.TODO(), podKey, nil))
 	assertCEPDoesNotExist(t, ciliumEndpoints, podKey)
 }
 

From 81861a1a7ef1a34f41e9fa1402ccba41ab53f19e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Jun 2024 11:38:17 -0400
Subject: [PATCH 15/39] deps: bump github.com/prometheus/common from 0.54.0 to
 0.55.0 (#506)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/prometheus/common](https://github.com/prometheus/common)
from 0.54.0 to 0.55.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/common/releases">github.com/prometheus/common's
releases</a>.</em></p>
<blockquote>
<h2>v0.55.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Go modules by <a
href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/643">prometheus/common#643</a></li>
<li>enable errcheck linter by <a
href="https://github.com/mmorel-35"><code>@​mmorel-35</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/637">prometheus/common#637</a></li>
<li>Add a <code>RELEASE.md</code> and add <a
href="https://github.com/gotjosh"><code>@​gotjosh</code></a> as a
mantainer by <a
href="https://github.com/gotjosh"><code>@​gotjosh</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/644">prometheus/common#644</a></li>
<li>Move goautoneg to external dependency by <a
href="https://github.com/mikelolasagasti"><code>@​mikelolasagasti</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/625">prometheus/common#625</a></li>
<li>Expose secret as SecretReader and InlineSecret from config package
by <a href="https://github.com/pracucci"><code>@​pracucci</code></a> in
<a
href="https://redirect.github.com/prometheus/common/pull/650">prometheus/common#650</a></li>
<li>Fix HTTPClientConfig JSON marshalling by <a
href="https://github.com/pracucci"><code>@​pracucci</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/651">prometheus/common#651</a></li>
<li>Expose secret as FileSecret from config package by <a
href="https://github.com/alanprot"><code>@​alanprot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/653">prometheus/common#653</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/646">prometheus/common#646</a></li>
<li>Set http_headers to be omit empty by <a
href="https://github.com/yeya24"><code>@​yeya24</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/655">prometheus/common#655</a></li>
<li>chore: add HumanizeTimestamp; make ConvertToFloat exportable by <a
href="https://github.com/freak12techno"><code>@​freak12techno</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/654">prometheus/common#654</a></li>
<li>Bump github.com/aws/aws-sdk-go from 1.53.14 to 1.54.7 in /sigv4 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/prometheus/common/pull/659">prometheus/common#659</a></li>
<li>Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/656">prometheus/common#656</a></li>
<li>Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/658">prometheus/common#658</a></li>
<li>Bump golang.org/x/net from 0.25.0 to 0.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/657">prometheus/common#657</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/660">prometheus/common#660</a></li>
<li>Add SigV4 FIPS STS endpoint config by <a
href="https://github.com/rajagopalanand"><code>@​rajagopalanand</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/649">prometheus/common#649</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gotjosh"><code>@​gotjosh</code></a> made
their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/644">prometheus/common#644</a></li>
<li><a
href="https://github.com/mikelolasagasti"><code>@​mikelolasagasti</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/625">prometheus/common#625</a></li>
<li><a href="https://github.com/alanprot"><code>@​alanprot</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/653">prometheus/common#653</a></li>
<li><a href="https://github.com/yeya24"><code>@​yeya24</code></a> made
their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/655">prometheus/common#655</a></li>
<li><a
href="https://github.com/rajagopalanand"><code>@​rajagopalanand</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/649">prometheus/common#649</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/prometheus/common/compare/v0.54.0...v0.55.0">https://github.com/prometheus/common/compare/v0.54.0...v0.55.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prometheus/common/commit/0c7b585c7da330aae136aaa874cb4f89f5b3e5d9"><code>0c7b585</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/common/issues/649">#649</a>
from rajagopalanand/13364</li>
<li><a
href="https://github.com/prometheus/common/commit/804fbbe9d6bcca828ac14d7b5dfa204de880c22e"><code>804fbbe</code></a>
Update common Prometheus files (<a
href="https://redirect.github.com/prometheus/common/issues/660">#660</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/3f20456b01f7c7816064350d02e7f68ad011576d"><code>3f20456</code></a>
Bump golang.org/x/net from 0.25.0 to 0.26.0 (<a
href="https://redirect.github.com/prometheus/common/issues/657">#657</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/e31eeaaced72e694bc8be87a6d1a09c21f8e4635"><code>e31eeaa</code></a>
Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (<a
href="https://redirect.github.com/prometheus/common/issues/658">#658</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/3236a12e2e6cc0592985c2851d8e53b30f03e94c"><code>3236a12</code></a>
Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (<a
href="https://redirect.github.com/prometheus/common/issues/656">#656</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/1cfb464a28c5fefa56beec1b48ccf0e41f4cb347"><code>1cfb464</code></a>
Bump github.com/aws/aws-sdk-go from 1.53.14 to 1.54.7 in /sigv4 (<a
href="https://redirect.github.com/prometheus/common/issues/659">#659</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/ab322ea2c291549d457c23476304ed16a4d814a3"><code>ab322ea</code></a>
chore: add HumanizeTimestamp; make ConvertToFloat exportable (<a
href="https://redirect.github.com/prometheus/common/issues/654">#654</a>)</li>
<li><a
href="https://github.com/prometheus/common/commit/04635d2962f9f3232a2cf2cb5616b72a466d78d7"><code>04635d2</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/common/issues/655">#655</a>
from yeya24/change-omit-empty</li>
<li><a
href="https://github.com/prometheus/common/commit/c4974e5a1af10e6cfa1b3b93f4a0ab350c9647fa"><code>c4974e5</code></a>
fix test</li>
<li><a
href="https://github.com/prometheus/common/commit/43f0db5d12a3168b4acb3e0fd1add422b00a6758"><code>43f0db5</code></a>
set http_headers to be omit empty</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/common/compare/v0.54.0...v0.55.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/common&package-manager=go_modules&previous-version=0.54.0&new-version=0.55.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 44c84175aa..f22f5df423 100644
--- a/go.mod
+++ b/go.mod
@@ -173,7 +173,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -241,7 +241,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sync v0.7.0
 	golang.org/x/sys v0.21.0
 	golang.org/x/term v0.21.0 // indirect
@@ -288,7 +288,7 @@ require (
 	github.com/onsi/gomega v1.33.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_model v0.6.1
-	github.com/prometheus/common v0.54.0
+	github.com/prometheus/common v0.55.0
 	github.com/safchain/ethtool v0.4.1
 	github.com/spf13/viper v1.19.0
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
diff --git a/go.sum b/go.sum
index eb8592e56b..ce5ff5a0d0 100644
--- a/go.sum
+++ b/go.sum
@@ -705,14 +705,14 @@ github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQy
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8=
-github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
@@ -917,8 +917,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From 0cc21cd7f98b3570a5e0131a2ea45673589f9895 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Jun 2024 13:34:37 +0000
Subject: [PATCH 16/39] deps: bump github.com/aws/aws-sdk-go-v2/service/s3 from
 1.56.1 to 1.57.0 (#511)

Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.56.1 to 1.57.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7c25c211744bdcff47a7203a7a894b1241f9da50"><code>7c25c21</code></a>
Release 2024-06-26</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b374423feaf0b04f01c7624b10915871e589b8a1"><code>b374423</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/923f54ea6016e1c70ad45ba0854e7361a72c3ba6"><code>923f54e</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/5f3bdfcf190150f62a7a07a03bc32d9c58a68f2e"><code>5f3bdfc</code></a>
track changes for string_array endpoint parameters (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2699">#2699</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/2b4498c633741e24ff4930313610096601dc4036"><code>2b4498c</code></a>
Release 2024-06-25</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/332d372bb946f0d50cae58f9401b9c1244e4b818"><code>332d372</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/9397b8d8c05eb1528910ba81881797e7c0e53d17"><code>9397b8d</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/674e1e4412ce44325902125c935ce124d0bfaf4f"><code>674e1e4</code></a>
Release 2024-06-24</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/406eeb4367bab3ac49b75fbd2d842186e961f4f0"><code>406eeb4</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/17bd894f3c3842d21d5963bc23213397557c3105"><code>17bd894</code></a>
Update endpoints model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.56.1...service/s3/v1.57.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.56.1&new-version=1.57.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f22f5df423..5d227b5efd 100644
--- a/go.mod
+++ b/go.mod
@@ -273,7 +273,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.30.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.21
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.15.6
 	github.com/cilium/ebpf v0.15.0
diff --git a/go.sum b/go.sum
index ce5ff5a0d0..d198f854dd 100644
--- a/go.sum
+++ b/go.sum
@@ -122,8 +122,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/p
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 h1:v2DWNY6ll3JK62Bx1khUu9fJ4f3TwXllIEJxI7dDv/o=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ=

From f7031080ae5d71fa9dc38d221da6dec9294529e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Jun 2024 10:22:22 -0400
Subject: [PATCH 17/39] deps: bump github.com/aws/aws-sdk-go-v2/config from
 1.27.21 to 1.27.22 (#510)

Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2)
from 1.27.21 to 1.27.22.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7c25c211744bdcff47a7203a7a894b1241f9da50"><code>7c25c21</code></a>
Release 2024-06-26</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b374423feaf0b04f01c7624b10915871e589b8a1"><code>b374423</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/923f54ea6016e1c70ad45ba0854e7361a72c3ba6"><code>923f54e</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/5f3bdfcf190150f62a7a07a03bc32d9c58a68f2e"><code>5f3bdfc</code></a>
track changes for string_array endpoint parameters (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2699">#2699</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/2b4498c633741e24ff4930313610096601dc4036"><code>2b4498c</code></a>
Release 2024-06-25</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/332d372bb946f0d50cae58f9401b9c1244e4b818"><code>332d372</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/9397b8d8c05eb1528910ba81881797e7c0e53d17"><code>9397b8d</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/674e1e4412ce44325902125c935ce124d0bfaf4f"><code>674e1e4</code></a>
Release 2024-06-24</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/406eeb4367bab3ac49b75fbd2d842186e961f4f0"><code>406eeb4</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/17bd894f3c3842d21d5963bc23213397557c3105"><code>17bd894</code></a>
Update endpoints model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.21...config/v1.27.22">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/config&package-manager=go_modules&previous-version=1.27.21&new-version=1.27.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 5d227b5efd..a13eddcf08 100644
--- a/go.mod
+++ b/go.mod
@@ -43,9 +43,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -271,8 +271,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
 	github.com/aws/aws-sdk-go-v2 v1.30.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.21
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
+	github.com/aws/aws-sdk-go-v2/config v1.27.22
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.22
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.15.6
diff --git a/go.sum b/go.sum
index d198f854dd..26cb5d057b 100644
--- a/go.sum
+++ b/go.sum
@@ -100,10 +100,10 @@ github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6
 github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
-github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
-github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ=
+github.com/aws/aws-sdk-go-v2/config v1.27.22 h1:TRkQVtpDINt+Na/ToU7iptyW6U0awAwJ24q4XN+59k8=
+github.com/aws/aws-sdk-go-v2/config v1.27.22/go.mod h1:EYY3mVgFRUWkh6QNKH64MdyKs1YSUgatc0Zp3MDxi7c=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.22 h1:wu9kXQbbt64ul09v3ye4HYleAr4WiGV/uv69EXKDEr0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.22/go.mod h1:pcvMtPcxJn3r2k6mZD9I0EcumLqPLA7V/0iCgOIlY+o=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
@@ -124,12 +124,12 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpX
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 h1:v2DWNY6ll3JK62Bx1khUu9fJ4f3TwXllIEJxI7dDv/o=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 h1:9ja34PaKybhCJjVKvxtDsUjbATUJGN+eF6QnO58u5cI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.0/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 2cb7a830141ca233332a6cc35f866ebe984b9596 Mon Sep 17 00:00:00 2001
From: Quang Nguyen <nguyenquang@microsoft.com>
Date: Thu, 27 Jun 2024 12:07:10 -0400
Subject: [PATCH 18/39] chore: update krew release bot condition (#509)

# Description

Update condition so this will only run in owner's repo
## Related Issue

If this pull request is related to any issue, please mention it here.
Additionally, make sure that the issue is assigned to you before
submitting this pull request.

## Checklist

- [ ] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [ ] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [ ] I have correctly attributed the author(s) of the code.
- [ ] I have tested the changes locally.
- [ ] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes
made.

## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.
---
 .github/workflows/goreleaser.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
index ce821bdd70..d125fed697 100644
--- a/.github/workflows/goreleaser.yaml
+++ b/.github/workflows/goreleaser.yaml
@@ -49,4 +49,5 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Update new version in krew-index
+        if: github.repository_owner == 'microsoft'
         uses: rajatjindal/krew-release-bot@v0.0.46

From 9a18b14ad3a41028780403b9097a8da04df36773 Mon Sep 17 00:00:00 2001
From: Anubhab Majumdar <anmajumdar@microsoft.com>
Date: Fri, 28 Jun 2024 09:10:03 -0700
Subject: [PATCH 19/39] feat: Add support for Hubble control plane in Retina
 agent (#432)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Description

This PR adds support for Hubble control plane in Retina agent. This is
being done in the most backward compatible way possible.

I am adding a new subcommand called `hubble-control-plane` which will
start Hubble instead of existing control plane.

```
$  ./retina -h                                                                                                                                 ✔  took 5s 
Start Retina Agent

Usage:
  retina-agent [flags]
  retina-agent [command]

Available Commands:
  completion           Generate the autocompletion script for the specified shell
  help                 Help about any command
  hubble-control-plane Start Hubble control plane

Flags:
      --config string                      config file (default "/retina/config/config.yaml")
      --health-probe-bind-address string   The address the probe endpoint binds to. (default ":18081")
  -h, --help                               help for retina-agent
      --leader-elect                       Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
      --metrics-bind-address string        The address the metric endpoint binds to. (default ":18080")

Use "retina-agent [command] --help" for more information about a command.
$
$
$  ./retina                                                                                                                                                ✔
Starting Retina Agent
starting Retina daemon with legacy control plane
...
$
$
$ ./retina hubble-control-plane -h
Start Hubble control plane

Usage:
  retina-agent hubble-control-plane [flags]
  retina-agent hubble-control-plane [command]

Available Commands:
  hive        Inspect the hive

Flags:
      --cluster-name string                        name of the cluster (default "default")
...
$
$
$ ./retina hubble-control-plane --config-dir .
ts=2024-06-13T18:20:47.888Z level=info caller=hubble/daemon_main.go:276 msg="Traces telemetry initialized with zapai" version= appInsightsID=
time="2024-06-13T18:20:47Z" level=info msg=Invoked duration="483.869µs" function="pprof.init.func1 (pkg/pprof/cell.go:49)" subsys=hive
time="2024-06-13T18:20:47Z" level=info msg=Invoked duration="77.011µs" function="gops.registerGopsHooks (pkg/gops/cell.go:38)" subsys=hive
time="2024-06-13T18:20:47Z" level=info msg=Invoked duration=10.503879ms function="github.com/microsoft/retina/cmd/hubble.init.func3 (cmd/hubble/daemon.go:68)" subsys=hive
time="2024-06-13T18:20:47Z" level=info msg="&{{ 0}  [] 0s false true false false false false}" subsys=agent-config
time="2024-06-13T18:20:47Z" level=info msg="configuring telemetry" app-insights-id= retina-version= subsys=telemetry
time="2024-06-13T18:20:47Z" level=info msg="telemetry disabled" subsys=telemetry
ts=2024-06-13T18:20:47.902Z level=info caller=metrics/metrics.go:169 msg="Metrics initialized"
...
```

## Changes made

- Adopting
[Hive](https://docs.cilium.io/en/latest/contributing/development/hive/)
for dependency injection
- Moving to [Cobra](https://github.com/spf13/cobra) for CLI
- `controller/main.go` now is just the starting point of the command
- `retina/cmd` now houses `rootCmd` (starts retina as is) and `hubble`
(starts Hubble control plane)
- In terms of Dockerfiles, packaging `Hubble` cli in agent image
- Adding new YAML files to install Retina with Hubble
- Moved the current YAML files under `deploy/legacy`
- Fix the links in `doc`
- Update cilium version to pull in commits from upstream needed for
starting Hubble
- Update `init` to add a step that creates Cilium dirs (This will happen
for current control plane as well, but it consumes no resources, just
creates an empty directory)
- All new packages under `pkg` contains business logic required to run
Hubble (node reconciler, Hubble control plane, IPCache, etc.)
- Minor changes to `test/e2e` to support change to deployment directory
(`deploy` -> `deploy/legacy`)

## Related Issue

https://github.com/microsoft/retina/issues/418

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [x] I have updated the documentation, if necessary.
- [x] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

### Retina with Hubble


![image](https://github.com/microsoft/retina/assets/18243968/8e21e73c-e34e-4a8a-b7a3-7ede9c6cdf9a)

### Retina


![image](https://github.com/microsoft/retina/assets/18243968/0ab02857-ca30-4afa-bad8-eec5755c6358)
---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

Signed-off-by: Anubhab Majumdar <anmajumdar@microsoft.com>
---
 .github/workflows/release-charts.yaml         |    2 +-
 .golangci.yaml                                |    1 +
 Makefile                                      |   73 +-
 cmd/hubble/LICENSE                            |  201 +
 cmd/hubble/cells_linux.go                     |   97 +
 cmd/hubble/daemon_linux.go                    |  154 +
 cmd/hubble/daemon_main_linux.go               |  315 ++
 cmd/hubble_linux.go                           |   36 +
 cmd/legacy/daemon.go                          |  302 ++
 cmd/root.go                                   |   51 +
 controller/Dockerfile                         |   22 +-
 controller/main.go                            |  300 +-
 crd/Makefile                                  |    2 +-
 deploy/grafana/dashboards/README.md           |    3 -
 .../hubble/grafana/dashboards/clusters.json   | 3734 ++++++++++++++
 deploy/hubble/grafana/dashboards/dns.json     | 1022 ++++
 .../dashboards/pod-flows-namespace.json       | 4269 +++++++++++++++++
 .../dashboards/pod-flows-workload.json        | 4019 ++++++++++++++++
 .../controller/helm/retina/.helmignore        |    0
 .../controller/helm/retina/Chart.yaml         |   24 +
 .../helm/retina/templates/_helpers.tpl        |   82 +
 .../retina/templates/agent/clusterrole.yaml   |   93 +
 .../templates/agent/clusterrolebinding.yaml   |   16 +
 .../retina/templates/agent/configmap.yaml     |  135 +
 .../retina/templates/agent/daemonset.yaml     |  233 +
 .../helm/retina/templates/agent/service.yaml  |   16 +
 .../templates/agent/serviceaccount.yaml       |    8 +
 .../templates/hubble-relay/configmap.yaml     |   51 +
 .../templates/hubble-relay/deployment.yaml    |  214 +
 .../hubble-relay/metrics-service.yaml         |   24 +
 .../hubble-relay/poddisruptionbudget.yaml     |   26 +
 .../templates/hubble-relay/service.yaml       |   30 +
 .../hubble-relay/serviceaccount.yaml          |   16 +
 .../hubble-relay/servicemonitor.yaml          |   39 +
 .../retina/templates/hubble-ui/_nginx.tpl     |   61 +
 .../templates/hubble-ui/clusterrole.yaml      |   50 +
 .../hubble-ui/clusterrolebinding.yaml         |   20 +
 .../retina/templates/hubble-ui/configmap.yaml |   14 +
 .../templates/hubble-ui/deployment.yaml       |  216 +
 .../retina/templates/hubble-ui/ingress.yaml   |   40 +
 .../hubble-ui/poddisruptionbudget.yaml        |   26 +
 .../retina/templates/hubble-ui/service.yaml   |   31 +
 .../templates/hubble-ui/serviceaccount.yaml   |   16 +
 .../hubble/dashboards-configmap.yaml          |   30 +
 .../templates/hubble/metrics-service.yaml     |   36 +
 .../retina/templates/hubble/peer-service.yaml |   30 +
 .../templates/hubble/servicemonitor.yaml      |   44 +
 .../tls-certmanager/relay-client-secret.yaml  |   22 +
 .../tls-certmanager/relay-server-secret.yaml  |   31 +
 .../hubble/tls-certmanager/server-secret.yaml |   32 +
 .../tls-certmanager/ui-client-certs.yaml      |   22 +
 .../hubble/tls-cronjob/_job-spec.tpl          |   71 +
 .../hubble/tls-cronjob/clusterrole.yaml       |   38 +
 .../tls-cronjob/clusterrolebinding.yaml       |   20 +
 .../templates/hubble/tls-cronjob/cronjob.yaml |   25 +
 .../templates/hubble/tls-cronjob/job.yaml     |   20 +
 .../hubble/tls-cronjob/serviceaccount.yaml    |   16 +
 .../templates/hubble/tls-helm/_helpers.tpl    |   31 +
 .../hubble/tls-helm/relay-client-secret.yaml  |   21 +
 .../hubble/tls-helm/relay-server-secret.yaml  |   22 +
 .../hubble/tls-helm/server-secret.yaml        |   22 +
 .../hubble/tls-helm/ui-client-certs.yaml      |   21 +
 .../tls-provided/relay-client-secret.yaml     |   16 +
 .../tls-provided/relay-server-secret.yaml     |   16 +
 .../hubble/tls-provided/server-secret.yaml    |   16 +
 .../hubble/tls-provided/ui-client-certs.yaml  |   16 +
 .../templates/operator/clusterrole.yaml       |  110 +
 .../operator/clusterrolebinding.yaml          |   22 +
 .../retina/templates/operator/configmap.yaml  |   14 +
 .../retina/templates/operator/deployment.yaml |   98 +
 .../templates/operator/serviceaccount.yaml    |   16 +
 .../helm/retina/templates/validate.yaml       |   47 +
 .../controller/helm/retina/values.yaml        |  920 ++++
 .../graphana}/dashboards/clusters.json        |    0
 .../graphana}/dashboards/dns.json             |    0
 .../graphana}/dashboards/pod-level.json       |    0
 .../simplify-grafana-overwrite_test.go        |    3 +-
 .../graphana}/dashboards/simplify-grafana.go  |    2 +-
 .../dashboards/simplify-grafana_test.go       |    3 +-
 .../controller/helm/retina/.helmignore        |   23 +
 .../controller/helm/retina/Chart.yaml         |    0
 .../helm/retina/crds/retina.sh_captures.yaml  |    0
 .../crds/retina.sh_metricsconfigurations.yaml |    0
 .../crds/retina.sh_retinaendpoints.yaml       |    0
 .../crds/retina.sh_tracesconfigurations.yaml  |    0
 .../helm/retina/templates/NOTES.txt           |    2 +-
 .../helm/retina/templates/_helpers.tpl        |    0
 .../helm/retina/templates/configmap.yaml      |    0
 .../helm/retina/templates/daemonset.yaml      |    0
 .../retina/templates/networkobserver.yaml     |    0
 .../helm/retina/templates/operator.yaml       |    0
 .../helm/retina/templates/podmonitor.yaml     |    0
 .../helm/retina/templates/rbac.yaml           |    0
 .../helm/retina/templates/service.yaml        |    0
 .../helm/retina/templates/serviceaccount.yaml |    0
 .../templates/tests/test-connection.yaml      |    0
 .../controller/helm/retina/values.yaml        |    0
 .../ama-metrics-settings-configmap.yaml       |    0
 .../prometheus/collector-config-template.yml  |    0
 .../prometheus/deploy-retina-clusters.sh      |    0
 .../network-observability/create-cm.sh        |    2 +-
 .../network-observability-svc.yaml            |    0
 .../network-observability/prometheus-config   |    0
 .../prometheus/retina-windows/create-cm.sh    |    2 +-
 .../retina-windows/prometheus-config          |    0
 .../prometheus/retina/create-cm.sh            |    2 +-
 .../prometheus/retina/prometheus-config       |    0
 deploy/{ => legacy}/prometheus/values.yaml    |    0
 deploy/{ => legacy}/registercrd.go            |    0
 deploy/{ => legacy}/registercrd_test.go       |    0
 docs/CRDs/Capture.md                          |    2 +-
 docs/CRDs/MetricsConfiguration.md             |    2 +-
 docs/CRDs/RetinaEndpoint.md                   |    2 +-
 docs/installation/config.md                   |    2 +-
 docs/installation/prometheus-unmanaged.md     |    2 +-
 docs/unsorted/aks-setup.md                    |    2 +-
 go.mod                                        |   71 +-
 go.sum                                        |  216 +-
 init/retina/main_linux.go                     |    4 +
 operator/main.go                              |    2 +-
 pkg/ciliumfs/setup_linux.go                   |   30 +
 pkg/config/hubble_config_linux.go             |   78 +
 .../daemon/nodereconciler/cell_linux.go       |   61 +
 .../nodereconciler/node_controller_linux.go   |  212 +
 .../daemon/retinaendpoint/suite_test.go       |    2 +-
 .../operator/capture/suite_test.go            |    2 +-
 pkg/hubble/cell_linux.go                      |   34 +
 pkg/hubble/common/decoder_linux.go            |   93 +
 pkg/hubble/hubble_linux.go                    |  247 +
 pkg/hubble/parser/layer34/parser_linux.go     |  135 +
 pkg/hubble/parser/parser_linux.go             |   94 +
 pkg/hubble/parser/seven/parser_linux.go       |  146 +
 pkg/k8s/apiserver_linux.go                    |   89 +
 pkg/k8s/cell_linux.go                         |  138 +
 pkg/k8s/local_node_synchronizer_linux.go      |   43 +
 pkg/k8s/placeholders_linux.go                 |  136 +
 pkg/k8s/watcher_linux.go                      |   94 +
 pkg/managers/pluginmanager/cells_linux.go     |   83 +
 pkg/monitoragent/cell_linux.go                |   92 +
 pkg/monitoragent/monitoragent_linux.go        |  217 +
 pkg/plugin/packetparser/packetparser_linux.go |    4 -
 pkg/servermanager/cell_linux.go               |   60 +
 pkg/shared/config/config_linux.go             |   23 +
 pkg/shared/config/type.go                     |    2 +
 pkg/shared/telemetry/cell_linux.go            |   90 +
 pkg/shared/telemetry/type.go                  |    2 +
 test/e2e/framework/azure/create-cluster.go    |    2 +-
 test/e2e/framework/kubernetes/exec-pod.go     |    1 -
 test/e2e/retina_e2e_test.go                   |    2 +-
 test/profiles/localctx/values.yaml            |    2 +-
 windows/readme.md                             |    2 +-
 151 files changed, 20018 insertions(+), 471 deletions(-)
 create mode 100644 cmd/hubble/LICENSE
 create mode 100644 cmd/hubble/cells_linux.go
 create mode 100644 cmd/hubble/daemon_linux.go
 create mode 100644 cmd/hubble/daemon_main_linux.go
 create mode 100644 cmd/hubble_linux.go
 create mode 100644 cmd/legacy/daemon.go
 create mode 100644 cmd/root.go
 delete mode 100644 deploy/grafana/dashboards/README.md
 create mode 100644 deploy/hubble/grafana/dashboards/clusters.json
 create mode 100644 deploy/hubble/grafana/dashboards/dns.json
 create mode 100644 deploy/hubble/grafana/dashboards/pod-flows-namespace.json
 create mode 100644 deploy/hubble/grafana/dashboards/pod-flows-workload.json
 rename deploy/{ => hubble}/manifests/controller/helm/retina/.helmignore (100%)
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/Chart.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/_helpers.tpl
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrole.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrolebinding.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/configmap.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/daemonset.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/agent/serviceaccount.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/configmap.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/deployment.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/metrics-service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/poddisruptionbudget.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/serviceaccount.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/servicemonitor.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/_nginx.tpl
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrole.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrolebinding.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/configmap.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/deployment.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/ingress.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/poddisruptionbudget.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/serviceaccount.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/dashboards-configmap.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/metrics-service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/peer-service.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/servicemonitor.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-client-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/ui-client-certs.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/_job-spec.tpl
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrole.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrolebinding.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/cronjob.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/job.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/serviceaccount.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/_helpers.tpl
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-client-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/ui-client-certs.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-client-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/server-secret.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/ui-client-certs.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrole.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/operator/configmap.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/validate.yaml
 create mode 100644 deploy/hubble/manifests/controller/helm/retina/values.yaml
 rename deploy/{grafana => legacy/graphana}/dashboards/clusters.json (100%)
 rename deploy/{grafana => legacy/graphana}/dashboards/dns.json (100%)
 rename deploy/{grafana => legacy/graphana}/dashboards/pod-level.json (100%)
 rename deploy/{grafana => legacy/graphana}/dashboards/simplify-grafana-overwrite_test.go (99%)
 rename deploy/{grafana => legacy/graphana}/dashboards/simplify-grafana.go (98%)
 rename deploy/{grafana => legacy/graphana}/dashboards/simplify-grafana_test.go (99%)
 create mode 100644 deploy/legacy/manifests/controller/helm/retina/.helmignore
 rename deploy/{ => legacy}/manifests/controller/helm/retina/Chart.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/crds/retina.sh_captures.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/crds/retina.sh_tracesconfigurations.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/NOTES.txt (65%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/_helpers.tpl (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/configmap.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/daemonset.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/networkobserver.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/operator.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/podmonitor.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/rbac.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/service.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/serviceaccount.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/templates/tests/test-connection.yaml (100%)
 rename deploy/{ => legacy}/manifests/controller/helm/retina/values.yaml (100%)
 rename deploy/{ => legacy}/prometheus/ama-metrics-settings-configmap.yaml (100%)
 rename deploy/{ => legacy}/prometheus/collector-config-template.yml (100%)
 rename deploy/{ => legacy}/prometheus/deploy-retina-clusters.sh (100%)
 rename deploy/{ => legacy}/prometheus/network-observability/create-cm.sh (72%)
 rename deploy/{ => legacy}/prometheus/network-observability/network-observability-svc.yaml (100%)
 rename deploy/{ => legacy}/prometheus/network-observability/prometheus-config (100%)
 rename deploy/{ => legacy}/prometheus/retina-windows/create-cm.sh (63%)
 rename deploy/{ => legacy}/prometheus/retina-windows/prometheus-config (100%)
 rename deploy/{ => legacy}/prometheus/retina/create-cm.sh (50%)
 rename deploy/{ => legacy}/prometheus/retina/prometheus-config (100%)
 rename deploy/{ => legacy}/prometheus/values.yaml (100%)
 rename deploy/{ => legacy}/registercrd.go (100%)
 rename deploy/{ => legacy}/registercrd_test.go (100%)
 create mode 100644 pkg/ciliumfs/setup_linux.go
 create mode 100644 pkg/config/hubble_config_linux.go
 create mode 100644 pkg/controllers/daemon/nodereconciler/cell_linux.go
 create mode 100644 pkg/controllers/daemon/nodereconciler/node_controller_linux.go
 create mode 100644 pkg/hubble/cell_linux.go
 create mode 100644 pkg/hubble/common/decoder_linux.go
 create mode 100644 pkg/hubble/hubble_linux.go
 create mode 100644 pkg/hubble/parser/layer34/parser_linux.go
 create mode 100644 pkg/hubble/parser/parser_linux.go
 create mode 100644 pkg/hubble/parser/seven/parser_linux.go
 create mode 100644 pkg/k8s/apiserver_linux.go
 create mode 100644 pkg/k8s/cell_linux.go
 create mode 100644 pkg/k8s/local_node_synchronizer_linux.go
 create mode 100644 pkg/k8s/placeholders_linux.go
 create mode 100644 pkg/k8s/watcher_linux.go
 create mode 100644 pkg/managers/pluginmanager/cells_linux.go
 create mode 100644 pkg/monitoragent/cell_linux.go
 create mode 100644 pkg/monitoragent/monitoragent_linux.go
 create mode 100644 pkg/servermanager/cell_linux.go
 create mode 100644 pkg/shared/config/config_linux.go
 create mode 100644 pkg/shared/config/type.go
 create mode 100644 pkg/shared/telemetry/cell_linux.go
 create mode 100644 pkg/shared/telemetry/type.go

diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml
index d01578a797..cf6738b1a9 100644
--- a/.github/workflows/release-charts.yaml
+++ b/.github/workflows/release-charts.yaml
@@ -40,7 +40,7 @@ jobs:
         run: |
           set -euo pipefail
           export TAG=$(make version)
-          helm package ./deploy/manifests/controller/helm/retina --version $TAG
+          helm package ./deploy/legacy/manifests/controller/helm/retina --version $TAG
           # Get Helm chart's SHA digest from helm push cmd output
           helm push retina-$TAG.tgz oci://ghcr.io/${{ github.repository }}/charts >> helm_push_result.txt 2>&1
           cat helm_push_result.txt
diff --git a/.golangci.yaml b/.golangci.yaml
index 8457366f8d..7f3cd015e7 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -12,6 +12,7 @@ linters:
   disable:
   - maligned
   - scopelint
+  - gci
   enable:
   - exportloopref
   - goconst
diff --git a/Makefile b/Makefile
index 0ffb838d0c..a35a0dfcf9 100644
--- a/Makefile
+++ b/Makefile
@@ -34,6 +34,8 @@ PLATFORM		?= $(OS)/$(ARCH)
 PLATFORMS		?= linux/amd64 linux/arm64 windows/amd64
 OS_VERSION		?= ltsc2019
 
+HUBBLE_VERSION ?= v0.13.0
+
 CONTAINER_BUILDER ?= docker
 CONTAINER_RUNTIME ?= docker
 YEAR 			  ?= 2022
@@ -41,6 +43,12 @@ YEAR 			  ?= 2022
 ALL_ARCH.linux = amd64 arm64
 ALL_ARCH.windows = amd64
 
+#######
+# TLS #
+#######
+ENABLE_TLS ?= true
+CERT_DIR := $(REPO_ROOT)/.certs
+
 # TAG is OS and platform agonstic, which can be used for binary version and image manifest tag,
 # while RETINA_PLATFORM_TAG is platform specific, which can be used for image built for specific platforms.
 RETINA_PLATFORM_TAG        ?= $(TAG)-$(subst /,-,$(PLATFORM))
@@ -236,6 +244,7 @@ container-docker: buildx # util target to build container images using docker bu
 		--build-arg GOARCH=$$arch \
 		--build-arg GOOS=$$os \
 		--build-arg OS_VERSION=$(OS_VERSION) \
+		--build-arg HUBBLE_VERSION=$(HUBBLE_VERSION) \
 		--build-arg VERSION=$(VERSION) $(EXTRA_BUILD_ARGS) \
 		--target=$(TARGET) \
 		-t $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) \
@@ -376,7 +385,7 @@ HELM_IMAGE_TAG ?= v0.0.2
 
 # basic/node-level mode
 helm-install: manifests
-	helm upgrade --install retina ./deploy/manifests/controller/helm/retina/ \
+	helm upgrade --install retina ./deploy/legacy/manifests/controller/helm/retina/ \
 		--namespace kube-system \
 		--set image.repository=$(IMAGE_REGISTRY)/$(RETINA_IMAGE) \
 		--set image.initRepository=$(IMAGE_REGISTRY)/$(RETINA_INIT_IMAGE) \
@@ -389,7 +398,7 @@ helm-install: manifests
 		--set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\]"
 
 helm-install-with-operator: manifests
-	helm upgrade --install retina ./deploy/manifests/controller/helm/retina/ \
+	helm upgrade --install retina ./deploy/legacy/manifests/controller/helm/retina/ \
 		--namespace kube-system \
 		--set image.repository=$(IMAGE_REGISTRY)/$(RETINA_IMAGE) \
 		--set image.initRepository=$(IMAGE_REGISTRY)/$(RETINA_INIT_IMAGE) \
@@ -406,7 +415,7 @@ helm-install-with-operator: manifests
 
 # advanced/pod-level mode with scale limitations, where metrics are aggregated by source and destination Pod
 helm-install-advanced-remote-context: manifests
-	helm upgrade --install retina ./deploy/manifests/controller/helm/retina/ \
+	helm upgrade --install retina ./deploy/legacy/manifests/controller/helm/retina/ \
 		--namespace kube-system \
 		--set image.repository=$(IMAGE_REGISTRY)/$(RETINA_IMAGE) \
 		--set image.initRepository=$(IMAGE_REGISTRY)/$(RETINA_INIT_IMAGE) \
@@ -425,7 +434,7 @@ helm-install-advanced-remote-context: manifests
 
 # advanced/pod-level mode designed for scale, where metrics are aggregated by "local" Pod (source for outgoing traffic, destination for incoming traffic)
 helm-install-advanced-local-context: manifests
-	helm upgrade --install retina ./deploy/manifests/controller/helm/retina/ \
+	helm upgrade --install retina ./deploy/legacy/manifests/controller/helm/retina/ \
 		--namespace kube-system \
 		--set image.repository=$(IMAGE_REGISTRY)/$(RETINA_IMAGE) \
 		--set image.initRepository=$(IMAGE_REGISTRY)/$(RETINA_INIT_IMAGE) \
@@ -442,9 +451,57 @@ helm-install-advanced-local-context: manifests
 		--set enablePodLevel=true \
 		--set enableAnnotations=true
 
+helm-install-hubble:
+	helm upgrade --install retina ./deploy/hubble/manifests/controller/helm/retina/ \
+		--namespace kube-system \
+		--set operator.enabled=true \
+		--set operator.repository=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE) \
+		--set operator.tag=$(HELM_IMAGE_TAG) \
+		--set agent.enabled=true \
+		--set agent.repository=$(IMAGE_REGISTRY)/$(RETINA_IMAGE) \
+		--set agent.tag=$(HELM_IMAGE_TAG) \
+		--set agent.init.enabled=true \
+		--set agent.init.repository=$(IMAGE_REGISTRY)/$(RETINA_INIT_IMAGE) \
+		--set agent.init.tag=$(HELM_IMAGE_TAG) \
+		--set logLevel=info \
+		--set hubble.tls.enabled=$(ENABLE_TLS) \
+		--set hubble.relay.tls.server.enabled=$(ENABLE_TLS) \
+		--set hubble.tls.auto.enabled=$(ENABLE_TLS) \
+		--set hubble.tls.auto.method=cronJob \
+		--set hubble.tls.auto.certValidityDuration=1 \
+		--set hubble.tls.auto.schedule="*/10 * * * *"	
+
+helm-install-without-tls: clean-certs
+	$(MAKE) helm-install-hubble ENABLE_TLS=false
+
 helm-uninstall:
 	helm uninstall retina -n kube-system
 
+.PHONY: get-certs
+get-certs:
+	mkdir -p $(CERT_DIR)
+	$(foreach kv,$(CERT_FILES),\
+			$(eval FILE=$(word 1,$(subst :, ,$(kv)))) \
+			$(eval CONFIG_KEY=$(word 2,$(subst :, ,$(kv)))) \
+			kubectl get secret $(TLS_SECRET_NAME) \
+				-n kube-system \
+				-o jsonpath="{.data['$(call escape_dot,$(FILE))']}" \
+			| base64 -d > $(CERT_DIR)/$(FILE);\
+			hubble config set $(CONFIG_KEY) $(CERT_DIR)/$(FILE);\
+		)
+	hubble config set tls true
+	hubble config set tls-server-name instance.hubble-relay.cilium.io
+
+.PHONY: clean-certs
+clean-certs:
+	rm -rf $(CERT_DIR)
+	$(foreach kv,$(CERT_FILES),\
+		$(eval CONFIG_KEY=$(word 2,$(subst :, ,$(kv)))) \
+		hubble config reset $(CONFIG_KEY);\
+	)
+	hubble config set tls false
+	hubble config reset tls-server-name
+
 .PHONY: docs
 docs: 
 	echo $(PWD)
@@ -463,6 +520,12 @@ quick-build:
 quick-deploy:
 	$(MAKE) helm-install-advanced-local-context HELM_IMAGE_TAG=$(TAG)-linux-amd64
 
+.PHONY: quick-deploy-hubble
+quick-deploy-hubble:
+	$(MAKE) helm-uninstall || true
+	$(MAKE) helm-install-without-tls HELM_IMAGE_TAG=$(TAG)-linux-amd64
+
 .PHONY: simplify-dashboards
 simplify-dashboards:
-	cd deploy/grafana/dashboards/ && go test . -tags=dashboard,simplifydashboard -v
+	cd deploy/legacy/graphana/dashboards && go test . -tags=dashboard,simplifydashboard -v && cd $(REPO_ROOT)
+
diff --git a/cmd/hubble/LICENSE b/cmd/hubble/LICENSE
new file mode 100644
index 0000000000..c8d4ae33c7
--- /dev/null
+++ b/cmd/hubble/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} Authors of Cilium and Retina
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/cmd/hubble/cells_linux.go b/cmd/hubble/cells_linux.go
new file mode 100644
index 0000000000..9851f62471
--- /dev/null
+++ b/cmd/hubble/cells_linux.go
@@ -0,0 +1,97 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+// Copyright Authors of Cilium.
+// Modified by Authors of Retina.
+package hubble
+
+import (
+	"github.com/cilium/cilium/pkg/defaults"
+	"github.com/cilium/cilium/pkg/gops"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/option"
+	"github.com/cilium/cilium/pkg/pprof"
+	"github.com/cilium/proxy/pkg/logging"
+	"github.com/cilium/proxy/pkg/logging/logfields"
+	"github.com/microsoft/retina/pkg/config"
+	rnode "github.com/microsoft/retina/pkg/controllers/daemon/nodereconciler"
+	hubbleserver "github.com/microsoft/retina/pkg/hubble"
+	retinak8s "github.com/microsoft/retina/pkg/k8s"
+	"github.com/microsoft/retina/pkg/managers/pluginmanager"
+	"github.com/microsoft/retina/pkg/monitoragent"
+	"github.com/microsoft/retina/pkg/servermanager"
+	"github.com/microsoft/retina/pkg/shared/telemetry"
+	"k8s.io/client-go/rest"
+)
+
+var (
+	Agent = cell.Module(
+		"agent",
+		"Retina-Agent",
+		Infrastructure,
+		ControlPlane,
+	)
+	daemonSubsys = "daemon"
+	logger       = logging.DefaultLogger.WithField(logfields.LogSubsys, daemonSubsys)
+
+	Infrastructure = cell.Module(
+		"infrastructure",
+		"Infrastructure",
+
+		// Register the pprof HTTP handlers, to get runtime profiling data.
+		pprof.Cell,
+		cell.Config(pprof.Config{
+			Pprof:        true,
+			PprofAddress: option.PprofAddressAgent,
+			PprofPort:    option.PprofPortAgent,
+		}),
+
+		// Runs the gops agent, a tool to diagnose Go processes.
+		gops.Cell(defaults.GopsPortAgent),
+
+		// Parse Retina specific configuration
+		config.Cell,
+
+		// Kubernetes client
+		k8sClient.Cell,
+
+		cell.Provide(func(cfg config.Config, k8sCfg *rest.Config) telemetry.Config {
+			return telemetry.Config{
+				Component:             "retina-agent",
+				EnableTelemetry:       cfg.EnableTelemetry,
+				ApplicationInsightsID: applicationInsightsID,
+				RetinaVersion:         retinaVersion,
+				EnabledPlugins:        cfg.EnabledPlugin,
+			}
+		}),
+		telemetry.Constructor,
+
+		// cell.Provide(func() cell.Lifecycle {
+		// 	return &cell.DefaultLifecycle{}
+		// }),
+	)
+
+	ControlPlane = cell.Module(
+		"control-plane",
+		"Control Plane",
+
+		// monitorAgent.Cell,
+		monitoragent.Cell,
+
+		daemonCell,
+
+		// Provides the node reconciler
+		rnode.Cell,
+
+		// Provides the hubble agent
+		hubbleserver.Cell,
+
+		pluginmanager.Cell,
+
+		retinak8s.Cell,
+
+		servermanager.Cell,
+
+		telemetry.Heartbeat,
+	)
+)
diff --git a/cmd/hubble/daemon_linux.go b/cmd/hubble/daemon_linux.go
new file mode 100644
index 0000000000..2c4c82a617
--- /dev/null
+++ b/cmd/hubble/daemon_linux.go
@@ -0,0 +1,154 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+// Copyright Authors of Cilium.
+// Modified by Authors of Retina.
+package hubble
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+
+	"github.com/microsoft/retina/pkg/config"
+	"github.com/microsoft/retina/pkg/managers/pluginmanager"
+	"github.com/microsoft/retina/pkg/managers/servermanager"
+
+	retinak8s "github.com/microsoft/retina/pkg/k8s"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/k8s"
+	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/k8s/watchers"
+	monitoragent "github.com/cilium/cilium/pkg/monitor/agent"
+	"github.com/cilium/cilium/pkg/node"
+	"github.com/cilium/workerpool"
+
+	corev1 "k8s.io/api/core/v1"
+	k8sruntime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/rest"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	zapf "sigs.k8s.io/controller-runtime/pkg/log/zap"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+)
+
+var (
+	scheme     = k8sruntime.NewScheme()
+	daemonCell = cell.Module(
+		"daemon",
+		"Retina-Agent Daemon",
+		// Create the controller manager, provides the hive with the controller manager and its client
+		cell.Provide(func(k8sCfg *rest.Config, logger logrus.FieldLogger, rcfg config.RetinaHubbleConfig) (ctrl.Manager, client.Client, error) {
+			if err := corev1.AddToScheme(scheme); err != nil { //nolint:govet // intentional shadow
+				logger.Error("failed to add corev1 to scheme")
+				return nil, nil, errors.Wrap(err, "failed to add corev1 to scheme")
+			}
+
+			mgrOption := ctrl.Options{
+				Scheme: scheme,
+				Metrics: metricsserver.Options{
+					BindAddress: rcfg.MetricsBindAddress,
+				},
+				HealthProbeBindAddress: rcfg.HealthProbeBindAddress,
+				LeaderElection:         rcfg.LeaderElection,
+				LeaderElectionID:       "ecaf1259.retina.io",
+			}
+
+			logf.SetLogger(zapf.New())
+			ctrlManager, err := ctrl.NewManager(k8sCfg, mgrOption)
+			if err != nil {
+				logger.Error("failed to create manager")
+				return nil, nil, fmt.Errorf("creating new controller-runtime manager: %w", err)
+			}
+
+			return ctrlManager, ctrlManager.GetClient(), nil
+		}),
+
+		// Start the controller manager
+		cell.Invoke(func(l logrus.FieldLogger, lifecycle cell.Lifecycle, ctrlManager ctrl.Manager) {
+			var wp *workerpool.WorkerPool
+			lifecycle.Append(
+				cell.Hook{
+					OnStart: func(cell.HookContext) error {
+						wp = workerpool.New(1)
+						l.Info("starting controller-runtime manager")
+						if err := wp.Submit("controller-runtime manager", ctrlManager.Start); err != nil {
+							return errors.Wrap(err, "failed to submit controller-runtime manager to workerpool")
+						}
+						return nil
+					},
+					OnStop: func(cell.HookContext) error {
+						if err := wp.Close(); err != nil {
+							return errors.Wrap(err, "failed to close controller-runtime workerpool")
+						}
+						return nil
+					},
+				},
+			)
+		}),
+		cell.Invoke(newDaemonPromise),
+	)
+)
+
+type Daemon struct {
+	clientset k8sClient.Clientset
+
+	log            logrus.FieldLogger
+	monitorAgent   monitoragent.Agent
+	pluginManager  *pluginmanager.PluginManager
+	HTTPServer     *servermanager.HTTPServer
+	client         client.Client
+	eventChan      chan *v1.Event
+	k8swatcher     *watchers.K8sWatcher
+	localNodeStore *node.LocalNodeStore
+	ipc            *ipcache.IPCache
+	svcCache       *k8s.ServiceCache
+}
+
+func newDaemon(params *daemonParams) *Daemon {
+	return &Daemon{
+		monitorAgent:   params.MonitorAgent,
+		pluginManager:  params.PluginManager,
+		HTTPServer:     params.HTTPServer,
+		clientset:      params.Clientset,
+		log:            params.Log,
+		client:         params.Client,
+		eventChan:      params.EventChan,
+		k8swatcher:     params.K8sWatcher,
+		localNodeStore: params.Lnds,
+		ipc:            params.IPC,
+		svcCache:       params.SvcCache,
+	}
+}
+
+func (d *Daemon) Run(ctx context.Context) error {
+	// Start K8s watcher
+	d.log.WithField("localNodeStore", d.localNodeStore).Info("Starting local node store")
+
+	// Start K8s watcher. Will block till sync is complete or timeout.
+	// If sync doesn't complete within timeout (3 minutes), causes fatal error.
+	retinak8s.Start(ctx, d.k8swatcher)
+
+	go d.generateEvents(ctx)
+	return nil
+}
+
+func (d *Daemon) generateEvents(ctx context.Context) {
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case event := <-d.eventChan:
+			d.log.WithField("event", event).Debug("Sending event to monitor agent")
+			err := d.monitorAgent.SendEvent(0, event)
+			if err != nil {
+				d.log.WithError(err).Error("Unable to send event to monitor agent")
+			}
+		}
+	}
+}
diff --git a/cmd/hubble/daemon_main_linux.go b/cmd/hubble/daemon_main_linux.go
new file mode 100644
index 0000000000..9b60e5b65b
--- /dev/null
+++ b/cmd/hubble/daemon_main_linux.go
@@ -0,0 +1,315 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+// Copyright Authors of Cilium.
+// Modified by Authors of Retina.
+// This bootstraps Hubble control plane.
+package hubble
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"path/filepath"
+	"strings"
+
+	zaphook "github.com/Sytten/logrus-zap-hook"
+	"github.com/cilium/cilium/pkg/defaults"
+	"github.com/cilium/cilium/pkg/hive"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
+	"github.com/cilium/cilium/pkg/hubble/exporter/exporteroption"
+	"github.com/cilium/cilium/pkg/hubble/observer/observeroption"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/k8s"
+	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/k8s/watchers"
+	"github.com/cilium/cilium/pkg/metrics"
+	monitorAgent "github.com/cilium/cilium/pkg/monitor/agent"
+	monitorAPI "github.com/cilium/cilium/pkg/monitor/api"
+	"github.com/cilium/cilium/pkg/node"
+	"github.com/cilium/cilium/pkg/option"
+	"github.com/cilium/cilium/pkg/promise"
+	"github.com/cilium/cilium/pkg/time"
+	"github.com/cilium/proxy/pkg/logging"
+	"github.com/microsoft/retina/pkg/config"
+	"github.com/microsoft/retina/pkg/log"
+	"github.com/microsoft/retina/pkg/managers/pluginmanager"
+	"github.com/microsoft/retina/pkg/managers/servermanager"
+	sharedconfig "github.com/microsoft/retina/pkg/shared/config"
+	"github.com/microsoft/retina/pkg/telemetry"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	configFileName string = "config.yaml"
+	logFileName    string = "retina.log"
+)
+
+var (
+	// Below two fields are set while building the binary
+	// they are passed in as ldflags
+	// see dockerfile
+	applicationInsightsID string
+	retinaVersion         string
+)
+
+func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
+	flags := cmd.Flags()
+
+	flags.String(option.IdentityAllocationMode, option.IdentityAllocationModeCRD, "Identity allocation mode")
+
+	// Add all the flags Hubble supports currently.
+	flags.String(option.ConfigDir, "/retina/config", `Configuration directory that contains a file for each option`)
+	option.BindEnv(vp, option.ConfigDir)
+
+	flags.Bool(option.EnableHubble, false, "Enable hubble server")
+	option.BindEnv(vp, option.EnableHubble)
+
+	flags.String(option.HubbleSocketPath, defaults.HubbleSockPath, "Set hubble's socket path to listen for connections")
+	option.BindEnv(vp, option.HubbleSocketPath)
+
+	flags.String(option.HubbleListenAddress, "", `An additional address for Hubble server to listen to, e.g. ":4244"`)
+	option.BindEnv(vp, option.HubbleListenAddress)
+
+	flags.Bool(option.HubblePreferIpv6, false, "Prefer IPv6 addresses for announcing nodes when both address types are available.")
+	option.BindEnv(vp, option.HubblePreferIpv6)
+
+	flags.Bool(option.HubbleTLSDisabled, false, "Allow Hubble server to run on the given listen address without TLS.")
+	option.BindEnv(vp, option.HubbleTLSDisabled)
+
+	flags.String(option.HubbleTLSCertFile, "", "Path to the public key file for the Hubble server. The file must contain PEM encoded data.")
+	option.BindEnv(vp, option.HubbleTLSCertFile)
+
+	flags.String(option.HubbleTLSKeyFile, "", "Path to the private key file for the Hubble server. The file must contain PEM encoded data.")
+	option.BindEnv(vp, option.HubbleTLSKeyFile)
+
+	flags.StringSlice(option.HubbleTLSClientCAFiles, []string{}, "Paths to one or more public key files of client CA certificates to use for TLS with mutual authentication (mTLS). The files must contain PEM encoded data. When provided, this option effectively enables mTLS.") //nolint:lll // long line (over 80 characters).
+	option.BindEnv(vp, option.HubbleTLSClientCAFiles)
+
+	flags.Int(option.HubbleEventBufferCapacity, observeroption.Default.MaxFlows.AsInt(), "Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535 (ie: 1, 3, ..., 2047, 4095, ..., 65535)") //nolint:lll // long line.
+	option.BindEnv(vp, option.HubbleEventBufferCapacity)
+
+	flags.Int(option.HubbleEventQueueSize, 0, "Buffer size of the channel to receive monitor events.")
+	option.BindEnv(vp, option.HubbleEventQueueSize)
+
+	flags.String(option.HubbleMetricsServer, "", "Address to serve Hubble metrics on.")
+	option.BindEnv(vp, option.HubbleMetricsServer)
+
+	flags.StringSlice(option.HubbleMetrics, []string{}, "List of Hubble metrics to enable.")
+	option.BindEnv(vp, option.HubbleMetrics)
+
+	flags.String(option.HubbleFlowlogsConfigFilePath, "", "Filepath with configuration of hubble flowlogs")
+	option.BindEnv(vp, option.HubbleFlowlogsConfigFilePath)
+
+	flags.String(option.HubbleExportFilePath, exporteroption.Default.Path, "Filepath to write Hubble events to.")
+	option.BindEnv(vp, option.HubbleExportFilePath)
+
+	flags.Int(option.HubbleExportFileMaxSizeMB, exporteroption.Default.MaxSizeMB, "Size in MB at which to rotate Hubble export file.")
+	option.BindEnv(vp, option.HubbleExportFileMaxSizeMB)
+
+	flags.Int(option.HubbleExportFileMaxBackups, exporteroption.Default.MaxBackups, "Number of rotated Hubble export files to keep.")
+	option.BindEnv(vp, option.HubbleExportFileMaxBackups)
+
+	flags.Bool(option.HubbleExportFileCompress, exporteroption.Default.Compress, "Compress rotated Hubble export files.")
+	option.BindEnv(vp, option.HubbleExportFileCompress)
+
+	flags.StringSlice(option.HubbleExportAllowlist, []string{}, "Specify allowlist as JSON encoded FlowFilters to Hubble exporter.")
+	option.BindEnv(vp, option.HubbleExportAllowlist)
+
+	flags.StringSlice(option.HubbleExportDenylist, []string{}, "Specify denylist as JSON encoded FlowFilters to Hubble exporter.")
+	option.BindEnv(vp, option.HubbleExportDenylist)
+
+	flags.StringSlice(option.HubbleExportFieldmask, []string{}, "Specify list of fields to use for field mask in Hubble exporter.")
+	option.BindEnv(vp, option.HubbleExportFieldmask)
+
+	flags.Bool(option.EnableHubbleRecorderAPI, true, "Enable the Hubble recorder API")
+	option.BindEnv(vp, option.EnableHubbleRecorderAPI)
+
+	flags.String(option.HubbleRecorderStoragePath, defaults.HubbleRecorderStoragePath, "Directory in which pcap files created via the Hubble Recorder API are stored")
+	option.BindEnv(vp, option.HubbleRecorderStoragePath)
+
+	flags.Int(option.HubbleRecorderSinkQueueSize, defaults.HubbleRecorderSinkQueueSize, "Queue size of each Hubble recorder sink")
+	option.BindEnv(vp, option.HubbleRecorderSinkQueueSize)
+
+	flags.Bool(option.HubbleSkipUnknownCGroupIDs, true, "Skip Hubble events with unknown cgroup ids")
+	option.BindEnv(vp, option.HubbleSkipUnknownCGroupIDs)
+
+	flags.StringSlice(option.HubbleMonitorEvents, []string{},
+		fmt.Sprintf(
+			"Cilium monitor events for Hubble to observe: [%s]. By default, Hubble observes all monitor events.",
+			strings.Join(monitorAPI.AllMessageTypeNames(), " "),
+		),
+	)
+	option.BindEnv(vp, option.HubbleMonitorEvents)
+
+	flags.Bool(option.HubbleRedactEnabled, defaults.HubbleRedactEnabled, "Hubble redact sensitive information from flows")
+	option.BindEnv(vp, option.HubbleRedactEnabled)
+
+	flags.Bool(option.HubbleRedactHttpURLQuery, defaults.HubbleRedactHttpURLQuery, "Hubble redact http URL query from flows")
+	option.BindEnv(vp, option.HubbleRedactHttpURLQuery)
+
+	flags.Bool(option.HubbleRedactHttpUserInfo, defaults.HubbleRedactHttpUserInfo, "Hubble redact http user info from flows")
+	option.BindEnv(vp, option.HubbleRedactHttpUserInfo)
+
+	flags.Bool(option.HubbleRedactKafkaApiKey, defaults.HubbleRedactKafkaApiKey, "Hubble redact Kafka API key from flows")
+	option.BindEnv(vp, option.HubbleRedactKafkaApiKey)
+
+	flags.StringSlice(option.HubbleRedactHttpHeadersAllow, []string{}, "HTTP headers to keep visible in flows")
+	option.BindEnv(vp, option.HubbleRedactHttpHeadersAllow)
+
+	flags.StringSlice(option.HubbleRedactHttpHeadersDeny, []string{}, "HTTP headers to redact from flows")
+	option.BindEnv(vp, option.HubbleRedactHttpHeadersDeny)
+
+	if err := vp.BindPFlags(flags); err != nil {
+		logger.Fatalf("BindPFlags failed: %s", err)
+	}
+}
+
+type daemonParams struct {
+	cell.In
+
+	Lifecycle     cell.Lifecycle
+	Clientset     k8sClient.Clientset
+	MonitorAgent  monitorAgent.Agent
+	PluginManager *pluginmanager.PluginManager
+	HTTPServer    *servermanager.HTTPServer
+	Log           logrus.FieldLogger
+	Client        client.Client
+	EventChan     chan *v1.Event
+	K8sWatcher    *watchers.K8sWatcher
+	Lnds          *node.LocalNodeStore
+	IPC           *ipcache.IPCache
+	SvcCache      *k8s.ServiceCache
+	Telemetry     telemetry.Telemetry
+	Config        config.Config
+}
+
+func newDaemonPromise(params daemonParams) promise.Promise[*Daemon] {
+	daemonResolver, daemonPromise := promise.New[*Daemon]()
+
+	// daemonCtx is the daemon-wide context cancelled when stopping.
+	daemonCtx, cancelDaemonCtx := context.WithCancel(context.Background())
+
+	var daemon *Daemon
+	params.Lifecycle.Append(cell.Hook{
+		OnStart: func(cell.HookContext) error {
+			d := newDaemon(&params)
+			daemon = d
+			daemonResolver.Resolve(daemon)
+
+			d.log.Info("starting Retina Enterprise version: ", retinaVersion)
+			err := d.Run(daemonCtx)
+			if err != nil {
+				return fmt.Errorf("daemon run failed: %w", err)
+			}
+
+			return nil
+		},
+		OnStop: func(cell.HookContext) error {
+			cancelDaemonCtx()
+			return nil
+		},
+	})
+	return daemonPromise
+}
+
+func initLogging() {
+	logger := setupDefaultLogger()
+	retinaConfig, _ := getRetinaConfig(logger)
+	k8sCfg, _ := sharedconfig.GetK8sConfig()
+	zapLogger := setupZapLogger(retinaConfig, k8sCfg)
+	setupLoggingHooks(logger, zapLogger)
+	bootstrapLogging(logger)
+}
+
+func setupDefaultLogger() *logrus.Logger {
+	logger := logging.DefaultLogger
+	logger.ReportCaller = true
+	logger.SetOutput(io.Discard)
+	return logger
+}
+
+func getRetinaConfig(logger *logrus.Logger) (*config.Config, error) {
+	retinaConfigFile := filepath.Join(option.Config.ConfigDir, configFileName)
+	conf, err := config.GetConfig(retinaConfigFile)
+	if err != nil {
+		logger.WithError(err).Error("Failed to get config file")
+		return nil, fmt.Errorf("getting config from file %q: %w", configFileName, err)
+	}
+	return conf, nil
+}
+
+func setupZapLogger(retinaConfig *config.Config, k8sCfg *rest.Config) *log.ZapLogger {
+	logOpts := &log.LogOpts{
+		Level:                 retinaConfig.LogLevel,
+		File:                  false,
+		FileName:              logFileName,
+		MaxFileSizeMB:         100, //nolint:gomnd // this is obvious from usage
+		MaxBackups:            3,   //nolint:gomnd // this is obvious from usage
+		MaxAgeDays:            30,  //nolint:gomnd // this is obvious from usage
+		ApplicationInsightsID: applicationInsightsID,
+		EnableTelemetry:       retinaConfig.EnableTelemetry,
+	}
+
+	persistentFields := []zap.Field{
+		zap.String("version", retinaVersion),
+		zap.String("apiserver", k8sCfg.Host),
+		zap.Strings("plugins", retinaConfig.EnabledPlugin),
+	}
+
+	_, err := log.SetupZapLogger(logOpts, persistentFields...)
+	if err != nil {
+		logger.Fatalf("Failed to setup zap logger: %v", err)
+	}
+
+	namedLogger := log.Logger().Named("retina-with-hubble")
+	namedLogger.Info("Traces telemetry initialized with zapai", zap.String("version", retinaVersion), zap.String("appInsightsID", applicationInsightsID))
+
+	return namedLogger
+}
+
+func setupLoggingHooks(logger *logrus.Logger, zapLogger *log.ZapLogger) {
+	logger.Hooks.Add(metrics.NewLoggingHook())
+
+	zapHook, err := zaphook.NewZapHook(zapLogger.Logger)
+	if err != nil {
+		logger.WithError(err).Error("Failed to create zap hook")
+	} else {
+		logger.Hooks.Add(zapHook)
+	}
+}
+
+func bootstrapLogging(logger *logrus.Logger) {
+	if err := logging.SetupLogging(option.Config.LogDriver, logging.LogOptions(option.Config.LogOpt), "retina-agent", option.Config.Debug); err != nil {
+		logger.Fatal(err)
+	}
+}
+
+func initDaemonConfig(vp *viper.Viper) {
+	option.Config.Populate(vp)
+	if option.Config.HubbleEventBufferCapacity == 0 {
+		option.Config.HubbleEventBufferCapacity = int(math.Pow(2, 14) - 1) //nolint:gomnd // this is just math
+	}
+
+	time.MaxInternalTimerDelay = vp.GetDuration(option.MaxInternalTimerDelay)
+}
+
+func Execute(cobraCmd *cobra.Command, h *hive.Hive) {
+	fn := option.InitConfig(cobraCmd, "retina-agent", "retina", h.Viper())
+	fn()
+	initDaemonConfig(h.Viper())
+	initLogging()
+
+	//nolint:gocritic // without granular commits this commented-out code may be lost
+	// initEnv(h.Viper())
+
+	if err := h.Run(); err != nil {
+		logger.Fatal(err)
+	}
+}
diff --git a/cmd/hubble_linux.go b/cmd/hubble_linux.go
new file mode 100644
index 0000000000..3222814441
--- /dev/null
+++ b/cmd/hubble_linux.go
@@ -0,0 +1,36 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/cilium/cilium/pkg/hive"
+	"github.com/microsoft/retina/cmd/hubble"
+	"github.com/spf13/cobra"
+	"go.etcd.io/etcd/version"
+)
+
+var (
+	h = hive.New(hubble.Agent)
+
+	hubbleCmd = &cobra.Command{
+		Use:   "hubble-control-plane",
+		Short: "Start Hubble control plane",
+		Run: func(cobraCmd *cobra.Command, _ []string) {
+			if v, _ := cobraCmd.Flags().GetBool("version"); v {
+				fmt.Printf("%s %s\n", cobraCmd.Name(), version.Version)
+			}
+			hubble.Execute(cobraCmd, h)
+		},
+	}
+)
+
+func init() {
+	h.RegisterFlags(hubbleCmd.Flags())
+	hubbleCmd.AddCommand(h.Command())
+
+	hubble.InitGlobalFlags(hubbleCmd, h.Viper())
+
+	rootCmd.AddCommand(hubbleCmd)
+}
diff --git a/cmd/legacy/daemon.go b/cmd/legacy/daemon.go
new file mode 100644
index 0000000000..06a5cb9d34
--- /dev/null
+++ b/cmd/legacy/daemon.go
@@ -0,0 +1,302 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package legacy
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"go.uber.org/zap"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/fields"
+	k8sruntime "k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/client-go/kubernetes"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	ctrl "sigs.k8s.io/controller-runtime"
+	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	kcfg "sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	crmgr "sigs.k8s.io/controller-runtime/pkg/manager"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+
+	"github.com/go-logr/zapr"
+	retinav1alpha1 "github.com/microsoft/retina/crd/api/v1alpha1"
+	"github.com/microsoft/retina/pkg/config"
+	controllercache "github.com/microsoft/retina/pkg/controllers/cache"
+	mcc "github.com/microsoft/retina/pkg/controllers/daemon/metricsconfiguration"
+	namespacecontroller "github.com/microsoft/retina/pkg/controllers/daemon/namespace"
+	nc "github.com/microsoft/retina/pkg/controllers/daemon/node"
+	pc "github.com/microsoft/retina/pkg/controllers/daemon/pod"
+	kec "github.com/microsoft/retina/pkg/controllers/daemon/retinaendpoint"
+	sc "github.com/microsoft/retina/pkg/controllers/daemon/service"
+
+	"github.com/microsoft/retina/pkg/enricher"
+	"github.com/microsoft/retina/pkg/log"
+	cm "github.com/microsoft/retina/pkg/managers/controllermanager"
+	"github.com/microsoft/retina/pkg/managers/filtermanager"
+	"github.com/microsoft/retina/pkg/metrics"
+	mm "github.com/microsoft/retina/pkg/module/metrics"
+	"github.com/microsoft/retina/pkg/pubsub"
+	"github.com/microsoft/retina/pkg/telemetry"
+)
+
+const (
+	logFileName       = "retina.log"
+	heartbeatInterval = 5 * time.Minute
+
+	nodeNameEnvKey = "NODE_NAME"
+	nodeIPEnvKey   = "NODE_IP"
+)
+
+var (
+	scheme = k8sruntime.NewScheme()
+
+	// applicationInsightsID is the instrumentation key for Azure Application Insights
+	// It is set during the build process using the -ldflags flag
+	// If it is set, the application will send telemetry to the corresponding Application Insights resource.
+	applicationInsightsID string
+	version               string
+)
+
+func init() {
+	//+kubebuilder:scaffold:scheme
+	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+	utilruntime.Must(retinav1alpha1.AddToScheme(scheme))
+}
+
+type Daemon struct {
+	metricsAddr          string
+	probeAddr            string
+	enableLeaderElection bool
+	configFile           string
+}
+
+func NewDaemon(metricsAddr, probeAddr, configFile string, enableLeaderElection bool) *Daemon {
+	return &Daemon{
+		metricsAddr:          metricsAddr,
+		probeAddr:            probeAddr,
+		enableLeaderElection: enableLeaderElection,
+		configFile:           configFile,
+	}
+}
+
+func (d *Daemon) Start() error {
+	fmt.Printf("starting Retina daemon with legacy control plane %v\n", version)
+
+	if applicationInsightsID != "" {
+		telemetry.InitAppInsights(applicationInsightsID, version)
+		defer telemetry.ShutdownAppInsights()
+		defer telemetry.TrackPanic()
+	}
+
+	daemonConfig, err := config.GetConfig(d.configFile)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println("init client-go")
+	cfg, err := kcfg.GetConfig()
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println("init logger")
+	zl, err := log.SetupZapLogger(&log.LogOpts{
+		Level:                 daemonConfig.LogLevel,
+		File:                  false,
+		FileName:              logFileName,
+		MaxFileSizeMB:         100, //nolint:gomnd // defaults
+		MaxBackups:            3,   //nolint:gomnd // defaults
+		MaxAgeDays:            30,  //nolint:gomnd // defaults
+		ApplicationInsightsID: applicationInsightsID,
+		EnableTelemetry:       daemonConfig.EnableTelemetry,
+	},
+		zap.String("version", version),
+		zap.String("apiserver", cfg.Host),
+		zap.String("plugins", strings.Join(daemonConfig.EnabledPlugin, `,`)),
+	)
+	if err != nil {
+		panic(err)
+	}
+	defer zl.Close()
+	mainLogger := zl.Named("main").Sugar()
+
+	metrics.InitializeMetrics()
+
+	var tel telemetry.Telemetry
+	if daemonConfig.EnableTelemetry && applicationInsightsID != "" {
+		mainLogger.Info("telemetry enabled", zap.String("applicationInsightsID", applicationInsightsID))
+		tel = telemetry.NewAppInsightsTelemetryClient("retina-agent", map[string]string{
+			"version":   version,
+			"apiserver": cfg.Host,
+			"plugins":   strings.Join(daemonConfig.EnabledPlugin, `,`),
+		})
+	} else {
+		mainLogger.Info("telemetry disabled")
+		tel = telemetry.NewNoopTelemetry()
+	}
+
+	// Create a manager for controller-runtime
+
+	mgrOption := crmgr.Options{
+		Scheme: scheme,
+		Metrics: metricsserver.Options{
+			BindAddress: d.metricsAddr,
+		},
+		HealthProbeBindAddress: d.probeAddr,
+		LeaderElection:         d.enableLeaderElection,
+		LeaderElectionID:       "ecaf1259.retina.sh",
+	}
+
+	// Local context has its meaning only when pod level(advanced) metrics is enabled.
+	if daemonConfig.EnablePodLevel && !daemonConfig.RemoteContext {
+		mainLogger.Info("Remote context is disabled, only pods deployed on the same node as retina-agent will be monitored")
+		// the new cache sets Selector options on the Manager cache which are used
+		// to perform *server-side* filtering of the cached objects. This is very important
+		// for high node/pod count clusters, as it keeps us from watching objects at the
+		// whole cluster scope when we are only interested in the Node's scope.
+		nodeName := os.Getenv(nodeNameEnvKey)
+		if nodeName == "" {
+			mainLogger.Fatal("failed to get node name from environment variable", zap.String("node name env key", nodeNameEnvKey))
+		}
+		podNodeNameSelector := fields.SelectorFromSet(fields.Set{"spec.nodeName": nodeName})
+		// Ignore hostnetwork pods which share the same IP with the node and pods on the same node.
+		// Unlike spec.nodeName, field label "spec.hostNetwork" is not supported, and as a workaround,
+		// We use status.podIP to filter out hostnetwork pods.
+		// https://github.com/kubernetes/kubernetes/blob/41da26dbe15207cbe5b6c36b48a31d2cd3344123/pkg/apis/core/v1/conversion.go#L36
+		nodeIP := os.Getenv(nodeIPEnvKey)
+		if nodeIP == "" {
+			mainLogger.Fatal("failed to get node IP from environment variable", zap.String("node IP env key", nodeIPEnvKey))
+		}
+		podNodeIPNotMatchSelector := fields.OneTermNotEqualSelector("status.podIP", nodeIP)
+		podSelector := fields.AndSelectors(podNodeNameSelector, podNodeIPNotMatchSelector)
+
+		mainLogger.Info("pod selector when remote context is disabled", zap.String("pod selector", podSelector.String()))
+		mgrOption.Cache = crcache.Options{
+			ByObject: map[client.Object]crcache.ByObject{
+				&corev1.Pod{}: {
+					Field: podSelector,
+				},
+			},
+		}
+	}
+
+	mgr, err := crmgr.New(cfg, mgrOption)
+	if err != nil {
+		mainLogger.Error("Unable to start manager", zap.Error(err))
+		return fmt.Errorf("creating controller-runtime manager: %w", err)
+	}
+
+	//+kubebuilder:scaffold:builder
+
+	if healthCheckErr := mgr.AddHealthzCheck("healthz", healthz.Ping); healthCheckErr != nil {
+		mainLogger.Fatal("Unable to set up health check", zap.Error(healthCheckErr))
+	}
+	if addReadyCheckErr := mgr.AddReadyzCheck("readyz", healthz.Ping); addReadyCheckErr != nil {
+		mainLogger.Fatal("Unable to set up ready check", zap.Error(addReadyCheckErr))
+	}
+
+	// k8s Client used for informers
+	cl := kubernetes.NewForConfigOrDie(mgr.GetConfig())
+
+	serverVersion, err := cl.Discovery().ServerVersion()
+	if err != nil {
+		mainLogger.Error("failed to get Kubernetes server version: ", zap.Error(err))
+	} else {
+		mainLogger.Infof("Kubernetes server version: %v", serverVersion)
+	}
+
+	// Setup RetinaEndpoint controller.
+	// TODO(mainred): This is to temporarily create a cache and pubsub for RetinaEndpoint, need to refactor this.
+	ctx := ctrl.SetupSignalHandler()
+	ctrl.SetLogger(zapr.NewLogger(zl.Logger.Named("controller-runtime")))
+
+	if daemonConfig.EnablePodLevel {
+		pubSub := pubsub.New()
+		controllerCache := controllercache.New(pubSub)
+		enrich := enricher.New(ctx, controllerCache)
+		//nolint:govet // shadowing this err is fine
+		fm, err := filtermanager.Init(5) //nolint:gomnd // defaults
+		if err != nil {
+			mainLogger.Fatal("unable to create filter manager", zap.Error(err))
+		}
+		defer fm.Stop() //nolint:errcheck // best effort
+		enrich.Run()
+		metricsModule := mm.InitModule(ctx, daemonConfig, pubSub, enrich, fm, controllerCache)
+
+		if !daemonConfig.RemoteContext {
+			mainLogger.Info("Initializing Pod controller")
+
+			podController := pc.New(mgr.GetClient(), controllerCache)
+			if err := podController.SetupWithManager(mgr); err != nil {
+				mainLogger.Fatal("unable to create PodController", zap.Error(err))
+			}
+		} else if daemonConfig.EnableRetinaEndpoint {
+			mainLogger.Info("RetinaEndpoint is enabled")
+			mainLogger.Info("Initializing RetinaEndpoint controller")
+
+			retinaEndpointController := kec.New(mgr.GetClient(), controllerCache)
+			if err := retinaEndpointController.SetupWithManager(mgr); err != nil {
+				mainLogger.Fatal("unable to create retinaEndpointController", zap.Error(err))
+			}
+		}
+
+		mainLogger.Info("Initializing Node controller")
+		nodeController := nc.New(mgr.GetClient(), controllerCache)
+		if err := nodeController.SetupWithManager(mgr); err != nil {
+			mainLogger.Fatal("unable to create nodeController", zap.Error(err))
+		}
+
+		mainLogger.Info("Initializing Service controller")
+		svcController := sc.New(mgr.GetClient(), controllerCache)
+		if err := svcController.SetupWithManager(mgr); err != nil {
+			mainLogger.Fatal("unable to create svcController", zap.Error(err))
+		}
+
+		if daemonConfig.EnableAnnotations {
+			mainLogger.Info("Initializing MetricsConfig namespaceController")
+			namespaceController := namespacecontroller.New(mgr.GetClient(), controllerCache, metricsModule)
+			if err := namespaceController.SetupWithManager(mgr); err != nil {
+				mainLogger.Fatal("unable to create namespaceController", zap.Error(err))
+			}
+			go namespaceController.Start(ctx)
+		} else {
+			mainLogger.Info("Initializing MetricsConfig controller")
+			metricsConfigController := mcc.New(mgr.GetClient(), mgr.GetScheme(), metricsModule)
+			if err := metricsConfigController.SetupWithManager(mgr); err != nil {
+				mainLogger.Fatal("unable to create metricsConfigController", zap.Error(err))
+			}
+		}
+	}
+
+	controllerMgr, err := cm.NewControllerManager(daemonConfig, cl, tel)
+	if err != nil {
+		mainLogger.Fatal("Failed to create controller manager", zap.Error(err))
+	}
+	if err := controllerMgr.Init(ctx); err != nil {
+		mainLogger.Fatal("Failed to initialize controller manager", zap.Error(err))
+	}
+	// Stop is best effort. If it fails, we still want to stop the main process.
+	// This is needed for graceful shutdown of Retina plugins.
+	// Do it in the main thread as graceful shutdown is important.
+	defer controllerMgr.Stop(ctx)
+
+	// start heartbeat goroutine for application insights
+	go tel.Heartbeat(ctx, heartbeatInterval)
+
+	// Start controller manager, which will start http server and plugin manager.
+	go controllerMgr.Start(ctx)
+	mainLogger.Info("Started controller manager")
+
+	// Start all registered controllers. This will block until container receives SIGTERM.
+	if err := mgr.Start(ctx); err != nil {
+		mainLogger.Fatal("unable to start manager", zap.Error(err))
+	}
+
+	mainLogger.Info("Network observability exiting. Till next time!")
+	return nil
+}
diff --git a/cmd/root.go b/cmd/root.go
new file mode 100644
index 0000000000..b1cec2ae0d
--- /dev/null
+++ b/cmd/root.go
@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/microsoft/retina/cmd/legacy"
+	"github.com/spf13/cobra"
+)
+
+const (
+	configFileName = "/retina/config/config.yaml"
+)
+
+var (
+	metricsAddr          string
+	probeAddr            string
+	enableLeaderElection bool
+	cfgFile              string
+
+	rootCmd = &cobra.Command{
+		Use:   "retina-agent",
+		Short: "Retina Agent",
+		Long:  "Start Retina Agent",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			// Do Stuff Here
+			fmt.Println("Starting Retina Agent")
+			d := legacy.NewDaemon(metricsAddr, probeAddr, cfgFile, enableLeaderElection)
+			if err := d.Start(); err != nil {
+				return fmt.Errorf("starting daemon: %w", err)
+			}
+			return nil
+		},
+	}
+)
+
+func init() {
+	rootCmd.Flags().StringVar(&metricsAddr, "metrics-bind-address", ":18080", "The address the metric endpoint binds to.")
+	rootCmd.Flags().StringVar(&probeAddr, "health-probe-bind-address", ":18081", "The address the probe endpoint binds to.")
+	rootCmd.Flags().BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
+	rootCmd.Flags().StringVar(&cfgFile, "config", configFileName, "config file")
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
diff --git a/controller/Dockerfile b/controller/Dockerfile
index 0b959492b4..3035d1ef36 100644
--- a/controller/Dockerfile
+++ b/controller/Dockerfile
@@ -80,13 +80,27 @@ RUN tdnf install -y \
     iproute \
     iptables \
     tcpdump \
-    which
+    which \
+    wget \
+    gnupg2 \
+    ca-certificates \
+    tar
 RUN mkdir -p /tmp/bin
 RUN arr="clang tcpdump ip ss iptables-legacy iptables-legacy-save iptables-nft iptables-nft-save cp uname" ;\
     for i in $arr; do    \
     cp $(which $i) /tmp/bin;   \
     done
-
+# Download Hubble
+ARG GOARCH=amd64
+ENV HUBBLE_ARCH=${GOARCH}
+ARG HUBBLE_VERSION=v0.13.0
+ENV HUBBLE_VERSION=${HUBBLE_VERSION}
+RUN echo "Hubble version: $HUBBLE_VERSION" && \
+    wget --no-check-certificate https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-${HUBBLE_ARCH}.tar.gz && \
+    wget --no-check-certificate https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum && \
+    sha256sum --check hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum && \
+    tar xzvfC hubble-linux-${HUBBLE_ARCH}.tar.gz /usr/local && \
+    rm hubble-linux-${HUBBLE_ARCH}.tar.gz && rm hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum
 
 # init final image
 FROM mariner-distroless as init
@@ -106,6 +120,10 @@ COPY --from=tools /tmp/bin/ /bin
 COPY --from=controller-bin /go/bin/retina/controller /retina/controller
 COPY --from=controller-bin /go/src/github.com/microsoft/retina/pkg/plugin /go/src/github.com/microsoft/retina/pkg/plugin
 COPY --from=capture-bin /go/bin/retina/captureworkload /retina/captureworkload
+# Copy Hubble.
+COPY --from=tools /usr/local/hubble /bin/hubble
+# Set Hubble server.
+ENV HUBBLE_SERVER=unix:///var/run/cilium/hubble.sock
 ENTRYPOINT ["./retina/controller"]
 
 
diff --git a/controller/main.go b/controller/main.go
index 261edf2d1b..b9cd9386bc 100644
--- a/controller/main.go
+++ b/controller/main.go
@@ -3,305 +3,9 @@
 package main
 
 import (
-	"flag"
-	"fmt"
-	"os"
-	"strings"
-	"time"
-
-	"go.uber.org/zap"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/fields"
-	k8sruntime "k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/kubernetes"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	ctrl "sigs.k8s.io/controller-runtime"
-	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	kcfg "sigs.k8s.io/controller-runtime/pkg/client/config"
-	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	crmgr "sigs.k8s.io/controller-runtime/pkg/manager"
-	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
-
-	"github.com/go-logr/zapr"
-	retinav1alpha1 "github.com/microsoft/retina/crd/api/v1alpha1"
-	"github.com/microsoft/retina/pkg/config"
-	controllercache "github.com/microsoft/retina/pkg/controllers/cache"
-	mcc "github.com/microsoft/retina/pkg/controllers/daemon/metricsconfiguration"
-	namespacecontroller "github.com/microsoft/retina/pkg/controllers/daemon/namespace"
-	nc "github.com/microsoft/retina/pkg/controllers/daemon/node"
-	pc "github.com/microsoft/retina/pkg/controllers/daemon/pod"
-	kec "github.com/microsoft/retina/pkg/controllers/daemon/retinaendpoint"
-	sc "github.com/microsoft/retina/pkg/controllers/daemon/service"
-
-	"github.com/microsoft/retina/pkg/enricher"
-	"github.com/microsoft/retina/pkg/log"
-	cm "github.com/microsoft/retina/pkg/managers/controllermanager"
-	"github.com/microsoft/retina/pkg/managers/filtermanager"
-	"github.com/microsoft/retina/pkg/metrics"
-	mm "github.com/microsoft/retina/pkg/module/metrics"
-	"github.com/microsoft/retina/pkg/pubsub"
-	"github.com/microsoft/retina/pkg/telemetry"
-)
-
-const (
-	configFileName    = "/retina/config/config.yaml"
-	logFileName       = "retina.log"
-	heartbeatInterval = 5 * time.Minute
-
-	nodeNameEnvKey = "NODE_NAME"
-	nodeIPEnvKey   = "NODE_IP"
+	"github.com/microsoft/retina/cmd"
 )
 
-var (
-	scheme = k8sruntime.NewScheme()
-
-	// applicationInsightsID is the instrumentation key for Azure Application Insights
-	// It is set during the build process using the -ldflags flag
-	// If it is set, the application will send telemetry to the corresponding Application Insights resource.
-	applicationInsightsID string
-	version               string
-
-	cfgFile string
-)
-
-func init() {
-	//+kubebuilder:scaffold:scheme
-	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-	utilruntime.Must(retinav1alpha1.AddToScheme(scheme))
-}
-
 func main() {
-	fmt.Printf("starting Retina %v", version)
-	var metricsAddr string
-	var enableLeaderElection bool
-	var probeAddr string
-	flag.StringVar(&metricsAddr, "metrics-bind-address", ":18080", "The address the metric endpoint binds to.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":18081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
-		"Enable leader election for controller manager. "+
-			"Enabling this will ensure there is only one active controller manager.")
-
-	if applicationInsightsID != "" {
-		telemetry.InitAppInsights(applicationInsightsID, version)
-		defer telemetry.ShutdownAppInsights()
-		defer telemetry.TrackPanic()
-	}
-
-	flag.StringVar(&cfgFile, "config", configFileName, "config file")
-	flag.Parse()
-
-	fmt.Printf("loading config %s\n", cfgFile)
-	config, err := config.GetConfig(cfgFile)
-	if err != nil {
-		panic(err)
-	}
-
-	fmt.Println("init client-go")
-	cfg, err := kcfg.GetConfig()
-	if err != nil {
-		panic(err)
-	}
-
-	fmt.Println("init logger")
-	zl, err := log.SetupZapLogger(&log.LogOpts{
-		Level:                 config.LogLevel,
-		File:                  false,
-		FileName:              logFileName,
-		MaxFileSizeMB:         100, //nolint:gomnd // defaults
-		MaxBackups:            3,   //nolint:gomnd // defaults
-		MaxAgeDays:            30,  //nolint:gomnd // defaults
-		ApplicationInsightsID: applicationInsightsID,
-		EnableTelemetry:       config.EnableTelemetry,
-	},
-		zap.String("version", version),
-		zap.String("apiserver", cfg.Host),
-		zap.String("plugins", strings.Join(config.EnabledPlugin, `,`)),
-	)
-	if err != nil {
-		panic(err)
-	}
-	defer zl.Close()
-	mainLogger := zl.Named("main").Sugar()
-
-	metrics.InitializeMetrics()
-
-	var tel telemetry.Telemetry
-	if config.EnableTelemetry && applicationInsightsID != "" {
-		mainLogger.Info("telemetry enabled", zap.String("applicationInsightsID", applicationInsightsID))
-		tel = telemetry.NewAppInsightsTelemetryClient("retina-agent", map[string]string{
-			"version":   version,
-			"apiserver": cfg.Host,
-			"plugins":   strings.Join(config.EnabledPlugin, `,`),
-		})
-	} else {
-		mainLogger.Info("telemetry disabled")
-		tel = telemetry.NewNoopTelemetry()
-	}
-
-	// Create a manager for controller-runtime
-
-	mgrOption := crmgr.Options{
-		Scheme: scheme,
-		Metrics: metricsserver.Options{
-			BindAddress: metricsAddr,
-		},
-		HealthProbeBindAddress: probeAddr,
-		LeaderElection:         enableLeaderElection,
-		LeaderElectionID:       "ecaf1259.retina.sh",
-	}
-
-	// Local context has its meaning only when pod level(advanced) metrics is enabled.
-	if config.EnablePodLevel && !config.RemoteContext {
-		mainLogger.Info("Remote context is disabled, only pods deployed on the same node as retina-agent will be monitored")
-		// the new cache sets Selector options on the Manager cache which are used
-		// to perform *server-side* filtering of the cached objects. This is very important
-		// for high node/pod count clusters, as it keeps us from watching objects at the
-		// whole cluster scope when we are only interested in the Node's scope.
-		nodeName := os.Getenv(nodeNameEnvKey)
-		if len(nodeName) == 0 {
-			mainLogger.Error("failed to get node name from environment variable", zap.String("node name env key", nodeNameEnvKey))
-			os.Exit(1)
-		}
-		podNodeNameSelector := fields.SelectorFromSet(fields.Set{"spec.nodeName": nodeName})
-		// Ignore hostnetwork pods which share the same IP with the node and pods on the same node.
-		// Unlike spec.nodeName, field label "spec.hostNetwork" is not supported, and as a workaround,
-		// We use status.podIP to filter out hostnetwork pods.
-		// https://github.com/kubernetes/kubernetes/blob/41da26dbe15207cbe5b6c36b48a31d2cd3344123/pkg/apis/core/v1/conversion.go#L36
-		nodeIP := os.Getenv(nodeIPEnvKey)
-		if len(nodeIP) == 0 {
-			mainLogger.Error("failed to get node IP from environment variable", zap.String("node IP env key", nodeIPEnvKey))
-			os.Exit(1)
-		}
-		podNodeIPNotMatchSelector := fields.OneTermNotEqualSelector("status.podIP", nodeIP)
-		podSelector := fields.AndSelectors(podNodeNameSelector, podNodeIPNotMatchSelector)
-
-		mainLogger.Info("pod selector when remote context is disabled", zap.String("pod selector", podSelector.String()))
-		mgrOption.Cache = crcache.Options{
-			ByObject: map[client.Object]crcache.ByObject{
-				&corev1.Pod{}: {
-					Field: podSelector,
-				},
-			},
-		}
-	}
-
-	mgr, err := crmgr.New(cfg, mgrOption)
-	if err != nil {
-		mainLogger.Error("Unable to start manager", zap.Error(err))
-		os.Exit(1)
-	}
-
-	//+kubebuilder:scaffold:builder
-
-	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
-		mainLogger.Error("Unable to set up health check", zap.Error(err))
-		os.Exit(1)
-	}
-	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
-		mainLogger.Error("Unable to set up ready check", zap.Error(err))
-		os.Exit(1)
-	}
-
-	// k8s Client used for informers
-	cl := kubernetes.NewForConfigOrDie(mgr.GetConfig())
-
-	serverVersion, err := cl.Discovery().ServerVersion()
-	if err != nil {
-		mainLogger.Error("failed to get Kubernetes server version: ", zap.Error(err))
-	} else {
-		mainLogger.Infof("Kubernetes server version: %v", serverVersion)
-	}
-
-	// Setup RetinaEndpoint controller.
-	// TODO(mainred): This is to temporarily create a cache and pubsub for RetinaEndpoint, need to refactor this.
-	ctx := ctrl.SetupSignalHandler()
-	ctrl.SetLogger(zapr.NewLogger(zl.Logger.Named("controller-runtime")))
-
-	if config.EnablePodLevel {
-		pubSub := pubsub.New()
-		controllerCache := controllercache.New(pubSub)
-		enrich := enricher.New(ctx, controllerCache)
-		fm, err := filtermanager.Init(5)
-		if err != nil {
-			mainLogger.Error("unable to create filter manager", zap.Error(err))
-			os.Exit(1)
-		}
-		defer fm.Stop()
-		enrich.Run()
-		metricsModule := mm.InitModule(ctx, config, pubSub, enrich, fm, controllerCache)
-
-		if !config.RemoteContext {
-			mainLogger.Info("Initializing Pod controller")
-
-			podController := pc.New(mgr.GetClient(), controllerCache)
-			if err := podController.SetupWithManager(mgr); err != nil {
-				mainLogger.Fatal("unable to create PodController", zap.Error(err))
-			}
-		} else {
-			if config.EnableRetinaEndpoint {
-				mainLogger.Info("RetinaEndpoint is enabled")
-				mainLogger.Info("Initializing RetinaEndpoint controller")
-
-				retinaEndpointController := kec.New(mgr.GetClient(), controllerCache)
-				if err := retinaEndpointController.SetupWithManager(mgr); err != nil {
-					mainLogger.Fatal("unable to create retinaEndpointController", zap.Error(err))
-				}
-			}
-		}
-
-		mainLogger.Info("Initializing Node controller")
-		nodeController := nc.New(mgr.GetClient(), controllerCache)
-		if err := nodeController.SetupWithManager(mgr); err != nil {
-			mainLogger.Fatal("unable to create nodeController", zap.Error(err))
-		}
-
-		mainLogger.Info("Initializing Service controller")
-		svcController := sc.New(mgr.GetClient(), controllerCache)
-		if err := svcController.SetupWithManager(mgr); err != nil {
-			mainLogger.Fatal("unable to create svcController", zap.Error(err))
-		}
-
-		if config.EnableAnnotations {
-			mainLogger.Info("Initializing MetricsConfig namespaceController")
-			namespaceController := namespacecontroller.New(mgr.GetClient(), controllerCache, metricsModule)
-			if err := namespaceController.SetupWithManager(mgr); err != nil {
-				mainLogger.Fatal("unable to create namespaceController", zap.Error(err))
-			}
-			go namespaceController.Start(ctx)
-		} else {
-			mainLogger.Info("Initializing MetricsConfig controller")
-			metricsConfigController := mcc.New(mgr.GetClient(), mgr.GetScheme(), metricsModule)
-			if err := metricsConfigController.SetupWithManager(mgr); err != nil {
-				mainLogger.Fatal("unable to create metricsConfigController", zap.Error(err))
-			}
-		}
-	}
-
-	controllerMgr, err := cm.NewControllerManager(config, cl, tel)
-	if err != nil {
-		mainLogger.Fatal("Failed to create controller manager", zap.Error(err))
-	}
-	if err := controllerMgr.Init(ctx); err != nil {
-		mainLogger.Fatal("Failed to initialize controller manager", zap.Error(err))
-	}
-	// Stop is best effort. If it fails, we still want to stop the main process.
-	// This is needed for graceful shutdown of Retina plugins.
-	// Do it in the main thread as graceful shutdown is important.
-	defer controllerMgr.Stop(ctx)
-
-	// start heartbeat goroutine for application insights
-	go tel.Heartbeat(ctx, heartbeatInterval)
-
-	// Start controller manager, which will start http server and plugin manager.
-	go controllerMgr.Start(ctx)
-	mainLogger.Info("Started controller manager")
-
-	// Start all registered controllers. This will block until container receives SIGTERM.
-	if err := mgr.Start(ctx); err != nil {
-		mainLogger.Fatal("unable to start manager", zap.Error(err))
-	}
-
-	mainLogger.Info("Network observability exiting. Till next time!")
+	cmd.Execute()
 }
diff --git a/crd/Makefile b/crd/Makefile
index 9a1e3caabb..9a2b616108 100644
--- a/crd/Makefile
+++ b/crd/Makefile
@@ -4,7 +4,7 @@ REPO_ROOT = $(shell git rev-parse --show-toplevel)
 TOOLS_DIR = $(REPO_ROOT)/hack/tools
 TOOLS_BIN_DIR = $(TOOLS_DIR)/bin
 CONTROLLER_GEN = $(TOOLS_BIN_DIR)/controller-gen
-HELM_CRD_DIR = $(REPO_ROOT)/deploy/manifests/controller/helm/retina/crds
+HELM_CRD_DIR = $(REPO_ROOT)/deploy/legacy/manifests/controller/helm/retina/crds
 
 .PHONY: generate manifests
 
diff --git a/deploy/grafana/dashboards/README.md b/deploy/grafana/dashboards/README.md
deleted file mode 100644
index 1dfbae4b40..0000000000
--- a/deploy/grafana/dashboards/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# README
-
-Dashboards here are a copy of dashboards published in Retina organization on grafana.com
diff --git a/deploy/hubble/grafana/dashboards/clusters.json b/deploy/hubble/grafana/dashboards/clusters.json
new file mode 100644
index 0000000000..b620b8a3b4
--- /dev/null
+++ b/deploy/hubble/grafana/dashboards/clusters.json
@@ -0,0 +1,3734 @@
+{
+  "__inputs": [],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "9.5.15"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "stat",
+      "name": "Stat",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "table",
+      "name": "Table",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "text",
+      "name": "Text",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "editable": true,
+  "id": null,
+  "links": [
+    {
+      "asDropdown": true,
+      "icon": "external link",
+      "includeVars": true,
+      "keepTime": true,
+      "tags": [
+        "k8s:network-observability"
+      ],
+      "targetBlank": false,
+      "title": "Dashboards: Network Observability",
+      "tooltip": "",
+      "type": "dashboards",
+      "url": ""
+    },
+    {
+      "asDropdown": false,
+      "icon": "info",
+      "includeVars": false,
+      "keepTime": false,
+      "tags": [],
+      "targetBlank": true,
+      "title": "Documentation",
+      "tooltip": "",
+      "type": "link",
+      "url": "https://aka.ms/NetObsAddonDoc"
+    }
+  ],
+  "liveNow": true,
+  "panels": [
+    {
+      "gridPos": {
+        "h": 4,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 35,
+      "options": {
+        "code": {
+          "language": "plaintext",
+          "showLineNumbers": false,
+          "showMiniMap": false
+        },
+        "content": "# Network Observability Metrics\n\nUse this dashboard to visualise metrics from the Network Observability add-on for AKS. Dashboard displays metrics from Linux and Windows Clusters. To hide the irrelevant metrics, simply collapse the unwanted sections. Alternatively, you can edit the dashboard to delete unwanted panels. For any questions or issues, please see [our documentation](https://aka.ms/NetObsAddonDoc).",
+        "mode": "markdown"
+      },
+      "type": "text"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 4
+      },
+      "id": 155,
+      "panels": [],
+      "title": "Fleet View",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "left",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "filterable": false,
+            "inspect": false
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 6,
+        "x": 0,
+        "y": 5
+      },
+      "id": 156,
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": false,
+          "fields": "",
+          "reducer": [
+            "max"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": true,
+            "displayName": "Bytes Forwarded"
+          }
+        ]
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "sum by (cluster) (\r\n    rate(networkobservability_forward_bytes[$__rate_interval])\r\n    or\r\n    rate(kappie_forward_bytes[$__rate_interval])\r\n    or\r\n    rate(cilium_forward_bytes_total[$__rate_interval])\r\n)",
+          "format": "table",
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Current Traffic by Cluster",
+      "transformations": [
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {
+              "Value": "Bytes Forwarded",
+              "cluster": "Cluster"
+            }
+          }
+        }
+      ],
+      "transparent": true,
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "semi-dark-blue",
+            "mode": "continuous-BlYlRd"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 18,
+        "x": 6,
+        "y": 5
+      },
+      "id": 123,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by(cluster) (\r\n    rate(networkobservability_forward_count{instance=~\"$Nodes\"}[$__rate_interval])\r\n    or\r\n    on(cluster)\r\n        rate(kappie_forward_count{instance=~\"$Nodes\"}[$__rate_interval])\r\n    or\r\n    on(cluster)\r\n        rate(cilium_forward_count_total{instance=~\"$Nodes\"}[$__rate_interval])\r\n)",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Bytes Forwarded by Cluster",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "left",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "filterable": false,
+            "inspect": false
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 6,
+        "x": 0,
+        "y": 12
+      },
+      "id": 158,
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": false,
+          "fields": "",
+          "reducer": [
+            "max"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": true,
+            "displayName": "Bytes Dropped"
+          }
+        ]
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "sum by (cluster) (\r\n    rate(networkobservability_drop_bytes[$__rate_interval])\r\n    or\r\n    rate(kappie_drop_bytes[$__rate_interval])\r\n    or\r\n    rate(cilium_drop_bytes_total[$__rate_interval])\r\n)",
+          "format": "table",
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Current Dropped Traffic by Cluster",
+      "transformations": [
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {
+              "Value": "Bytes Dropped",
+              "cluster": "Cluster"
+            }
+          }
+        }
+      ],
+      "transparent": true,
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 9,
+        "x": 6,
+        "y": 12
+      },
+      "id": 129,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by(cluster) (rate(networkobservability_drop_bytes[$__rate_interval]))\r\nor\r\nsum by(cluster) (rate(kappie_drop_bytes[$__rate_interval]))\r\nor\r\nsum by(cluster) (rate(cilium_drop_bytes_total[$__rate_interval]))",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Bytes Dropped by Cluster",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 9,
+        "x": 15,
+        "y": 12
+      },
+      "id": 130,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by(cluster) (rate(networkobservability_drop_count[$__rate_interval]))\r\nor\r\nsum by(cluster) (rate(kappie_drop_count[$__rate_interval]))\r\nor\r\nsum by(cluster) (rate(cilium_drop_count_total[$__rate_interval]))",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped By Cluster",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 19
+      },
+      "id": 57,
+      "panels": [],
+      "title": "Traffic (on $cluster)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 0,
+        "y": 20
+      },
+      "id": 141,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Max Egress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "super-light-blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 3,
+        "y": 20
+      },
+      "id": 145,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "format": "time_series",
+          "instant": false,
+          "legendFormat": "Min Egress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 6,
+        "y": 20
+      },
+      "id": 120,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Max Egress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "super-light-blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 9,
+        "y": 20
+      },
+      "id": 146,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Min Egress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 12,
+        "y": 20
+      },
+      "id": 147,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Max Ingress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 1,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "super-light-blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 15,
+        "y": 20
+      },
+      "id": 148,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Min Ingress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 18,
+        "y": 20
+      },
+      "id": 149,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Max Ingress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "super-light-blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 3,
+        "x": 21,
+        "y": 20
+      },
+      "id": 150,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value_and_name"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Min Ingress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 6,
+        "x": 0,
+        "y": 24
+      },
+      "id": 119,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Egress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Egress Bytes",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 6,
+        "x": 6,
+        "y": 24
+      },
+      "id": 143,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Egress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Egress Packets",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 6,
+        "x": 12,
+        "y": 24
+      },
+      "id": 142,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_bytes{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_bytes_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Ingress Bytes",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Ingress Bytes",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 6,
+        "x": 18,
+        "y": 24
+      },
+      "id": 144,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_forward_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_forward_count_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Ingress Packets",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Ingress Packets",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 30
+      },
+      "id": 55,
+      "panels": [],
+      "title": "Drops (on $cluster)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 8,
+        "x": 0,
+        "y": 31
+      },
+      "id": 124,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_drop_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_drop_count{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_drop_count_total{direction=\"egress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Dropped Packets (Egress)",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped - Egress",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 8,
+        "x": 8,
+        "y": 31
+      },
+      "id": 125,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_drop_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_drop_count{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(cilium_drop_count_total{direction=\"ingress\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "Dropped Packets (Ingress)",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped - Ingress",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 8,
+        "x": 16,
+        "y": 31
+      },
+      "id": 114,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_drop_count{direction=\"unknown\", instance=~\"$Nodes\", cluster=\"$cluster\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_drop_count{direction=\"unknown\", instance=~\"$Nodes\", cluster=\"$cluster\"}[$__rate_interval]))",
+          "legendFormat": "Dropped Packets (Unknown)",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped - Unknown",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- Non-Cilium (Linux):\n  - iptable_rule_drop: packet dropped in iptables, e.g., because of a NetworkPolicy if using --network-policy=azure\n  - iptable_nat_drop: packet dropped in iptables during NAT (Network Address Translation)\n  - tcp_connect_basic: packet dropped by tcp connect\n  - tcp_accept_basic: packet dropped by tcp accept\n  - tcp_close_basic: packet dropped by tcp close\n  - conntrack_add_drop: packet dropped while conntrack (connection tracking) was adding the connection\n- Cilium (Linux):\n  - Many possible values",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-YlRd"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 38
+      },
+      "id": 86,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by (reason) (rate(networkobservability_drop_bytes{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (reason) (rate(kappie_drop_bytes{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (reason) (rate(cilium_drop_bytes_total{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Bytes Dropped by Reason",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- Non-Cilium (Linux):\n  - iptable_rule_drop: packet dropped in iptables, e.g., because of a NetworkPolicy if using --network-policy=azure\n  - iptable_nat_drop: packet dropped in iptables during NAT (Network Address Translation)\n  - tcp_connect_basic: packet dropped by tcp connect\n  - tcp_accept_basic: packet dropped by tcp accept\n  - tcp_close_basic: packet dropped by tcp close\n  - conntrack_add_drop: packet dropped while conntrack (connection tracking) was adding the connection\n  - rx_dropped: an interface dropped a received packet\n  - tx_dropped: an interface dropped a transmitted packet\n- Non-Cilium (Windows):\n  - aclrule: dropped by an ACL rule in VFP, e.g., because of a NetworkPolicy\n  - endpoint: dropped by an HNS Pod Endpoint \n- Cilium (Linux):\n  - Many possible values",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-YlRd"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 38
+      },
+      "id": 88,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by (reason) (rate(networkobservability_drop_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (reason) (rate(kappie_drop_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (reason) (rate(cilium_drop_count_total{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (reason) (\r\n  label_replace(\r\n    rate(networkobservability_interface_stats{statistic_name=\"rx_dropped\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]),\r\n    \"reason\",\r\n    \"$1\",\r\n    \"statistic_name\",\r\n    \"(.*)\"\r\n  )\r\n)\r\nor # cannot combine these interface_stats expressions into one using regex, since regex would capture anything with rx_dropped or tx_dropped in it\r\nsum by (reason) (\r\n  label_replace(\r\n    rate(networkobservability_interface_stats{statistic_name=\"tx_dropped\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]),\r\n    \"reason\",\r\n    \"$1\",\r\n    \"statistic_name\",\r\n    \"(.*)\"\r\n  )\r\n)",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped by Reason",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-BlYlRd"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 46
+      },
+      "id": 131,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by(instance) (rate(networkobservability_drop_bytes{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by(instance) (rate(kappie_drop_bytes{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by(instance) (rate(cilium_drop_bytes_total{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Bytes Dropped by Node",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-YlRd"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 30,
+            "gradientMode": "hue",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 46
+      },
+      "id": 132,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum by(instance) (rate(networkobservability_drop_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by(instance) (rate(kappie_drop_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by(instance) (rate(cilium_drop_count_total{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Packets Dropped by Node",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 54
+      },
+      "id": 59,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 15,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 8
+          },
+          "id": 64,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by(state) (networkobservability_tcp_state{cluster=\"$cluster\", instance=~\"$Nodes\"})\r\nor\r\nsum by(state) (kappie_tcp_state{cluster=\"$cluster\", instance=~\"$Nodes\"})",
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TCP Active Connections by State",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 15,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 8
+          },
+          "id": 68,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by(address) (networkobservability_tcp_connection_remote{cluster=\"$cluster\", instance=~\"$Nodes\", address!~\"127.0.0.1|0.0.0.0\"})\r\nor\r\nsum by(address) (kappie_tcp_connection_remote{cluster=\"$cluster\", instance=~\"$Nodes\", address!~\"127.0.0.1|0.0.0.0\"})",
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TCP Active Connections by Remote Addr",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 10,
+            "x": 0,
+            "y": 16
+          },
+          "id": 65,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_connection_stats{statistic_name=\"tcptimeouts\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_connection_stats{statistic_name=\"tcptimeouts\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP Timeouts",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TCP Connection Timeouts",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 7,
+            "x": 10,
+            "y": 16
+          },
+          "id": 66,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_connection_stats{statistic_name=\"resetcount\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_connection_stats{statistic_name=\"resetcount\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP Resets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TCP Connection Resets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 7,
+            "x": 17,
+            "y": 16
+          },
+          "id": 69,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_connection_stats{statistic_name=\"tcptsreorder\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_connection_stats{statistic_name=\"tcptsreorder\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP Reorders",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TCP Connection Reorders",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Windows Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 8,
+            "x": 0,
+            "y": 24
+          },
+          "id": 61,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_flag_counters{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_flag_counters{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Windows TCP Packets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Windows Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 8,
+            "x": 8,
+            "y": 24
+          },
+          "id": 62,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_flag_counters{flag=\"rst\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_flag_counters{flag=\"rst\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP Reset Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Windows TCP RST Packets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Windows Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 8,
+            "x": 16,
+            "y": 24
+          },
+          "id": 70,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(rate(networkobservability_tcp_flag_counters{flag=\"synack\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum(rate(kappie_tcp_flag_counters{flag=\"synack\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "TCP SYN-ACK packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Windows TCP SYN-ACK Packets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-BlPu"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 15,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 7,
+            "w": 24,
+            "x": 0,
+            "y": 32
+          },
+          "id": 72,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": false
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum(networkobservability_udp_connection_stats{statistic_name=\"active\", cluster=\"$cluster\", instance=~\"$Nodes\"})\r\nor\r\nsum(kappie_udp_connection_stats{statistic_name=\"active\", cluster=\"$cluster\", instance=~\"$Nodes\"})",
+              "legendFormat": "Total UDP Connections",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "UDP Connections",
+          "type": "timeseries"
+        }
+      ],
+      "title": "Connections (on $cluster)",
+      "type": "row"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 55
+      },
+      "id": 74,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 0,
+            "y": 33
+          },
+          "id": 76,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (interface_name) (rate(networkobservability_interface_stats{statistic_name=\"rx_packets\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum by (interface_name) (rate(kappie_interface_stats{statistic_name=\"rx_packets\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "{{interface_name}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "RX Packets by Interface",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 6,
+            "y": 33
+          },
+          "id": 77,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (interface_name) (rate(networkobservability_interface_stats{statistic_name=\"tx_packets\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))\r\nor\r\nsum by (interface_name) (rate(kappie_interface_stats{statistic_name=\"tx_packets\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval]))",
+              "legendFormat": "{{interface_name}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "TX Packets by Interface",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 12,
+            "y": 33
+          },
+          "id": 94,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=~\"rx[0-9]+_cache_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (instance) (rate(kappie_interface_stats{statistic_name=~\"rx[0-9]+_cache_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Rx Cache Full error",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 18,
+            "y": 33
+          },
+          "id": 93,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=~\"tx[0-9]+_nop\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (instance) (rate(kappie_interface_stats{statistic_name=~\"tx[0-9]+_nop\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "hide": false,
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "B"
+            }
+          ],
+          "title": "Tx No Op Errors",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 0,
+            "y": 41
+          },
+          "id": 161,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=\"rx_dropped\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Dropped Rx Packets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 6,
+            "y": 41
+          },
+          "id": 162,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=\"tx_dropped\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Dropped Tx Packets",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 12,
+            "y": 41
+          },
+          "id": 160,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=\"rx_comp_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (instance) (rate(kappie_interface_stats{statistic_name=\"rx_comp_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Rx Comp Full Errors",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Non-Cilium only",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 18,
+            "y": 41
+          },
+          "id": 159,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "sum by (instance) (rate(networkobservability_interface_stats{statistic_name=\"tx_send_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0\r\nor\r\nsum by (instance) (rate(kappie_interface_stats{statistic_name=\"tx_send_full\", cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) > 0",
+              "legendFormat": "{{instance}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Tx Send Full Errors",
+          "type": "timeseries"
+        }
+      ],
+      "title": "Interfaces/Nodes (on $cluster)",
+      "type": "row"
+    }
+  ],
+  "refresh": "",
+  "revision": 1,
+  "schemaVersion": 38,
+  "style": "dark",
+  "tags": [
+    "k8s:network-observability"
+  ],
+  "templating": {
+    "list": [
+      {
+        "current": {},
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info, cluster)",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Cluster",
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info, cluster)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+        "hide": 0,
+        "includeAll": true,
+        "label": "Nodes",
+        "multi": true,
+        "name": "Nodes",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-30m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ]
+  },
+  "timezone": "",
+  "title": "Kubernetes / Networking / Clusters",
+  "uid": "NetObs6738",
+  "version": 39
+}
diff --git a/deploy/hubble/grafana/dashboards/dns.json b/deploy/hubble/grafana/dashboards/dns.json
new file mode 100644
index 0000000000..b6417f5932
--- /dev/null
+++ b/deploy/hubble/grafana/dashboards/dns.json
@@ -0,0 +1,1022 @@
+{
+  "__inputs": [],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "9.5.15"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "table",
+      "name": "Table",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "editable": true,
+  "id": null,
+  "links": [
+    {
+      "asDropdown": true,
+      "icon": "external link",
+      "includeVars": true,
+      "keepTime": true,
+      "tags": [
+        "k8s:network-observability"
+      ],
+      "targetBlank": false,
+      "title": "Dashboards: Network Observability",
+      "tooltip": "",
+      "type": "dashboards",
+      "url": ""
+    },
+    {
+      "asDropdown": false,
+      "icon": "info",
+      "includeVars": false,
+      "keepTime": false,
+      "tags": [],
+      "targetBlank": true,
+      "title": "Documentation",
+      "tooltip": "",
+      "type": "link",
+      "url": "https://aka.ms/NetObsAddonDoc"
+    }
+  ],
+  "liveNow": true,
+  "panels": [
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "req/s"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 5,
+        "w": 8,
+        "x": 0,
+        "y": 0
+      },
+      "id": 135,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum (rate(networkobservability_dns_request_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) by (query_type) > 0",
+          "legendFormat": "{{query_type}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Requests",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "resp/s"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 5,
+        "w": 8,
+        "x": 8,
+        "y": 0
+      },
+      "id": 136,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum (rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) by (query_type) > 0",
+          "legendFormat": "{{query_type}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Responses",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "percent"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 5,
+        "w": 8,
+        "x": 16,
+        "y": 0
+      },
+      "id": 137,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "(\r\n    1 - (\r\n        sum (networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\"}) by (query_type) / sum (networkobservability_dns_request_count{cluster=\"$cluster\", instance=~\"$Nodes\"}) by (query_type)\r\n    )\r\n) * 100 * (\r\n    (\r\n        sum (rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) by (query_type)\r\n    ) > bool 0\r\n) > 0",
+          "legendFormat": "{{query_type}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Missing Response",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "resp/s"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 5
+      },
+      "id": 139,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\", return_code=\"NoError\"}[$__rate_interval])) by (num_response) > 0",
+          "legendFormat": "{{num_response}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Response IPs Returned",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "resp/s"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 5
+      },
+      "id": 138,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "label_replace(\r\n    label_replace(\r\n        sum by (return_code, query_type) (\r\n            rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\", return_code!=\"NoError\"}[$__rate_interval])\r\n        ) > 0, \"return_code\", \"non-existent domain\", \"return_code\", \"nxdomain\"\r\n    ), \"return_code\", \"server failure\", \"return_code\", \"servfail\"\r\n)",
+          "legendFormat": "{{return_code}} ({{query_type}})",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Errors",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "req/min"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 24,
+        "x": 0,
+        "y": 12
+      },
+      "id": 140,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "last"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(topk(10, sum (60*rate(networkobservability_dns_request_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) by (query, query_type)), 1)",
+          "interval": "",
+          "legendFormat": "{{query}} ({{query_type}})",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Top DNS Queries (Requests)",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "resp/min"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 24,
+        "x": 0,
+        "y": 20
+      },
+      "id": 144,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "last"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(topk(10, sum (60*rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\"}[$__rate_interval])) by (query, query_type)), 1)",
+          "interval": "",
+          "legendFormat": "{{query}} ({{query_type}})",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Top DNS Queries (Responses)",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Non-Cilium only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "auto",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "inspect": false
+          },
+          "decimals": 0,
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 24,
+        "x": 0,
+        "y": 28
+      },
+      "id": 143,
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": false,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "frameIndex": 22,
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": false,
+            "displayName": "Query"
+          }
+        ]
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "label_replace(\r\n  label_replace(\r\n      sum by (query, query_type, response, return_code) (\r\n        60*rate(networkobservability_dns_response_count{cluster=\"$cluster\", instance=~\"$Nodes\", num_response!=\"0\", response!=\"\"}[$__rate_interval])\r\n      ), \"return_code\", \"non-existent domain\", \"return_code\", \"nxdomain\"\r\n  ), \"return_code\", \"success\", \"return_code\", \"noerror\"\r\n)",
+          "instant": true,
+          "interval": "",
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "DNS Response Table",
+      "transformations": [
+        {
+          "id": "labelsToFields",
+          "options": {
+            "keepLabels": [
+              "num_response",
+              "query",
+              "query_type",
+              "response",
+              "return_code"
+            ]
+          }
+        },
+        {
+          "id": "merge",
+          "options": {}
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true,
+              "Value": true
+            },
+            "indexByName": {
+              "Time": 0,
+              "Value": 1,
+              "num_response": 5,
+              "query": 2,
+              "query_type": 3,
+              "response": 6,
+              "return_code": 4
+            },
+            "renameByName": {
+              "Value": "Responses/Min",
+              "num_response": "IPs in Response",
+              "query": "Query",
+              "query_type": "Type",
+              "response": "Response",
+              "return_code": "Return Code"
+            }
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 15,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              }
+            ]
+          },
+          "unit": "req/min"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 24,
+        "x": 0,
+        "y": 36
+      },
+      "id": 141,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "last"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_dns_responses_total{cluster=\"$cluster\", instance=~\"$Nodes\", rcode=\"No Error\", destination=~\"/\"}[1m])) by (destination)",
+          "interval": "",
+          "legendFormat": "{{destination}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Top Pods with DNS Errors",
+      "type": "timeseries"
+    }
+  ],
+  "refresh": "",
+  "revision": 1,
+  "schemaVersion": 38,
+  "style": "dark",
+  "tags": [
+    "k8s:network-observability"
+  ],
+  "templating": {
+    "list": [
+      {
+        "current": {},
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info, cluster)",
+        "hide": 0,
+        "includeAll": true,
+        "label": "Cluster",
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info, cluster)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info, node)",
+        "hide": 0,
+        "includeAll": true,
+        "label": "Nodes",
+        "multi": true,
+        "name": "Nodes",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info, node)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-30m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ]
+  },
+  "timezone": "",
+  "title": "Kubernetes / Networking / DNS",
+  "uid": "NetObsDNS6741",
+  "version": 1
+}
diff --git a/deploy/hubble/grafana/dashboards/pod-flows-namespace.json b/deploy/hubble/grafana/dashboards/pod-flows-namespace.json
new file mode 100644
index 0000000000..0ce2a61c22
--- /dev/null
+++ b/deploy/hubble/grafana/dashboards/pod-flows-namespace.json
@@ -0,0 +1,4269 @@
+{
+  "__inputs": [],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "panel",
+      "id": "bargauge",
+      "name": "Bar gauge",
+      "version": ""
+    },
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "9.5.15"
+    },
+    {
+      "type": "panel",
+      "id": "heatmap",
+      "name": "Heatmap",
+      "version": ""
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "stat",
+      "name": "Stat",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "editable": true,
+  "id": null,
+  "links": [
+    {
+      "asDropdown": true,
+      "icon": "external link",
+      "includeVars": true,
+      "keepTime": true,
+      "tags": [
+        "k8s:network-observability"
+      ],
+      "targetBlank": false,
+      "title": "Dashboards: Network Observability",
+      "tooltip": "",
+      "type": "dashboards",
+      "url": ""
+    },
+    {
+      "asDropdown": false,
+      "icon": "info",
+      "includeVars": false,
+      "keepTime": false,
+      "tags": [],
+      "targetBlank": true,
+      "title": "Documentation",
+      "tooltip": "Documentation",
+      "type": "link",
+      "url": "https://aka.ms/NetObsAddonDoc"
+    }
+  ],
+  "liveNow": true,
+  "panels": [
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 179,
+      "panels": [],
+      "title": "Top Namespaces",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "displayName": "${__field.displayName}",
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 12,
+        "x": 0,
+        "y": 1
+      },
+      "id": 167,
+      "options": {
+        "displayMode": "basic",
+        "minVizHeight": 10,
+        "minVizWidth": 0,
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showUnfilled": true,
+        "valueMode": "color"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "topk(\r\n  10, round(sum by (namespace) (\r\n    label_replace(\r\n      sum by (source) (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"/\"}[$__rate_interval])),\r\n      \"namespace\", \"$1\", \"source\", \"([-a-z0-9]+)/.+\"\r\n    )\r\n  ), 0.01)\r\n) > 0",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Top Source Namespaces (Outgoing Traffic)",
+      "type": "bargauge"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "displayName": "${__field.displayName}",
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 12,
+        "x": 12,
+        "y": 1
+      },
+      "id": 212,
+      "options": {
+        "displayMode": "basic",
+        "minVizHeight": 10,
+        "minVizWidth": 0,
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showUnfilled": true,
+        "valueMode": "color"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "topk(\r\n  10, round(sum by (namespace) (\r\n    label_replace(\r\n      sum by (destination) (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"/\"}[$__rate_interval])),\r\n      \"namespace\", \"$1\", \"destination\", \"([-a-z0-9]+)/.+\"\r\n    )\r\n  ), 0.01)\r\n) > 0",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Top Destination Namespaces (Incoming Traffic)",
+      "type": "bargauge"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the source Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "displayName": "${__field.displayName}",
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 12,
+        "x": 0,
+        "y": 5
+      },
+      "id": 214,
+      "options": {
+        "displayMode": "basic",
+        "minVizHeight": 10,
+        "minVizWidth": 0,
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showUnfilled": true,
+        "text": {},
+        "valueMode": "color"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "topk(\r\n  10, round(sum by (namespace) (\r\n    label_replace(\r\n      sum by (source) (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"/\", verdict=\"dropped\"}[$__rate_interval])),\r\n      \"namespace\", \"$1\", \"source\", \"([-a-z0-9]+)/.+\"\r\n    )\r\n  ), 0.01)\r\n) > 0",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Top Namespaces with Outgoing Drops",
+      "type": "bargauge"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the destination Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "displayName": "${__field.displayName}",
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 12,
+        "x": 12,
+        "y": 5
+      },
+      "id": 213,
+      "options": {
+        "displayMode": "basic",
+        "minVizHeight": 10,
+        "minVizWidth": 0,
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showUnfilled": true,
+        "text": {},
+        "valueMode": "color"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "topk(\r\n  10, round(sum by (namespace) (\r\n    label_replace(\r\n      sum by (destination) (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"/\", verdict=\"dropped\"}[$__rate_interval])),\r\n      \"namespace\", \"$1\", \"destination\", \"([-a-z0-9]+)/.+\"\r\n    )\r\n  ), 0.01)\r\n) > 0",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "__auto",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Top Namespaces with Incoming Drops",
+      "type": "bargauge"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 9
+      },
+      "id": 216,
+      "panels": [],
+      "title": "Namespace Snapshot ($namespace)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "purple",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 0,
+        "y": 10
+      },
+      "id": 192,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "area",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count(\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"forwarded\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Outgoing Traffic",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Outgoing Traffic (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 10
+      },
+      "id": 193,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Outgoing Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Outgoing Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 10
+      },
+      "id": 198,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Outgoing Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Outgoing Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "purple",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 12,
+        "y": 10
+      },
+      "id": 200,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "area",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "auto"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count(\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"forwarded\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Incoming Traffic",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Incoming Traffic (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 18,
+        "y": 10
+      },
+      "id": 201,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Incoming Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Incoming Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 21,
+        "y": 10
+      },
+      "id": 202,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Incoming Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Incoming Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the source Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "orange",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 0,
+        "y": 13
+      },
+      "id": 194,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count (\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"dropped\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Outgoing Drops",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Outgoing Drops (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 13
+      },
+      "id": 204,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Outgoing Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Outgoing Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 13
+      },
+      "id": 205,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Outgoing Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Outgoing Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the destination Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "orange",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 12,
+        "y": 13
+      },
+      "id": 203,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count (\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"dropped\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Incoming Drops",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Incoming Drops (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 18,
+        "y": 13
+      },
+      "id": 195,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Incoming Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Incoming Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 21,
+        "y": 13
+      },
+      "id": 199,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Incoming Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Incoming Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 16
+      },
+      "id": 178,
+      "panels": [],
+      "title": "Flows (in $namespace)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- to-stack: traffic leaving Pod\n- to-network/overlay: traffic leaving Node",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 17
+      },
+      "id": 174,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])) by (type, subtype)",
+          "legendFormat": "{{type}}/{{subtype}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Outgoing Traffic by Trace Type",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- to-endpoint: traffic reaching Pod\n- from-network/overlay: traffic reaching Node\n",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 17
+      },
+      "id": 176,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])) by (type, subtype)",
+          "legendFormat": "{{type}}/{{subtype}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Incoming Traffic by Trace Type",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 24
+      },
+      "id": 175,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])) by (verdict)",
+          "legendFormat": "{{verdict}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Outgoing Traffic by Verdict",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 24
+      },
+      "id": 177,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])) by (verdict)",
+          "legendFormat": "{{verdict}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Incoming Traffic by Verdict",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "TypeError means there are no drops or no data",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 31
+      },
+      "id": 224,
+      "options": {
+        "calculate": false,
+        "cellGap": 1,
+        "cellValues": {
+          "unit": "pps"
+        },
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "reverse": true,
+          "scale": "exponential",
+          "scheme": "BuPu",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "rowsFrame": {
+          "layout": "auto"
+        },
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])\r\n), 0.01)) > 0",
+          "hide": false,
+          "legendFormat": "{{source}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Heatmap of Outgoing Traffic for Top Source Pods",
+      "type": "heatmap"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "TypeError means there are no drops or no data",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 12,
+        "y": 31
+      },
+      "id": 225,
+      "options": {
+        "calculate": false,
+        "cellGap": 1,
+        "cellValues": {
+          "unit": "pps"
+        },
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "reverse": true,
+          "scale": "exponential",
+          "scheme": "BuPu",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "rowsFrame": {
+          "layout": "auto"
+        },
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])\r\n), 0.01)) > 0",
+          "hide": false,
+          "legendFormat": "{{destination}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Heatmap of Incoming Traffic for Top Destination Pods",
+      "type": "heatmap"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 40
+      },
+      "id": 219,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "min",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "bottom",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\"}[$__rate_interval])\r\n), 0.01) > 0",
+          "hide": false,
+          "legendFormat": "{{source}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Stacked (Total) Outgoing Traffic by Source Pod",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 12,
+        "y": 40
+      },
+      "id": 206,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "min",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "bottom",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\"}[$__rate_interval])\r\n), 0.01) > 0",
+          "hide": false,
+          "legendFormat": "{{destination}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Stacked (Total) Incoming Traffic by Destination Pod",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 49
+      },
+      "id": 183,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 50
+          },
+          "id": 228,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"dropped\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing Drops for Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 50
+          },
+          "id": 227,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"dropped\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming Drops for Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Drops seen on the VM of the source Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 59
+          },
+          "id": 211,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", verdict=\"dropped\"}[$__rate_interval])\r\n  ), 0.01\r\n)",
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing Drops by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Drops seen on the VM of the destination Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 59
+          },
+          "id": 220,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", verdict=\"dropped\"}[$__rate_interval])\r\n  ), 0.01\r\n)",
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming Drops by Destination Pod",
+          "type": "timeseries"
+        }
+      ],
+      "title": "Drops (in $namespace)",
+      "type": "row"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 50
+      },
+      "id": 182,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange"
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 51
+          },
+          "id": 221,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    (\r\n        (sum(\r\n            rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"SYN\"}[10m])\r\n        ) by (source) > 0) - sum(\r\n            label_replace(\r\n                sum(\r\n                    rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"SYN-ACK\"}[10m])\r\n                ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n            )\r\n        ) without (destination)\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods Missing SYN-ACKs",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods Missing SYN-ACKs (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 51
+          },
+          "id": 222,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination)\r\n), 0.01)",
+              "legendFormat": "Max Packets Missing SYN-ACKs",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Packets Missing SYN-ACKs",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 9,
+            "y": 51
+          },
+          "id": 223,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination)\r\n), 0.01) > 0",
+              "legendFormat": "Min Packets Missing SYN-ACKs",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Packets Missing SYN-ACKs",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 54
+          },
+          "id": 232,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(\r\n  sum(\r\n      rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"SYN\"}[$__rate_interval])\r\n  ) by (source) > 0 - sum(\r\n      label_replace(\r\n          sum(\r\n              rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n          ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n      )\r\n  ) without (destination), 0.01\r\n)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Missing TCP SYN-ACKs by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 54
+          },
+          "id": 184,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination), 0.01\r\n)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Missing TCP SYN-ACKs by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange"
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 63
+          },
+          "id": 238,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (source) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"RST\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Outgoing RST",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Outgoing RST (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 63
+          },
+          "id": 239,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Outgoing RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Outgoing RST Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 9,
+            "y": 63
+          },
+          "id": 240,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Outgoing RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Outgoing RST",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange"
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 12,
+            "y": 63
+          },
+          "id": 233,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (destination) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"RST\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Incoming RST",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Incoming RST (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 17,
+            "y": 63
+          },
+          "id": 234,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Incoming RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Incoming RST Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 21,
+            "y": 63
+          },
+          "id": 235,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Incoming RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Incoming RST",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 66
+          },
+          "id": 237,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing TCP RST by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 66
+          },
+          "id": 236,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming TCP RST by Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 75
+          },
+          "id": 241,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing TCP RST by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 75
+          },
+          "id": 242,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming TCP RST by Destination Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "purple"
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 84
+          },
+          "id": 243,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (source) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"FIN\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Outgoing FIN",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Outgoing FIN (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "blue"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 84
+          },
+          "id": 244,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Outgoing FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Outgoing FIN Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-blue"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 9,
+            "y": 84
+          },
+          "id": 245,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Outgoing FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "MIN Outgoing FIN",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "purple"
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 12,
+            "y": 84
+          },
+          "id": 246,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (destination) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"FIN\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Incoming FIN",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Incoming FIN (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "blue"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 17,
+            "y": 84
+          },
+          "id": 247,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Incoming FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Incoming FIN Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-blue"
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 21,
+            "y": 84
+          },
+          "id": 248,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Incoming FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Incoming FIN",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 87
+          },
+          "id": 249,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "BuPu",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing TCP FIN by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 87
+          },
+          "id": 250,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "BuPu",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming TCP FIN by Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 10,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 96
+          },
+          "id": 251,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing TCP FIN by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 10,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 96
+          },
+          "id": 252,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming TCP FIN by Destination Pod",
+          "type": "timeseries"
+        }
+      ],
+      "title": "TCP (in $namespace)",
+      "type": "row"
+    }
+  ],
+  "refresh": "",
+  "revision": 1,
+  "schemaVersion": 38,
+  "style": "dark",
+  "tags": [
+    "k8s:network-observability"
+  ],
+  "templating": {
+    "list": [
+      {
+        "current": {},
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info, cluster)",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Cluster",
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info, cluster)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+        "hide": 0,
+        "includeAll": true,
+        "label": "Nodes",
+        "multi": true,
+        "name": "Nodes",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "query_result(label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"destination\", \"(.*)\") or label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"source\", \"(.*)\"))",
+        "description": "",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Namespace",
+        "multi": false,
+        "name": "namespace",
+        "options": [],
+        "query": {
+          "query": "query_result(label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"destination\", \"(.*)\") or label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"source\", \"(.*)\"))",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "/ns=\"([-a-z0-9]+)/.*/",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-30m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ]
+  },
+  "timezone": "",
+  "title": "Kubernetes / Networking / Pod Flows (Namespace)",
+  "uid": "NetObsFlowsNamespace6739",
+  "version": 1
+}
diff --git a/deploy/hubble/grafana/dashboards/pod-flows-workload.json b/deploy/hubble/grafana/dashboards/pod-flows-workload.json
new file mode 100644
index 0000000000..5f711f5462
--- /dev/null
+++ b/deploy/hubble/grafana/dashboards/pod-flows-workload.json
@@ -0,0 +1,4019 @@
+{
+  "__inputs": [],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "9.5.15"
+    },
+    {
+      "type": "panel",
+      "id": "heatmap",
+      "name": "Heatmap",
+      "version": ""
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "stat",
+      "name": "Stat",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "editable": true,
+  "id": null,
+  "links": [
+    {
+      "asDropdown": true,
+      "icon": "external link",
+      "includeVars": true,
+      "keepTime": true,
+      "tags": [
+        "k8s:network-observability"
+      ],
+      "targetBlank": false,
+      "title": "Dashboards: Network Observability",
+      "tooltip": "",
+      "type": "dashboards",
+      "url": ""
+    },
+    {
+      "asDropdown": false,
+      "icon": "info",
+      "includeVars": false,
+      "keepTime": false,
+      "tags": [],
+      "targetBlank": true,
+      "title": "Documentation",
+      "tooltip": "Documentation",
+      "type": "link",
+      "url": "https://aka.ms/NetObsAddonDoc"
+    }
+  ],
+  "liveNow": true,
+  "panels": [
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 216,
+      "panels": [],
+      "title": "Workload Snapshot ($workload)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "purple",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 0,
+        "y": 1
+      },
+      "id": 192,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "area",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count(\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"forwarded\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Outgoing Traffic",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Outgoing Traffic (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 1
+      },
+      "id": 193,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Outgoing Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Outgoing Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 1
+      },
+      "id": 198,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Outgoing Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Outgoing Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "purple",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 12,
+        "y": 1
+      },
+      "id": 200,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "area",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "auto"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count(\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"forwarded\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Incoming Traffic",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Incoming Traffic (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 18,
+        "y": 1
+      },
+      "id": 201,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Incoming Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Incoming Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-blue",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 21,
+        "y": 1
+      },
+      "id": 202,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"forwarded\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Incoming Traffic",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Incoming Traffic",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the source Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "orange",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 0,
+        "y": 4
+      },
+      "id": 194,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count (\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"dropped\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Outgoing Drops",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Outgoing Drops (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 4
+      },
+      "id": 204,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Outgoing Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Outgoing Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 4
+      },
+      "id": 205,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Outgoing Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Outgoing Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Drops seen on the VM of the destination Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "orange",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 12,
+        "y": 4
+      },
+      "id": 203,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "count (\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"dropped\"}[10m])\r\n  ) >= 0.01\r\n)",
+          "hide": false,
+          "instant": true,
+          "legendFormat": "Pods with Incoming Drops",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Pods with Incoming Drops (past 10 minutes)",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 18,
+        "y": 4
+      },
+      "id": 195,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "max"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Max Incoming Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Max Incoming Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "fixedColor": "super-light-red",
+            "mode": "fixed"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 21,
+        "y": 4
+      },
+      "id": 199,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "auto",
+        "reduceOptions": {
+          "calcs": [
+            "min"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "textMode": "value"
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "round(sum (rate(hubble_flows_processed_total{verdict=\"dropped\", cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])), 0.01)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Min Incoming Drops",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Min Incoming Drops",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 7
+      },
+      "id": 178,
+      "panels": [],
+      "title": "Flows (for $workload)",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- to-stack: traffic leaving Pod\n- to-network/overlay: traffic leaving Node",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 8
+      },
+      "id": 174,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])) by (type, subtype)",
+          "legendFormat": "{{type}}/{{subtype}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Outgoing Traffic by Trace Type",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "Values:\n- to-endpoint: traffic reaching Pod\n- from-network/overlay: traffic reaching Node",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 8
+      },
+      "id": 176,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])) by (type, subtype)",
+          "legendFormat": "{{type}}/{{subtype}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Incoming Traffic by Trace Type",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 15
+      },
+      "id": 175,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])) by (verdict)",
+          "legendFormat": "{{verdict}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Outgoing Traffic by Verdict",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "ops"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 15
+      },
+      "id": 177,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])) by (verdict)",
+          "legendFormat": "{{verdict}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Incoming Traffic by Verdict",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "TypeError means there are no drops or no data",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 22
+      },
+      "id": 224,
+      "options": {
+        "calculate": false,
+        "cellGap": 1,
+        "cellValues": {
+          "unit": "pps"
+        },
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "reverse": true,
+          "scale": "exponential",
+          "scheme": "BuPu",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "rowsFrame": {
+          "layout": "auto"
+        },
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])\r\n), 0.01)) > 0",
+          "hide": false,
+          "legendFormat": "{{source}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Heatmap of Outgoing Traffic for Top Source Pods",
+      "type": "heatmap"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "description": "TypeError means there are no drops or no data",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 12,
+        "y": 22
+      },
+      "id": 225,
+      "options": {
+        "calculate": false,
+        "cellGap": 1,
+        "cellValues": {
+          "unit": "pps"
+        },
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "reverse": true,
+          "scale": "exponential",
+          "scheme": "BuPu",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "rowsFrame": {
+          "layout": "auto"
+        },
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])\r\n), 0.01)) > 0",
+          "hide": false,
+          "legendFormat": "{{destination}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Heatmap of Incoming Traffic for Top Destination Pods",
+      "type": "heatmap"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 31
+      },
+      "id": 219,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "min",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "bottom",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\"}[$__rate_interval])\r\n), 0.01) > 0",
+          "hide": false,
+          "legendFormat": "{{source}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Stacked (Total) Outgoing Traffic by Source Pod",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "pps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 12,
+        "y": 31
+      },
+      "id": 206,
+      "options": {
+        "legend": {
+          "calcs": [
+            "max",
+            "min",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "bottom",
+          "showLegend": true,
+          "sortBy": "Max",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\"}[$__rate_interval])\r\n), 0.01) > 0",
+          "hide": false,
+          "legendFormat": "{{destination}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Stacked (Total) Incoming Traffic by Destination Pod",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 40
+      },
+      "id": 183,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 9
+          },
+          "id": 228,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"dropped\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing Drops for Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 9
+          },
+          "id": 227,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"dropped\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming Drops for Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Drops seen on the VM of the source Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 18
+          },
+          "id": 211,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n  sum by (source) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", verdict=\"dropped\"}[$__rate_interval])\r\n  ), 0.01\r\n)",
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing Drops by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "Drops seen on the VM of the destination Pod (a drop will appear for only one of \"incoming\" or \"outgoing\")",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 18
+          },
+          "id": 220,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n  sum by (destination) (\r\n    rate(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", verdict=\"dropped\"}[$__rate_interval])\r\n  ), 0.01\r\n)",
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming Drops by Destination Pod",
+          "type": "timeseries"
+        }
+      ],
+      "title": "Drops (for $workload)",
+      "type": "row"
+    },
+    {
+      "collapsed": true,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 41
+      },
+      "id": 182,
+      "panels": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 10
+          },
+          "id": 221,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    (\r\n        (sum(\r\n            rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"SYN\"}[10m])\r\n        ) by (source) > 0) - sum(\r\n            label_replace(\r\n                sum(\r\n                    rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"SYN-ACK\"}[10m])\r\n                ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n            )\r\n        ) without (destination)\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods Missing SYN-ACKs",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods Missing SYN-ACKs (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 10
+          },
+          "id": 222,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination)\r\n), 0.01)",
+              "legendFormat": "Max Packets Missing SYN-ACKs",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Packets Missing SYN-ACKs",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 9,
+            "y": 10
+          },
+          "id": 223,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination)\r\n), 0.01) > 0",
+              "legendFormat": "Min Packets Missing SYN-ACKs",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Packets Missing SYN-ACKs",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 13
+          },
+          "id": 232,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(\r\n  sum(\r\n      rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"SYN\"}[$__rate_interval])\r\n  ) by (source) > 0 - sum(\r\n      label_replace(\r\n          sum(\r\n              rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n          ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n      )\r\n  ) without (destination), 0.01\r\n)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Missing TCP SYN-ACKs by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 13
+          },
+          "id": 184,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"SYN\"}[$__rate_interval])\r\n    ) by (source) > 0 - sum(\r\n        label_replace(\r\n            sum(\r\n                rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"SYN-ACK\"}[$__rate_interval])\r\n            ) by (destination), \"source\", \"$1\", \"destination\", \"(.*)\"\r\n        )\r\n    ) without (destination), 0.01\r\n)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Missing TCP SYN-ACKs by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 22
+          },
+          "id": 238,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (source) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"RST\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Outgoing RST",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Outgoing RST (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 22
+          },
+          "id": 239,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Outgoing RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Outgoing RST Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 9,
+            "y": 22
+          },
+          "id": 240,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Outgoing RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Outgoing RST",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "orange",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 12,
+            "y": 22
+          },
+          "id": 233,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (destination) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"RST\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Incoming RST",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Incoming RST (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 17,
+            "y": 22
+          },
+          "id": 234,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Incoming RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Incoming RST Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-red",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 21,
+            "y": 22
+          },
+          "id": 235,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Incoming RST Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Incoming RST",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 25
+          },
+          "id": 237,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing TCP RST by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 25
+          },
+          "id": 236,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "Oranges",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming TCP RST by Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 3,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 34
+          },
+          "id": 241,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing TCP RST by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "continuous-YlRd"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 30,
+                "gradientMode": "hue",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 34
+          },
+          "id": 242,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"RST\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming TCP RST by Destination Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "purple",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 0,
+            "y": 43
+          },
+          "id": 243,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (source) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"FIN\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Outgoing FIN",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Outgoing FIN (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "blue",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 5,
+            "y": 43
+          },
+          "id": 244,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Outgoing FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Outgoing FIN Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-blue",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 9,
+            "y": 43
+          },
+          "id": 245,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Outgoing FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "MIN Outgoing FIN",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "purple",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "none"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 5,
+            "x": 12,
+            "y": 43
+          },
+          "id": 246,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count (\r\n    sum by (destination) (\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"FIN\"}[10m])\r\n    ) >= 0.01\r\n)",
+              "instant": true,
+              "legendFormat": "Pods with Incoming FIN",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Pods with Incoming FIN (past 10 minutes)",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "blue",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 4,
+            "x": 17,
+            "y": 43
+          },
+          "id": 247,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "max"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Max Incoming FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Max Incoming FIN Packets",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "thresholds"
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "super-light-blue",
+                    "value": null
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 3,
+            "w": 3,
+            "x": 21,
+            "y": 43
+          },
+          "id": 248,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "min"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "value"
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum (\r\n    sum(\r\n        rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n    )\r\n), 0.01)",
+              "legendFormat": "Min Incoming FIN Packets",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Min Incoming FIN",
+          "transparent": true,
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 46
+          },
+          "id": 249,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "BuPu",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Outgoing TCP FIN by Top Source Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "description": "TypeError means there are no drops or no data",
+          "fieldConfig": {
+            "defaults": {
+              "custom": {
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "scaleDistribution": {
+                  "type": "linear"
+                }
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 46
+          },
+          "id": 250,
+          "options": {
+            "calculate": false,
+            "cellGap": 1,
+            "cellValues": {
+              "unit": "pps"
+            },
+            "color": {
+              "exponent": 0.5,
+              "fill": "dark-orange",
+              "mode": "scheme",
+              "reverse": true,
+              "scale": "exponential",
+              "scheme": "BuPu",
+              "steps": 64
+            },
+            "exemplars": {
+              "color": "rgba(255,0,255,0.7)"
+            },
+            "filterValues": {
+              "le": 1e-9
+            },
+            "legend": {
+              "show": true
+            },
+            "rowsFrame": {
+              "layout": "auto"
+            },
+            "tooltip": {
+              "show": true,
+              "yHistogram": false
+            },
+            "yAxis": {
+              "axisPlacement": "left",
+              "reverse": false
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "topk(10, round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)) > 0",
+              "hide": false,
+              "legendFormat": "{{destination}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Heatmap of Incoming TCP FIN by Top Destination Pods",
+          "type": "heatmap"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 10,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 0,
+            "y": 55
+          },
+          "id": 251,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (source) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Outgoing TCP FIN by Source Pod",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 10,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "normal"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "pps"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 9,
+            "w": 12,
+            "x": 12,
+            "y": 55
+          },
+          "id": 252,
+          "options": {
+            "legend": {
+              "calcs": [
+                "max",
+                "min",
+                "lastNotNull"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true,
+              "sortBy": "Max",
+              "sortDesc": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "${datasource}"
+              },
+              "editorMode": "code",
+              "expr": "round(sum by (destination) (\r\n  rate(hubble_tcp_flags_total{cluster=~\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/$workload\", flag=\"FIN\"}[$__rate_interval])\r\n), 0.01)",
+              "hide": false,
+              "legendFormat": "{{source}}",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Stacked (Total) Incoming TCP FIN by Destination Pod",
+          "type": "timeseries"
+        }
+      ],
+      "title": "TCP (for $workload)",
+      "type": "row"
+    }
+  ],
+  "refresh": "",
+  "revision": 1,
+  "schemaVersion": 38,
+  "style": "dark",
+  "tags": [
+    "k8s:network-observability"
+  ],
+  "templating": {
+    "list": [
+      {
+        "current": {},
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info, cluster)",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Cluster",
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info, cluster)",
+          "refId": "StandardVariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+        "hide": 0,
+        "includeAll": true,
+        "label": "Nodes",
+        "multi": true,
+        "name": "Nodes",
+        "options": [],
+        "query": {
+          "query": "label_values(kube_node_info{cluster=\"$cluster\"},node)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "query_result(label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"destination\", \"(.*)\") or label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"source\", \"(.*)\"))",
+        "description": "",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Namespace",
+        "multi": false,
+        "name": "namespace",
+        "options": [],
+        "query": {
+          "query": "query_result(label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"destination\", \"(.*)\") or label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\"}, \"ns\", \"$1\", \"source\", \"(.*)\"))",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "/ns=\"([-a-z0-9]+)/.*/",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
+      {
+        "allValue": "(.*)",
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "query_result(sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/[a-z0-9]+$\"}, \"workload\", \"$1\", \"destination\", \"^$namespace/([a-z0-9]+)\")) or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/[a-z0-9]+-\"}, \"workload\", \"$1\", \"destination\", \"^$namespace/(.*)-[a-z0-9]+\"))or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/[a-z0-9]+$\"}, \"workload\", \"$1\", \"source\", \"^$namespace/([a-z0-9]+)\")) or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/[a-z0-9]+-\"}, \"workload\", \"$1\", \"source\", \"^$namespace/(.*)-[a-z0-9]+\")))",
+        "description": "",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Workload",
+        "multi": false,
+        "name": "workload",
+        "options": [],
+        "query": {
+          "query": "query_result(sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/[a-z0-9]+$\"}, \"workload\", \"$1\", \"destination\", \"^$namespace/([a-z0-9]+)\")) or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", destination=~\"^$namespace/[a-z0-9]+-\"}, \"workload\", \"$1\", \"destination\", \"^$namespace/(.*)-[a-z0-9]+\"))or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/[a-z0-9]+$\"}, \"workload\", \"$1\", \"source\", \"^$namespace/([a-z0-9]+)\")) or sum by (workload) (label_replace(hubble_flows_processed_total{cluster=\"$cluster\", instance=~\"$Nodes\", source=~\"^$namespace/[a-z0-9]+-\"}, \"workload\", \"$1\", \"source\", \"^$namespace/(.*)-[a-z0-9]+\")))",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "/workload=\"([-a-z0-9]+)/g",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-30m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ]
+  },
+  "timezone": "",
+  "title": "Kubernetes / Networking / Pod Flows (Workload)",
+  "uid": "NetObsFlowsWorkload6740",
+  "version": 1
+}
diff --git a/deploy/manifests/controller/helm/retina/.helmignore b/deploy/hubble/manifests/controller/helm/retina/.helmignore
similarity index 100%
rename from deploy/manifests/controller/helm/retina/.helmignore
rename to deploy/hubble/manifests/controller/helm/retina/.helmignore
diff --git a/deploy/hubble/manifests/controller/helm/retina/Chart.yaml b/deploy/hubble/manifests/controller/helm/retina/Chart.yaml
new file mode 100644
index 0000000000..994713661c
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: retina
+description: A Helm chart for Retina Network Observability in Kubernetes with dependencies
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.1"
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/_helpers.tpl b/deploy/hubble/manifests/controller/helm/retina/templates/_helpers.tpl
new file mode 100644
index 0000000000..ce25734672
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/_helpers.tpl
@@ -0,0 +1,82 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "retina.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "retina.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "retina.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "retina.labels" -}}
+helm.sh/chart: {{ include "retina.chart" . }}
+{{ include "retina.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "retina.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "retina.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+{{- define "retina.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "retina.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+*/}}
+
+{{- define "cilium.image" -}}
+{{- $digest := (.useDigest | default false) | ternary (printf "@%s" .digest) "" -}}
+{{- if .override -}}
+{{- printf "%s" .override -}}
+{{- else -}}
+{{- printf "%s:%s%s" .repository .tag $digest -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for cronjob.
+*/}}
+{{- define "cronjob.apiVersion" -}}
+{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version -}}
+{{- print "batch/v1" -}}
+{{- else -}}
+{{- print "batch/v1beta1" -}}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrole.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrole.yaml
new file mode 100644
index 0000000000..bd60f37cd0
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrole.yaml
@@ -0,0 +1,93 @@
+{{- if .Values.agent.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: retina-cluster-reader
+rules:
+  - apiGroups: [""] # "" indicates the core API group
+    resources: ["pods", "services", "replicationcontrollers", "nodes", "namespaces"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "replicasets"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["networking.azure.com"]
+    resources: ["clusterobservers"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups:
+      - retina.io
+    resources:
+      - retinaendpoints
+    verbs:
+      - get
+      - list
+      - watch
+  {{- if .Values.operator.enabled }}
+  - apiGroups:
+    - ""
+    resources:
+      - namespaces
+      - endpoints
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - retina.io
+    resources:
+      - retinaendpoints
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - retina.io
+    resources:
+      - metricsconfigurations
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - retina.io
+    resources:
+      - retinaendpoints/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - retina.io
+    resources:
+      - retinaendpoints/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+    - discovery.k8s.io
+    resources:
+    - endpointslices
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - cilium.io
+    resources:
+    - ciliumnodes
+    - ciliumidentities
+    - ciliumendpoints
+    verbs:
+    - get
+    - list
+    - watch
+  {{- end }}
+
+{{- end}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrolebinding.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrolebinding.yaml
new file mode 100644
index 0000000000..5e16af04a5
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.agent.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: retina-cluster-reader-binding
+  namespace: {{ .Values.namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: retina-agent
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: retina-cluster-reader
+  apiGroup: rbac.authorization.k8s.io
+
+{{- end}}
\ No newline at end of file
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/configmap.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/configmap.yaml
new file mode 100644
index 0000000000..beea5ba49d
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/configmap.yaml
@@ -0,0 +1,135 @@
+{{- if .Values.agent.enabled -}}
+{{- if .Values.os.linux -}}
+{{- $cluster := .Values.cluster | required "missing cluster value" -}}
+{{- $clusterName := $cluster.name | required "missing cluster.name value" -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "retina.name" . }}-config
+  namespace: {{ .Values.namespace }}
+data:
+  leader-election: {{ .Values.agent.leaderElection | quote }}
+  cluster-name: {{ $clusterName }}
+  {{- if .Values.hubble.enabled }}
+  # Enable Hubble gRPC service.
+  enable-hubble: {{ .Values.hubble.enabled | quote }}
+  # UNIX domain socket for Hubble server to listen to.
+  hubble-socket-path: {{ .Values.hubble.socketPath | quote }}
+{{- if hasKey .Values.hubble "eventQueueSize" }}
+  # Buffer size of the channel for Hubble to receive monitor events. If this field is not set,
+  # the buffer size is set to the default monitor queue size.
+  hubble-event-queue-size: {{ .Values.hubble.eventQueueSize | quote }}
+{{- end }}
+{{- if hasKey .Values.hubble "eventBufferCapacity" }}
+  # Capacity of the buffer to store recent events.
+  hubble-event-buffer-capacity: {{ .Values.hubble.eventBufferCapacity | quote }}
+{{- end }}
+{{- if .Values.hubble.metrics.enabled }}
+  # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
+  # field is not set.
+  hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}"
+  # A space separated list of metrics to enable. See [0] for available metrics.
+  #
+  # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
+  hubble-metrics: {{- range .Values.hubble.metrics.enabled }}
+    {{.}}
+{{- end }}
+  enable-hubble-open-metrics: {{ .Values.hubble.metrics.enableOpenMetrics | quote }}
+{{- end }}
+{{- if .Values.hubble.redact }}
+{{- if eq .Values.hubble.redact.enabled true }}
+  # Enables hubble redact capabilities
+  hubble-redact-enabled: "true"
+{{- if .Values.hubble.redact.http }}
+  # Enables redaction of the http URL query part in flows
+  hubble-redact-http-urlquery: {{ .Values.hubble.redact.http.urlQuery | quote }}
+  # Enables redaction of the http user info in flows
+  hubble-redact-http-userinfo: {{ .Values.hubble.redact.http.userInfo | quote }}
+{{- if .Values.hubble.redact.http.headers }}
+{{- if .Values.hubble.redact.http.headers.allow }}
+  # Redact all http headers that do not match this list
+  hubble-redact-http-headers-allow: {{- range .Values.hubble.redact.http.headers.allow }}
+    {{ . }}
+{{- end }}
+{{- end }}
+{{- if .Values.hubble.redact.http.headers.deny }}
+  # Redact all http headers that match this list
+  hubble-redact-http-headers-deny: {{- range .Values.hubble.redact.http.headers.deny }}
+    {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.hubble.redact.kafka }}
+  # Enables redaction of the Kafka API key part in flows
+  hubble-redact-kafka-apikey: {{ .Values.hubble.redact.kafka.apiKey | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.hubble.export }}
+  hubble-export-file-max-size-mb: {{ .Values.hubble.export.fileMaxSizeMb | quote }}
+  hubble-export-file-max-backups: {{ .Values.hubble.export.fileMaxBackups | quote }}
+{{- if .Values.hubble.export.static.enabled }}
+  hubble-export-file-path: {{ .Values.hubble.export.static.filePath | quote }}
+  hubble-export-fieldmask: {{ .Values.hubble.export.static.fieldMask | join " " | quote }}
+  hubble-export-allowlist: {{ .Values.hubble.export.static.allowList | join "," | quote }}
+  hubble-export-denylist: {{ .Values.hubble.export.static.denyList | join "," | quote }}
+{{- end }}
+{{- if .Values.hubble.export.dynamic.enabled }}
+  hubble-flowlogs-config-path: /flowlog-config/flowlogs.yaml
+{{- end }}
+{{- end }}
+{{- if hasKey .Values.hubble "listenAddress" }}
+  # An additional address for Hubble server to listen to (e.g. ":4244").
+  hubble-listen-address: {{ .Values.hubble.listenAddress | quote }}
+{{- if .Values.hubble.tls.enabled }}
+  hubble-disable-tls: "false"
+  hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
+  hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
+  hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
+{{- else }}
+  hubble-disable-tls: "true"
+{{- end }}
+{{- end }}
+{{- if .Values.hubble.preferIpv6 }}
+  hubble-prefer-ipv6: "true"
+{{- end }}
+{{- if (not (kindIs "invalid" .Values.hubble.skipUnknownCGroupIDs)) }}
+  hubble-skip-unknown-cgroup-ids: {{ .Values.hubble.skipUnknownCGroupIDs | quote }}
+{{- end }}
+{{- end }}
+  config.yaml: |-
+    apiServer:
+      host: {{ .Values.apiServer.host }}
+      port: {{ .Values.retinaPort }}
+    logLevel: {{ .Values.logLevel }}
+    enabledPlugin: {{ .Values.enabledPlugin_linux }}
+    metricsInterval: {{ .Values.metricsInterval }}
+    enableTelemetry: {{ .Values.enableTelemetry }}
+    enablePodLevel: {{ .Values.enablePodLevel }}
+    remoteContext: {{ .Values.remoteContext }}
+    enableAnnotations: {{ .Values.enableAnnotations }}
+    bypassLookupIPOfInterest: {{ .Values.bypassLookupIPOfInterest }}
+{{- end}}
+---
+{{- if .Values.os.windows}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "retina.name" . }}-config-win
+  namespace: {{ .Values.namespace }}
+data:
+  config.yaml: |-
+    apiServer:
+      host: {{ .Values.apiServer.host }}
+      port: {{ .Values.retinaPort }}
+    logLevel: {{ .Values.logLevel }}
+    enabledPlugin: {{ .Values.enabledPlugin_win }}
+    metricsInterval: {{ .Values.metricsInterval }}
+    enableTelemetry: {{ .Values.enableTelemetry }}
+    enablePodLevel: {{ .Values.enablePodLevel }}
+    remoteContext: {{ .Values.remoteContext }}
+    bypassLookupIPOfInterest: {{ .Values.bypassLookupIPOfInterest }}
+{{- end}}
+
+{{- end}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/daemonset.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/daemonset.yaml
new file mode 100644
index 0000000000..4361482005
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/daemonset.yaml
@@ -0,0 +1,233 @@
+{{- if .Values.agent.enabled -}}
+{{- if .Values.os.linux -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ .Values.agent.name }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    k8s-app: {{ include "retina.name" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "retina.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "retina.name" . }}
+        k8s-app: {{ include "retina.name" . }}
+      annotations:
+        prometheus.io/port: "{{ .Values.retinaPort }}"
+        prometheus.io/scrape: "true"
+        checksum/config: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
+    spec:
+      hostNetwork: true
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers:
+        - name: retina-agent-init
+          image: {{ .Values.agent.init.repository }}:{{ .Values.agent.init.tag }}
+          imagePullPolicy: {{ .Values.agent.pullPolicy }}
+          terminationMessagePolicy: FallbackToLogsOnError
+          securityContext:
+            privileged: true
+          volumeMounts:
+          - name: bpf
+            mountPath: /sys/fs/bpf
+            mountPropagation: Bidirectional
+          - name: varrun
+            mountPath: /var/run
+            mountPropagation: Bidirectional
+      containers:
+        - name: {{ include "retina.name" . }} 
+          image: {{ .Values.agent.repository }}:{{ .Values.agent.tag }}
+          imagePullPolicy: {{ .Values.agent.pullPolicy }}
+          {{- if .Values.agent.container.retina.command }}
+          command:
+          {{- range .Values.agent.container.retina.command }}
+          - {{ . }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.agent.container.retina.args}}
+          args:
+          - --health-probe-bind-address={{ .Values.agent.container.retina.healthProbeBindAddress }}
+          - --metrics-bind-address={{ .Values.agent.container.retina.metricsBindAddress }}
+          {{- range $.Values.agent.container.retina.args}}
+          - {{ . | quote }}
+          {{- end}}
+          {{- end}}
+          ports:
+          - containerPort: {{ .Values.agent.container.retina.ports.containerPort }}
+          resources:
+            limits:
+              memory: {{ .Values.resources.limits.memory | quote }}
+              cpu: {{ .Values.resources.limits.cpu | quote }}
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: {{ .Values.agent.container.retina.ports.containerPort }}
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.name
+          - name: NODE_NAME
+            valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          - name: NODE_IP
+            valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.hostIP
+          securityContext:
+            capabilities:
+              add:
+              {{- range .Values.securityContext.capabilities.add }}
+              - {{ . }}
+              {{- end }}
+            privileged: {{ .Values.securityContext.privileged }}
+        {{- if .Values.volumeMounts }}
+          volumeMounts:
+          {{- range $name, $mountPath := .Values.volumeMounts }}
+            - name: {{ $name }}
+              mountPath: {{ $mountPath }}
+          {{- end }}
+          {{- if .Values.hubble.tls.enabled }}
+            - name: tls
+              mountPath: /var/lib/cilium/tls/hubble
+              readOnly: true
+          {{- end }}
+        {{- end }}
+      terminationGracePeriodSeconds: 90 # Allow for retina to cleanup plugin resources.
+      volumes:
+      {{- range $name, $hostPath := .Values.volumeMounts}}
+      - name: {{ $name }}
+      {{ if eq $name "config" }}
+        configMap:
+          name: {{ $.Values.nameOverride }}-config
+      {{ else if eq $name "tmp"}}
+        emptyDir: {}
+      {{ else }}
+        hostPath:
+          path: {{ $hostPath }}
+      {{ end }}
+      {{- end }}
+      {{- if .Values.hubble.tls.enabled }}
+      - name: tls
+        projected:
+          defaultMode: 0400
+          sources:
+            - secret:
+                name: hubble-server-certs
+                items:
+                  - key: tls.crt
+                    path: server.crt
+                  - key: tls.key
+                    path: server.key
+                  - key: ca.crt
+                    path: client-ca.crt
+      {{- end }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- end }}
+---
+{{- if .Values.os.windows}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: {{ include "retina.name" . }}
+  name: {{ .Values.agent_win.name }}
+  namespace: {{ .Values.namespace }}
+  annotations:
+    prometheus.io/port: "{{ .Values.retinaPort }}"
+    prometheus.io/scrape: "true"
+    checksum/config: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: {{ include "retina.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "retina.name" . }}
+        k8s-app: {{ include "retina.name" . }}
+      name: {{ include "retina.name" . }}
+      namespace: {{ .Values.namespace }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}      
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.securityContext.windowsOptions.runAsUserName}}
+        runAsNonRoot: false
+      hostNetwork: true
+      containers:
+        - name: retinawin
+          image: {{ .Values.agent.repository }}:{{ .Values.agent.tag }}
+          ports:
+            - containerPort: {{ .Values.agent.container.retina.ports.containerPort }}
+          command:
+            - powershell.exe
+            - -command
+            - .\setkubeconfigpath.ps1; ./controller.exe --config ./retina/config.yaml --kubeconfig ./kubeconfig
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: {{ .Values.agent.container.retina.ports.containerPort }}
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.name
+          - name: NODE_NAME
+            valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          - name: NODE_IP
+            valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.hostIP
+          securityContext:
+            capabilities:
+              add:
+              {{- range .Values.securityContext.capabilities.add }}
+              - {{ . }}
+              {{- end }}
+            privileged: {{ .Values.securityContext.privileged }}
+        {{- if .Values.volumeMounts_win }}
+          volumeMounts:
+          {{- range $name, $mountPath := .Values.volumeMounts_win }}
+            - name: {{ $name }}
+              mountPath: {{ $mountPath }}
+          {{- end }}
+        {{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+      volumes:
+      {{- range $name, $mountPath := .Values.volumeMounts_win }}
+        - name: {{ $name }}
+          configMap:
+            name: {{ $name }}
+      {{- end }}
+{{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/service.yaml
new file mode 100644
index 0000000000..562e2a5f66
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/service.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.agent.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "retina.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ include "retina.name" . }}
+spec:
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.retinaPort }}
+  selector:
+    app: {{ include "retina.name" . }}
+
+{{- end}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/agent/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/agent/serviceaccount.yaml
new file mode 100644
index 0000000000..0aa222703d
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/agent/serviceaccount.yaml
@@ -0,0 +1,8 @@
+{{- if .Values.agent.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Values.namespace }}
+
+{{- end}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/configmap.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/configmap.yaml
new file mode 100644
index 0000000000..93f5b8d88f
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/configmap.yaml
@@ -0,0 +1,51 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled }}
+{{- $peerSvcPort := .Values.hubble.peerService.servicePort -}}
+{{- if not .Values.hubble.peerService.servicePort }}
+{{- $peerSvcPort = (.Values.hubble.tls.enabled | ternary 443 80) -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-relay-config
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.relay.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+  config.yaml: |
+    cluster-name: {{ .Values.cluster.name }}
+    peer-service: "hubble-peer.{{ .Release.Namespace }}.svc.{{ .Values.hubble.peerService.clusterDomain }}:{{ $peerSvcPort }}"
+    listen-address: {{ .Values.hubble.relay.listenHost }}:{{ .Values.hubble.relay.listenPort }}
+    gops: {{ .Values.hubble.relay.gops.enabled }}
+    gops-port: {{ .Values.hubble.relay.gops.port | quote }}
+    {{- if .Values.hubble.relay.pprof.enabled }}
+    pprof: {{ .Values.hubble.relay.pprof.enabled | quote }}
+    pprof-address: {{ .Values.hubble.relay.pprof.address | quote }}
+    pprof-port: {{ .Values.hubble.relay.pprof.port | quote }}
+    {{- end }}
+    {{- if .Values.hubble.relay.prometheus.enabled }}
+    metrics-listen-address: ":{{ .Values.hubble.relay.prometheus.port }}"
+    {{- end }}
+    dial-timeout: {{ .Values.hubble.relay.dialTimeout }}
+    retry-timeout: {{ .Values.hubble.relay.retryTimeout }}
+    sort-buffer-len-max: {{ .Values.hubble.relay.sortBufferLenMax }}
+    sort-buffer-drain-timeout: {{ .Values.hubble.relay.sortBufferDrainTimeout }}
+    {{- if .Values.hubble.tls.enabled }}
+    tls-hubble-client-cert-file: /var/lib/hubble-relay/tls/client.crt
+    tls-hubble-client-key-file: /var/lib/hubble-relay/tls/client.key
+    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
+    {{- else }}
+    disable-client-tls: true
+    {{- end }}
+    {{- if and .Values.hubble.tls.enabled .Values.hubble.relay.tls.server.enabled }}
+    tls-relay-server-cert-file: /var/lib/hubble-relay/tls/server.crt
+    tls-relay-server-key-file: /var/lib/hubble-relay/tls/server.key
+    {{- if .Values.hubble.relay.tls.server.mtls }}
+    tls-relay-client-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
+    {{- end }}
+    {{- else }}
+    disable-server-tls: true
+    {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/deployment.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/deployment.yaml
new file mode 100644
index 0000000000..71b06b6e76
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/deployment.yaml
@@ -0,0 +1,214 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hubble-relay
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.relay.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-relay
+    app.kubernetes.io/name: hubble-relay
+    app.kubernetes.io/part-of: cilium
+spec:
+  replicas: {{ .Values.hubble.relay.replicas }}
+  selector:
+    matchLabels:
+      k8s-app: hubble-relay
+  {{- with .Values.hubble.relay.updateStrategy }}
+  strategy:
+    {{- toYaml .  | trim | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.hubble.relay.rollOutPods }}
+        # ensure pods roll when configmap updates
+        cilium.io/hubble-relay-configmap-checksum: {{ include (print $.Template.BasePath "/hubble-relay/configmap.yaml") . | sha256sum | quote }}
+        {{- end }}
+        {{- with .Values.hubble.relay.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        k8s-app: hubble-relay
+        app.kubernetes.io/name: hubble-relay
+        app.kubernetes.io/part-of: cilium
+        {{- with .Values.hubble.relay.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.hubble.relay.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: hubble-relay
+          {{- with .Values.hubble.relay.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.hubble.relay.image.repository }}:{{ .Values.hubble.relay.image.tag }}"
+          imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}
+          command:
+            - hubble-relay
+          args:
+            - serve
+          {{- if not .Values.hubble.relay.tls.server.enabled }}
+            - --disable-client-tls
+            - --disable-server-tls
+          {{- end }}
+          {{- if .Values.debug.enabled }}
+            - --debug
+          {{- end }}
+          ports:
+            - name: grpc
+              containerPort: {{ .Values.hubble.relay.listenPort }}
+            {{- if .Values.hubble.relay.prometheus.enabled }}
+            - name: prometheus
+              containerPort: {{ .Values.hubble.relay.prometheus.port }}
+              protocol: TCP
+            {{- end }}
+          readinessProbe:
+            {{- include "hubble-relay.probe" . | nindent 12 }}
+            {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }}
+            # Starting from Kubernetes 1.20, we are using startupProbe instead
+            # of this field.
+            initialDelaySeconds: 5
+            {{- end }}
+          livenessProbe:
+            {{- include "hubble-relay.probe" . | nindent 12 }}
+            {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }}
+            # Starting from Kubernetes 1.20, we are using startupProbe instead
+            # of this field.
+            initialDelaySeconds: 60
+            {{- end }}
+          {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }}
+          startupProbe:
+            # give the relay one minute to start up
+            {{- include "hubble-relay.probe" . | nindent 12 }}
+            failureThreshold: 20
+            periodSeconds: 3
+          {{- end }}
+          {{- with .Values.hubble.relay.extraEnv }}
+          env:
+            {{- toYaml . | trim | nindent 12 }}
+          {{- end }}
+          {{- with .Values.hubble.relay.resources }}
+          resources:
+            {{- toYaml . | trim | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          - name: config
+            mountPath: /etc/hubble-relay
+            readOnly: true
+          {{- if .Values.hubble.tls.enabled }}
+          - name: tls
+            mountPath: /var/lib/hubble-relay/tls
+            readOnly: true
+          {{- end }}
+          {{- with .Values.hubble.relay.extraVolumeMounts }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          terminationMessagePolicy: FallbackToLogsOnError
+      restartPolicy: Always
+      priorityClassName: {{ .Values.hubble.relay.priorityClassName }}
+      serviceAccount: {{ .Values.serviceAccounts.relay.name | quote }}
+      serviceAccountName: {{ .Values.serviceAccounts.relay.name | quote }}
+      automountServiceAccountToken: {{ .Values.serviceAccounts.relay.automount }}
+      terminationGracePeriodSeconds: {{ .Values.hubble.relay.terminationGracePeriodSeconds }}
+      {{- with .Values.hubble.relay.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hubble.relay.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- range $constraint := . }}
+      - {{ toYaml $constraint | nindent 8 | trim }}
+          {{- if not $constraint.labelSelector }}
+        labelSelector:
+          matchLabels:
+            k8s-app: hubble-relay
+          {{- end }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.hubble.relay.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | trim | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hubble.relay.tolerations }}
+      tolerations:
+        {{- toYaml . | trim | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: config
+        configMap:
+          name: hubble-relay-config
+          items:
+          - key: config.yaml
+            path: config.yaml
+      {{- if .Values.hubble.tls.enabled }}
+      - name: tls
+        projected:
+          # note: the leading zero means this number is in octal representation: do not remove it
+          defaultMode: 0400
+          sources:
+          - secret:
+              name: hubble-relay-client-certs
+              items:
+                - key: tls.crt
+                  path: client.crt
+                - key: tls.key
+                  path: client.key
+          {{- if not .Values.tls.caBundle.enabled }}
+                - key: ca.crt
+                  path: hubble-server-ca.crt
+          {{- else }}
+          - {{ .Values.tls.caBundle.useSecret | ternary "secret" "configMap" }}:
+              name: {{ .Values.tls.caBundle.name }}
+              items:
+                - key: {{ .Values.tls.caBundle.key }}
+                  path: hubble-server-ca.crt
+          {{- end }}
+          {{- if .Values.hubble.relay.tls.server.enabled }}
+          - secret:
+              name: hubble-relay-server-certs
+              items:
+                - key: tls.crt
+                  path: server.crt
+                - key: tls.key
+                  path: server.key
+          {{- end }}
+      {{- end }}
+      {{- with .Values.hubble.relay.extraVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+{{- end }}
+
+{{- define "hubble-relay.probe" }}
+{{- /* This distinction can be removed once we drop support for k8s 1.23 */}}
+{{- if and (semverCompare ">=1.24-0" .Capabilities.KubeVersion.Version) (not .Values.hubble.tls.enabled) -}}
+grpc:
+  port: {{ .Values.hubble.relay.listenPort }}
+{{- else }}
+exec:
+  command:
+  - grpc_health_probe
+  - -addr=localhost:{{ .Values.hubble.relay.listenPort }}
+{{- if .Values.hubble.tls.enabled }}
+  - -tls
+  - -tls-ca-cert=/var/lib/hubble-relay/tls/hubble-server-ca.crt
+  - -tls-client-cert=/var/lib/hubble-relay/tls/client.crt
+  - -tls-client-key=/var/lib/hubble-relay/tls/client.key
+  - -tls-server-name=instance.hubble-relay.cilium.io
+  - -connect-timeout=5s
+  - -rpc-timeout=5s
+{{- end }}
+{{- end }}
+timeoutSeconds: 3
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/metrics-service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/metrics-service.yaml
new file mode 100644
index 0000000000..1066c6c4c1
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/metrics-service.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled .Values.hubble.relay.prometheus.enabled }}
+# We use a separate service from hubble-relay which can be exposed externally
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-relay-metrics
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.relay.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-relay
+spec:
+  clusterIP: None
+  type: ClusterIP
+  selector:
+    k8s-app: hubble-relay
+  ports:
+  - name: metrics
+    port: {{ .Values.hubble.relay.prometheus.port }}
+    protocol: TCP
+    targetPort: prometheus
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/poddisruptionbudget.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/poddisruptionbudget.yaml
new file mode 100644
index 0000000000..4fd6da9bac
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/poddisruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled .Values.hubble.relay.podDisruptionBudget.enabled }}
+{{- $component := .Values.hubble.relay.podDisruptionBudget }}
+apiVersion: {{ include "podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: hubble-relay
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.relay.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-relay
+    app.kubernetes.io/name: hubble-relay
+    app.kubernetes.io/part-of: cilium
+spec:
+  {{- with $component.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- end }}
+  {{- with $component.minAvailable }}
+  minAvailable: {{ . }}
+  {{- end }}
+  selector:
+    matchLabels:
+      k8s-app: hubble-relay
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml
new file mode 100644
index 0000000000..fc13c90165
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-relay
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.relay.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-relay
+    app.kubernetes.io/name: hubble-relay
+    app.kubernetes.io/part-of: retina
+spec:
+  type: {{ .Values.hubble.relay.service.type | quote }}
+  selector:
+    k8s-app: hubble-relay
+  ports:
+  - protocol: TCP
+  {{- if .Values.hubble.relay.servicePort }}
+    port: {{ .Values.hubble.relay.servicePort }}
+  {{- else }}
+    port: {{ .Values.hubble.relay.tls.server.enabled | ternary 443 80 }}
+  {{- end }}
+    targetPort: {{ .Values.hubble.relay.listenPort }}
+    {{- if and (eq "NodePort" .Values.hubble.relay.service.type) .Values.hubble.relay.service.nodePort }}
+    nodePort: {{ .Values.hubble.relay.service.nodePort }}
+    {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/serviceaccount.yaml
new file mode 100644
index 0000000000..cf56d6314f
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled .Values.serviceAccounts.relay.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccounts.relay.name | quote }}
+  namespace: {{ .Release.Namespace }}
+  {{- if or .Values.serviceAccounts.relay.annotations .Values.hubble.relay.annotations }}
+  annotations:
+    {{- with .Values.hubble.relay.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccounts.relay.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/servicemonitor.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/servicemonitor.yaml
new file mode 100644
index 0000000000..4e41fdf3c6
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled .Values.hubble.relay.prometheus.enabled .Values.hubble.relay.prometheus.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: hubble-relay
+  namespace: {{ .Values.hubble.relay.prometheus.serviceMonitor.namespace | default .Release.Namespace }}
+  labels:
+    {{- with .Values.hubble.relay.prometheus.serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.hubble.relay.prometheus.serviceMonitor.annotations .Values.hubble.relay.annotations }}
+  annotations:
+    {{- with .Values.hubble.relay.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.relay.prometheus.serviceMonitor.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: hubble-relay
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.hubble.relay.prometheus.serviceMonitor.interval | quote }}
+    path: /metrics
+    {{- with .Values.hubble.relay.prometheus.serviceMonitor.relabelings }}
+    relabelings:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.relay.prometheus.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/_nginx.tpl b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/_nginx.tpl
new file mode 100644
index 0000000000..e787b5aad7
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/_nginx.tpl
@@ -0,0 +1,61 @@
+{{- define "hubble-ui.nginx.conf" }}
+server {
+    listen       8081;
+{{- if .Values.hubble.ui.frontend.server.ipv6.enabled }}
+    listen       [::]:8081;
+{{- end }}
+    server_name  localhost;
+    root /app;
+    index index.html;
+    client_max_body_size 1G;
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        # CORS
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Max-Age 1728000;
+        add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
+        add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        # /CORS
+
+        location {{ .Values.hubble.ui.baseUrl }}api {
+            {{- if not (eq .Values.hubble.ui.baseUrl "/") }}
+            rewrite ^{{ (trimSuffix "/" .Values.hubble.ui.baseUrl) }}(/.*)$ $1 break;
+            {{- end }}
+            proxy_http_version 1.1;
+            proxy_pass_request_headers on;
+            proxy_hide_header Access-Control-Allow-Origin;
+            {{- if eq .Values.hubble.ui.baseUrl "/" }}
+            proxy_pass http://127.0.0.1:8090;
+            {{- else }}
+            proxy_pass http://127.0.0.1:8090/;
+            {{- end }}
+        }
+
+        {{- if not (eq .Values.hubble.ui.baseUrl "/") }}
+        sub_filter_once on;
+        sub_filter '<base href="/"/>' '<base href="{{ .Values.hubble.ui.baseUrl }}"/>';
+        {{- end }}
+        location {{ .Values.hubble.ui.baseUrl }} {
+            {{- if not (eq .Values.hubble.ui.baseUrl "/") }}
+            rewrite ^{{ (trimSuffix "/" .Values.hubble.ui.baseUrl) }}(/.*)$ $1 break;
+            {{- end }}
+            # double `/index.html` is required here 
+            try_files $uri $uri/ /index.html /index.html;
+        }
+
+        # Liveness probe
+        location /healthz {
+            access_log off;
+            add_header Content-Type text/plain;
+            return 200 'ok';
+        }
+    }
+}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrole.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrole.yaml
new file mode 100644
index 0000000000..5df709f76c
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrole.yaml
@@ -0,0 +1,50 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.serviceAccounts.ui.create }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hubble-ui
+  {{- with .Values.hubble.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - componentstatuses
+  - endpoints
+  - namespaces
+  - nodes
+  - pods
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cilium.io
+  resources:
+  - "*"
+  verbs:
+  - get
+  - list
+  - watch
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrolebinding.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrolebinding.yaml
new file mode 100644
index 0000000000..d091786b29
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.serviceAccounts.ui.create }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hubble-ui
+  {{- with .Values.hubble.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hubble-ui
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccounts.ui.name | quote }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/configmap.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/configmap.yaml
new file mode 100644
index 0000000000..8b5f01412b
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/configmap.yaml
@@ -0,0 +1,14 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-ui-nginx
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+  nginx.conf: {{ include "hubble-ui.nginx.conf" . | trim | quote }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/deployment.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/deployment.yaml
new file mode 100644
index 0000000000..51c1e47212
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/deployment.yaml
@@ -0,0 +1,216 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled }}
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: hubble-ui
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: cilium
+spec:
+  replicas: {{ .Values.hubble.ui.replicas }}
+  selector:
+    matchLabels:
+      k8s-app: hubble-ui
+  {{- with .Values.hubble.ui.updateStrategy }}
+  strategy:
+    {{- toYaml . | trim | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.hubble.ui.rollOutPods }}
+        # ensure pods roll when configmap updates
+        cilium.io/hubble-ui-nginx-configmap-checksum: {{ include (print $.Template.BasePath "/hubble-ui/configmap.yaml") . | sha256sum | quote }}
+        {{- end }}
+        {{- with .Values.hubble.ui.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        k8s-app: hubble-ui
+        app.kubernetes.io/name: hubble-ui
+        app.kubernetes.io/part-of: cilium
+        {{- with .Values.hubble.ui.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.hubble.ui.securityContext }}
+        {{- if .enabled }}
+      securityContext:
+        {{- omit . "enabled" | toYaml | nindent 8 }}
+        {{- end}}
+      {{- end }}
+      priorityClassName: {{ .Values.hubble.ui.priorityClassName }}
+      serviceAccount: {{ .Values.serviceAccounts.ui.name | quote }}
+      serviceAccountName: {{ .Values.serviceAccounts.ui.name | quote }}
+      automountServiceAccountToken: {{ .Values.serviceAccounts.ui.automount }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: frontend
+        image: "{{ .Values.hubble.ui.frontend.image.repository }}:{{ .Values.hubble.ui.frontend.image.tag }}"
+        imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: 8081
+        {{- with .Values.hubble.ui.frontend.extraEnv }}
+        env:
+          {{- toYaml . | trim | nindent 12 }}
+        {{- end }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8081
+        {{- with .Values.hubble.ui.frontend.resources }}
+        resources:
+          {{- toYaml . | trim | nindent 10 }}
+        {{- end }}
+        volumeMounts:
+        - name: hubble-ui-nginx-conf
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: nginx.conf
+        - name: tmp-dir
+          mountPath: /tmp
+        {{- with .Values.hubble.ui.frontend.extraVolumeMounts }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        terminationMessagePolicy: FallbackToLogsOnError
+        {{- with .Values.hubble.ui.frontend.securityContext }}
+        securityContext:
+          {{- toYaml . | trim | nindent 10 }}
+        {{- end }}
+      - name: backend
+        image: "{{ .Values.hubble.ui.backend.image.repository }}:{{ .Values.hubble.ui.backend.image.tag}}"
+        imagePullPolicy: {{ .Values.hubble.ui.backend.image.pullPolicy }}
+        env:
+        - name: EVENTS_SERVER_PORT
+          value: "8090"
+        {{- if .Values.hubble.relay.tls.server.enabled }}
+        - name: FLOWS_API_ADDR
+          value: "hubble-relay:443"
+        - name: TLS_TO_RELAY_ENABLED
+          value: "true"
+        - name: TLS_RELAY_SERVER_NAME
+          value: {{ .Values.hubble.relay.tls.server.relayName }}
+        - name: TLS_RELAY_CA_CERT_FILES
+          value: /var/lib/hubble-ui/certs/hubble-relay-ca.crt
+        - name: TLS_RELAY_CLIENT_CERT_FILE
+          value: /var/lib/hubble-ui/certs/client.crt
+        - name: TLS_RELAY_CLIENT_KEY_FILE
+          value: /var/lib/hubble-ui/certs/client.key
+        {{- else }}
+        - name: FLOWS_API_ADDR
+          value: "hubble-relay:80"
+        {{- end }}
+        {{- with .Values.hubble.ui.backend.extraEnv }}
+        {{- toYaml . | trim | nindent 8 }}
+        {{- end }}
+        {{- if .Values.hubble.ui.backend.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8090
+        {{- end }}
+        {{- if .Values.hubble.ui.backend.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8090
+        {{- end }}
+        ports:
+        - name: grpc
+          containerPort: 8090
+        {{- with .Values.hubble.ui.backend.resources }}
+        resources:
+          {{- toYaml .  | trim | nindent 10 }}
+        {{- end }}
+        volumeMounts:
+        {{- if .Values.hubble.relay.tls.server.enabled }}
+        - name: hubble-ui-client-certs
+          mountPath: /var/lib/hubble-ui/certs
+          readOnly: true
+        {{- end }}
+        {{- with .Values.hubble.ui.backend.extraVolumeMounts }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        terminationMessagePolicy: FallbackToLogsOnError
+        {{- with .Values.hubble.ui.backend.securityContext }}
+        securityContext:
+          {{- toYaml . | trim | nindent 10 }}
+        {{- end }}
+      {{- with .Values.hubble.ui.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hubble.ui.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- range $constraint := . }}
+      - {{ toYaml $constraint | nindent 8 | trim }}
+          {{- if not $constraint.labelSelector }}
+        labelSelector:
+          matchLabels:
+            k8s-app: hubble-ui
+          {{- end }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.hubble.ui.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | trim | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hubble.ui.tolerations }}
+      tolerations:
+        {{- toYaml . | trim | nindent 8 }}
+      {{- end }}
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: hubble-ui-nginx
+        name: hubble-ui-nginx-conf
+      - emptyDir: {}
+        name: tmp-dir
+      {{- if .Values.hubble.relay.tls.server.enabled }}
+      - name: hubble-ui-client-certs
+      {{- if .Values.hubble.ui.standalone.enabled }}
+        {{- toYaml .Values.hubble.ui.standalone.tls.certsVolume | nindent 8 }}
+      {{- else }}
+        projected:
+          # note: the leading zero means this number is in octal representation: do not remove it
+          defaultMode: 0400
+          sources:
+          - secret:
+              name: hubble-relay-client-certs
+              items:
+                - key: tls.crt
+                  path: client.crt
+                - key: tls.key
+                  path: client.key
+          {{- if not .Values.tls.caBundle.enabled }}
+                - key: ca.crt
+                  path: hubble-relay-ca.crt
+          {{- else }}
+          - {{ .Values.tls.caBundle.useSecret | ternary "secret" "configMap" }}:
+              name: {{ .Values.tls.caBundle.name }}
+              items:
+                - key: {{ .Values.tls.caBundle.key }}
+                  path: hubble-relay-ca.crt
+          {{- end }}
+      {{- end }}
+      {{- end }}
+      {{- with .Values.hubble.ui.frontend.extraVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.hubble.ui.backend.extraVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/ingress.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/ingress.yaml
new file mode 100644
index 0000000000..2c0ff7d3ef
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/ingress.yaml
@@ -0,0 +1,40 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.hubble.ui.ingress.enabled }}
+{{- $baseUrl  := .Values.hubble.ui.baseUrl -}}
+apiVersion: {{ template "ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: hubble-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: cilium
+  {{- with .Values.hubble.ui.ingress.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+    {{- if or .Values.hubble.ui.ingress.annotations .Values.hubble.ui.annotations }}
+  annotations:
+    {{- with .Values.hubble.ui.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.ui.ingress.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if .Values.hubble.ui.ingress.className }}
+  ingressClassName: {{ .Values.hubble.ui.ingress.className }}
+  {{- end }}
+  {{- if .Values.hubble.ui.ingress.tls }}
+  tls:
+    {{- toYaml .Values.hubble.ui.ingress.tls | nindent 4 }}
+  {{- end }}
+  rules:
+  {{- range .Values.hubble.ui.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $baseUrl | quote }}
+            {{- include "ingress.paths" $ | nindent 12 }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/poddisruptionbudget.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/poddisruptionbudget.yaml
new file mode 100644
index 0000000000..af3b6705d2
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/poddisruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.hubble.ui.podDisruptionBudget.enabled }}
+{{- $component := .Values.hubble.ui.podDisruptionBudget }}
+apiVersion: {{ include "podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: hubble-ui
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: cilium
+spec:
+  {{- with $component.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- end }}
+  {{- with $component.minAvailable }}
+  minAvailable: {{ . }}
+  {{- end }}
+  selector:
+    matchLabels:
+      k8s-app: hubble-ui
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/service.yaml
new file mode 100644
index 0000000000..a820b3420b
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/service.yaml
@@ -0,0 +1,31 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-ui
+  namespace: {{ .Release.Namespace }}
+  {{- if or .Values.hubble.ui.service.annotations  .Values.hubble.ui.annotations }}
+  annotations:
+    {{- with .Values.hubble.ui.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.ui.service.annotations  }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: cilium
+spec:
+  type: {{ .Values.hubble.ui.service.type | quote }}
+  selector:
+    k8s-app: hubble-ui
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8081
+      {{- if and (eq "NodePort" .Values.hubble.ui.service.type) .Values.hubble.ui.service.nodePort }}
+      nodePort: {{ .Values.hubble.ui.service.nodePort }}
+      {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/serviceaccount.yaml
new file mode 100644
index 0000000000..dc02ea2bfe
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.serviceAccounts.ui.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccounts.ui.name | quote }}
+  namespace: {{ .Release.Namespace }}
+  {{- if or .Values.serviceAccounts.ui.annotations .Values.hubble.ui.annotations }}
+  annotations:
+    {{- with .Values.hubble.ui.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccounts.ui.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/dashboards-configmap.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/dashboards-configmap.yaml
new file mode 100644
index 0000000000..c668ebfd37
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/dashboards-configmap.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.hubble.metrics.dashboards.enabled }}
+{{- $files := .Files.Glob "files/hubble/dashboards/*.json" }}
+{{- range $path, $fileContents := $files }}
+{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $dashboardName | trunc 63 | trimSuffix "-" }}
+  namespace: {{ $.Values.hubble.metrics.dashboards.namespace | default $.Release.Namespace }}
+  labels:
+    k8s-app: hubble
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    {{- if $.Values.hubble.metrics.dashboards.label }}
+    {{ $.Values.hubble.metrics.dashboards.label }}: {{ ternary $.Values.hubble.metrics.dashboards.labelValue "1" (not (empty $.Values.hubble.metrics.dashboards.labelValue)) | quote }}
+    {{- end }}
+  {{- if or $.Values.hubble.metrics.dashboards.annotations $.Values.hubble.annotations }}
+  annotations:
+    {{- with $.Values.hubble.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with $.Values.hubble.metrics.dashboards.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+data:
+  {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }}
+{{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/metrics-service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/metrics-service.yaml
new file mode 100644
index 0000000000..a2886c676d
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/metrics-service.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: network-observability
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: networkobservability
+    app.kubernetes.io/name: networkobservability
+    app.kubernetes.io/part-of: retina
+  annotations:
+    {{- with .Values.hubble.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.metrics.serviceAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if not .Values.hubble.metrics.serviceMonitor.enabled }}
+    prometheus.io/scrape: "true"
+    prometheus.io/port: {{ .Values.hubble.metrics.port | quote }}
+    {{- end }}
+spec:
+  clusterIP: None
+  type: ClusterIP
+  ports:
+  - name: hubble
+    port: {{ .Values.hubble.metrics.port }}
+    protocol: TCP
+    targetPort: {{ .Values.hubble.metrics.port }}
+  - name: retina
+    port: {{ .Values.retinaPort }}
+    protocol: TCP
+    targetPort: {{ .Values.retinaPort }}
+  selector:
+    k8s-app: retina
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/peer-service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/peer-service.yaml
new file mode 100644
index 0000000000..06f765b31c
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/peer-service.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.agent .Values.hubble.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: hubble-peer
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    k8s-app: retina
+    app.kubernetes.io/part-of: retina
+    app.kubernetes.io/name: hubble-peer
+spec:
+  selector:
+    k8s-app: retina
+  ports:
+  - name: peer-service
+    {{- if .Values.hubble.peerService.servicePort }}
+    port: {{ .Values.hubble.peerService.servicePort }}
+    {{- else }}
+    port: {{ .Values.hubble.tls.enabled | ternary 443 80 }}
+    {{- end }}
+    protocol: TCP
+    targetPort: {{ .Values.hubble.peerService.targetPort }}
+{{- if semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion }}
+  internalTrafficPolicy: Local
+{{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/servicemonitor.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/servicemonitor.yaml
new file mode 100644
index 0000000000..3b3ba8ba21
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/servicemonitor.yaml
@@ -0,0 +1,44 @@
+{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: hubble
+  namespace: {{ .Values.prometheus.serviceMonitor.namespace | default .Release.Namespace }}
+  labels:
+    app.kubernetes.io/part-of: cilium
+    {{- with .Values.hubble.metrics.serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.hubble.metrics.serviceMonitor.annotations .Values.hubble.annotations }}
+  annotations:
+    {{- with .Values.hubble.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.metrics.serviceMonitor.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: hubble
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  endpoints:
+  - port: hubble-metrics
+    interval: {{ .Values.hubble.metrics.serviceMonitor.interval | quote }}
+    honorLabels: true
+    path: /metrics
+    {{- with .Values.hubble.metrics.serviceMonitor.relabelings }}
+    relabelings:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.metrics.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- if .Values.hubble.metrics.serviceMonitor.jobLabel }}
+  jobLabel: {{ .Values.hubble.metrics.serviceMonitor.jobLabel | quote }}
+{{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-client-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-client-secret.yaml
new file mode 100644
index 0000000000..1dd96b18c3
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-client-secret.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") .Values.hubble.relay.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hubble-relay-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  issuerRef:
+    {{- toYaml .Values.hubble.tls.auto.certManagerIssuerRef | nindent 4 }}
+  secretName: hubble-relay-client-certs
+  commonName: "*.hubble-relay.cilium.io"
+  dnsNames:
+  - "*.hubble-relay.cilium.io"
+  duration: {{ printf "%dh0m0s" (mul .Values.hubble.tls.auto.certValidityDuration 24) }}
+  privateKey:
+    rotationPolicy: Always
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-server-secret.yaml
new file mode 100644
index 0000000000..845b4fb8e3
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/relay-server-secret.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hubble-relay-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  issuerRef:
+    {{- toYaml .Values.hubble.tls.auto.certManagerIssuerRef | nindent 4 }}
+  secretName: hubble-relay-server-certs
+  commonName: "*.hubble-relay.cilium.io"
+  dnsNames:
+  - "*.hubble-relay.cilium.io"
+  {{- range $dns := .Values.hubble.relay.tls.server.extraDnsNames }}
+  - {{ $dns | quote }}
+  {{- end }}
+  {{- if .Values.hubble.relay.tls.server.extraIpAddresses }}
+  ipAddresses:
+  {{- range $ip := .Values.hubble.relay.tls.server.extraIpAddresses }}
+  - {{ $ip | quote }}
+  {{- end }}
+  {{- end }}
+  duration: {{ printf "%dh0m0s" (mul .Values.hubble.tls.auto.certValidityDuration 24) }}
+  privateKey:
+    rotationPolicy: Always
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/server-secret.yaml
new file mode 100644
index 0000000000..5f202e10bd
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/server-secret.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") }}
+{{- $cn := list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hubble-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  issuerRef:
+    {{- toYaml .Values.hubble.tls.auto.certManagerIssuerRef | nindent 4 }}
+  secretName: hubble-server-certs
+  commonName: {{ $cn | quote }}
+  dnsNames:
+  - {{ $cn | quote }}
+  {{- range $dns := .Values.hubble.tls.server.extraDnsNames }}
+  - {{ $dns | quote }}
+  {{- end }}
+  {{- if .Values.hubble.tls.server.extraIpAddresses }}
+  ipAddresses:
+  {{- range $ip := .Values.hubble.tls.server.extraIpAddresses }}
+  - {{ $ip | quote }}
+  {{- end }}
+  {{- end }}
+  duration: {{ printf "%dh0m0s" (mul .Values.hubble.tls.auto.certValidityDuration 24) }}
+  privateKey:
+    rotationPolicy: Always
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/ui-client-certs.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/ui-client-certs.yaml
new file mode 100644
index 0000000000..5006666ec9
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-certmanager/ui-client-certs.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") .Values.hubble.ui.enabled .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hubble-ui-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  issuerRef:
+    {{- toYaml .Values.hubble.tls.auto.certManagerIssuerRef | nindent 4 }}
+  secretName: hubble-ui-client-certs
+  commonName: "*.hubble-ui.cilium.io"
+  dnsNames:
+  - "*.hubble-ui.cilium.io"
+  duration: {{ printf "%dh0m0s" (mul .Values.hubble.tls.auto.certValidityDuration 24) }}
+  privateKey:
+    rotationPolicy: Always
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/_job-spec.tpl b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/_job-spec.tpl
new file mode 100644
index 0000000000..67ef0e6484
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/_job-spec.tpl
@@ -0,0 +1,71 @@
+{{- define "hubble-generate-certs.job.spec" }}
+{{- $certValiditySecondsStr := printf "%ds" (mul .Values.hubble.tls.auto.certValidityDuration 24 60 60) -}}
+{{- $cluster := .Values.cluster | required "missing cluster value" -}}
+{{- $clusterName := $cluster.name | required "missing cluster.name value" -}}
+
+spec:
+  template:
+    metadata:
+      labels:
+        k8s-app: hubble-generate-certs
+        {{- with .Values.certgen.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      containers:
+        - name: certgen
+          image: {{ include "cilium.image" .Values.certgen.image | quote }}
+          imagePullPolicy: {{ .Values.certgen.image.pullPolicy }}
+          command:
+            - "/usr/bin/cilium-certgen"
+          # Because this is executed as a job, we pass the values as command
+          # line args instead of via config map. This allows users to inspect
+          # the values used in past runs by inspecting the completed pod.
+          args:
+            - "--cilium-namespace={{ .Release.Namespace }}"
+            {{- if .Values.debug.enabled }}
+            - "--debug"
+            {{- end }}
+            - "--ca-generate"
+            - "--ca-reuse-secret"
+            {{- if and .Values.tls.ca.cert .Values.tls.ca.key }}
+            - "--ca-secret-name=cilium-ca"
+            {{- end }}
+            - "--hubble-server-cert-generate"
+            - "--hubble-server-cert-common-name={{ list "*" ($clusterName | replace "." "-") "hubble-grpc.cilium.io" | join "." }}"
+            - "--hubble-server-cert-validity-duration={{ $certValiditySecondsStr }}"
+            {{- if .Values.hubble.relay.enabled }}
+            - "--hubble-relay-client-cert-generate"
+            - "--hubble-relay-client-cert-validity-duration={{ $certValiditySecondsStr }}"
+            {{- end }}
+            {{- if and .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+            - "--hubble-relay-server-cert-generate"
+            - "--hubble-relay-server-cert-validity-duration={{ $certValiditySecondsStr }}"
+            {{- end }}
+          {{- with .Values.certgen.extraVolumeMounts }}
+          volumeMounts:
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+      hostNetwork: true
+      {{- with .Values.certgen.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccount: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+      serviceAccountName: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+      automountServiceAccountToken: {{ .Values.serviceAccounts.hubblecertgen.automount }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: OnFailure
+      {{- with .Values.certgen.extraVolumes }}
+      volumes:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      affinity:
+      {{- with .Values.certgen.affinity }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+  ttlSecondsAfterFinished: {{ .Values.certgen.ttlSecondsAfterFinished }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrole.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrole.yaml
new file mode 100644
index 0000000000..74d0783173
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrole.yaml
@@ -0,0 +1,38 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: hubble-generate-certs
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - hubble-server-certs
+      - hubble-relay-client-certs
+      - hubble-relay-server-certs
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - cilium-ca
+    verbs:
+      - get
+      - update
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrolebinding.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrolebinding.yaml
new file mode 100644
index 0000000000..5938f16cc4
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: hubble-generate-certs
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hubble-generate-certs
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/cronjob.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/cronjob.yaml
new file mode 100644
index 0000000000..fa9966080d
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/cronjob.yaml
@@ -0,0 +1,25 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.hubble.tls.auto.schedule }}
+apiVersion: {{ include "cronjob.apiVersion" . }}
+kind: CronJob
+metadata:
+  name: hubble-generate-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble-generate-certs
+    app.kubernetes.io/name: hubble-generate-certs
+    app.kubernetes.io/part-of: cilium
+  {{- if or .Values.certgen.annotations.cronJob .Values.hubble.annotations }}
+  annotations:
+    {{- with .Values.hubble.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.certgen.annotations.cronJob }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  schedule: {{ .Values.hubble.tls.auto.schedule | quote }}
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    {{- include "hubble-generate-certs.job.spec" . | nindent 4 }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/job.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/job.yaml
new file mode 100644
index 0000000000..69fa8331ed
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/job.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: hubble-generate-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble-generate-certs
+    app.kubernetes.io/name: hubble-generate-certs
+    app.kubernetes.io/part-of: cilium
+  annotations:
+    {{- with .Values.certgen.annotations.job }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.hubble.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{ include "hubble-generate-certs.job.spec" . }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/serviceaccount.yaml
new file mode 100644
index 0000000000..62a8de804e
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-cronjob/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+  namespace: {{ .Release.Namespace }}
+  {{- if or .Values.serviceAccounts.hubblecertgen.annotations .Values.hubble.annotations }}
+  annotations:
+    {{- with .Values.hubble.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccounts.hubblecertgen.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/_helpers.tpl b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/_helpers.tpl
new file mode 100644
index 0000000000..79babf94f6
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/_helpers.tpl
@@ -0,0 +1,31 @@
+{{/*
+Generate TLS certificates for Hubble Server and Hubble Relay.
+
+Note: Always use this template as follows:
+
+    {{- $_ := include "hubble-generate-certs.helm.setup-ca" . -}}
+
+The assignment to `$_` is required because we store the generated CI in a global `ca` variable.
+Please, don't try to "simplify" this, as without this trick, every generated
+certificate would be signed by a different CA.
+*/}}
+{{- define "hubble-generate-certs.helm.setup-ca" }}
+  {{- if not .ca }}
+    {{- $ca := "" -}}
+    {{- $crt := .Values.tls.ca.cert -}}
+    {{- $key := .Values.tls.ca.key -}}
+    {{- if and $crt $key }}
+      {{- $ca = buildCustomCert $crt $key -}}
+    {{- else }}
+      {{- $_ := include "cilium.ca.setup" . -}}
+      {{- with lookup "v1" "Secret" .Release.Namespace .commonCASecretName }}
+        {{- $crt := index .data "ca.crt" }}
+        {{- $key := index .data "ca.key" }}
+        {{- $ca = buildCustomCert $crt $key -}}
+      {{- else }}
+        {{- $ca = .commonCA -}}
+      {{- end }}
+    {{- end }}
+    {{- $_ := set . "ca" $ca -}}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-client-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-client-secret.yaml
new file mode 100644
index 0000000000..e1d6e87638
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-client-secret.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") .Values.hubble.relay.enabled }}
+{{- $_ := include "hubble-generate-certs.helm.setup-ca" . -}}
+{{- $cn := "*.hubble-relay.cilium.io" }}
+{{- $dns := list $cn }}
+{{- $cert := genSignedCert $cn nil $dns (.Values.hubble.tls.auto.certValidityDuration | int) .ca -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-relay-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .ca.Cert | b64enc }}
+  tls.crt: {{ $cert.Cert | b64enc }}
+  tls.key: {{ $cert.Key  | b64enc }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-server-secret.yaml
new file mode 100644
index 0000000000..902c2be4f1
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/relay-server-secret.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+{{- $_ := include "hubble-generate-certs.helm.setup-ca" . -}}
+{{- $cn := "*.hubble-relay.cilium.io" }}
+{{- $ip := .Values.hubble.relay.tls.server.extraIpAddresses }}
+{{- $dns := prepend .Values.hubble.relay.tls.server.extraDnsNames $cn }}
+{{- $cert := genSignedCert $cn $ip $dns (.Values.hubble.tls.auto.certValidityDuration | int) .ca -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-relay-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .ca.Cert | b64enc }}
+  tls.crt: {{ $cert.Cert | b64enc }}
+  tls.key: {{ $cert.Key  | b64enc }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/server-secret.yaml
new file mode 100644
index 0000000000..a05c32667b
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/server-secret.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.agent .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") }}
+{{- $_ := include "hubble-generate-certs.helm.setup-ca" . -}}
+{{- $cn := list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." }}
+{{- $ip := .Values.hubble.tls.server.extraIpAddresses }}
+{{- $dns := prepend .Values.hubble.tls.server.extraDnsNames $cn }}
+{{- $cert := genSignedCert $cn $ip $dns (.Values.hubble.tls.auto.certValidityDuration | int) .ca -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .ca.Cert | b64enc }}
+  tls.crt: {{ $cert.Cert | b64enc }}
+  tls.key: {{ $cert.Key  | b64enc }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/ui-client-certs.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/ui-client-certs.yaml
new file mode 100644
index 0000000000..7b385b26bf
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-helm/ui-client-certs.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") .Values.hubble.ui.enabled .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+{{- $_ := include "hubble-generate-certs.helm.setup-ca" . -}}
+{{- $cn := "*.hubble-ui.cilium.io" }}
+{{- $dns := list $cn }}
+{{- $cert := genSignedCert $cn nil $dns (.Values.hubble.tls.auto.certValidityDuration | int) .ca -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-ui-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .ca.Cert | b64enc }}
+  tls.crt: {{ $cert.Cert | b64enc }}
+  tls.key: {{ $cert.Key  | b64enc }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-client-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-client-secret.yaml
new file mode 100644
index 0000000000..b1512ed279
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-client-secret.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled (not .Values.hubble.tls.auto.enabled) .Values.hubble.relay.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-relay-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .Values.tls.ca.cert }}
+  tls.crt: {{ .Values.hubble.relay.tls.client.cert | required "missing hubble.relay.tls.client.cert" }}
+  tls.key: {{ .Values.hubble.relay.tls.client.key  | required "missing hubble.relay.tls.client.key"  }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-server-secret.yaml
new file mode 100644
index 0000000000..07059143cd
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/relay-server-secret.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled (not .Values.hubble.tls.auto.enabled) .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-relay-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .Values.tls.ca.cert }}
+  tls.crt: {{ .Values.hubble.relay.tls.server.cert | required "missing hubble.relay.tls.server.cert" }}
+  tls.key: {{ .Values.hubble.relay.tls.server.key  | required "missing hubble.relay.tls.server.key"  }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/server-secret.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/server-secret.yaml
new file mode 100644
index 0000000000..f659a1fb02
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/server-secret.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.agent .Values.hubble.enabled .Values.hubble.tls.enabled (not .Values.hubble.tls.auto.enabled) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-server-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .Values.tls.ca.cert }}
+  tls.crt: {{ .Values.hubble.tls.server.cert | required "missing hubble.tls.server.cert" }}
+  tls.key: {{ .Values.hubble.tls.server.key  | required "missing hubble.tls.server.key"  }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/ui-client-certs.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/ui-client-certs.yaml
new file mode 100644
index 0000000000..ca7683a4a8
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble/tls-provided/ui-client-certs.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled (not .Values.hubble.tls.auto.enabled) .Values.hubble.ui.enabled .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hubble-ui-client-certs
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.hubble.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  ca.crt:  {{ .Values.tls.ca.cert }}
+  tls.crt: {{ .Values.hubble.ui.tls.client.cert | required "missing hubble.ui.tls.client.cert" }}
+  tls.key: {{ .Values.hubble.ui.tls.client.key  | required "missing hubble.ui.tls.client.key"  }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrole.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrole.yaml
new file mode 100644
index 0000000000..e143cd4d02
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrole.yaml
@@ -0,0 +1,110 @@
+{{- if .Values.operator.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: retina-operator-role
+rules:
+  - apiGroups: 
+      - "apiextensions.k8s.io"
+    resources: 
+      - "customresourcedefinitions"
+    verbs: 
+      - "create"
+      - "get"
+      - "update"
+      - "delete"
+      - "patch"
+  - apiGroups:
+    - ""
+    resources:
+      - pods
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - batch
+    resources:
+    - jobs
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+      - batch
+    resources:
+    - jobs/status
+    verbs:
+    - get
+  - apiGroups:
+    - retina.io
+    resources:
+    - captures
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+      - retina.io
+    resources:
+    - captures/finalizers
+    verbs:
+    - update
+  - apiGroups:
+      - retina.io
+    resources:
+    - captures/status
+    verbs:
+    - get
+    - patch
+    - update
+  - apiGroups:
+    - cilium.io
+    resources:
+    - ciliumidentities
+    - ciliumendpoints
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  # for endpointgc
+  # will not create ciliumnode objects
+  - apiGroups:
+    - cilium.io
+    resources:
+    - ciliumnodes
+    verbs:
+    - get
+    - list
+    - watch
+  # For cilium-operator running in HA mode.
+  #
+  # Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
+  # between multiple running instances.
+  # The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
+  # common and fewer objects in the cluster watch "all Leases".
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - create
+    - get
+    - update
+
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
new file mode 100644
index 0000000000..09580886c7
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.operator.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/instance: retina-operator-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: operator
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+  name: retina-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: retina-operator-role
+subjects:
+- kind: ServiceAccount
+  name: retina-operator
+  namespace: kube-system
+
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/configmap.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/configmap.yaml
new file mode 100644
index 0000000000..208ce1d433
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.operator.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: retina-operator-config
+  namespace: {{ .Values.namespace }}
+data:
+  enable-telemetry: {{ .Values.enableTelemetry | quote }}
+  log-opt: "{\"level\":\"{{ .Values.logLevel }}\"}"
+  leader-election: {{ .Values.operator.leaderElection | quote }}
+  identity-gc-interval: {{ .Values.operator.identityGCInterval }}
+  cilium-endpoint-gc-interval: {{ .Values.operator.endpointGCInterval }}
+
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
new file mode 100644
index 0000000000..7aed8c5281
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
@@ -0,0 +1,98 @@
+{{- if .Values.operator.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: retina-operator
+  namespace: kube-system
+  labels:
+    app: retina-operator
+    control-plane: retina-operator
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/instance: retina-operator
+    app.kubernetes.io/component: retina-operator
+    app.kubernetes.io/created-by: operator
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+spec:
+  selector:
+    matchLabels:
+      control-plane: retina-operator
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: retina-operator
+      labels:
+        app: retina-operator
+        control-plane: retina-operator
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+        - command:
+            - /retina-operator
+          args:
+            - --config-dir=/retina
+          image: {{ .Values.operator.repository }}:{{ .Values.operator.tag }}
+          imagePullPolicy: {{ .Values.operator.pullPolicy }}
+          name: retina-operator
+          env:
+          # this env var is used by retina OSS telemetry and zap
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.name
+          volumeMounts:
+            - name: retina-operator-config
+              mountPath: /retina/
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+          # livenessProbe:
+          #   httpGet:
+          #     path: /healthz
+          #     port: 8081
+          #   initialDelaySeconds: 15
+          #   periodSeconds: 20
+          # readinessProbe:
+          #   httpGet:
+          #     path: /readyz
+          #     port: 8081
+          #   initialDelaySeconds: 5
+          #   periodSeconds: 10
+          resources:
+            limits:
+              cpu: 500m
+              memory: 500Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+      serviceAccountName: retina-operator
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: retina-operator-config
+          configMap:
+            name: retina-operator-config
+
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
new file mode 100644
index 0000000000..5bc62e53ba
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.operator.enabled -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/instance: retina-operator
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: operator
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+  name: retina-operator
+  namespace: kube-system
+
+{{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/validate.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/validate.yaml
new file mode 100644
index 0000000000..d473415046
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/validate.yaml
@@ -0,0 +1,47 @@
+{{/* validate hubble config */}}
+{{- if and .Values.hubble.ui.enabled (not .Values.hubble.ui.standalone.enabled) }}
+  {{- if not .Values.hubble.relay.enabled }}
+    {{ fail "Hubble UI requires .Values.hubble.relay.enabled=true" }}
+  {{- end }}
+{{- end }}
+{{- if and .Values.hubble.ui.enabled .Values.hubble.ui.standalone.enabled .Values.hubble.relay.tls.server.enabled }}
+  {{- if not .Values.hubble.ui.standalone.tls.certsVolume }}
+    {{ fail "Hubble UI in standalone with Hubble Relay server TLS enabled requires providing .Values.hubble.ui.standalone.tls.certsVolume for mounting client certificates in the backend pod" }}
+  {{- end }}
+{{- end }}
+{{- if .Values.hubble.relay.enabled }}
+  {{- if not .Values.hubble.enabled }}
+    {{ fail "Hubble Relay requires .Values.hubble.enabled=true" }}
+  {{- end }}
+{{- end }}
+
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") }}
+  {{- if not .Values.hubble.tls.auto.certManagerIssuerRef }}
+    {{ fail "Hubble TLS certgen method=certmanager requires that user specifies .Values.hubble.tls.auto.certManagerIssuerRef" }}
+  {{- end }}
+{{- end }}
+
+{{- if and .Values.hubble.redact.http.headers.allow .Values.hubble.redact.http.headers.deny }}
+  {{ fail "Only one of .Values.hubble.redact.http.headers.allow, .Values.hubble.redact.http.headers.deny can be specified"}}
+{{- end }}
+
+{{/* validate hubble-ui specific config */}}
+{{- if and .Values.hubble.ui.enabled
+  (ne .Values.hubble.ui.backend.image.tag "latest")
+  (ne .Values.hubble.ui.frontend.image.tag "latest") }}
+  {{- if regexReplaceAll "@.*$" .Values.hubble.ui.backend.image.tag "" | trimPrefix "v" | semverCompare "<0.9.0" }}
+    {{ fail "Hubble UI requires hubble.ui.backend.image.tag to be '>=v0.9.0'" }}
+  {{- end }}
+  {{- if regexReplaceAll "@.*$" .Values.hubble.ui.frontend.image.tag "" | trimPrefix "v" | semverCompare "<0.9.0" }}
+    {{ fail "Hubble UI requires hubble.ui.frontend.image.tag to be '>=v0.9.0'" }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.externalWorkloads.enabled }}
+  {{- if ne .Values.identityAllocationMode "crd" }}
+    {{ fail (printf "External workloads support cannot be enabled in combination with .Values.identityAllocationMode=%s" .Values.identityAllocationMode ) }}
+  {{- end }}
+  {{- if .Values.disableEndpointCRD }}
+    {{ fail "External workloads support cannot be enabled in combination with .Values.disableEndpointCRD=true" }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/values.yaml b/deploy/hubble/manifests/controller/helm/retina/values.yaml
new file mode 100644
index 0000000000..75b91a54e7
--- /dev/null
+++ b/deploy/hubble/manifests/controller/helm/retina/values.yaml
@@ -0,0 +1,920 @@
+# Default values for retina.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+debug:
+  enabled: false
+
+cluster:
+  name: "default"
+
+# Support linux and windows by default.
+os:
+  linux: true
+  windows: false
+
+# FIXME: remove unnecessary pieces, etc.
+operator:
+  enabled: true
+  repository: acndev.azurecr.io/retina-operator
+  pullPolicy: Always
+  tag: "latest"
+  leaderElection: true
+  identityGCInterval: 15m # cilium default
+  endpointGCInterval: 5m  # cilium default
+
+agent:
+  leaderElection: false
+  enabled: true
+  name: retina-agent
+  repository: acndev.azurecr.io/retina-agent
+  tag: "latest"
+  init:
+    enabled: true
+    name: retina-agent-init
+    repository: acndev.azurecr.io/retina-agent-init
+    tag: "latest"
+  pullPolicy: Always
+  container:
+    retina:
+      command:
+        - "/retina/controller"
+      args:
+        - "hubble-control-plane"
+        - "--config-dir"
+        - "/retina/config"
+      healthProbeBindAddress: ":18081"
+      metricsBindAddress: ":18080"
+      ports:
+        containerPort: 10093
+
+enablePodLevel: true
+remoteContext: false
+enableAnnotations: false
+bypassLookupIPOfInterest: true
+
+imagePullSecrets: []
+nameOverride: "retina"
+fullnameOverride: "retina-svc"
+
+namespace: kube-system
+
+agent_win:
+  name: retina-agent-win
+
+retinaPort: 10093
+
+apiServer:
+  host: "0.0.0.0"
+  port: 10093
+
+# Supported - debug, info, error, warn, panic, fatal.
+logLevel: info
+
+enabledPlugin_linux: '["linuxutil","packetforward","packetparser","dns", "dropreason"]'
+enabledPlugin_win: '["hnsstats"]'
+
+enableTelemetry: true
+
+# Interval, in seconds, to scrape/publish metrics.
+metricsInterval: 10
+
+azure:
+  appinsights:
+    instrumentation_key: "app-insights-instrumentation-key"
+
+# volume mounts with name and mountPath
+volumeMounts:
+  debug: /sys/kernel/debug
+  trace: /sys/kernel/tracing
+  bpf: /sys/fs/bpf
+  cgroup: /sys/fs/cgroup
+  tmp: /tmp
+  config: /retina/config
+  varrun: /var/run
+
+#volume mounts for indows
+volumeMounts_win:
+  retina-config-win: retina
+
+securityContext:
+  privileged: false
+  capabilities:
+    add:
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - NET_ADMIN # for packetparser plugin
+      - IPC_LOCK # for mmap() calls made by NewReader(), ref: https://man7.org/linux/man-pages/man2/mmap.2.html
+  windowsOptions:
+    runAsUserName: "NT AUTHORITY\\SYSTEM"
+
+service:
+  type: ClusterIP
+  port: 10093
+  targetPort: 10093
+  name: retina
+
+serviceAccount:
+  annotations: {}
+  name: "retina-agent"
+
+resources:
+  limits:
+    memory: "500Mi"
+    cpu: "500m"
+
+# -- Define serviceAccount names for components.
+# @default -- Component's fully qualified name.
+serviceAccounts:
+  relay:
+    create: true
+    name: hubble-relay
+    automount: false
+    annotations: {}
+  ui:
+    create: true
+    name: hubble-ui
+    automount: true
+    annotations: {}
+  # -- Hubblecertgen is used if hubble.tls.auto.method=cronJob
+  hubblecertgen:
+    create: true
+    name: hubble-generate-certs
+    automount: true
+    annotations: {}
+
+# -- Configure external workloads support
+externalWorkloads:
+  # -- Enable support for external workloads, such as VMs (false by default).
+  enabled: false
+
+#######################
+#                     #
+#   Hubble Config     #
+#                     #
+#######################
+# https://github.com/cilium/cilium/blob/2afcb614a3eeef0df963fffc52006063f96bcac9/install/kubernetes/cilium/values.yaml#L993
+
+hubble:
+  # -- Enable Hubble (true by default).
+  enabled: true
+
+  # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble)
+  annotations: {}
+
+  # -- Buffer size of the channel Hubble uses to receive monitor events. If this
+  # value is not set, the queue size is set to the default monitor queue size.
+  eventQueueSize: "16383"
+
+  # -- Number of recent flows for Hubble to cache. Defaults to 4095.
+  # Possible values are:
+  #   1, 3, 7, 15, 31, 63, 127, 255, 511, 1023,
+  #   2047, 4095, 8191, 16383, 32767, 65535
+  # eventBufferCapacity: "4095"
+
+  # -- Hubble metrics configuration.
+  # See https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics
+  # for more comprehensive documentation about Hubble metrics.
+  metrics:
+    # -- Configures the list of metrics to collect. If empty or null, metrics
+    # are disabled.
+    # Example:
+    #
+    #   enabled:
+    #   - dns:query;ignoreAAAA
+    #   - drop
+    #   - tcp
+    #   - flow
+    #   - icmp
+    #   - http
+    #
+    # You can specify the list of metrics from the helm CLI:
+    #
+    #   --set hubble.metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}"
+    #
+    enabled:
+      - flow:sourceEgressContext=pod;destinationIngressContext=pod
+      - tcp:sourceEgressContext=pod;destinationIngressContext=pod
+      - dns:query;sourceEgressContext=pod;destinationIngressContext=pod
+      - drop:sourceEgressContext=pod;destinationIngressContext=pod
+    # -- Enables exporting hubble metrics in OpenMetrics format.
+    enableOpenMetrics: false
+    # -- Configure the port the hubble metric server listens on.
+    port: 9965
+    # -- Annotations to be added to hubble-metrics service.
+    serviceAnnotations: {}
+    serviceMonitor:
+      # -- Create ServiceMonitor resources for Prometheus Operator.
+      # This requires the prometheus CRDs to be available.
+      # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
+      enabled: false
+      # -- Labels to add to ServiceMonitor hubble
+      labels: {}
+      # -- Annotations to add to ServiceMonitor hubble
+      annotations: {}
+      # -- jobLabel to add for ServiceMonitor hubble
+      jobLabel: ""
+      # -- Interval for scrape metrics.
+      interval: "10s"
+      # -- Relabeling configs for the ServiceMonitor hubble
+      relabelings:
+        - sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+          replacement: ${1}
+      # -- Metrics relabeling configs for the ServiceMonitor hubble
+      metricRelabelings: ~
+    # -- Grafana dashboards for hubble
+    # grafana can import dashboards based on the label and value
+    # ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#sidecar-for-dashboards
+    dashboards:
+      enabled: false
+      label: grafana_dashboard
+      namespace: ~
+      labelValue: "1"
+      annotations: {}
+
+  # -- Unix domain socket path to listen to when Hubble is enabled.
+  socketPath: /var/run/cilium/hubble.sock
+
+  # -- Enables redacting sensitive information present in Layer 7 flows.
+  redact:
+    enabled: false
+    http:
+      # -- Enables redacting URL query (GET) parameters.
+      # Example:
+      #
+      #   redact:
+      #     enabled: true
+      #     http:
+      #       urlQuery: true
+      #
+      # You can specify the options from the helm CLI:
+      #
+      #   --set hubble.redact.enabled="true"
+      #   --set hubble.redact.http.urlQuery="true"
+      urlQuery: false
+      # -- Enables redacting user info, e.g., password when basic auth is used.
+      # Example:
+      #
+      #   redact:
+      #     enabled: true
+      #     http:
+      #       userInfo: true
+      #
+      # You can specify the options from the helm CLI:
+      #
+      #   --set hubble.redact.enabled="true"
+      #   --set hubble.redact.http.userInfo="true"
+      userInfo: true
+      headers:
+        # -- List of HTTP headers to allow: headers not matching will be redacted. Note: `allow` and `deny` lists cannot be used both at the same time, only one can be present.
+        # Example:
+        #   redact:
+        #     enabled: true
+        #     http:
+        #       headers:
+        #         allow:
+        #           - traceparent
+        #           - tracestate
+        #           - Cache-Control
+        #
+        # You can specify the options from the helm CLI:
+        #   --set hubble.redact.enabled="true"
+        #   --set hubble.redact.http.headers.allow="traceparent,tracestate,Cache-Control"
+        allow: []
+        # -- List of HTTP headers to deny: matching headers will be redacted. Note: `allow` and `deny` lists cannot be used both at the same time, only one can be present.
+        # Example:
+        #   redact:
+        #     enabled: true
+        #     http:
+        #       headers:
+        #         deny:
+        #           - Authorization
+        #           - Proxy-Authorization
+        #
+        # You can specify the options from the helm CLI:
+        #   --set hubble.redact.enabled="true"
+        #   --set hubble.redact.http.headers.deny="Authorization,Proxy-Authorization"
+        deny: []
+    kafka:
+      # -- Enables redacting Kafka's API key.
+      # Example:
+      #
+      #   redact:
+      #     enabled: true
+      #     kafka:
+      #       apiKey: true
+      #
+      # You can specify the options from the helm CLI:
+      #
+      #   --set hubble.redact.enabled="true"
+      #   --set hubble.redact.kafka.apiKey="true"
+      apiKey: false
+
+  # -- An additional address for Hubble to listen to.
+  # Set this field ":4244" if you are enabling Hubble Relay, as it assumes that
+  # Hubble is listening on port 4244.
+  listenAddress: ":4244"
+  # -- Whether Hubble should prefer to announce IPv6 or IPv4 addresses if both are available.
+  preferIpv6: false
+  # -- (bool) Skip Hubble events with unknown cgroup ids
+  # @default -- `true`
+  skipUnknownCGroupIDs: ~
+
+  peerService:
+    # -- Service Port for the Peer service.
+    # If not set, it is dynamically assigned to port 443 if TLS is enabled and to
+    # port 80 if not.
+    servicePort: 80
+    # -- Target Port for the Peer service, must match the hubble.listenAddress'
+    # port.
+    targetPort: 4244
+    # -- The cluster domain to use to query the Hubble Peer service. It should
+    # be the local cluster.
+    clusterDomain: cluster.local
+  # -- TLS configuration for Hubble
+  tls:
+    # -- Enable mutual TLS for listenAddress. Setting this value to false is
+    # highly discouraged as the Hubble API provides access to potentially
+    # sensitive network flow metadata and is exposed on the host network.
+    enabled: true
+    # -- Configure automatic TLS certificates generation.
+    auto:
+      # -- Auto-generate certificates.
+      # When set to true, automatically generate a CA and certificates to
+      # enable mTLS between Hubble server and Hubble Relay instances. If set to
+      # false, the certs for Hubble server need to be provided by setting
+      # appropriate values below.
+      enabled: true
+      # -- Set the method to auto-generate certificates. Supported values:
+      # - helm:         This method uses Helm to generate all certificates.
+      # - cronJob:      This method uses a Kubernetes CronJob the generate any
+      #                 certificates not provided by the user at installation
+      #                 time.
+      # - certmanager:  This method use cert-manager to generate & rotate certificates.
+      method: cronJob
+      # -- Generated certificates validity duration in days.
+      certValidityDuration: 120
+      # -- Schedule for certificates regeneration (regardless of their expiration date).
+      # Only used if method is "cronJob". If nil, then no recurring job will be created.
+      # Instead, only the one-shot job is deployed to generate the certificates at
+      # installation time.
+      #
+      # Defaults to midnight of the first day of every fourth month. For syntax, see
+      # https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax
+      schedule: "0 0 1 */4 *"
+
+      # [Example]
+      # certManagerIssuerRef:
+      #   group: cert-manager.io
+      #   kind: ClusterIssuer
+      #   name: ca-issuer
+      # -- certmanager issuer used when hubble.tls.auto.method=certmanager.
+      certManagerIssuerRef: {}
+
+    # -- base64 encoded PEM values for the Hubble server certificate and private key
+    server:
+      cert: ""
+      key: ""
+      # -- Extra DNS names added to certificate when it's auto generated
+      extraDnsNames: []
+      # -- Extra IP addresses added to certificate when it's auto generated
+      extraIpAddresses: []
+
+  relay:
+    # -- Enable Hubble Relay (requires hubble.enabled=true)
+    enabled: true
+
+    # -- Roll out Hubble Relay pods automatically when configmap is updated.
+    rollOutPods: false
+
+    # -- Hubble-relay container image.
+    image:
+      override: ~
+      repository: "mcr.microsoft.com/oss/cilium/hubble-relay"
+      tag: "v1.15.0"
+      digest: "sha256:19cd56e7618832257bf88b2f281287cb57f9f7fcb9e04775a6198d4bc4daffae"
+      useDigest: false
+      pullPolicy: "Always"
+
+    # -- Specifies the resources for the hubble-relay pods
+    resources: {}
+
+    # -- Number of replicas run for the hubble-relay deployment.
+    replicas: 1
+
+    # -- Affinity for hubble-replay
+    affinity:
+      podAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: kubernetes.io/hostname
+            labelSelector:
+              matchLabels:
+                k8s-app: retina
+
+    # -- Pod topology spread constraints for hubble-relay
+    topologySpreadConstraints:
+      []
+      # - maxSkew: 1
+      #   topologyKey: topology.kubernetes.io/zone
+      #   whenUnsatisfiable: DoNotSchedule
+
+    # -- Node labels for pod assignment
+    # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+    nodeSelector:
+      kubernetes.io/os: linux
+
+    # -- Node tolerations for pod assignment on nodes with taints
+    # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+    tolerations: []
+
+    # -- Additional hubble-relay environment variables.
+    extraEnv: []
+
+    # -- Annotations to be added to all top-level hubble-relay objects (resources under templates/hubble-relay)
+    annotations: {}
+
+    # -- Annotations to be added to hubble-relay pods
+    podAnnotations: {}
+
+    # -- Labels to be added to hubble-relay pods
+    podLabels: {}
+
+    # PodDisruptionBudget settings
+    podDisruptionBudget:
+      # -- enable PodDisruptionBudget
+      # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+      enabled: false
+      # -- Minimum number/percentage of pods that should remain scheduled.
+      # When it's set, maxUnavailable must be disabled by `maxUnavailable: null`
+      minAvailable: null
+      # -- Maximum number/percentage of pods that may be made unavailable
+      maxUnavailable: 1
+
+    # -- The priority class to use for hubble-relay
+    priorityClassName: ""
+
+    # -- Configure termination grace period for hubble relay Deployment.
+    terminationGracePeriodSeconds: 1
+
+    # -- hubble-relay update strategy
+    updateStrategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxUnavailable: 1
+
+    # -- Additional hubble-relay volumes.
+    extraVolumes: []
+
+    # -- Additional hubble-relay volumeMounts.
+    extraVolumeMounts: []
+
+    # -- hubble-relay pod security context
+    podSecurityContext:
+      fsGroup: 65532
+
+    # -- hubble-relay container security context
+    securityContext:
+      # readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      capabilities:
+        drop:
+          - ALL
+
+    # -- hubble-relay service configuration.
+    service:
+      # --- The type of service used for Hubble Relay access, either ClusterIP or NodePort.
+      type: ClusterIP
+      # --- The port to use when the service type is set to NodePort.
+      nodePort: 31234
+
+    # -- Host to listen to. Specify an empty string to bind to all the interfaces.
+    listenHost: ""
+
+    # -- Port to listen to.
+    listenPort: "4245"
+
+    # -- TLS configuration for Hubble Relay
+    tls:
+      # -- base64 encoded PEM values for the hubble-relay client certificate and private key
+      # This keypair is presented to Hubble server instances for mTLS
+      # authentication and is required when hubble.tls.enabled is true.
+      # These values need to be set manually if hubble.tls.auto.enabled is false.
+      client:
+        cert: ""
+        key: ""
+      # -- base64 encoded PEM values for the hubble-relay server certificate and private key
+      server:
+        # When set to true, enable TLS on for Hubble Relay server
+        # (ie: for clients connecting to the Hubble Relay API).
+        enabled: true
+        # When set to true enforces mutual TLS between Hubble Relay server and its clients.
+        # False allow non-mutual TLS connections.
+        # This option has no effect when TLS is disabled.
+        mtls: true
+        # These values need to be set manually if hubble.tls.auto.enabled is false.
+        cert: ""
+        key: ""
+        # -- extra DNS names added to certificate when its auto gen
+        extraDnsNames: []
+        # -- extra IP addresses added to certificate when its auto gen
+        extraIpAddresses: []
+        # DNS name used by the backend to connect to the relay
+        # This is a simple workaround as the relay certificates are currently hardcoded to
+        # *.hubble-relay.cilium.io
+        # See https://github.com/cilium/cilium/pull/28709#discussion_r1371792546
+        # For GKE Dataplane V2 this should be set to relay.kube-system.svc.cluster.local
+        relayName: "ui.hubble-relay.cilium.io"
+
+    # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s").
+    dialTimeout: ~
+
+    # -- Backoff duration to retry connecting to the local hubble instance in case of failure (e.g. "30s").
+    retryTimeout: ~
+
+    # -- Max number of flows that can be buffered for sorting before being sent to the
+    # client (per request) (e.g. 100).
+    sortBufferLenMax: ~
+
+    # -- When the per-request flows sort buffer is not full, a flow is drained every
+    # time this timeout is reached (only affects requests in follow-mode) (e.g. "1s").
+    sortBufferDrainTimeout: ~
+
+    # -- Port to use for the k8s service backed by hubble-relay pods.
+    # If not set, it is dynamically assigned to port 443 if TLS is enabled and to
+    # port 80 if not.
+    # servicePort: 80
+
+    # -- Enable prometheus metrics for hubble-relay on the configured port at
+    # /metrics
+    prometheus:
+      enabled: false
+      port: 9966
+      serviceMonitor:
+        # -- Enable service monitors.
+        # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
+        enabled: false
+        # -- Labels to add to ServiceMonitor hubble-relay
+        labels: {}
+        # -- Annotations to add to ServiceMonitor hubble-relay
+        annotations: {}
+        # -- Interval for scrape metrics.
+        interval: "10s"
+        # -- Specify the Kubernetes namespace where Prometheus expects to find
+        # service monitors configured.
+        # namespace: ""
+        # -- Relabeling configs for the ServiceMonitor hubble-relay
+        relabelings: ~
+        # -- Metrics relabeling configs for the ServiceMonitor hubble-relay
+        metricRelabelings: ~
+
+    gops:
+      # -- Enable gops for hubble-relay
+      enabled: true
+      # -- Configure gops listen port for hubble-relay
+      port: 9893
+
+    pprof:
+      # -- Enable pprof for hubble-relay
+      enabled: false
+      # -- Configure pprof listen address for hubble-relay
+      address: localhost
+      # -- Configure pprof listen port for hubble-relay
+      port: 6062
+
+  ui:
+    # -- Whether to enable the Hubble UI.
+    enabled: true
+
+    standalone:
+      # -- When true, it will allow installing the Hubble UI only, without checking dependencies.
+      # It is useful if a cluster already has cilium and Hubble relay installed and you just
+      # want Hubble UI to be deployed.
+      # When installed via helm, installing UI should be done via `helm upgrade` and when installed via the cilium cli, then `cilium hubble enable --ui`
+      enabled: false
+
+      tls:
+        # -- When deploying Hubble UI in standalone, with tls enabled for Hubble relay, it is required
+        # to provide a volume for mounting the client certificates.
+        certsVolume:
+          {}
+          # projected:
+          #   defaultMode: 0400
+          #   sources:
+          #   - secret:
+          #       name: hubble-ui-client-certs
+          #       items:
+          #       - key: tls.crt
+          #         path: client.crt
+          #       - key: tls.key
+          #         path: client.key
+          #       - key: ca.crt
+          #         path: hubble-relay-ca.crt
+
+    # -- Roll out Hubble-ui pods automatically when configmap is updated.
+    rollOutPods: false
+
+    tls:
+      # -- base64 encoded PEM values used to connect to hubble-relay
+      # This keypair is presented to Hubble Relay instances for mTLS
+      # authentication and is required when hubble.relay.tls.server.enabled is true.
+      # These values need to be set manually if hubble.tls.auto.enabled is false.
+      client:
+        cert: ""
+        key: ""
+
+    backend:
+      # -- Hubble-ui backend image.
+      image:
+        override: ~
+        repository: "mcr.microsoft.com/oss/cilium/hubble-ui-backend"
+        tag: "v0.12.2"
+        digest: "sha256:b73dd1ac1b7159d42cdba31433964313e756daafefffad5e91c3b61b47c3782f"
+        useDigest: true
+        pullPolicy: "Always"
+
+      # -- Hubble-ui backend security context.
+      securityContext: {}
+
+      # -- Additional hubble-ui backend environment variables.
+      extraEnv: []
+
+      # -- Additional hubble-ui backend volumes.
+      extraVolumes: []
+
+      # -- Additional hubble-ui backend volumeMounts.
+      extraVolumeMounts: []
+
+      livenessProbe:
+        # -- Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+)
+        enabled: false
+
+      readinessProbe:
+        # -- Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+)
+        enabled: false
+
+      # -- Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment.
+      resources: {}
+      #   limits:
+      #     cpu: 1000m
+      #     memory: 1024M
+      #   requests:
+      #     cpu: 100m
+      #     memory: 64Mi
+
+    frontend:
+      # -- Hubble-ui frontend image.
+      image:
+        override: ~
+        repository: "mcr.microsoft.com/oss/cilium/hubble-ui"
+        tag: "v0.12.2"
+        digest: "sha256:8c53cdaebb4ae863ad061387a68ea06e38777d2911e6c0e570be1932bb4ba526"
+        useDigest: true
+        pullPolicy: "Always"
+
+      # -- Hubble-ui frontend security context.
+      securityContext: {}
+
+      # -- Additional hubble-ui frontend environment variables.
+      extraEnv: []
+
+      # -- Additional hubble-ui frontend volumes.
+      extraVolumes: []
+
+      # -- Additional hubble-ui frontend volumeMounts.
+      extraVolumeMounts: []
+
+      # -- Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment.
+      resources: {}
+      #   limits:
+      #     cpu: 1000m
+      #     memory: 1024M
+      #   requests:
+      #     cpu: 100m
+      #     memory: 64Mi
+      server:
+        # -- Controls server listener for ipv6
+        ipv6:
+          enabled: true
+
+    # -- The number of replicas of Hubble UI to deploy.
+    replicas: 1
+
+    # -- Annotations to be added to all top-level hubble-ui objects (resources under templates/hubble-ui)
+    annotations: {}
+
+    # -- Annotations to be added to hubble-ui pods
+    podAnnotations: {}
+
+    # -- Labels to be added to hubble-ui pods
+    podLabels: {}
+
+    # PodDisruptionBudget settings
+    podDisruptionBudget:
+      # -- enable PodDisruptionBudget
+      # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+      enabled: false
+      # -- Minimum number/percentage of pods that should remain scheduled.
+      # When it's set, maxUnavailable must be disabled by `maxUnavailable: null`
+      minAvailable: null
+      # -- Maximum number/percentage of pods that may be made unavailable
+      maxUnavailable: 1
+
+    # -- Affinity for hubble-ui
+    affinity: {}
+
+    # -- Pod topology spread constraints for hubble-ui
+    topologySpreadConstraints:
+      []
+      # - maxSkew: 1
+      #   topologyKey: topology.kubernetes.io/zone
+      #   whenUnsatisfiable: DoNotSchedule
+
+    # -- Node labels for pod assignment
+    # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+    nodeSelector:
+      kubernetes.io/os: linux
+
+    # -- Node tolerations for pod assignment on nodes with taints
+    # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+    tolerations: []
+
+    # -- The priority class to use for hubble-ui
+    priorityClassName: ""
+
+    # -- hubble-ui update strategy.
+    updateStrategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxUnavailable: 1
+
+    # -- Security context to be added to Hubble UI pods
+    securityContext:
+      runAsUser: 1001
+      runAsGroup: 1001
+      fsGroup: 1001
+
+    # -- hubble-ui service configuration.
+    service:
+      # -- Annotations to be added for the Hubble UI service
+      annotations: {}
+      # --- The type of service used for Hubble UI access, either ClusterIP or NodePort.
+      type: ClusterIP
+      # --- The port to use when the service type is set to NodePort.
+      nodePort: 31235
+
+    # -- Defines base url prefix for all hubble-ui http requests.
+    # It needs to be changed in case if ingress for hubble-ui is configured under some sub-path.
+    # Trailing `/` is required for custom path, ex. `/service-map/`
+    baseUrl: "/"
+
+    # -- hubble-ui ingress configuration.
+    ingress:
+      enabled: false
+      annotations:
+        {}
+        # kubernetes.io/ingress.class: nginx
+        # kubernetes.io/tls-acme: "true"
+      className: ""
+      hosts:
+        - chart-example.local
+      labels: {}
+      tls: []
+      #  - secretName: chart-example-tls
+      #    hosts:
+      #      - chart-example.local
+
+  # -- Hubble flows export.
+  export:
+    # --- Defines max file size of output file before it gets rotated.
+    fileMaxSizeMb: 10
+    # --- Defines max number of backup/rotated files.
+    fileMaxBackups: 5
+    # --- Static exporter configuration.
+    # Static exporter is bound to agent lifecycle.
+    static:
+      enabled: false
+      filePath: /var/run/cilium/hubble/events.log
+      fieldMask: []
+      # - time
+      # - source
+      # - destination
+      # - verdict
+      allowList: []
+      # - '{"verdict":["DROPPED","ERROR"]}'
+      denyList: []
+      # - '{"source_pod":["kube-system/"]}'
+      # - '{"destination_pod":["kube-system/"]}'
+    # --- Dynamic exporters configuration.
+    # Dynamic exporters may be reconfigured without a need of agent restarts.
+    dynamic:
+      enabled: false
+      config:
+        # ---- Name of configmap with configuration that may be altered to reconfigure exporters within a running agents.
+        configMapName: cilium-flowlog-config
+        # ---- True if helm installer should create config map.
+        # Switch to false if you want to self maintain the file content.
+        createConfigMap: true
+        # ---- Exporters configuration in YAML format.
+        content:
+          - name: all
+            fieldMask: []
+            includeFilters: []
+            excludeFilters: []
+            filePath: "/var/run/cilium/hubble/events.log"
+        #- name: "test002"
+        #  filePath: "/var/log/network/flow-log/pa/test002.log"
+        #  fieldMask: ["source.namespace", "source.pod_name", "destination.namespace", "destination.pod_name", "verdict"]
+        #  includeFilters:
+        #  - source_pod: ["default/"]
+        #    event_type:
+        #    - type: 1
+        #  - destination_pod: ["frontend/nginx-975996d4c-7hhgt"]
+        #  excludeFilters: []
+        #  end: "2023-10-09T23:59:59-07:00"
+
+# -- Configure certificate generation for Hubble integration.
+# If hubble.tls.auto.method=cronJob, these values are used
+# for the Kubernetes CronJob which will be scheduled regularly to
+# (re)generate any certificates not provided manually.
+certgen:
+  image:
+    override: ~
+    repository: "mcr.microsoft.com/oss/cilium/certgen"
+    tag: "v0.1.9"
+    #digest: "sha256:89a0847753686444daabde9474b48340993bd19c7bea66a46e45b2974b82041f"
+    useDigest: false
+    pullPolicy: "Always"
+  # -- Seconds after which the completed job pod will be deleted
+  ttlSecondsAfterFinished: 1800
+  # -- Labels to be added to hubble-certgen pods
+  podLabels: {}
+  # -- Annotations to be added to the hubble-certgen initial Job and CronJob
+  annotations:
+    job: {}
+    cronJob: {}
+  # -- Node tolerations for pod assignment on nodes with taints
+  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+  tolerations: []
+
+  # -- Additional certgen volumes.
+  extraVolumes: []
+
+  # -- Additional certgen volumeMounts.
+  extraVolumeMounts: []
+
+  # -- Affinity for certgen
+  affinity: {}
+
+tls:
+  # -- This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies
+  # (namely the secrets referenced by terminatingTLS and originatingTLS).
+  # Possible values:
+  #   - local
+  #   - k8s
+  secretsBackend: local
+
+  # -- Base64 encoded PEM values for the CA certificate and private key.
+  # This can be used as common CA to generate certificates used by hubble and clustermesh components.
+  # It is neither required nor used when cert-manager is used to generate the certificates.
+  ca:
+    # -- Optional CA cert. If it is provided, it will be used by cilium to
+    # generate all other certificates. Otherwise, an ephemeral CA is generated.
+    cert: ""
+
+    # -- Optional CA private key. If it is provided, it will be used by cilium to
+    # generate all other certificates. Otherwise, an ephemeral CA is generated.
+    key: ""
+
+    # -- Generated certificates validity duration in days. This will be used for auto generated CA.
+    certValidityDuration: 1095
+
+  # -- Configure the CA trust bundle used for the validation of the certificates
+  # leveraged by hubble and clustermesh. When enabled, it overrides the content of the
+  # 'ca.crt' field of the respective certificates, allowing for CA rotation with no down-time.
+  caBundle:
+    # -- Enable the use of the CA trust bundle.
+    enabled: false
+
+    # -- Name of the ConfigMap containing the CA trust bundle.
+    name: cilium-root-ca.crt
+
+    # -- Entry of the ConfigMap containing the CA trust bundle.
+    key: ca.crt
+
+    # -- Use a Secret instead of a ConfigMap.
+    useSecret: false
+
+    # If uncommented, creates the ConfigMap and fills it with the specified content.
+    # Otherwise, the ConfigMap is assumed to be already present in .Release.Namespace.
+    #
+    # content: |
+    #   -----BEGIN CERTIFICATE-----
+    #   ...
+    #   -----END CERTIFICATE-----
+    #   -----BEGIN CERTIFICATE-----
+    #   ...
+    #   -----END CERTIFICATE-----
diff --git a/deploy/grafana/dashboards/clusters.json b/deploy/legacy/graphana/dashboards/clusters.json
similarity index 100%
rename from deploy/grafana/dashboards/clusters.json
rename to deploy/legacy/graphana/dashboards/clusters.json
diff --git a/deploy/grafana/dashboards/dns.json b/deploy/legacy/graphana/dashboards/dns.json
similarity index 100%
rename from deploy/grafana/dashboards/dns.json
rename to deploy/legacy/graphana/dashboards/dns.json
diff --git a/deploy/grafana/dashboards/pod-level.json b/deploy/legacy/graphana/dashboards/pod-level.json
similarity index 100%
rename from deploy/grafana/dashboards/pod-level.json
rename to deploy/legacy/graphana/dashboards/pod-level.json
diff --git a/deploy/grafana/dashboards/simplify-grafana-overwrite_test.go b/deploy/legacy/graphana/dashboards/simplify-grafana-overwrite_test.go
similarity index 99%
rename from deploy/grafana/dashboards/simplify-grafana-overwrite_test.go
rename to deploy/legacy/graphana/dashboards/simplify-grafana-overwrite_test.go
index 277a1100c0..413cae54bd 100644
--- a/deploy/grafana/dashboards/simplify-grafana-overwrite_test.go
+++ b/deploy/legacy/graphana/dashboards/simplify-grafana-overwrite_test.go
@@ -3,10 +3,9 @@
 package dashboard
 
 import (
-	"testing"
-
 	"os"
 	"path/filepath"
+	"testing"
 )
 
 // TestOverwriteDashboards simplifies and overwrites Grafana dashboards in this folder.
diff --git a/deploy/grafana/dashboards/simplify-grafana.go b/deploy/legacy/graphana/dashboards/simplify-grafana.go
similarity index 98%
rename from deploy/grafana/dashboards/simplify-grafana.go
rename to deploy/legacy/graphana/dashboards/simplify-grafana.go
index adc1a0ac16..dc90f5f80f 100644
--- a/deploy/grafana/dashboards/simplify-grafana.go
+++ b/deploy/legacy/graphana/dashboards/simplify-grafana.go
@@ -54,7 +54,7 @@ func SimplifyGrafana(filename string, overwrite bool) map[string]interface{} {
 		log.Fatal(err)
 	}
 
-	err = os.WriteFile(filename, simplifiedData, 0644)
+	err = os.WriteFile(filename, simplifiedData, 0o644)
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/deploy/grafana/dashboards/simplify-grafana_test.go b/deploy/legacy/graphana/dashboards/simplify-grafana_test.go
similarity index 99%
rename from deploy/grafana/dashboards/simplify-grafana_test.go
rename to deploy/legacy/graphana/dashboards/simplify-grafana_test.go
index 53372e98f7..58e4a26338 100644
--- a/deploy/grafana/dashboards/simplify-grafana_test.go
+++ b/deploy/legacy/graphana/dashboards/simplify-grafana_test.go
@@ -3,11 +3,10 @@
 package dashboard
 
 import (
-	"testing"
 	"os"
 	"path/filepath"
-
 	"reflect"
+	"testing"
 )
 
 // TestDashboardsAreSimplified ensures that all dashboards are simplified
diff --git a/deploy/legacy/manifests/controller/helm/retina/.helmignore b/deploy/legacy/manifests/controller/helm/retina/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/deploy/legacy/manifests/controller/helm/retina/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/manifests/controller/helm/retina/Chart.yaml b/deploy/legacy/manifests/controller/helm/retina/Chart.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/Chart.yaml
rename to deploy/legacy/manifests/controller/helm/retina/Chart.yaml
diff --git a/deploy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml b/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml
rename to deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml
diff --git a/deploy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml b/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml
rename to deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml
diff --git a/deploy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml b/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml
rename to deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml
diff --git a/deploy/manifests/controller/helm/retina/crds/retina.sh_tracesconfigurations.yaml b/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_tracesconfigurations.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/crds/retina.sh_tracesconfigurations.yaml
rename to deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_tracesconfigurations.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/NOTES.txt b/deploy/legacy/manifests/controller/helm/retina/templates/NOTES.txt
similarity index 65%
rename from deploy/manifests/controller/helm/retina/templates/NOTES.txt
rename to deploy/legacy/manifests/controller/helm/retina/templates/NOTES.txt
index 8d0773b916..46dfb7e9a3 100644
--- a/deploy/manifests/controller/helm/retina/templates/NOTES.txt
+++ b/deploy/legacy/manifests/controller/helm/retina/templates/NOTES.txt
@@ -1,3 +1,3 @@
-1. Installing retina service using helm: helm install retina ./deploy/manifests/controller/helm/retina/ --namespace kube-system --dependency-update
+1. Installing retina service using helm: helm install retina ./deploy/legacy/manifests/controller/helm/retina/ --namespace kube-system --dependency-update
 2. Cleaning up/uninstalling/deleting retina and dependencies related: 
   helm uninstall retina -n kube-system
diff --git a/deploy/manifests/controller/helm/retina/templates/_helpers.tpl b/deploy/legacy/manifests/controller/helm/retina/templates/_helpers.tpl
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/_helpers.tpl
rename to deploy/legacy/manifests/controller/helm/retina/templates/_helpers.tpl
diff --git a/deploy/manifests/controller/helm/retina/templates/configmap.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/configmap.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/configmap.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/configmap.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/daemonset.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/daemonset.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/daemonset.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/daemonset.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/networkobserver.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/networkobserver.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/networkobserver.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/networkobserver.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/operator.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/operator.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/podmonitor.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/podmonitor.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/podmonitor.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/podmonitor.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/rbac.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/rbac.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/rbac.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/rbac.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/service.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/service.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/service.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/service.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/serviceaccount.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/serviceaccount.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/serviceaccount.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/serviceaccount.yaml
diff --git a/deploy/manifests/controller/helm/retina/templates/tests/test-connection.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/tests/test-connection.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/templates/tests/test-connection.yaml
rename to deploy/legacy/manifests/controller/helm/retina/templates/tests/test-connection.yaml
diff --git a/deploy/manifests/controller/helm/retina/values.yaml b/deploy/legacy/manifests/controller/helm/retina/values.yaml
similarity index 100%
rename from deploy/manifests/controller/helm/retina/values.yaml
rename to deploy/legacy/manifests/controller/helm/retina/values.yaml
diff --git a/deploy/prometheus/ama-metrics-settings-configmap.yaml b/deploy/legacy/prometheus/ama-metrics-settings-configmap.yaml
similarity index 100%
rename from deploy/prometheus/ama-metrics-settings-configmap.yaml
rename to deploy/legacy/prometheus/ama-metrics-settings-configmap.yaml
diff --git a/deploy/prometheus/collector-config-template.yml b/deploy/legacy/prometheus/collector-config-template.yml
similarity index 100%
rename from deploy/prometheus/collector-config-template.yml
rename to deploy/legacy/prometheus/collector-config-template.yml
diff --git a/deploy/prometheus/deploy-retina-clusters.sh b/deploy/legacy/prometheus/deploy-retina-clusters.sh
similarity index 100%
rename from deploy/prometheus/deploy-retina-clusters.sh
rename to deploy/legacy/prometheus/deploy-retina-clusters.sh
diff --git a/deploy/prometheus/network-observability/create-cm.sh b/deploy/legacy/prometheus/network-observability/create-cm.sh
similarity index 72%
rename from deploy/prometheus/network-observability/create-cm.sh
rename to deploy/legacy/prometheus/network-observability/create-cm.sh
index 3573f794f2..cc93571a63 100755
--- a/deploy/prometheus/network-observability/create-cm.sh
+++ b/deploy/legacy/prometheus/network-observability/create-cm.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 kubectl delete cm ama-metrics-prometheus-config-node  -n kube-system 
-kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/prometheus/cilium/prometheus-config -n kube-system 
+kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/legacy/prometheus/cilium/prometheus-config -n kube-system 
 k rollout restart ds ama-metrics-node -n kube-system
diff --git a/deploy/prometheus/network-observability/network-observability-svc.yaml b/deploy/legacy/prometheus/network-observability/network-observability-svc.yaml
similarity index 100%
rename from deploy/prometheus/network-observability/network-observability-svc.yaml
rename to deploy/legacy/prometheus/network-observability/network-observability-svc.yaml
diff --git a/deploy/prometheus/network-observability/prometheus-config b/deploy/legacy/prometheus/network-observability/prometheus-config
similarity index 100%
rename from deploy/prometheus/network-observability/prometheus-config
rename to deploy/legacy/prometheus/network-observability/prometheus-config
diff --git a/deploy/prometheus/retina-windows/create-cm.sh b/deploy/legacy/prometheus/retina-windows/create-cm.sh
similarity index 63%
rename from deploy/prometheus/retina-windows/create-cm.sh
rename to deploy/legacy/prometheus/retina-windows/create-cm.sh
index 05d9f66577..347d9315e2 100755
--- a/deploy/prometheus/retina-windows/create-cm.sh
+++ b/deploy/legacy/prometheus/retina-windows/create-cm.sh
@@ -2,4 +2,4 @@
 
 kubectl delete cm ama-metrics-prometheus-config-node  -n kube-system 
 
-kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/prometheus/retina-windows/prometheus-config -n kube-system 
+kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/legacy/prometheus/retina-windows/prometheus-config -n kube-system 
diff --git a/deploy/prometheus/retina-windows/prometheus-config b/deploy/legacy/prometheus/retina-windows/prometheus-config
similarity index 100%
rename from deploy/prometheus/retina-windows/prometheus-config
rename to deploy/legacy/prometheus/retina-windows/prometheus-config
diff --git a/deploy/prometheus/retina/create-cm.sh b/deploy/legacy/prometheus/retina/create-cm.sh
similarity index 50%
rename from deploy/prometheus/retina/create-cm.sh
rename to deploy/legacy/prometheus/retina/create-cm.sh
index 8b5444bd43..873658fc60 100755
--- a/deploy/prometheus/retina/create-cm.sh
+++ b/deploy/legacy/prometheus/retina/create-cm.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/prometheus/retina/prometheus-config -n kube-system 
+kubectl create configmap ama-metrics-prometheus-config-node --from-file=./deploy/legacy/prometheus/retina/prometheus-config -n kube-system 
diff --git a/deploy/prometheus/retina/prometheus-config b/deploy/legacy/prometheus/retina/prometheus-config
similarity index 100%
rename from deploy/prometheus/retina/prometheus-config
rename to deploy/legacy/prometheus/retina/prometheus-config
diff --git a/deploy/prometheus/values.yaml b/deploy/legacy/prometheus/values.yaml
similarity index 100%
rename from deploy/prometheus/values.yaml
rename to deploy/legacy/prometheus/values.yaml
diff --git a/deploy/registercrd.go b/deploy/legacy/registercrd.go
similarity index 100%
rename from deploy/registercrd.go
rename to deploy/legacy/registercrd.go
diff --git a/deploy/registercrd_test.go b/deploy/legacy/registercrd_test.go
similarity index 100%
rename from deploy/registercrd_test.go
rename to deploy/legacy/registercrd_test.go
diff --git a/docs/CRDs/Capture.md b/docs/CRDs/Capture.md
index 093783d5a5..7cbf2410f2 100644
--- a/docs/CRDs/Capture.md
+++ b/docs/CRDs/Capture.md
@@ -9,7 +9,7 @@ To use the `Capture` CRD, [install Retina](../installation/setup.md) with captur
 
 ## CRD Specification
 
-The full specification for the `Capture` CRD can be found in the [Capture CRD](https://github.com/microsoft/retina/blob/main/deploy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml) file.
+The full specification for the `Capture` CRD can be found in the [Capture CRD](https://github.com/microsoft/retina/blob/main/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_captures.yaml) file.
 
 The `Capture` CRD is defined with the following specifications:
 
diff --git a/docs/CRDs/MetricsConfiguration.md b/docs/CRDs/MetricsConfiguration.md
index 99de9d7e25..3e6815ec35 100644
--- a/docs/CRDs/MetricsConfiguration.md
+++ b/docs/CRDs/MetricsConfiguration.md
@@ -6,7 +6,7 @@ Retina by default emits node level metrics, however, customers can apply `Metric
 
 ## CRD Specification
 
-The full specification for the `MetricsConfiguration` CRD can be found in the [MetricsConfiguration CRD](https://github.com/microsoft/retina/blob/main/deploy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml) file.
+The full specification for the `MetricsConfiguration` CRD can be found in the [MetricsConfiguration CRD](https://github.com/microsoft/retina/blob/main/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_metricsconfigurations.yaml) file.
 
 The `MetricsConfiguration` CRD is defined with the following specifications:
 
diff --git a/docs/CRDs/RetinaEndpoint.md b/docs/CRDs/RetinaEndpoint.md
index 434beb6d88..7f24d78a7d 100644
--- a/docs/CRDs/RetinaEndpoint.md
+++ b/docs/CRDs/RetinaEndpoint.md
@@ -8,7 +8,7 @@ In large-scale API servers, each Retina Pod needs to learn about cluster state,
 
 ## CRD Specification
 
-The full specification for the `RetinaEndpoint` CRD can be found in the [RetinaEndpoint CRD]( https://github.com/microsoft/retina/blob/main/deploy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml) file.
+The full specification for the `RetinaEndpoint` CRD can be found in the [RetinaEndpoint CRD]( https://github.com/microsoft/retina/blob/main/deploy/legacy/manifests/controller/helm/retina/crds/retina.sh_retinaendpoints.yaml) file.
 
 The `RetinaEndpoint` CRD is defined with the following specifications:
 
diff --git a/docs/installation/config.md b/docs/installation/config.md
index 8ca09ad181..54d74ed7b4 100644
--- a/docs/installation/config.md
+++ b/docs/installation/config.md
@@ -3,7 +3,7 @@
 ## Overview
 
 To customize metrics and other options, you can modify Retina's ConfigMap called `retina-config`.
-Defaults are specified for each component in *deploy/manifests/controller/helm/retina/values.yaml*.
+Defaults are specified for each component in *deploy/legacy/manifests/controller/helm/retina/values.yaml*.
 
 ## Agent Config
 
diff --git a/docs/installation/prometheus-unmanaged.md b/docs/installation/prometheus-unmanaged.md
index 19f314c82d..33b6e52338 100644
--- a/docs/installation/prometheus-unmanaged.md
+++ b/docs/installation/prometheus-unmanaged.md
@@ -15,7 +15,7 @@
   helm repo update
   ```
 
-2. Save **[these Prometheus values](https://github.com/microsoft/retina/blob/main/deploy/prometheus/values.yaml)** below to `deploy/prometheus/values.yaml`
+2. Save **[these Prometheus values](https://github.com/microsoft/retina/blob/main/deploy/legacy/prometheus/values.yaml)** below to `deploy/legacy/prometheus/values.yaml`
 
 3. Install the Prometheus chart
 
diff --git a/docs/unsorted/aks-setup.md b/docs/unsorted/aks-setup.md
index 8ee13f6bcb..d62902d641 100644
--- a/docs/unsorted/aks-setup.md
+++ b/docs/unsorted/aks-setup.md
@@ -15,4 +15,4 @@
 8. Push to container registry:
 `docker push <container-registry-url>/retina:<TAG>`
 9. Installing retina onto the cluster -
-`helm install retina <retina-repository-path>/deploy/manifests/controller/helm/retina/ --create-namespace --namespace retina --dependency-update`
+`helm install retina <retina-repository-path>/deploy/legacy/manifests/controller/helm/retina/ --create-namespace --namespace retina --dependency-update`
diff --git a/go.mod b/go.mod
index a13eddcf08..b2f3bb50de 100644
--- a/go.mod
+++ b/go.mod
@@ -6,8 +6,8 @@ require (
 	github.com/go-chi/chi/v5 v5.0.11
 	github.com/google/uuid v1.6.0
 	github.com/prometheus/client_golang v1.19.1
-	github.com/spf13/cobra v1.8.1
-	go.uber.org/zap v1.26.0
+	github.com/spf13/cobra v1.8.0
+	go.uber.org/zap v1.27.0
 	k8s.io/client-go v0.30.1
 )
 
@@ -51,7 +51,9 @@ require (
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/cilium/proxy v0.0.0-20231031145409-f19708f3d018 // indirect
+	github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3 // indirect
+	github.com/cilium/lumberjack/v2 v2.3.0 // indirect
+	github.com/cilium/stream v0.0.0-20240226091623-f979d32855f8 // indirect
 	github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect
 	github.com/containerd/cgroups/v3 v3.0.2 // indirect
 	github.com/containerd/containerd v1.7.14 // indirect
@@ -61,6 +63,7 @@ require (
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/ttrpc v1.2.3 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
+	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
@@ -76,7 +79,7 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.2 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/color v1.16.0 // indirect
@@ -85,17 +88,16 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.4 // indirect
-	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.26.2 // indirect
-	github.com/go-openapi/spec v0.20.11 // indirect
-	github.com/go-openapi/strfmt v0.21.9 // indirect
-	github.com/go-openapi/swag v0.22.10 // indirect
-	github.com/go-openapi/validate v0.22.3 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
@@ -105,18 +107,20 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/gops v0.3.27 // indirect
 	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
+	github.com/google/renameio/v2 v2.0.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/hashicorp/consul/api v1.28.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
@@ -136,7 +140,7 @@ require (
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/mackerelio/go-osstat v0.2.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -172,7 +176,6 @@ require (
 	github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
@@ -181,26 +184,25 @@ require (
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sasha-s/go-deadlock v0.3.1 // indirect
-	github.com/shirou/gopsutil/v3 v3.23.2 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
-	github.com/tklauser/go-sysconf v0.3.11 // indirect
-	github.com/tklauser/numcpus v0.7.0 // indirect
+	github.com/tidwall/gjson v1.17.1 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/sjson v1.2.5 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.12 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.12 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.12 // indirect
-	go.mongodb.org/mongo-driver v1.13.1 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
@@ -214,7 +216,7 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
 	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -237,7 +239,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
@@ -270,16 +272,21 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
+	github.com/Sytten/logrus-zap-hook v0.1.0
 	github.com/aws/aws-sdk-go-v2 v1.30.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.22
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.22
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.21
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
-	github.com/cilium/cilium v1.15.6
+	github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb
 	github.com/cilium/ebpf v0.15.0
+	github.com/cilium/proxy v0.0.0-20231031145409-f19708f3d018
+	github.com/cilium/workerpool v1.2.0
 	github.com/florianl/go-tc v0.4.3
 	github.com/go-logr/zapr v1.3.0
+	github.com/golang/mock v1.1.1
 	github.com/google/gopacket v1.1.19
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/inspektor-gadget/inspektor-gadget v0.27.0
 	github.com/jellydator/ttlcache/v3 v3.1.1
 	github.com/jsternberg/zap-logfmt v1.3.0
@@ -290,13 +297,15 @@ require (
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.55.0
 	github.com/safchain/ethtool v0.4.1
+	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/viper v1.19.0
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
+	go.etcd.io/etcd v3.3.27+incompatible
 	go.opentelemetry.io/otel v1.27.0
 	go.opentelemetry.io/otel/metric v1.27.0
 	go.opentelemetry.io/otel/trace v1.27.0
 	go.uber.org/mock v0.4.0
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gotest.tools v2.2.0+incompatible
 	gotest.tools/v3 v3.5.1
diff --git a/go.sum b/go.sum
index 26cb5d057b..8e80b1b648 100644
--- a/go.sum
+++ b/go.sum
@@ -81,6 +81,8 @@ github.com/Microsoft/hcsshim v0.12.0-rc.3 h1:5GNGrobGs/sN/0nFO21W9k4lFn+iXXZAE8f
 github.com/Microsoft/hcsshim v0.12.0-rc.3/go.mod h1:WuNfcaYNaw+KpCEsZCIM6HCEmu0c5HfXpi+dDSmveP0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
+github.com/Sytten/logrus-zap-hook v0.1.0 h1:GPsDlO0b+rvfb6WohFNreI3Fe2I6MDyv1afoYPE2Kzk=
+github.com/Sytten/logrus-zap-hook v0.1.0/go.mod h1:J0ktevklw/xJNpI2FzfTdJssk4P0vq3K2qzwihJ2gWU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -93,17 +95,16 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
 github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
-github.com/aws/aws-sdk-go-v2/config v1.27.22 h1:TRkQVtpDINt+Na/ToU7iptyW6U0awAwJ24q4XN+59k8=
-github.com/aws/aws-sdk-go-v2/config v1.27.22/go.mod h1:EYY3mVgFRUWkh6QNKH64MdyKs1YSUgatc0Zp3MDxi7c=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.22 h1:wu9kXQbbt64ul09v3ye4HYleAr4WiGV/uv69EXKDEr0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.22/go.mod h1:pcvMtPcxJn3r2k6mZD9I0EcumLqPLA7V/0iCgOIlY+o=
+github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
+github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
@@ -122,8 +123,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/p
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 h1:v2DWNY6ll3JK62Bx1khUu9fJ4f3TwXllIEJxI7dDv/o=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw=
@@ -164,15 +165,25 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/checkmate v1.0.3 h1:CQC5eOmlAZeEjPrVZY3ZwEBH64lHlx9mXYdUehEwI5w=
 github.com/cilium/checkmate v1.0.3/go.mod h1:KiBTasf39/F2hf2yAmHw21YFl3hcEyP4Yk6filxc12A=
-github.com/cilium/cilium v1.15.6 h1:YT6UYuvdua6N1KQ6mRprymCct6Ee7uCE1hckbAR2bRM=
-github.com/cilium/cilium v1.15.6/go.mod h1:UEP0tpPVhdrLC7rCHZwZ8hTpd6d01dF/1GvFPo8UhXE=
+github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb h1:77M/pRhFWIImKh9KNCbx+afVN9E8zBmySuoKnw9wkWQ=
+github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb/go.mod h1:ks3XSifKcx50E7JwdyKssalQ10xvwC+/sHmpBvDezmM=
+github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3 h1:3PErIjIq4DlOwNsQNPcILFzbGnxPuKuqJsHEFpiwstM=
+github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3/go.mod h1:/7LC2GOgyXJ7maupZlaVIumYQiGPIgllSf6mA9sg6RU=
 github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/cilium/ebpf v0.8.1/go.mod h1:f5zLIM0FSNuAkSyLAN7X+Hy6yznlF1mNiWUMfxMtrgk=
 github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk=
 github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso=
+github.com/cilium/fake v0.6.1 h1:cLkNx1nkF0b0pPW79JaQxaI5oG2/rBzRKpp0YUg1fTA=
+github.com/cilium/fake v0.6.1/go.mod h1:V9lCbbcsnSf3vB6sdOP7Q0bsUUJ/jyHPZxnFAw5nPUc=
+github.com/cilium/lumberjack/v2 v2.3.0 h1:IhVJMvPpqDYmQzC0KDhAoy7KlaRsyOsZnT97Nsa3u0o=
+github.com/cilium/lumberjack/v2 v2.3.0/go.mod h1:yfbtPGmg4i//5oEqzaMxDqSWqgfZFmMoV70Mc2k6v0A=
 github.com/cilium/proxy v0.0.0-20231031145409-f19708f3d018 h1:R/QlThqx099hS6req1k2Q87fvLSRgCEicQGate9vxO4=
 github.com/cilium/proxy v0.0.0-20231031145409-f19708f3d018/go.mod h1:p044XccCmONGIUbx3bJ7qvHXK0RcrdvIvbTGiu/RjUA=
+github.com/cilium/stream v0.0.0-20240226091623-f979d32855f8 h1:j6VF1s6gz3etRH5ObCr0UUyJblP9cK5fbgkQTz8fTRA=
+github.com/cilium/stream v0.0.0-20240226091623-f979d32855f8/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI=
+github.com/cilium/workerpool v1.2.0 h1:Wc2iOPTvCgWKQXeq4L5tnx4QFEI+z5q1+bSpSS0cnAY=
+github.com/cilium/workerpool v1.2.0/go.mod h1:GOYJhwlnIjR+jWSDNBb5kw47G1H/XA9X4WOBpgr4pQU=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -195,11 +206,13 @@ github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz
 github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM=
 github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
+github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
 github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
 github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
@@ -241,8 +254,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
 github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
-github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
-github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
@@ -263,6 +276,7 @@ github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
@@ -284,42 +298,32 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
-github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
-github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M=
-github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q=
-github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU=
-github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4=
-github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
-github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.26.2 h1:elWyB9MacRzvIVgAZCBJmqTi7hBzU0hlKD4IvfX0Zl0=
-github.com/go-openapi/runtime v0.26.2/go.mod h1:O034jyRZ557uJKzngbMDJXkcKJVzXJiymdSfgejrcRw=
-github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.20.11 h1:J/TzFDLTt4Rcl/l1PmyErvkqlJDncGvPTMnCI39I4gY=
-github.com/go-openapi/spec v0.20.11/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/strfmt v0.21.9 h1:LnEGOO9qyEC1v22Bzr323M98G13paIUGPU7yeJtG9Xs=
-github.com/go-openapi/strfmt v0.21.9/go.mod h1:0k3v301mglEaZRJdDDGSlN6Npq4VMVU69DE0LUyf7uA=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.10 h1:4y86NVn7Z2yYd6pfS4Z+Nyh3aAUL3Nul+LMbhFKy0gA=
-github.com/go-openapi/swag v0.22.10/go.mod h1:Cnn8BYtRlx6BNE3DPN86f/xkapGIcLWzh3CLEb4C1jI=
-github.com/go-openapi/validate v0.22.3 h1:KxG9mu5HBRYbecRb37KRCihvGGtND2aXziBAv0NNfyI=
-github.com/go-openapi/validate v0.22.3/go.mod h1:kVxh31KbfsxU8ZyoHaDbLBWU5CnMdqBUEtadQ2G4d5M=
+github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
+github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
+github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=
+github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
+github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
+github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=
+github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
+github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=
+github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
+github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
@@ -348,6 +352,7 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -358,11 +363,12 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k=
 github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -390,8 +396,13 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
+github.com/google/gops v0.3.27 h1:BDdWfedShsBbeatZ820oA4DbVOC8yJ4NI8xAlDFWfgI=
+github.com/google/gops v0.3.27/go.mod h1:lYqabmfnq4Q6UumWNx96Hjup5BDAVc8zmfIy0SkNCSk=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
+github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -429,9 +440,11 @@ github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix/v2 v2.1.0 h1:CUW5RYIcysz+D3B+l1mDeXrQ7fUvGGCwJfdASSzbrfo=
+github.com/hashicorp/go-immutable-radix/v2 v2.1.0/go.mod h1:hgdqLXA4f6NIjRVisM1TJ9aOJVNRqKZj+xDGF6m7PBw=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
-github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs=
+github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
@@ -440,15 +453,15 @@ github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
-github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
+github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU=
+github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
-github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
@@ -466,6 +479,7 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
@@ -507,7 +521,6 @@ github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
 github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -532,13 +545,10 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
+github.com/mackerelio/go-osstat v0.2.4 h1:qxGbdPkFo65PXOb/F/nhDKpF2nGmGaCFDLXoZjJTtUs=
+github.com/mackerelio/go-osstat v0.2.4/go.mod h1:Zy+qzGdZs3A9cuIqmgbJvwbmLQH9dJvtio5ZjJTbdlQ=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
@@ -590,8 +600,9 @@ github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8Ku
 github.com/microsoft/ApplicationInsights-Go v0.4.4 h1:G4+H9WNs6ygSCe6sUyxRc2U81TI5Es90b2t/MwX5KqY=
 github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -601,8 +612,6 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
@@ -635,7 +644,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
-github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -643,14 +651,21 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
 github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -686,8 +701,6 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -734,10 +747,8 @@ github.com/sasha-s/go-deadlock v0.3.1 h1:sqv7fDNShgjcaxkO0JNcOAlr8B9+cV5Ey/OB71e
 github.com/sasha-s/go-deadlock v0.3.1/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shirou/gopsutil/v3 v3.23.2 h1:PAWSuiAszn7IhPMBtXsbSCafej7PqUOvY6YywlQUExU=
-github.com/shirou/gopsutil/v3 v3.23.2/go.mod h1:gv0aQw33GLo3pG8SiWKiQrbDzbRY1K80RyZJ7V4Th1M=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -752,8 +763,8 @@ github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNo
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
 github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
@@ -768,7 +779,6 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
@@ -783,20 +793,18 @@ github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSW
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tedsuo/ifrit v0.0.0-20180802180643-bea94bb476cc/go.mod h1:eyZnKCc955uh98WQvzOm0dgAeLnf2O0Rz0LPoC5ze+0=
-github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
-github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
-github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
-github.com/tklauser/numcpus v0.7.0 h1:yjuerZP127QG9m5Zh/mSO4wqurYil27tHrqwRoRjpr4=
-github.com/tklauser/numcpus v0.7.0/go.mod h1:bb6dMVcj8A42tSE7i32fsIUCbQNllK5iDguyOZRUzAY=
+github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
+github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
+github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 h1:tcHUxOT8j/R+0S+A1j8D2InqguXFNxAiij+8QFOlX7Y=
 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
-github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -806,28 +814,25 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
-github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
+go.etcd.io/etcd v3.3.27+incompatible h1:5hMrpf6REqTHV2LW2OclNpRtxI0k9ZplMemJsMSWju0=
+go.etcd.io/etcd v3.3.27+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI=
 go.etcd.io/etcd/api/v3 v3.5.12 h1:W4sw5ZoU2Juc9gBWuLk5U6fHfNVyY1WC5g9uiXZio/c=
 go.etcd.io/etcd/api/v3 v3.5.12/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4=
 go.etcd.io/etcd/client/pkg/v3 v3.5.12 h1:EYDL6pWwyOsylrQyLp2w+HkQ46ATiOvoEdMarindU2A=
 go.etcd.io/etcd/client/pkg/v3 v3.5.12/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4=
 go.etcd.io/etcd/client/v3 v3.5.12 h1:v5lCPXn1pf1Uu3M4laUE2hp/geOTc5uPcYYsNe1lDxg=
 go.etcd.io/etcd/client/v3 v3.5.12/go.mod h1:tSbBCakoWmmddL+BKVAJHa9km+O/E+bumDe9mSbPiqw=
-go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
-go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
+go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
+go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
@@ -836,8 +841,8 @@ go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
 go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY=
 go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
 go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
 go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
@@ -848,16 +853,19 @@ go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lI
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc=
 go.uber.org/dig v1.17.1/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -866,15 +874,14 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -899,6 +906,7 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -907,6 +915,7 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -942,23 +951,26 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1000,7 +1012,6 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
@@ -1016,6 +1027,7 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
@@ -1035,8 +1047,8 @@ google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJ
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
 google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ=
 google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -1054,6 +1066,7 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
@@ -1061,7 +1074,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@@ -1082,8 +1094,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
diff --git a/init/retina/main_linux.go b/init/retina/main_linux.go
index 70152b5796..02a3514729 100644
--- a/init/retina/main_linux.go
+++ b/init/retina/main_linux.go
@@ -5,6 +5,7 @@ package main
 
 import (
 	"github.com/microsoft/retina/pkg/bpf"
+	"github.com/microsoft/retina/pkg/ciliumfs"
 	"github.com/microsoft/retina/pkg/log"
 	"github.com/microsoft/retina/pkg/telemetry"
 	"go.uber.org/zap"
@@ -40,4 +41,7 @@ func main() {
 
 	// Setup BPF
 	bpf.Setup(l)
+
+	// Setup CiliumFS.
+	ciliumfs.Setup(l)
 }
diff --git a/operator/main.go b/operator/main.go
index 6a1ad6e72b..d9eea22ffd 100644
--- a/operator/main.go
+++ b/operator/main.go
@@ -44,7 +44,7 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	retinav1alpha1 "github.com/microsoft/retina/crd/api/v1alpha1"
-	deploy "github.com/microsoft/retina/deploy"
+	deploy "github.com/microsoft/retina/deploy/legacy"
 	"github.com/microsoft/retina/operator/cache"
 	config "github.com/microsoft/retina/operator/config"
 	captureUtils "github.com/microsoft/retina/pkg/capture/utils"
diff --git a/pkg/ciliumfs/setup_linux.go b/pkg/ciliumfs/setup_linux.go
new file mode 100644
index 0000000000..0a79a9aba8
--- /dev/null
+++ b/pkg/ciliumfs/setup_linux.go
@@ -0,0 +1,30 @@
+package ciliumfs
+
+import (
+	"os"
+
+	"go.uber.org/zap"
+)
+
+const ciliumDir = "/var/run/cilium"
+
+func Setup(l *zap.Logger) {
+	// Create /var/run/cilium directory.
+	fp, err := os.Stat(ciliumDir)
+	if err != nil {
+		l.Warn("Failed to stat directory", zap.String("dir path", ciliumDir), zap.Error(err))
+		if os.IsNotExist(err) {
+			l.Info("Directory does not exist", zap.String("dir path", ciliumDir), zap.Error(err))
+			// Path does not exist. Create it.
+			err = os.MkdirAll("/var/run/cilium", 0o755) //nolint:gomnd // 0o755 is the permission mode.
+			if err != nil {
+				l.Error("Failed to create directory", zap.String("dir path", ciliumDir), zap.Error(err))
+				l.Panic("Failed to create directory", zap.String("dir path", ciliumDir), zap.Error(err))
+			}
+		} else {
+			// Some other error. Return.
+			l.Panic("Failed to stat directory", zap.String("dir path", ciliumDir), zap.Error(err))
+		}
+	}
+	l.Info("Created directory", zap.String("dir path", ciliumDir), zap.Any("file", fp))
+}
diff --git a/pkg/config/hubble_config_linux.go b/pkg/config/hubble_config_linux.go
new file mode 100644
index 0000000000..8f558c0bdb
--- /dev/null
+++ b/pkg/config/hubble_config_linux.go
@@ -0,0 +1,78 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package config
+
+import (
+	"path/filepath"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/option"
+	sharedconfig "github.com/microsoft/retina/pkg/shared/config"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/pflag"
+)
+
+const configFileName string = "config.yaml"
+
+// RetinaHubbleConfig is a collection of configuration information needed by
+// Retina-services for proper functioning.
+type RetinaHubbleConfig struct {
+	// NOTE: metrics-bind-address and health-probe-bind-address should be used ONLY as container args (NOT in ConfigMap) to keep parity with non-enterprise Retina
+	MetricsBindAddress     string
+	HealthProbeBindAddress string
+
+	LeaderElection bool
+	ClusterName    string // the name of the cluster (primarily used for TLS)
+}
+
+// Flags is responsible for binding flags provided by the user to the various
+// fields of the Config.
+func (c RetinaHubbleConfig) Flags(flags *pflag.FlagSet) {
+	// NOTE: metrics-bind-address and health-probe-bind-address should be used ONLY as container args (NOT in ConfigMap) to keep parity with non-enterprise Retina
+	flags.String("metrics-bind-address", c.MetricsBindAddress, "The address the metric endpoint binds to.")
+	flags.String("health-probe-bind-address", c.HealthProbeBindAddress, "The address the probe endpoint binds to.")
+
+	flags.Bool("leader-election", c.LeaderElection, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
+	flags.String("cluster-name", c.ClusterName, "name of the cluster")
+}
+
+var (
+	DefaultRetinaHubbleConfig = RetinaHubbleConfig{
+		MetricsBindAddress:     ":18000",
+		HealthProbeBindAddress: ":18001",
+		LeaderElection:         false,
+		ClusterName:            "default",
+	}
+
+	DefaultRetinaConfig = &Config{
+		EnableTelemetry:          false,
+		EnabledPlugin:            []string{"packetforward", "dropreason", "linuxutil", "dns"},
+		EnablePodLevel:           true,
+		LogLevel:                 "info",
+		BypassLookupIPOfInterest: true,
+	}
+
+	Cell = cell.Module(
+		"agent-config",
+		"Agent Config",
+
+		// Provide option.Config via hive so cells can depend on the agent config.
+		cell.Provide(func() *option.DaemonConfig {
+			return option.Config
+		}),
+
+		cell.Config(DefaultRetinaHubbleConfig),
+
+		cell.Provide(func(logger logrus.FieldLogger) (Config, error) {
+			retinaConfigFile := filepath.Join(option.Config.ConfigDir, configFileName)
+			conf, err := GetConfig(retinaConfigFile)
+			if err != nil {
+				logger.Error(err)
+				conf = DefaultRetinaConfig
+			}
+			logger.Info(conf)
+			return *conf, nil
+		}),
+		sharedconfig.Cell,
+	)
+)
diff --git a/pkg/controllers/daemon/nodereconciler/cell_linux.go b/pkg/controllers/daemon/nodereconciler/cell_linux.go
new file mode 100644
index 0000000000..b70e16f5ca
--- /dev/null
+++ b/pkg/controllers/daemon/nodereconciler/cell_linux.go
@@ -0,0 +1,61 @@
+package nodereconciler
+
+import (
+	"os"
+
+	datapath "github.com/cilium/cilium/pkg/datapath/types"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/node/types"
+	"github.com/microsoft/retina/pkg/config"
+	"github.com/microsoft/retina/pkg/log"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var Cell = cell.Module(
+	"node-controller",
+	"Node Controller monitors Node CRUD events",
+	cell.Provide(newNodeController),
+	// Setting up the node controller with the controller manager
+	cell.Invoke(func(l logrus.FieldLogger, nr *NodeReconciler, ctrlManager ctrl.Manager) error {
+		l.Info("Setting up node controller with manager")
+		if err := nr.SetupWithManager(ctrlManager); err != nil {
+			l.Errorf("failed to setup node controller with manager: %v", err)
+			return errors.Wrap(err, "failed to setup node controller with manager")
+		}
+		return nil
+	}),
+)
+
+type params struct {
+	cell.In
+
+	Config  config.RetinaHubbleConfig
+	Logger  logrus.FieldLogger
+	Client  client.Client
+	IPCache *ipcache.IPCache
+}
+
+func newNodeController(params params) (*NodeReconciler, error) {
+	// TODO: pubsub needs retina logger to already be enabled. Currently
+	// we are going to do this within infra module, in which during runtime this will throw a nil pointer err.
+	// see if we can avoid this?
+	opts := log.GetDefaultLogOpts()
+	_, err := log.SetupZapLogger(opts)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to setup logger")
+	}
+	n := &NodeReconciler{
+		Client:      params.Client,
+		clusterName: params.Config.ClusterName,
+		l:           params.Logger.WithField("component", "node-controller"),
+		nodes:       make(map[string]types.Node),
+		handlers:    make(map[string]datapath.NodeHandler),
+		c:           params.IPCache,
+		localNodeIP: os.Getenv("NODE_IP"),
+	}
+	return n, nil
+}
diff --git a/pkg/controllers/daemon/nodereconciler/node_controller_linux.go b/pkg/controllers/daemon/nodereconciler/node_controller_linux.go
new file mode 100644
index 0000000000..3f9f97bf5a
--- /dev/null
+++ b/pkg/controllers/daemon/nodereconciler/node_controller_linux.go
@@ -0,0 +1,212 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+package nodereconciler
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"reflect"
+	"sync"
+
+	"github.com/microsoft/retina/pkg/common/apiretry"
+	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
+	corev1 "k8s.io/api/core/v1"
+	errors "k8s.io/apimachinery/pkg/api/errors"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	datapath "github.com/cilium/cilium/pkg/datapath/types"
+	"github.com/cilium/cilium/pkg/identity"
+	ipc "github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/node/addressing"
+	"github.com/cilium/cilium/pkg/node/types"
+	"github.com/cilium/cilium/pkg/source"
+)
+
+// NodeReconciler reconciles a Node object.
+// This is pretty basic for now, need fine tuning, scale test, etc.
+type NodeReconciler struct {
+	client.Client
+
+	clusterName string
+
+	l           logrus.FieldLogger
+	handlers    map[string]datapath.NodeHandler
+	nodes       map[string]types.Node
+	c           *ipc.IPCache
+	localNodeIP string
+	m           sync.RWMutex
+}
+
+// isNodeUpdated checks if the node has been updated.
+// This is a simple check for labels and annotations
+// being updated. Those are the only fields that are mutable.
+// AKS specific for now.
+func isNodeUpdated(n1, n2 types.Node) bool {
+	if !reflect.DeepEqual(n1.Labels, n2.Labels) {
+		return true
+	}
+	if !reflect.DeepEqual(n1.Annotations, n2.Annotations) {
+		return true
+	}
+	return false
+}
+
+func (r *NodeReconciler) addNode(node *corev1.Node) {
+	r.m.Lock()
+	defer r.m.Unlock()
+
+	addresses := []types.Address{}
+	for _, address := range node.Status.Addresses {
+		if address.Type == corev1.NodeInternalIP {
+			if ip := net.ParseIP(address.Address); ip != nil {
+				addresses = append(addresses, types.Address{
+					IP:   ip,
+					Type: addressing.NodeInternalIP,
+				})
+			}
+		}
+		if address.Type == corev1.NodeExternalIP {
+			if ip := net.ParseIP(address.Address); ip != nil {
+				addresses = append(addresses, types.Address{
+					IP:   ip,
+					Type: addressing.NodeExternalIP,
+				})
+			}
+		}
+	}
+	nd := types.Node{
+		Name:        node.Name,
+		IPAddresses: addresses,
+		Labels:      node.Labels,
+		Annotations: node.Annotations,
+	}
+	nd.Cluster = r.clusterName
+
+	// Check if the node already exists.
+	if curNode, ok := r.nodes[node.Name]; ok && !isNodeUpdated(curNode, nd) {
+		r.l.Debug("Node already exists", zap.String("Node", node.Name))
+	}
+
+	r.nodes[node.Name] = nd
+
+	for _, handler := range r.handlers {
+		err := handler.NodeAdd(nd)
+		if err != nil {
+			r.l.Error("Failed to add Node to datapath handler", zap.Error(err), zap.String("handler", handler.Name()), zap.String("Node", node.Name))
+		}
+	}
+
+	id := identity.ReservedIdentityRemoteNode
+	// Check if the node is the local node.
+	for _, address := range nd.IPAddresses {
+		if address.IP.String() == r.localNodeIP {
+			id = identity.ReservedIdentityHost
+		}
+	}
+	for _, address := range nd.IPAddresses {
+		_, err := r.c.Upsert(address.ToString(), nil, 0, nil, ipc.Identity{ID: id, Source: source.Kubernetes}) //nolint:staticcheck // TODO(timraymond): no clear upgrade path
+		if err != nil {
+			r.l.Debug("failed to add IP to ipcache", zap.Error(err))
+		}
+		r.l.Debug("Added IP to ipcache", zap.String("IP", address.ToString()))
+	}
+
+	r.l.Info("Added Node", zap.String("Node", node.Name))
+}
+
+func (r *NodeReconciler) deleteNode(node *corev1.Node) {
+	r.m.Lock()
+	defer r.m.Unlock()
+	nd, ok := r.nodes[node.Name]
+	if !ok {
+		r.l.Warn("Node not found", zap.String("Node", node.Name))
+		return
+	}
+	delete(r.nodes, node.Name)
+
+	for _, handler := range r.handlers {
+		err := handler.NodeDelete(nd)
+		if err != nil {
+			r.l.Error("Failed to delete Node from datapath handler", zap.Error(err), zap.String("handler", handler.Name()), zap.String("Node", node.Name))
+		}
+	}
+	for _, address := range nd.IPAddresses {
+		//nolint:staticcheck // TODO(timraymond): unhelpful deprecation notice: migration path unclear
+		r.c.Delete(address.ToString(), source.Kubernetes)
+		r.l.Debug("Deleted IP from ipcache", zap.String("IP", address.ToString()))
+	}
+	r.l.Debug("Deleted Node", zap.String("Node", node.Name))
+}
+
+func (r *NodeReconciler) Subscribe(nh datapath.NodeHandler) {
+	r.l.Debug("Subscribing to datapath handler")
+	r.m.RLock()
+	defer r.m.RUnlock()
+
+	r.handlers[nh.Name()] = nh
+	for i := range r.nodes {
+		node := r.nodes[i]
+		if err := nh.NodeAdd(node); err != nil {
+			r.l.Error("Failed to add Node to datapath handler", zap.Error(err), zap.String("Node", node.Name))
+		}
+	}
+}
+
+func (r *NodeReconciler) Unsubscribe(nh datapath.NodeHandler) {
+	r.l.Debug("Unsubscribing from datapath handler")
+	r.m.Lock()
+	defer r.m.Unlock()
+	delete(r.handlers, nh.Name())
+}
+
+// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list
+func (r *NodeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	r.l.Debug("Reconciling Node", zap.String("Node", req.NamespacedName.String()))
+
+	node := &corev1.Node{}
+	if err := apiretry.Do(
+		func() error {
+			err := r.Client.Get(ctx, req.NamespacedName, node)
+			if err != nil {
+				return fmt.Errorf("getting node: %w", err)
+			}
+			return nil
+		},
+	); err != nil {
+		if errors.IsNotFound(err) {
+			// Node deleted since reconcile request received.
+			r.l.Debug("Node deleted since reconcile request received", zap.String("Node", req.NamespacedName.String()))
+			node.Name = req.Name
+			r.deleteNode(node)
+			return ctrl.Result{}, nil
+		}
+		r.l.Error("Failed to fetch Node", zap.Error(err), zap.String("Node", req.NamespacedName.String()))
+		return ctrl.Result{}, fmt.Errorf("retrieving node info: %w", err)
+	}
+
+	if !node.ObjectMeta.DeletionTimestamp.IsZero() {
+		r.l.Info("Node is being deleted", zap.String("Node", req.Name))
+		r.deleteNode(node)
+		return ctrl.Result{}, nil
+	}
+
+	r.addNode(node)
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *NodeReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.l.Debug("Setting up Node controller")
+	err := ctrl.NewControllerManagedBy(mgr).
+		For(&corev1.Node{}).
+		Complete(r)
+	if err != nil {
+		return fmt.Errorf("setting up node controller: %w", err)
+	}
+	return nil
+}
diff --git a/pkg/controllers/daemon/retinaendpoint/suite_test.go b/pkg/controllers/daemon/retinaendpoint/suite_test.go
index c8243aa8f4..54bc4bafbd 100644
--- a/pkg/controllers/daemon/retinaendpoint/suite_test.go
+++ b/pkg/controllers/daemon/retinaendpoint/suite_test.go
@@ -54,7 +54,7 @@ var _ = BeforeSuite(func() {
 
 	By("Bootstrapping test environment")
 	testEnv = &envtest.Environment{
-		CRDDirectoryPaths:     []string{filepath.Join("../../../..", "deploy/manifests/controller/helm/retina/crds")},
+		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "..", "deploy", "legacy", "manifests", "controller", "helm", "retina", "crds")},
 		ErrorIfCRDPathMissing: true,
 	}
 
diff --git a/pkg/controllers/operator/capture/suite_test.go b/pkg/controllers/operator/capture/suite_test.go
index a0d81d57eb..1030639e74 100644
--- a/pkg/controllers/operator/capture/suite_test.go
+++ b/pkg/controllers/operator/capture/suite_test.go
@@ -48,7 +48,7 @@ var _ = BeforeSuite(func() {
 
 	By("Bootstrapping test environment")
 	testEnv = &envtest.Environment{
-		CRDDirectoryPaths:     []string{filepath.Join("../../../..", "deploy/manifests/controller/helm/retina/crds")},
+		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "..", "deploy", "legacy", "manifests", "controller", "helm", "retina", "crds")},
 		ErrorIfCRDPathMissing: true,
 	}
 
diff --git a/pkg/hubble/cell_linux.go b/pkg/hubble/cell_linux.go
new file mode 100644
index 0000000000..43e22c9839
--- /dev/null
+++ b/pkg/hubble/cell_linux.go
@@ -0,0 +1,34 @@
+package hubble
+
+import (
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/workerpool"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+var Cell = cell.Module(
+	"retina-hubble",
+	"Retina-Hubble runs a Hubble server and observer within the Retina agent",
+	cell.Provide(newRetinaHubble),
+	cell.Invoke(func(l logrus.FieldLogger, lifecycle cell.Lifecycle, rh *RetinaHubble) {
+		var wp *workerpool.WorkerPool
+		lifecycle.Append(cell.Hook{
+			OnStart: func(cell.HookContext) error {
+				wp = workerpool.New(1)
+				rh.log.Info("Starting Retina-Hubble")
+				if err := wp.Submit("retina-hubble", rh.launchWithDefaultOptions); err != nil {
+					rh.log.Fatalf("failed to submit retina-hubble to workerpool: %s", err)
+					return errors.Wrap(err, "failed to submit retina-hubble to workerpool")
+				}
+				return nil
+			},
+			OnStop: func(cell.HookContext) error {
+				if err := wp.Close(); err != nil {
+					return errors.Wrap(err, "failed to close retina-hubble workerpool")
+				}
+				return nil
+			},
+		})
+	}),
+)
diff --git a/pkg/hubble/common/decoder_linux.go b/pkg/hubble/common/decoder_linux.go
new file mode 100644
index 0000000000..95a530b0fd
--- /dev/null
+++ b/pkg/hubble/common/decoder_linux.go
@@ -0,0 +1,93 @@
+package common
+
+import (
+	"net/netip"
+	"os"
+
+	"github.com/cilium/cilium/api/v1/flow"
+	"github.com/cilium/cilium/pkg/identity"
+	ipc "github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/labels"
+)
+
+//go:generate go run github.com/golang/mock/mockgen@v1.6.0 -source decoder.go -destination=mocks/mock_types.go -package=mocks
+
+type EpDecoder interface {
+	Decode(ip netip.Addr) *flow.Endpoint
+	IsEndpointOnLocalHost(ip string) bool
+}
+
+type epDecoder struct {
+	localHostIP string
+	ipcache     *ipc.IPCache
+}
+
+func NewEpDecoder(c *ipc.IPCache) *epDecoder { //nolint:revive // This is a factory function.
+	return &epDecoder{
+		localHostIP: os.Getenv("NODE_IP"),
+		ipcache:     c,
+	}
+}
+
+func (e *epDecoder) Decode(ip netip.Addr) *flow.Endpoint {
+	ep := &flow.Endpoint{}
+	if metadata := e.ipcache.GetK8sMetadata(ip); metadata != nil {
+		ep.PodName = metadata.PodName
+		ep.Namespace = metadata.Namespace
+	}
+	id, ok := e.ipcache.LookupByIP(ip.String())
+	if !ok {
+		// Default to world.
+		id = ipc.Identity{ID: identity.ReservedIdentityWorld}
+	}
+	ep.ID = id.ID.Uint32()
+	ep.Identity = id.ID.Uint32()
+
+	switch id.ID { //nolint:exhaustive // We don't need all the cases.
+	case identity.ReservedIdentityHost:
+		ep.Labels = labels.LabelHost.GetModel()
+	case identity.ReservedIdentityKubeAPIServer:
+		ep.Labels = labels.LabelKubeAPIServer.GetModel()
+	case identity.ReservedIdentityRemoteNode:
+		ep.Labels = labels.LabelRemoteNode.GetModel()
+	case identity.ReservedIdentityWorld:
+		ep.Labels = labels.LabelWorld.GetModel()
+	default:
+		ep.Labels = e.ipcache.GetMetadataLabelsByIP(ip).GetModel()
+	}
+
+	return ep
+}
+
+func (e *epDecoder) endpointHostIP(ip string) string {
+	hostIP, _ := e.ipcache.GetHostIPCache(ip)
+	return hostIP.String()
+}
+
+func (e *epDecoder) IsEndpointOnLocalHost(ip string) bool {
+	return e.localHostIP == e.endpointHostIP(ip)
+}
+
+// type SvcDecoder interface {
+// 	Decode(ip netip.Addr) *flow.Service
+// }
+//
+// type svcDecoder struct {
+// 	svccache *k8s.ServiceCache
+// }
+//
+// func NewSvcDecoder(sc *k8s.ServiceCache) *svcDecoder {
+// 	return &svcDecoder{
+// 		svccache: sc,
+// 	}
+// }
+//
+// func (s *svcDecoder) Decode(ip netip.Addr) *flow.Service {
+// 	svc := &flow.Service{}
+//
+// 	if svcID, ok := s.svccache.GetServiceIDFromFrontendIP(ip.String()); ok {
+// 		svc.Name = svcID.Name
+// 		svc.Namespace = svcID.Namespace
+// 	}
+// 	return svc
+// }
diff --git a/pkg/hubble/hubble_linux.go b/pkg/hubble/hubble_linux.go
new file mode 100644
index 0000000000..b6a62f26cd
--- /dev/null
+++ b/pkg/hubble/hubble_linux.go
@@ -0,0 +1,247 @@
+package hubble
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cilium/cilium/api/v1/flow"
+	"github.com/cilium/cilium/pkg/crypto/certloader"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/hubble/container"
+	"github.com/cilium/cilium/pkg/hubble/metrics"
+	"github.com/cilium/cilium/pkg/hubble/monitor"
+	"github.com/cilium/cilium/pkg/hubble/observer"
+	"github.com/cilium/cilium/pkg/hubble/observer/observeroption"
+	"github.com/cilium/cilium/pkg/hubble/peer"
+	"github.com/cilium/cilium/pkg/hubble/peer/serviceoption"
+	"github.com/cilium/cilium/pkg/hubble/server"
+	"github.com/cilium/cilium/pkg/hubble/server/serveroption"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/logging/logfields"
+	monitoragent "github.com/cilium/cilium/pkg/monitor/agent"
+	"github.com/cilium/cilium/pkg/option"
+	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
+	rnode "github.com/microsoft/retina/pkg/controllers/daemon/nodereconciler"
+	"github.com/microsoft/retina/pkg/hubble/parser"
+	"github.com/pkg/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
+)
+
+type RetinaHubble struct {
+	log            *logrus.Entry
+	client         client.Client
+	monitorAgent   monitoragent.Agent
+	ipc            *ipcache.IPCache
+	nodeReconciler *rnode.NodeReconciler
+}
+
+type hubbleParams struct {
+	cell.In
+
+	Client         client.Client
+	MonitorAgent   monitoragent.Agent
+	IPCache        *ipcache.IPCache
+	NodeReconciler *rnode.NodeReconciler
+	Log            logrus.FieldLogger
+}
+
+func newRetinaHubble(params hubbleParams) *RetinaHubble {
+	rh := &RetinaHubble{
+		log:            params.Log.WithField(logfields.LogSubsys, "retina-hubble"),
+		client:         params.Client,
+		monitorAgent:   params.MonitorAgent,
+		ipc:            params.IPCache,
+		nodeReconciler: params.NodeReconciler,
+	}
+	rh.log.Logger.SetLevel(logrus.InfoLevel)
+
+	return rh
+}
+
+func (rh *RetinaHubble) defaultOptions() {
+	// Not final, will be updated later.
+	option.Config.HubblePreferIpv6 = false
+	option.Config.EnableHighScaleIPcache = false
+	option.Config.EnableHubbleOpenMetrics = false
+
+	rh.log.Info("Starting Hubble with configuration", zap.Any("config", option.Config))
+}
+
+func (rh *RetinaHubble) getHubbleEventBufferCapacity() (container.Capacity, error) {
+	kap, err := container.NewCapacity(option.Config.HubbleEventBufferCapacity)
+	if err != nil {
+		return nil, fmt.Errorf("creating container capacity: %w", err)
+	}
+	return kap, nil
+}
+
+func (rh *RetinaHubble) start(ctx context.Context) error {
+	var (
+		localSrvOpts []serveroption.Option
+		remoteOpts   []serveroption.Option
+		observerOpts []observeroption.Option
+		// parserOpts   []parserOptions.Option
+	)
+
+	// ---------------------------------------------------------------------------------------------------------------------------------------------------- //
+	// Setup metrics.
+	grpcMetrics := grpc_prometheus.NewServerMetrics()
+	if err := metrics.EnableMetrics(rh.log, option.Config.HubbleMetricsServer, option.Config.HubbleMetrics, grpcMetrics, option.Config.EnableHubbleOpenMetrics); err != nil {
+		rh.log.Error("Failed to enable metrics", zap.Error(err))
+		return fmt.Errorf("enabling metrics: %w", err)
+	}
+
+	// ---------------------------------------------------------------------------------------------------------------------------------------------------- //
+	// Start the Hubble observer.
+	maxFlows, err := rh.getHubbleEventBufferCapacity()
+	if err != nil {
+		rh.log.Error("Failed to get Hubble event buffer capacity", zap.Error(err))
+		return err
+	}
+	observerOpts = append(observerOpts,
+		observeroption.WithMaxFlows(maxFlows),
+		observeroption.WithMonitorBuffer(option.Config.HubbleEventQueueSize),
+		observeroption.WithOnDecodedFlowFunc(func(ctx context.Context, flow *flow.Flow) (bool, error) {
+			err = metrics.ProcessFlow(ctx, flow)
+			if err != nil {
+				rh.log.Error("Failed to process flow", zap.Any("flow", flow), zap.Error(err))
+				return false, fmt.Errorf("processing flow: %w", err)
+			}
+			return false, nil
+		}),
+	)
+
+	// TODO: Replace with our custom parser.
+	payloadParser := parser.New(rh.log, rh.ipc)
+
+	namespaceManager := observer.NewNamespaceManager()
+	go namespaceManager.Run(ctx)
+
+	hubbleObserver, err := observer.NewLocalServer(
+		payloadParser,
+		namespaceManager,
+		rh.log,
+		observerOpts...,
+	)
+	if err != nil {
+		rh.log.Error("Failed to create Hubble observer", zap.Error(err))
+		return fmt.Errorf("starting local server: %w", err)
+	}
+	go hubbleObserver.Start()
+
+	// Registering the Observer as consumer for monitor events.
+	rh.monitorAgent.RegisterNewConsumer(monitor.NewConsumer(hubbleObserver))
+
+	// ---------------------------------------------------------------------------------------------------------------------------------------------------- //
+	// Start the local server.
+	sockPath := "unix://" + option.Config.HubbleSocketPath
+	var peerServiceOptions []serviceoption.Option
+	var tlsCfg *certloader.WatchedServerConfig
+
+	tlsPeerOpt := []serviceoption.Option{serviceoption.WithoutTLSInfo()}
+	tlsSrvOpt := serveroption.WithInsecure()
+	if !option.Config.HubbleTLSDisabled {
+		tlsCfg, err = rh.fetchTLSConfig(ctx)
+		if err != nil {
+			return errors.Wrap(err, "fetching TLS config")
+		}
+
+		tlsPeerOpt = []serviceoption.Option{}
+		tlsSrvOpt = serveroption.WithServerTLS(tlsCfg)
+	}
+	peerServiceOptions = append(peerServiceOptions, tlsPeerOpt...)
+
+	peerSvc := peer.NewService(rh.nodeReconciler, peerServiceOptions...)
+	localSrvOpts = append(localSrvOpts,
+		serveroption.WithUnixSocketListener(sockPath),
+		serveroption.WithHealthService(),
+		serveroption.WithObserverService(hubbleObserver),
+		serveroption.WithPeerService(peerSvc),
+		// The local server does not need to be guarded by TLS.
+		// It's only used for local communication.
+		serveroption.WithInsecure(),
+	)
+
+	localSrv, err := server.NewServer(rh.log, localSrvOpts...)
+	if err != nil {
+		rh.log.Error("Failed to initialize local Hubble server", zap.Error(err))
+		return fmt.Errorf("starting peer service: %w", err)
+	}
+	rh.log.Info("Started local Hubble server", zap.String("address", sockPath))
+
+	go func() {
+		//nolint:govet // shadowing the err is intentional here
+		if err := localSrv.Serve(); err != nil {
+			rh.log.Error("Error while serving from local Hubble server", zap.Error(err))
+		}
+	}()
+	// Cleanup the local socket on exit.
+	go func() {
+		<-ctx.Done()
+		localSrv.Stop()
+		peerSvc.Close()
+		rh.log.Info("Stopped local Hubble server")
+	}()
+
+	// ---------------------------------------------------------------------------------------------------------------------------------------------------- //
+	// Start remote server.
+	address := option.Config.HubbleListenAddress
+	remoteOpts = append(remoteOpts,
+		serveroption.WithTCPListener(address),
+		serveroption.WithHealthService(),
+		serveroption.WithPeerService(peerSvc),
+		serveroption.WithObserverService(hubbleObserver),
+		tlsSrvOpt,
+	)
+
+	srv, err := server.NewServer(rh.log, remoteOpts...)
+	if err != nil {
+		rh.log.Error("Failed to initialize Hubble remote server", zap.Error(err))
+		return fmt.Errorf("starting remote server: %w", err)
+	}
+	rh.log.Info("Started Hubble remote server", zap.String("address", address))
+
+	go func() {
+		if err := srv.Serve(); err != nil {
+			rh.log.Error("Error while serving from Hubble remote server", zap.Error(err))
+		}
+	}()
+	// Cleanup the remote server on exit.
+	go func() {
+		<-ctx.Done()
+		srv.Stop()
+		rh.log.Info("Stopped Hubble remote server")
+	}()
+	return nil
+}
+
+func (rh *RetinaHubble) fetchTLSConfig(ctx context.Context) (*certloader.WatchedServerConfig, error) {
+	tlsChan, err := certloader.FutureWatchedServerConfig(rh.log, option.Config.HubbleTLSClientCAFiles, option.Config.HubbleTLSCertFile, option.Config.HubbleTLSKeyFile)
+	if err != nil {
+		return nil, errors.Wrap(err, "retrieving TLS configuration future")
+	}
+
+	rh.log.Info("waiting for TLS credentials")
+	select {
+	case t := <-tlsChan:
+		rh.log.Info("received TLS credentials")
+
+		// ensure the certificate fetching stops when the context is canceled
+		go func() {
+			<-ctx.Done()
+			t.Stop()
+		}()
+
+		return t, nil
+	case <-ctx.Done():
+		return nil, errors.Wrap(ctx.Err(), "waiting for TLS credentials")
+	}
+}
+
+func (rh *RetinaHubble) launchWithDefaultOptions(ctx context.Context) error {
+	rh.defaultOptions()
+	return rh.start(ctx)
+}
diff --git a/pkg/hubble/parser/layer34/parser_linux.go b/pkg/hubble/parser/layer34/parser_linux.go
new file mode 100644
index 0000000000..c094cddf55
--- /dev/null
+++ b/pkg/hubble/parser/layer34/parser_linux.go
@@ -0,0 +1,135 @@
+package layer34
+
+import (
+	"fmt"
+	"net/netip"
+
+	"github.com/cilium/cilium/api/v1/flow"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/microsoft/retina/pkg/hubble/common"
+	"github.com/microsoft/retina/pkg/utils"
+	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+type Parser struct {
+	l  *logrus.Entry
+	ep common.EpDecoder
+}
+
+func New(l *logrus.Entry, c *ipcache.IPCache) *Parser {
+	p := &Parser{
+		l:  l.WithField("subsys", "layer34"),
+		ep: common.NewEpDecoder(c),
+	}
+	// Log the localHostIP for debugging purposes.
+	return p
+}
+
+// Decode enriches the flow with metadata from the IP cache and service cache.
+func (p *Parser) Decode(f *flow.Flow) *flow.Flow {
+	if f == nil {
+		return nil
+	}
+	if f.GetIP() == nil {
+		p.l.Warn("Failed to get IP from flow", zap.Any("flow", f))
+		return f
+	}
+	sourceIP, err := netip.ParseAddr(f.GetIP().GetSource())
+	if err != nil {
+		p.l.Warn("Failed to parse source IP", zap.Error(err))
+		return f
+	}
+	destIP, err := netip.ParseAddr(f.GetIP().GetDestination())
+	if err != nil {
+		p.l.Warn("Failed to parse destination IP", zap.Error(err))
+		return f
+	}
+
+	// Decode the flow's source and destination IPs to their respective endpoints.
+	f.Source = p.ep.Decode(sourceIP)
+	f.Destination = p.ep.Decode(destIP)
+
+	// Add IsReply to flow.
+	p.decodeIsReply(f)
+
+	// Add L34 Summary to flow.
+	p.decodeSummary(f)
+
+	// Add TrafficDirection to flow.
+	p.decodeTrafficDirection(f)
+
+	return f
+}
+
+func (p *Parser) decodeSummary(f *flow.Flow) {
+	if f.GetVerdict() == flow.Verdict_DROPPED {
+		// Setting subtype to DROPPED for huuble cli.
+		if f.GetEventType() != nil {
+			f.GetEventType().SubType = int32(f.GetDropReasonDesc())
+			//nolint:lll // long line is long
+			f.Summary = fmt.Sprintf("Drop Reason: %s\nNote: This reason is most accurate. Prefer over others while using Hubble CLI.", utils.DropReasonDescription(f)) // nolint:staticcheck // We need summary for now.
+		}
+		return
+
+	}
+
+	// Add Summary based off of L4 protocol.
+	// Needed for huuble cli.
+	if f.GetL4() != nil && f.GetL4().GetProtocol() != nil {
+		switch f.GetL4().GetProtocol().(type) {
+		case *flow.Layer4_TCP:
+			tcpFlags := f.GetL4().GetTCP().GetFlags()
+			if tcpFlags != nil {
+				f.Summary = "TCP Flags: " + tcpFlags.String() // nolint:staticcheck // We need summary for now.
+			}
+		case *flow.Layer4_UDP:
+			f.Summary = "UDP" // nolint:staticcheck // We need summary for now.
+		}
+	}
+}
+
+// decodeIsReply sets the flow's IsReply field.
+// Heuristic: If the flow has a TCP ACK flag, it is a reply.
+// TODO: In future, the dataplane would need to maintain a contrack table
+// to determine if a flow is a reply.
+// Ref: https://github.com/cilium/cilium/blob/840cc579b7b5aac24ba00c4d8c8f1d10334882fa/bpf/lib/conntrack_map.h#L5
+func (p *Parser) decodeIsReply(f *flow.Flow) {
+	// Not applicable for DROPPED verdicts.
+	if f.GetVerdict() == flow.Verdict_DROPPED {
+		f.IsReply = nil
+		return
+	}
+
+	if f.GetL4() != nil && f.GetL4().GetProtocol() != nil {
+		switch f.GetL4().GetProtocol().(type) { // nolint:gocritic
+		case *flow.Layer4_TCP:
+			tcpFlags := f.GetL4().GetTCP().GetFlags()
+			if tcpFlags != nil {
+				f.IsReply = &wrapperspb.BoolValue{Value: tcpFlags.GetACK()}
+			}
+		}
+	}
+}
+
+// decodeTrafficDirection decodes the traffic direction of the flow.
+// It is only required for DROPPED verdicts because dropreason bpf program
+// cannot determine the traffic direction. We determine using the source endpoint's
+// node IP.
+// Note: If the source and destination are on the same node, then the traffic is outbound.
+func (p *Parser) decodeTrafficDirection(f *flow.Flow) {
+	// Only required for DROPPED verdicts.
+	if f.GetVerdict() != flow.Verdict_DROPPED {
+		return
+	}
+
+	// If the source EP's node is the same as the current node, then the traffic is outbound.
+	if p.ep.IsEndpointOnLocalHost(f.GetIP().GetSource()) {
+		f.TrafficDirection = flow.TrafficDirection_EGRESS
+		return
+	}
+
+	// Default to ingress.
+	f.TrafficDirection = flow.TrafficDirection_INGRESS
+}
diff --git a/pkg/hubble/parser/parser_linux.go b/pkg/hubble/parser/parser_linux.go
new file mode 100644
index 0000000000..fd75d0fd2c
--- /dev/null
+++ b/pkg/hubble/parser/parser_linux.go
@@ -0,0 +1,94 @@
+package parser
+
+import (
+	"errors"
+
+	"github.com/cilium/cilium/api/v1/flow"
+	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
+	observer "github.com/cilium/cilium/pkg/hubble/observer/types"
+	ipc "github.com/cilium/cilium/pkg/ipcache"
+	"github.com/microsoft/retina/pkg/hubble/parser/layer34"
+	"github.com/microsoft/retina/pkg/hubble/parser/seven"
+	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+var (
+	errV1Event        = errors.New("failed to cast agent event to v1.Event")
+	errEnrich         = errors.New("failed to enrich flow")
+	errEmptyPayload   = errors.New("empty payload")
+	errUnknownPayload = errors.New("unknown payload")
+)
+
+type Parser struct {
+	l       logrus.FieldLogger
+	ipcache *ipc.IPCache
+
+	l34 *layer34.Parser
+	l7  *seven.Parser
+}
+
+func New(l *logrus.Entry, c *ipc.IPCache) *Parser {
+	return &Parser{
+		l:       l,
+		ipcache: c,
+
+		l34: layer34.New(l, c),
+		l7:  seven.New(l, c),
+	}
+}
+
+func (p *Parser) Decode(monitorEvent *observer.MonitorEvent) (*v1.Event, error) {
+	switch monitorEvent.Payload.(type) { //nolint:gocritic
+	case *observer.AgentEvent:
+		payload := monitorEvent.Payload.(*observer.AgentEvent)
+		ev, ok := payload.Message.(*v1.Event)
+		if !ok {
+			return nil, errV1Event
+		}
+		f := p._decode(ev)
+		if f == nil {
+			return nil, errEnrich
+		}
+		ev.Event = f
+		ev.Timestamp = timestamppb.Now()
+		return ev, nil
+	case nil:
+		return nil, errEmptyPayload
+	default:
+		return nil, errUnknownPayload
+	}
+}
+
+func (p *Parser) _decode(event *v1.Event) *flow.Flow {
+	if event == nil {
+		return nil
+	}
+
+	// Enrich the event with the IP address of the source and destination.
+	// This is used to enrich the event with the source and destination
+	// node names.
+	f, ok := event.Event.(*flow.Flow)
+	if !ok {
+		p.l.Warn("Failed to cast event to flow", zap.Any("event", event.Event))
+		return nil
+	}
+	if f == nil {
+		p.l.Warn("Failed to get flow from event", zap.Any("event", event))
+		return nil
+	}
+
+	// Decode the flow based on its type.
+	switch f.GetType() { //nolint:exhaustive // We only care about the known types.
+	case flow.FlowType_L3_L4:
+		f = p.l34.Decode(f)
+	case flow.FlowType_L7:
+		f = p.l7.Decode(f)
+	default:
+		p.l.Warn("Unknown flow type", zap.Any("flow", f))
+	}
+
+	p.l.Debug("Enriched flow", zap.Any("flow", f))
+	return f
+}
diff --git a/pkg/hubble/parser/seven/parser_linux.go b/pkg/hubble/parser/seven/parser_linux.go
new file mode 100644
index 0000000000..69b562b1b1
--- /dev/null
+++ b/pkg/hubble/parser/seven/parser_linux.go
@@ -0,0 +1,146 @@
+package seven
+
+import (
+	"fmt"
+	"net/netip"
+	"strings"
+
+	"github.com/cilium/cilium/api/v1/flow"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/google/gopacket/layers"
+	"github.com/microsoft/retina/pkg/hubble/common"
+	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
+)
+
+type Parser struct {
+	l  *logrus.Entry
+	ep common.EpDecoder
+}
+
+func New(l *logrus.Entry, c *ipcache.IPCache) *Parser {
+	return &Parser{
+		l:  l.WithField("subsys", "seven"),
+		ep: common.NewEpDecoder(c),
+	}
+}
+
+func (p *Parser) Decode(f *flow.Flow) *flow.Flow {
+	if f == nil {
+		return nil
+	}
+
+	// Decode the flow's IP addresses to their respective endpoints.
+	p.decodeIP(f)
+
+	// Decode the flow's L7 protocol.
+	l7 := f.GetL7()
+	if l7 == nil {
+		return f
+	}
+
+	record := l7.GetRecord()
+	if record == nil {
+		return f
+	}
+
+	switch record.(type) {
+	case *flow.Layer7_Dns:
+		return p.decodeDNS(f)
+	case *flow.Layer7_Http:
+		return p.decodeHTTP(f)
+	}
+	return f
+}
+
+func (p *Parser) decodeIP(f *flow.Flow) {
+	if f == nil {
+		return
+	}
+
+	// Decode the flow's source and destination IPs to their respective endpoints.
+	if f.GetIP() == nil {
+		p.l.Warn("Failed to get IP from flow", zap.Any("flow", f))
+		return
+	}
+	sourceIP, err := netip.ParseAddr(f.GetIP().GetSource())
+	if err != nil {
+		p.l.Warn("Failed to parse source IP", zap.Error(err))
+		return
+	}
+	destIP, err := netip.ParseAddr(f.GetIP().GetDestination())
+	if err != nil {
+		p.l.Warn("Failed to parse destination IP", zap.Error(err))
+		return
+	}
+
+	f.Source = p.ep.Decode(sourceIP)
+	f.Destination = p.ep.Decode(destIP)
+}
+
+func (p *Parser) decodeDNS(f *flow.Flow) *flow.Flow {
+	l7 := f.GetL7()
+	if l7 == nil {
+		return f
+	}
+
+	dns := l7.GetDns()
+	if dns != nil {
+		//nolint:staticcheck // TODO(timraymond): no good migration path documented
+		f.Summary = dnsSummary(dns, l7.GetType())
+	}
+
+	f.Verdict = flow.Verdict_FORWARDED
+
+	return f
+}
+
+func (p *Parser) decodeHTTP(f *flow.Flow) *flow.Flow {
+	l7 := f.GetL7()
+	if l7 == nil {
+		return f
+	}
+
+	// TODO need to implemented
+	// noop for timebeing
+
+	f.Verdict = flow.Verdict_FORWARDED
+	return f
+}
+
+func dnsSummary(dns *flow.DNS, flowtype flow.L7FlowType) string {
+	if len(dns.GetQtypes()) == 0 {
+		return ""
+	}
+	qTypeStr := strings.Join(dns.GetQtypes(), ",")
+
+	switch flowtype { //nolint:exhaustive // the other two types are "sample", and "unknown" which we can ignore
+	case flow.L7FlowType_REQUEST:
+		return fmt.Sprintf("DNS Query %s %s", dns.GetQuery(), qTypeStr)
+	case flow.L7FlowType_RESPONSE:
+		rcode := layers.DNSResponseCode(dns.GetRcode())
+
+		var answer string
+		if rcode != layers.DNSResponseCodeNoErr {
+			answer = fmt.Sprintf("RCode: %s", rcode)
+		} else {
+			parts := make([]string, 0)
+
+			if len(dns.GetIps()) > 0 {
+				parts = append(parts, fmt.Sprintf("%q", strings.Join(dns.GetIps(), ",")))
+			}
+
+			if len(dns.GetCnames()) > 0 {
+				parts = append(parts, fmt.Sprintf("CNAMEs: %q", strings.Join(dns.GetCnames(), ",")))
+			}
+
+			answer = strings.Join(parts, " ")
+		}
+
+		sourceType := "Query"
+
+		return fmt.Sprintf("DNS Answer %s (%s %s %s)", answer, sourceType, dns.GetQuery(), qTypeStr)
+	}
+
+	return ""
+}
diff --git a/pkg/k8s/apiserver_linux.go b/pkg/k8s/apiserver_linux.go
new file mode 100644
index 0000000000..31c4ab0089
--- /dev/null
+++ b/pkg/k8s/apiserver_linux.go
@@ -0,0 +1,89 @@
+package k8s
+
+import (
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/identity"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/source"
+	"github.com/microsoft/retina/pkg/common"
+	cc "github.com/microsoft/retina/pkg/controllers/cache"
+	"github.com/sirupsen/logrus"
+)
+
+type params struct {
+	cell.In
+
+	Logger    logrus.FieldLogger
+	IPCache   *ipcache.IPCache
+	Lifecycle cell.Lifecycle
+}
+
+func newAPIServerEventHandler(p params) *APIServerEventHandler {
+	a := &APIServerEventHandler{
+		c: p.IPCache,
+		l: p.Logger,
+	}
+	return a
+}
+
+type APIServerEventHandler struct {
+	c *ipcache.IPCache
+	l logrus.FieldLogger
+}
+
+func (a *APIServerEventHandler) handleAPIServerEvent(event interface{}) {
+	cacheEvent, ok := event.(*cc.CacheEvent)
+	if !ok {
+		a.l.WithField("Event", event).Warn("Received unknown event type")
+		return
+	}
+	switch cacheEvent.Type { //nolint:exhaustive // the default case adequately handles these
+	case cc.EventTypeAddAPIServerIPs:
+		apiserverObj, ok := cacheEvent.Obj.(*common.APIServerObject)
+		if !ok {
+			a.l.WithField("Cache Event", cacheEvent).Warn("Received unknown event type")
+			return
+		}
+		ips := apiserverObj.IPs()
+		if len(ips) == 0 {
+			a.l.WithField("Cache Event", cacheEvent).Warn("Received empty API server IPs")
+			return
+		}
+		for _, ip := range ips {
+			//nolint:staticcheck // TODO(timraymond): unclear how to migrate this
+			_, err := a.c.Upsert(ip.String(), nil, 0, nil, ipcache.Identity{ID: identity.ReservedIdentityKubeAPIServer, Source: source.Kubernetes})
+			if err != nil {
+				a.l.WithError(err).WithFields(logrus.Fields{
+					"IP": ips[0].String(),
+				}).Error("Failed to add API server IPs to ipcache")
+				return
+			}
+		}
+		a.l.WithFields(logrus.Fields{
+			"IP": ips[0].String(),
+		}).Info("Added API server IPs to ipcache")
+	case cc.EventTypeDeleteAPIServerIPs:
+		apiserverObj, ok := cacheEvent.Obj.(*common.APIServerObject)
+		if !ok {
+			a.l.WithField("Cache Event", cacheEvent).Warn("Received unknown event type")
+			return
+		}
+		ips := apiserverObj.IPs()
+		if len(ips) == 0 {
+			a.l.WithField("Cache Event", cacheEvent).Warn("Received empty API server IPs")
+			return
+		}
+		for _, ip := range ips {
+			//nolint:staticcheck // TODO(timraymond): unclear how to migrate this
+			a.c.Delete(ip.String(), source.Kubernetes)
+		}
+		a.l.WithFields(logrus.Fields{
+			"IP": ips[0].String(),
+		}).Info("Deleted API server IPs from ipcache")
+	default:
+		a.l.WithFields(logrus.Fields{
+			"Cache Event": cacheEvent,
+			"Type":        cacheEvent.Type,
+		}).Warn("Received unknown cache event")
+	}
+}
diff --git a/pkg/k8s/cell_linux.go b/pkg/k8s/cell_linux.go
new file mode 100644
index 0000000000..22dbb2a9f2
--- /dev/null
+++ b/pkg/k8s/cell_linux.go
@@ -0,0 +1,138 @@
+package k8s
+
+import (
+	"context"
+
+	daemonk8s "github.com/cilium/cilium/daemon/k8s"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/identity/cache"
+	"github.com/cilium/cilium/pkg/ipcache"
+	ciliumk8s "github.com/cilium/cilium/pkg/k8s"
+	cilium_api_v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+	cilium_api_v2alpha1 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1"
+	"github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/k8s/resource"
+	slim_corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1"
+	slim_networkingv1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/api/networking/v1"
+	"github.com/cilium/cilium/pkg/k8s/synced"
+	"github.com/cilium/cilium/pkg/k8s/types"
+	"github.com/cilium/cilium/pkg/k8s/watchers"
+	"github.com/cilium/cilium/pkg/node"
+	"github.com/cilium/cilium/pkg/option"
+	"github.com/microsoft/retina/pkg/common"
+	"github.com/microsoft/retina/pkg/pubsub"
+	"github.com/sirupsen/logrus"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var Cell = cell.Module(
+	"k8s-watcher",
+	"Kubernetes watchers needed by the agent",
+
+	cell.Provide(
+		func(cell.Lifecycle, client.Clientset) (daemonk8s.LocalPodResource, error) {
+			return &fakeresource[*slim_corev1.Pod]{}, nil
+		},
+		func() resource.Resource[*slim_corev1.Namespace] {
+			return &fakeresource[*slim_corev1.Namespace]{}
+		},
+		func() daemonk8s.LocalNodeResource {
+			return &fakeresource[*slim_corev1.Node]{}
+		},
+		func() daemonk8s.LocalCiliumNodeResource {
+			return &fakeresource[*cilium_api_v2.CiliumNode]{}
+		},
+		func() resource.Resource[*slim_networkingv1.NetworkPolicy] {
+			return &fakeresource[*slim_networkingv1.NetworkPolicy]{}
+		},
+		func() resource.Resource[*cilium_api_v2.CiliumNetworkPolicy] {
+			return &fakeresource[*cilium_api_v2.CiliumNetworkPolicy]{}
+		},
+		func() resource.Resource[*cilium_api_v2.CiliumClusterwideNetworkPolicy] {
+			return &fakeresource[*cilium_api_v2.CiliumClusterwideNetworkPolicy]{}
+		},
+		func() resource.Resource[*cilium_api_v2alpha1.CiliumCIDRGroup] {
+			return &fakeresource[*cilium_api_v2alpha1.CiliumCIDRGroup]{}
+		},
+		func() resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice] {
+			return &fakeresource[*cilium_api_v2alpha1.CiliumEndpointSlice]{}
+		},
+		func() resource.Resource[*types.CiliumEndpoint] {
+			return &fakeresource[*types.CiliumEndpoint]{}
+		},
+		func() resource.Resource[*cilium_api_v2.CiliumNode] {
+			return &fakeresource[*cilium_api_v2.CiliumNode]{}
+		},
+		func() daemonk8s.ServiceNonHeadless {
+			return &fakeresource[*slim_corev1.Service]{}
+		},
+		func() daemonk8s.EndpointsNonHeadless {
+			return &fakeresource[*ciliumk8s.Endpoints]{}
+		},
+		func() watchers.WatcherConfiguration {
+			return &watcherconfig{}
+		},
+	),
+
+	cell.Provide(func(lc cell.Lifecycle, cs client.Clientset) (resource.Resource[*ciliumk8s.Endpoints], error) {
+		//nolint:wrapcheck // a wrapped error here is of dubious value
+		return ciliumk8s.EndpointsResource(lc, ciliumk8s.Config{
+			EnableK8sEndpointSlice: true,
+			K8sServiceProxyName:    "",
+		}, cs)
+	}),
+
+	cell.Provide(func(lc cell.Lifecycle, cs client.Clientset) (resource.Resource[*slim_corev1.Service], error) {
+		//nolint:wrapcheck // a wrapped error here is of dubious value
+		return ciliumk8s.ServiceResource(
+			lc,
+			ciliumk8s.Config{
+				EnableK8sEndpointSlice: false,
+				K8sServiceProxyName:    "",
+			},
+			cs,
+			func(*metav1.ListOptions) {},
+		)
+	}),
+
+	// Provide everything needed for the watchers.
+	cell.Provide(func() *ipcache.IPCache {
+		iao := &identityAllocatorOwner{}
+		idAlloc := &cachingIdentityAllocator{
+			cache.NewCachingIdentityAllocator(iao),
+			nil,
+		}
+		return ipcache.NewIPCache(&ipcache.Configuration{
+			Context:           context.Background(),
+			IdentityAllocator: idAlloc,
+			PolicyHandler:     &policyhandler{},
+			DatapathHandler:   &datapathhandler{},
+		})
+	}),
+
+	cell.Provide(func() *ciliumk8s.ServiceCache {
+		option.Config.K8sServiceCacheSize = 1000
+		return ciliumk8s.NewServiceCache(&nodeaddressing{})
+	}),
+
+	cell.Provide(func() node.LocalNodeSynchronizer {
+		return &nodeSynchronizer{
+			l: logrus.WithField("module", "node-synchronizer"),
+		}
+	}),
+	node.LocalNodeStoreCell,
+
+	synced.Cell,
+
+	cell.Provide(NewWatcher),
+
+	cell.Provide(newAPIServerEventHandler),
+	cell.Invoke(func(a *APIServerEventHandler) {
+		ps := pubsub.New()
+		fn := pubsub.CallBackFunc(a.handleAPIServerEvent)
+		uuid := ps.Subscribe(common.PubSubAPIServer, &fn)
+		a.l.WithFields(logrus.Fields{
+			"uuid": uuid,
+		}).Info("Subscribed to PubSub APIServer")
+	}),
+)
diff --git a/pkg/k8s/local_node_synchronizer_linux.go b/pkg/k8s/local_node_synchronizer_linux.go
new file mode 100644
index 0000000000..4ce5402d96
--- /dev/null
+++ b/pkg/k8s/local_node_synchronizer_linux.go
@@ -0,0 +1,43 @@
+package k8s
+
+import (
+	"context"
+	"net"
+	"os"
+
+	"github.com/cilium/cilium/pkg/node"
+	"github.com/cilium/cilium/pkg/node/addressing"
+	nodetypes "github.com/cilium/cilium/pkg/node/types"
+	"github.com/sirupsen/logrus"
+)
+
+type nodeSynchronizer struct {
+	l *logrus.Entry
+}
+
+func (n *nodeSynchronizer) InitLocalNode(_ context.Context, ln *node.LocalNode) error {
+	if ln == nil {
+		n.l.Warn("Local node is nil")
+		return nil
+	}
+	nodeIP := os.Getenv("NODE_IP")
+	if nodeIP == "" {
+		n.l.Warn("Failed to get NODE_IP")
+		return nil
+	}
+	ln.Node = nodetypes.Node{
+		IPAddresses: []nodetypes.Address{
+			{
+				IP:   net.ParseIP(nodeIP),
+				Type: addressing.NodeExternalIP,
+			},
+		},
+		Labels:      make(map[string]string),
+		Annotations: make(map[string]string),
+	}
+	return nil
+}
+
+func (n *nodeSynchronizer) SyncLocalNode(context.Context, *node.LocalNodeStore) {
+	n.l.Info("SyncLocalNode called")
+}
diff --git a/pkg/k8s/placeholders_linux.go b/pkg/k8s/placeholders_linux.go
new file mode 100644
index 0000000000..7ef4579018
--- /dev/null
+++ b/pkg/k8s/placeholders_linux.go
@@ -0,0 +1,136 @@
+package k8s
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"sync"
+	"time"
+
+	datapathtypes "github.com/cilium/cilium/pkg/datapath/types"
+	"github.com/cilium/cilium/pkg/endpoint"
+	"github.com/cilium/cilium/pkg/identity"
+	"github.com/cilium/cilium/pkg/identity/cache"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/k8s/resource"
+	slim_corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1"
+	nodetypes "github.com/cilium/cilium/pkg/node/types"
+	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
+)
+
+type fakeresource[T k8sRuntime.Object] struct{}
+
+func (f *fakeresource[T]) Events(_ context.Context, _ ...resource.EventsOpt) <-chan resource.Event[T] {
+	return make(<-chan resource.Event[T])
+}
+
+func (f *fakeresource[T]) Store(_ context.Context) (resource.Store[T], error) {
+	return nil, nil
+}
+
+func (f *fakeresource[T]) Observe(context.Context, func(resource.Event[T]), func(error)) {
+}
+
+type watcherconfig struct {
+	internalconfigs
+}
+
+type internalconfigs struct{}
+
+func (w *internalconfigs) K8sNetworkPolicyEnabled() bool {
+	return false
+}
+
+func (w *internalconfigs) K8sIngressControllerEnabled() bool {
+	return false
+}
+
+func (w *internalconfigs) K8sGatewayAPIEnabled() bool {
+	return false
+}
+
+type epmgr struct{}
+
+func (e *epmgr) LookupCEPName(string) *endpoint.Endpoint {
+	return nil
+}
+
+func (e *epmgr) GetEndpoints() []*endpoint.Endpoint {
+	return nil
+}
+
+func (e *epmgr) GetHostEndpoint() *endpoint.Endpoint {
+	return nil
+}
+
+func (e *epmgr) GetEndpointsByPodName(string) []*endpoint.Endpoint {
+	return nil
+}
+
+func (e *epmgr) WaitForEndpointsAtPolicyRev(context.Context, uint64) error {
+	return nil
+}
+
+func (e *epmgr) UpdatePolicyMaps(context.Context, *sync.WaitGroup) *sync.WaitGroup {
+	return nil
+}
+
+type nodediscovermgr struct{}
+
+func (n *nodediscovermgr) WaitForLocalNodeInit() {}
+
+func (n *nodediscovermgr) NodeDeleted(nodetypes.Node) {}
+
+func (n *nodediscovermgr) NodeUpdated(nodetypes.Node) {}
+
+func (n *nodediscovermgr) ClusterSizeDependantInterval(time.Duration) time.Duration {
+	return time.Duration(0)
+}
+
+type cgrpmgr struct{}
+
+func (c *cgrpmgr) OnAddPod(*slim_corev1.Pod) {}
+
+func (c *cgrpmgr) OnUpdatePod(*slim_corev1.Pod, *slim_corev1.Pod) {}
+
+func (c *cgrpmgr) OnDeletePod(*slim_corev1.Pod) {}
+
+type nodeaddressing struct{}
+
+func (n *nodeaddressing) IPv6() datapathtypes.NodeAddressingFamily {
+	return nil
+}
+
+func (n *nodeaddressing) IPv4() datapathtypes.NodeAddressingFamily {
+	return nil
+}
+
+type identityAllocatorOwner struct{}
+
+func (i *identityAllocatorOwner) UpdateIdentities(cache.IdentityCache, cache.IdentityCache) {}
+
+func (i *identityAllocatorOwner) GetNodeSuffix() string {
+	return ""
+}
+
+type cachingIdentityAllocator struct {
+	*cache.CachingIdentityAllocator
+	ipcache *ipcache.IPCache
+}
+
+func (c cachingIdentityAllocator) AllocateCIDRsForIPs([]net.IP, map[netip.Prefix]*identity.Identity) ([]*identity.Identity, error) {
+	return nil, nil
+}
+
+func (c cachingIdentityAllocator) ReleaseCIDRIdentitiesByID(context.Context, []identity.NumericIdentity) {
+}
+
+type policyhandler struct{}
+
+func (p *policyhandler) UpdateIdentities(cache.IdentityCache, cache.IdentityCache, *sync.WaitGroup) {}
+
+type datapathhandler struct{}
+
+func (d *datapathhandler) UpdatePolicyMaps(context.Context, *sync.WaitGroup) *sync.WaitGroup {
+	return &sync.WaitGroup{}
+}
diff --git a/pkg/k8s/watcher_linux.go b/pkg/k8s/watcher_linux.go
new file mode 100644
index 0000000000..3bdc50acb7
--- /dev/null
+++ b/pkg/k8s/watcher_linux.go
@@ -0,0 +1,94 @@
+package k8s
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	agentK8s "github.com/cilium/cilium/daemon/k8s"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/k8s"
+	"github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/k8s/synced"
+	"github.com/cilium/cilium/pkg/k8s/watchers"
+	"github.com/cilium/cilium/pkg/logging"
+	"github.com/cilium/cilium/pkg/logging/logfields"
+	"github.com/cilium/cilium/pkg/option"
+)
+
+const (
+	K8sAPIGroupCiliumEndpointV2 = "cilium/v2::CiliumEndpoint"
+)
+
+var (
+	once   sync.Once
+	w      *watchers.K8sWatcher
+	logger = logging.DefaultLogger.WithField(logfields.LogSubsys, "k8s-watcher")
+	// k8sResources = []string{K8sAPIGroupCiliumEndpointV2, resources.K8sAPIGroupServiceV1Core}
+	k8sResources = []string{}
+)
+
+type watcherParams struct {
+	cell.In
+
+	Lifecycle       cell.Lifecycle
+	C               client.Clientset
+	R               agentK8s.Resources
+	IPcache         *ipcache.IPCache
+	SvcCache        *k8s.ServiceCache
+	Wcfg            watchers.WatcherConfiguration
+	ResourcesSynced *synced.Resources
+	APIGroups       *synced.APIGroups
+}
+
+func NewWatcher(params watcherParams) (*watchers.K8sWatcher, error) {
+	return newInstance(params.C, params.ResourcesSynced, params.APIGroups, params.R, params.IPcache, params.SvcCache, params.Wcfg)
+}
+
+func newInstance(
+	c client.Clientset,
+	resourcesSynced *synced.Resources,
+	apiGroups *synced.APIGroups,
+	r agentK8s.Resources,
+	ipc *ipcache.IPCache,
+	svcCache *k8s.ServiceCache,
+	wcfg watchers.WatcherConfiguration,
+) (*watchers.K8sWatcher, error) {
+	option.Config.BGPAnnounceLBIP = false
+	once.Do(func() {
+		w = watchers.NewK8sWatcher(
+			c, // clientset
+			resourcesSynced,
+			apiGroups,
+			&epmgr{},           // endpointManager
+			&nodediscovermgr{}, // nodeDiscoverManager
+			nil,                // policyManager
+			nil,                // policyRepository
+			nil,                // svcManager
+			nil,                // Datapath
+			nil,                // redirectPolicyManager
+			nil,                // bgpSpeakerManager
+			wcfg,               // WatcherConfiguration
+			ipc,                // ipcacheManager
+			&cgrpmgr{},         // cgroupManager
+			r,                  // agentK8s.Resources
+			svcCache,           // *k8s.ServiceCache
+			nil,                // bandwidth.Manager
+		)
+	})
+	return w, nil
+}
+
+func Start(ctx context.Context, k *watchers.K8sWatcher) {
+	logger.Info("Starting Kubernetes watcher")
+
+	option.Config.K8sSyncTimeout = 3 * time.Minute //nolint:gomnd // this duration is self-explanatory
+	syncdCache := make(chan struct{})
+	go k.InitK8sSubsystem(ctx, k8sResources, []string{}, syncdCache)
+	logger.WithField("k8s resources", k8sResources).Info("Kubernetes watcher started, will wait for cache sync")
+
+	// Wait for K8s watcher to sync. If doesn't complete in 3 minutes, causes fatal error.
+	<-syncdCache
+	logger.Info("Kubernetes watcher synced")
+}
diff --git a/pkg/managers/pluginmanager/cells_linux.go b/pkg/managers/pluginmanager/cells_linux.go
new file mode 100644
index 0000000000..3008f2cd92
--- /dev/null
+++ b/pkg/managers/pluginmanager/cells_linux.go
@@ -0,0 +1,83 @@
+package pluginmanager
+
+import (
+	"context"
+	"sync"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
+	"github.com/microsoft/retina/pkg/config"
+	"github.com/microsoft/retina/pkg/metrics"
+	"github.com/microsoft/retina/pkg/plugin/api"
+	"github.com/microsoft/retina/pkg/telemetry"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	// Default external channel size for events
+	// This is the default size of the channel that is used to send events from plugins to hubble
+	DefaultExternalEventChannelSize = 10000
+)
+
+var Cell = cell.Module(
+	"pluginmanager",
+	"Manages Retina eBPF plugins",
+	cell.Provide(func() chan *v1.Event {
+		return make(chan *v1.Event, DefaultExternalEventChannelSize)
+	}),
+	cell.Provide(newPluginManager),
+)
+
+type pluginManagerParams struct {
+	cell.In
+
+	Log       logrus.FieldLogger
+	Lifecycle cell.Lifecycle
+	Config    config.Config
+	Telemetry telemetry.Telemetry
+	EventChan chan *v1.Event
+}
+
+func newPluginManager(params pluginManagerParams) (*PluginManager, error) {
+	logger := params.Log.WithField("module", "pluginmanager")
+
+	// Enable Metrics in retina
+	metrics.InitializeMetrics()
+
+	enabledPlugins := []api.PluginName{}
+	for _, pluginName := range params.Config.EnabledPlugin {
+		enabledPlugins = append(enabledPlugins, api.PluginName(pluginName))
+	}
+	pluginMgr, err := NewPluginManager(&params.Config, params.Telemetry, enabledPlugins...)
+	if err != nil {
+		return &PluginManager{}, err
+	}
+
+	pmCtx, cancelCtx := context.WithCancel(context.Background())
+	// Setup the event channel to be used by hubble
+	pluginMgr.SetupChannel(params.EventChan)
+
+	var wg sync.WaitGroup
+	params.Lifecycle.Append(cell.Hook{
+		OnStart: func(cell.HookContext) error {
+			var err error
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				err = pluginMgr.Start(pmCtx)
+				if err != nil {
+					logger.WithError(err).Fatal("failed to start plugin manager")
+				}
+			}()
+
+			return err
+		},
+		OnStop: func(cell.HookContext) error {
+			cancelCtx()
+			pluginMgr.Stop()
+			wg.Wait()
+			return nil
+		},
+	})
+	return pluginMgr, nil
+}
diff --git a/pkg/monitoragent/cell_linux.go b/pkg/monitoragent/cell_linux.go
new file mode 100644
index 0000000000..ac2428f6f4
--- /dev/null
+++ b/pkg/monitoragent/cell_linux.go
@@ -0,0 +1,92 @@
+package monitoragent
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cilium/cilium/pkg/common"
+	"github.com/cilium/cilium/pkg/defaults"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/logging"
+	"github.com/cilium/cilium/pkg/logging/logfields"
+	ciliumagent "github.com/cilium/cilium/pkg/monitor/agent"
+	"github.com/cilium/cilium/pkg/monitor/agent/consumer"
+	"github.com/cilium/cilium/pkg/monitor/agent/listener"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/pflag"
+)
+
+var (
+	Cell = cell.Module(
+		"monitor-agent",
+		"Consumes the cilium events map and distributes those and other agent events",
+
+		cell.Provide(newMonitorAgent),
+		cell.Config(defaultConfig),
+	)
+
+	log = logging.DefaultLogger.WithField(logfields.LogSubsys, "monitor-agent")
+)
+
+type AgentConfig struct {
+	// EnableMonitor enables the monitor unix domain socket server
+	EnableMonitor bool
+
+	// MonitorQueueSize is the size of the monitor event queue
+	MonitorQueueSize int
+}
+
+var defaultConfig = AgentConfig{
+	EnableMonitor: true,
+}
+
+func (def AgentConfig) Flags(flags *pflag.FlagSet) {
+	flags.Bool("enable-monitor", def.EnableMonitor, "Enable the monitor unix domain socket server")
+	flags.Int("monitor-queue-size", 0, "Size of the event queue when reading monitor events")
+}
+
+type agentParams struct {
+	cell.In
+
+	Lifecycle cell.Lifecycle
+	Log       logrus.FieldLogger
+	Config    AgentConfig
+}
+
+func newMonitorAgent(params agentParams) ciliumagent.Agent {
+	ctx, cancel := context.WithCancel(context.Background())
+	agent := &monitorAgent{
+		ctx:              ctx,
+		listeners:        make(map[listener.MonitorListener]struct{}),
+		consumers:        make(map[consumer.MonitorConsumer]struct{}),
+		perfReaderCancel: func() {}, // no-op to avoid doing null checks everywhere
+	}
+
+	params.Lifecycle.Append(cell.Hook{
+		OnStart: func(cell.HookContext) error {
+			var err error
+			if params.Config.EnableMonitor {
+				queueSize := params.Config.MonitorQueueSize
+				if queueSize == 0 {
+					queueSize = common.GetNumPossibleCPUs(log) * defaults.MonitorQueueSizePerCPU
+					if queueSize > defaults.MonitorQueueSizePerCPUMaximum {
+						queueSize = defaults.MonitorQueueSizePerCPUMaximum
+					}
+				}
+
+				monitorErr := ciliumagent.ServeMonitorAPI(ctx, agent, queueSize)
+				if monitorErr != nil {
+					log.WithError(monitorErr).Error("encountered error serving monitor agent API")
+					return fmt.Errorf("encountered error serving monitor agent API: %w", monitorErr)
+				}
+			}
+			return err
+		},
+		OnStop: func(cell.HookContext) error {
+			cancel()
+			return nil
+		},
+	})
+
+	return agent
+}
diff --git a/pkg/monitoragent/monitoragent_linux.go b/pkg/monitoragent/monitoragent_linux.go
new file mode 100644
index 0000000000..8a16addcf5
--- /dev/null
+++ b/pkg/monitoragent/monitoragent_linux.go
@@ -0,0 +1,217 @@
+package monitoragent
+
+import (
+	"bytes"
+	"context"
+	"encoding/gob"
+	"errors"
+	"fmt"
+
+	"github.com/cilium/cilium/api/v1/models"
+	"github.com/cilium/cilium/pkg/lock"
+	"github.com/cilium/cilium/pkg/monitor/agent/consumer"
+	"github.com/cilium/cilium/pkg/monitor/agent/listener"
+	"github.com/cilium/cilium/pkg/monitor/api"
+	"github.com/cilium/cilium/pkg/monitor/payload"
+	"github.com/sirupsen/logrus"
+)
+
+var (
+	errMonitorAgentNotSetup = fmt.Errorf("monitor agent is not set up")
+	errUnexpectedEvent      = errors.New("unexpected event type for MessageTypeAgent")
+)
+
+// isCtxDone is a utility function that returns true when the context's Done()
+// channel is closed. It is intended to simplify goroutines that need to check
+// this multiple times in their loop.
+func isCtxDone(ctx context.Context) bool {
+	select {
+	case <-ctx.Done():
+		return true
+	default:
+		return false
+	}
+}
+
+type monitorAgent struct {
+	lock.Mutex
+	models.MonitorStatus
+
+	ctx              context.Context
+	perfReaderCancel context.CancelFunc
+
+	// listeners are external cilium monitor clients which receive raw
+	// gob-encoded payloads
+	listeners map[listener.MonitorListener]struct{}
+	// consumers are internal clients which receive decoded messages
+	consumers map[consumer.MonitorConsumer]struct{}
+}
+
+func (a *monitorAgent) AttachToEventsMap(int) error {
+	return nil
+}
+
+func (a *monitorAgent) SendEvent(typ int, event interface{}) error {
+	if a == nil {
+		return errMonitorAgentNotSetup
+	}
+
+	// Two types of clients are currently supported: consumers and listeners.
+	// The former ones expect decoded messages, so the notification does not
+	// require any additional marshalling operation before sending an event.
+	// Instead, the latter expect gob-encoded payloads, and the whole marshalling
+	// process may be quite expensive.
+	// While we want to avoid marshalling events if there are no active
+	// listeners, there's no need to check for active consumers ahead of time.
+
+	a.notifyAgentEvent(typ, event)
+
+	// do not marshal notifications if there are no active listeners
+	if !a.hasListeners() {
+		return nil
+	}
+
+	// marshal notifications into JSON format for legacy listeners
+	if typ == api.MessageTypeAgent {
+		msg, ok := event.(api.AgentNotifyMessage)
+		if !ok {
+			return errUnexpectedEvent
+		}
+		var err error
+		event, err = msg.ToJSON()
+		if err != nil {
+			return fmt.Errorf("unable to JSON encode agent notification: %w", err)
+		}
+	}
+
+	var buf bytes.Buffer
+	if err := buf.WriteByte(byte(typ)); err != nil {
+		return fmt.Errorf("unable to initialize buffer: %w", err)
+	}
+	if err := gob.NewEncoder(&buf).Encode(event); err != nil {
+		return fmt.Errorf("unable to gob encode: %w", err)
+	}
+
+	p := payload.Payload{Data: buf.Bytes(), CPU: 0, Lost: 0, Type: payload.EventSample}
+	a.sendToListeners(&p)
+
+	return nil
+}
+
+func (a *monitorAgent) RegisterNewListener(newListener listener.MonitorListener) {
+	if a == nil || newListener == nil {
+		return
+	}
+
+	a.Lock()
+	defer a.Unlock()
+
+	if isCtxDone(a.ctx) {
+		log.Debug("RegisterNewListener called on stopped monitor")
+		newListener.Close()
+		return
+	}
+
+	version := newListener.Version()
+	switch newListener.Version() { //nolint:exhaustive // the only other case is unsupported which is covered by default
+	case listener.Version1_2:
+		a.listeners[newListener] = struct{}{}
+	default:
+		newListener.Close()
+		log.WithField("version", version).Error("Closing listener from unsupported monitor client version")
+	}
+
+	log.WithFields(logrus.Fields{
+		"count.listener": len(a.listeners),
+		"version":        version,
+	}).Debug("New listener connected")
+}
+
+func (a *monitorAgent) RemoveListener(ml listener.MonitorListener) {
+	if a == nil || ml == nil {
+		return
+	}
+
+	a.Lock()
+	defer a.Unlock()
+
+	// Remove the listener and close it.
+	delete(a.listeners, ml)
+	log.WithFields(logrus.Fields{
+		"count.listener": len(a.listeners),
+		"version":        ml.Version(),
+	}).Debug("Removed listener")
+	ml.Close()
+}
+
+func (a *monitorAgent) RegisterNewConsumer(newConsumer consumer.MonitorConsumer) {
+	if a == nil || newConsumer == nil {
+		return
+	}
+
+	if isCtxDone(a.ctx) {
+		log.Debug("RegisterNewConsumer called on stopped monitor")
+		return
+	}
+
+	a.Lock()
+	defer a.Unlock()
+
+	a.consumers[newConsumer] = struct{}{}
+}
+
+func (a *monitorAgent) RemoveConsumer(mc consumer.MonitorConsumer) {
+	if a == nil || mc == nil {
+		return
+	}
+
+	a.Lock()
+	defer a.Unlock()
+
+	delete(a.consumers, mc)
+	if !a.hasSubscribersLocked() {
+		a.perfReaderCancel()
+	}
+}
+
+func (a *monitorAgent) State() *models.MonitorStatus {
+	return nil
+}
+
+// hasSubscribersLocked returns true if there are listeners or consumers
+// subscribed to the agent right now.
+// Note: it is critical to hold the lock for this operation.
+func (a *monitorAgent) hasSubscribersLocked() bool {
+	return len(a.listeners)+len(a.consumers) != 0
+}
+
+// hasListeners returns true if there are listeners subscribed to the
+// agent right now.
+func (a *monitorAgent) hasListeners() bool {
+	a.Lock()
+	defer a.Unlock()
+	return len(a.listeners) != 0
+}
+
+// sendToListeners enqueues the payload to all listeners.
+func (a *monitorAgent) sendToListeners(pl *payload.Payload) {
+	a.Lock()
+	defer a.Unlock()
+	a.sendToListenersLocked(pl)
+}
+
+// sendToListenersLocked enqueues the payload to all listeners while holding the monitor lock.
+func (a *monitorAgent) sendToListenersLocked(pl *payload.Payload) {
+	for ml := range a.listeners {
+		ml.Enqueue(pl)
+	}
+}
+
+// notifyAgentEvent notifies all consumers about an agent event.
+func (a *monitorAgent) notifyAgentEvent(typ int, message interface{}) {
+	a.Lock()
+	defer a.Unlock()
+	for mc := range a.consumers {
+		mc.NotifyAgentEvent(typ, message)
+	}
+}
diff --git a/pkg/plugin/packetparser/packetparser_linux.go b/pkg/plugin/packetparser/packetparser_linux.go
index ce1a951260..c57f065588 100644
--- a/pkg/plugin/packetparser/packetparser_linux.go
+++ b/pkg/plugin/packetparser/packetparser_linux.go
@@ -579,8 +579,6 @@ func (p *packetParser) processRecord(ctx context.Context, id int) {
 			// Add metadata to the flow.
 			utils.AddRetinaMetadata(fl, meta)
 
-			p.l.Debug("Received packet", zap.Any("flow", fl))
-
 			// Write the event to the enricher.
 			ev := &v1.Event{
 				Event:     fl,
@@ -639,11 +637,9 @@ func (p *packetParser) readData() {
 
 	select {
 	case p.recordsChannel <- record:
-		p.l.Debug("Sent record to channel", zap.Any("record", record))
 	default:
 		// Channel is full, drop the record.
 		// We shouldn't slow down the perf array reader.
-		// p.l.Warn("Channel is full, dropping record", zap.Any("lost samples", record))
 		metrics.LostEventsCounter.WithLabelValues(utils.BufferedChannel, string(Name)).Inc()
 	}
 }
diff --git a/pkg/servermanager/cell_linux.go b/pkg/servermanager/cell_linux.go
new file mode 100644
index 0000000000..b0315c54e8
--- /dev/null
+++ b/pkg/servermanager/cell_linux.go
@@ -0,0 +1,60 @@
+package servermanager
+
+import (
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/microsoft/retina/pkg/config"
+	sm "github.com/microsoft/retina/pkg/managers/servermanager"
+	"github.com/sirupsen/logrus"
+)
+
+var Cell = cell.Module(
+	"servermanager",
+	"Manages Retina basic metrics server",
+	cell.Provide(newServerManager),
+)
+
+type serverParams struct {
+	cell.In
+
+	Log       logrus.FieldLogger
+	Lifecycle cell.Lifecycle
+	Config    config.Config
+}
+
+func newServerManager(params serverParams) (*sm.HTTPServer, error) {
+	logger := params.Log.WithField("module", "servermanager")
+
+	serverCtx, cancelCtx := context.WithCancel(context.Background())
+	serverManager := sm.NewHTTPServer(params.Config.ApiServer.Host, params.Config.ApiServer.Port)
+	if err := serverManager.Init(); err != nil {
+		logger.WithError(err).Error("Unable to initialize Http server")
+		cancelCtx()
+		return nil, fmt.Errorf("unable to initialize Http server: %w", err)
+	}
+
+	wg := sync.WaitGroup{}
+	params.Lifecycle.Append(cell.Hook{
+		OnStart: func(cell.HookContext) error {
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				if err := serverManager.Start(serverCtx); err != nil {
+					logger.WithError(err).Error("Unable to start server")
+				}
+			}()
+
+			return nil
+		},
+		OnStop: func(cell.HookContext) error {
+			cancelCtx()
+			wg.Wait()
+			return nil
+		},
+	})
+
+	return serverManager, nil
+}
diff --git a/pkg/shared/config/config_linux.go b/pkg/shared/config/config_linux.go
new file mode 100644
index 0000000000..168b0c34c6
--- /dev/null
+++ b/pkg/shared/config/config_linux.go
@@ -0,0 +1,23 @@
+package config
+
+import (
+	"fmt"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"k8s.io/client-go/rest"
+	kcfg "sigs.k8s.io/controller-runtime/pkg/client/config"
+)
+
+var Cell = cell.Module(
+	"shared-config",
+	"Shared Config",
+	cell.Provide(GetK8sConfig),
+)
+
+func GetK8sConfig() (*rest.Config, error) {
+	k8sCfg, err := kcfg.GetConfig()
+	if err != nil {
+		return &rest.Config{}, fmt.Errorf("failed to get k8s config: %w", err)
+	}
+	return k8sCfg, nil
+}
diff --git a/pkg/shared/config/type.go b/pkg/shared/config/type.go
new file mode 100644
index 0000000000..fe7e61446a
--- /dev/null
+++ b/pkg/shared/config/type.go
@@ -0,0 +1,2 @@
+// Placeholder file. Required for windows build and lint.
+package config
diff --git a/pkg/shared/telemetry/cell_linux.go b/pkg/shared/telemetry/cell_linux.go
new file mode 100644
index 0000000000..717de36700
--- /dev/null
+++ b/pkg/shared/telemetry/cell_linux.go
@@ -0,0 +1,90 @@
+package telemetry
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/microsoft/retina/pkg/telemetry"
+	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/rest"
+)
+
+const heartbeatInterval = 5 * time.Minute
+
+type Config struct {
+	Component             string
+	EnableTelemetry       bool
+	ApplicationInsightsID string
+	RetinaVersion         string
+	// EnabledPlugins is optional
+	EnabledPlugins []string
+}
+
+type params struct {
+	cell.In
+
+	Config Config
+	K8sCfg *rest.Config
+}
+
+var (
+	Constructor = cell.Module(
+		"telemetry",
+		"provides telemetry",
+		cell.Provide(func(p params, l logrus.FieldLogger) (telemetry.Telemetry, error) {
+			l.WithFields(logrus.Fields{
+				"app-insights-id": p.Config.ApplicationInsightsID,
+				"retina-version":  p.Config.RetinaVersion,
+			}).Info("configuring telemetry")
+
+			if p.Config.EnableTelemetry {
+				if p.Config.ApplicationInsightsID == "" {
+					l.Info("cannot enable telemetry: empty app insights id")
+					return telemetry.NewNoopTelemetry(), nil
+				}
+
+				l.Info("telemetry enabled")
+
+				// initialize Application Insights
+				telemetry.InitAppInsights(p.Config.ApplicationInsightsID, p.Config.RetinaVersion)
+
+				properties := map[string]string{
+					"version":   p.Config.RetinaVersion,
+					"apiserver": p.K8sCfg.Host,
+				}
+				if len(p.Config.EnabledPlugins) > 0 {
+					properties["plugins"] = strings.Join(p.Config.EnabledPlugins, `,`)
+				}
+
+				tel := telemetry.NewAppInsightsTelemetryClient(p.Config.Component, properties)
+				return tel, nil
+			}
+
+			l.Info("telemetry disabled")
+			return telemetry.NewNoopTelemetry(), nil
+		}),
+	)
+
+	Heartbeat = cell.Module(
+		"heartbeat",
+		"sends periodic telemetry heartbeat",
+		cell.Invoke(
+			func(tel telemetry.Telemetry, lifecycle cell.Lifecycle, l logrus.FieldLogger) {
+				ctx, cancelCtx := context.WithCancel(context.Background())
+				lifecycle.Append(cell.Hook{
+					OnStart: func(cell.HookContext) error {
+						l.Info("starting periodic heartbeat")
+						go tel.Heartbeat(ctx, heartbeatInterval)
+						return nil
+					},
+					OnStop: func(cell.HookContext) error {
+						cancelCtx()
+						return nil
+					},
+				})
+			},
+		),
+	)
+)
diff --git a/pkg/shared/telemetry/type.go b/pkg/shared/telemetry/type.go
new file mode 100644
index 0000000000..4517a9e848
--- /dev/null
+++ b/pkg/shared/telemetry/type.go
@@ -0,0 +1,2 @@
+// Placeholder file. Required for windows build and lint.
+package telemetry
diff --git a/test/e2e/framework/azure/create-cluster.go b/test/e2e/framework/azure/create-cluster.go
index efb9a72d64..160d81fa86 100644
--- a/test/e2e/framework/azure/create-cluster.go
+++ b/test/e2e/framework/azure/create-cluster.go
@@ -68,7 +68,7 @@ func GetStarterClusterTemplate(location string) armcontainerservice.ManagedClust
 			*/
 			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
 				{
-					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
+					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
 					// AvailabilityZones:  []*string{to.Ptr("1")},
 					Count:              to.Ptr[int32](MaxNumberOfNodes),
 					EnableNodePublicIP: to.Ptr(false),
diff --git a/test/e2e/framework/kubernetes/exec-pod.go b/test/e2e/framework/kubernetes/exec-pod.go
index 456a43eb0f..2991a90aa2 100644
--- a/test/e2e/framework/kubernetes/exec-pod.go
+++ b/test/e2e/framework/kubernetes/exec-pod.go
@@ -80,7 +80,6 @@ func ExecPod(ctx context.Context, kubeConfigFilePath, namespace, podName, comman
 		Stdout: os.Stdout,
 		Stderr: os.Stderr,
 	})
-
 	if err != nil {
 		return fmt.Errorf("error executing command: %w", err)
 	}
diff --git a/test/e2e/retina_e2e_test.go b/test/e2e/retina_e2e_test.go
index 1c2c2e76d2..29aac9f9f8 100644
--- a/test/e2e/retina_e2e_test.go
+++ b/test/e2e/retina_e2e_test.go
@@ -35,7 +35,7 @@ func TestE2ERetina(t *testing.T) {
 	// Get to root of the repo by going up two directories
 	rootDir := filepath.Dir(filepath.Dir(cwd))
 
-	chartPath := filepath.Join(rootDir, "deploy", "manifests", "controller", "helm", "retina")
+	chartPath := filepath.Join(rootDir, "deploy", "legacy", "manifests", "controller", "helm", "retina")
 	profilePath := filepath.Join(rootDir, "test", "profiles", "advanced", "values.yaml")
 	kubeConfigFilePath := filepath.Join(rootDir, "test", "e2e", "test.pem")
 
diff --git a/test/profiles/localctx/values.yaml b/test/profiles/localctx/values.yaml
index c9c8448b9c..6da54adc44 100644
--- a/test/profiles/localctx/values.yaml
+++ b/test/profiles/localctx/values.yaml
@@ -1,6 +1,6 @@
 operator:
   enabled: false
-# Plugins will default to deploy/manifests/controller/helm/retina/values.yaml
+# Plugins will default to deploy/legacy/manifests/controller/helm/retina/values.yaml
 # TODO add all plugins that we want to test here for local context.
 remoteContext: false
 enablePodLevel: true
diff --git a/windows/readme.md b/windows/readme.md
index 40343ccfdb..8b7fefef8f 100644
--- a/windows/readme.md
+++ b/windows/readme.md
@@ -3,7 +3,7 @@
 1. Cordon all windows nodes. Until the below selector is added, needed so helm install isn't blocked.
 2. Install Linux Retina helm chart.
 
-    `helm install retina ./deploy/manifests/controller/helm/retina/ --namespace kube-system`
+    `helm install retina ./deploy/legacy/manifests/controller/helm/retina/ --namespace kube-system`
 
 3. Uncordon the Windows and nodes.
 

From 88b43bbe82ca752da032be13e198c3194e504aef Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 1 Jul 2024 13:27:30 +0000
Subject: [PATCH 20/39] merge operator changes and update

---
 .../helm/retina/templates/operator.yaml       |  2 +-
 go.mod                                        |  6 +-
 go.sum                                        | 19 ++--
 operator/cmd/cilium-crds/cells.go             |  1 -
 operator/cmd/legacy/deployment.go             |  5 +-
 operator/config/config.go                     |  5 +-
 pkg/shared/config/config.go                   | 23 -----
 pkg/shared/telemetry/cell.go                  | 90 -------------------
 8 files changed, 15 insertions(+), 136 deletions(-)
 delete mode 100644 pkg/shared/config/config.go
 delete mode 100644 pkg/shared/telemetry/cell.go

diff --git a/deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml b/deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml
index 3a22f85d19..f8ac9e0459 100644
--- a/deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml
+++ b/deploy/legacy/manifests/controller/helm/retina/templates/operator.yaml
@@ -54,7 +54,7 @@ spec:
           name: retina-operator
           {{- if .Values.operator.container.command }}
           command:
-          {{- range Values.operator.container.command }}
+          {{- range .Values.operator.container.command }}
           - {{ . }}
           {{- end }}
           {{- end }}
diff --git a/go.mod b/go.mod
index a8dd737007..6012f404aa 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,6 @@ require (
 	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -191,7 +190,7 @@ require (
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.2.0 // indirect
-	github.com/spiffe/spire-api-sdk v1.8.5 // indirect
+	github.com/spiffe/spire-api-sdk v1.9.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/tidwall/gjson v1.17.1 // indirect
@@ -203,7 +202,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.12 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.12 // indirect
@@ -290,7 +288,6 @@ require (
 	github.com/cilium/workerpool v1.2.0
 	github.com/florianl/go-tc v0.4.3
 	github.com/go-logr/zapr v1.3.0
-	github.com/golang/mock v1.1.1
 	github.com/google/gopacket v1.1.19
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/inspektor-gadget/inspektor-gadget v0.27.0
@@ -301,7 +298,6 @@ require (
 	github.com/onsi/gomega v1.33.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_model v0.6.1
-	github.com/sirupsen/logrus v1.9.3
 	github.com/prometheus/common v0.55.0
 	github.com/safchain/ethtool v0.4.1
 	github.com/sirupsen/logrus v1.9.3
diff --git a/go.sum b/go.sum
index 5126202849..80ec63fb64 100644
--- a/go.sum
+++ b/go.sum
@@ -219,8 +219,7 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr
 github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
@@ -365,7 +364,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -589,8 +587,6 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
@@ -741,9 +737,9 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
@@ -789,8 +785,8 @@ github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
 github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
 github.com/spiffe/go-spiffe/v2 v2.2.0 h1:9Vf06UsvsDbLYK/zJ4sYsIsHmMFknUD+feA7IYoWMQY=
 github.com/spiffe/go-spiffe/v2 v2.2.0/go.mod h1:Urzb779b3+IwDJD2ZbN8fVl3Aa8G4N/PiUe6iXC0XxU=
-github.com/spiffe/spire-api-sdk v1.8.5 h1:DjYWO2muHvhwOBOTz/0zTGiBwJkofX/1V9mUAI+P4tU=
-github.com/spiffe/spire-api-sdk v1.8.5/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI=
+github.com/spiffe/spire-api-sdk v1.9.1 h1:DqaUvlBd7iNt6zoaW1At3AgU+RUOfzTXH5994/cFD8g=
+github.com/spiffe/spire-api-sdk v1.9.1/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -824,11 +820,6 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
 github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
-github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
-github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
-github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
-github.com/tklauser/numcpus v0.7.0 h1:yjuerZP127QG9m5Zh/mSO4wqurYil27tHrqwRoRjpr4=
-github.com/tklauser/numcpus v0.7.0/go.mod h1:bb6dMVcj8A42tSE7i32fsIUCbQNllK5iDguyOZRUzAY=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 h1:tcHUxOT8j/R+0S+A1j8D2InqguXFNxAiij+8QFOlX7Y=
 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A=
@@ -938,6 +929,7 @@ golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1003,6 +995,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/operator/cmd/cilium-crds/cells.go b/operator/cmd/cilium-crds/cells.go
index 7ff9489327..ef8598d3b1 100644
--- a/operator/cmd/cilium-crds/cells.go
+++ b/operator/cmd/cilium-crds/cells.go
@@ -146,7 +146,6 @@ var (
 		) identitygc.SharedConfig {
 			return identitygc.SharedConfig{
 				IdentityAllocationMode: daemonCfg.IdentityAllocationMode,
-				K8sNamespace:           operatorK8sNamespace,
 			}
 		}),
 
diff --git a/operator/cmd/legacy/deployment.go b/operator/cmd/legacy/deployment.go
index dd2dfe07ab..1a15d0755c 100644
--- a/operator/cmd/legacy/deployment.go
+++ b/operator/cmd/legacy/deployment.go
@@ -90,7 +90,7 @@ func NewOperator(metricsAddr, probeAddr, configFile string, enableLeaderElection
 func (o *Operator) Start() {
 	mainLogger = log.Logger().Named("main")
 
-	mainLogger.Sugar().Infof("Starting legacy operator %s", version)
+	mainLogger.Sugar().Infof("Starting legacy operator")
 
 	opts := &crzap.Options{
 		Development: false,
@@ -99,7 +99,8 @@ func (o *Operator) Start() {
 	var err error
 	oconfig, err = config.GetConfig(o.configFile)
 	if err != nil {
-		panic(err)
+		fmt.Printf("failed to load config with err %s", err.Error())
+		os.Exit(1)
 	}
 
 	mainLogger.Sugar().Infof("Operator configuration", zap.Any("configuration", oconfig))
diff --git a/operator/config/config.go b/operator/config/config.go
index 8cec17beac..ade4c9ab2f 100644
--- a/operator/config/config.go
+++ b/operator/config/config.go
@@ -31,6 +31,9 @@ func GetConfig(cfgFileName string) (*OperatorConfig, error) {
 	var cfg OperatorConfig
 	viper.SetDefault("EnableRetinaEndpoint", true)
 	err = viper.Unmarshal(&cfg)
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshalling config: %w", err)
+	}
 
-	return &cfg, fmt.Errorf("error unmarshalling config: %w", err)
+	return &cfg, nil
 }
diff --git a/pkg/shared/config/config.go b/pkg/shared/config/config.go
deleted file mode 100644
index c559f9294f..0000000000
--- a/pkg/shared/config/config.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package config
-
-import (
-	"fmt"
-
-	"github.com/cilium/cilium/pkg/hive/cell"
-	"k8s.io/client-go/rest"
-	kcfg "sigs.k8s.io/controller-runtime/pkg/client/config"
-)
-
-var Cell = cell.Module(
-	"shared-config",
-	"Shared Config",
-	cell.Provide(GetK8sConfig),
-)
-
-func GetK8sConfig() (*rest.Config, error) {
-	k8sCfg, err := kcfg.GetConfig()
-	if err != nil {
-		return &rest.Config{}, fmt.Errorf("error getting k8s config: %w", err)
-	}
-	return k8sCfg, nil
-}
diff --git a/pkg/shared/telemetry/cell.go b/pkg/shared/telemetry/cell.go
deleted file mode 100644
index 717de36700..0000000000
--- a/pkg/shared/telemetry/cell.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package telemetry
-
-import (
-	"context"
-	"strings"
-	"time"
-
-	"github.com/cilium/cilium/pkg/hive/cell"
-	"github.com/microsoft/retina/pkg/telemetry"
-	"github.com/sirupsen/logrus"
-	"k8s.io/client-go/rest"
-)
-
-const heartbeatInterval = 5 * time.Minute
-
-type Config struct {
-	Component             string
-	EnableTelemetry       bool
-	ApplicationInsightsID string
-	RetinaVersion         string
-	// EnabledPlugins is optional
-	EnabledPlugins []string
-}
-
-type params struct {
-	cell.In
-
-	Config Config
-	K8sCfg *rest.Config
-}
-
-var (
-	Constructor = cell.Module(
-		"telemetry",
-		"provides telemetry",
-		cell.Provide(func(p params, l logrus.FieldLogger) (telemetry.Telemetry, error) {
-			l.WithFields(logrus.Fields{
-				"app-insights-id": p.Config.ApplicationInsightsID,
-				"retina-version":  p.Config.RetinaVersion,
-			}).Info("configuring telemetry")
-
-			if p.Config.EnableTelemetry {
-				if p.Config.ApplicationInsightsID == "" {
-					l.Info("cannot enable telemetry: empty app insights id")
-					return telemetry.NewNoopTelemetry(), nil
-				}
-
-				l.Info("telemetry enabled")
-
-				// initialize Application Insights
-				telemetry.InitAppInsights(p.Config.ApplicationInsightsID, p.Config.RetinaVersion)
-
-				properties := map[string]string{
-					"version":   p.Config.RetinaVersion,
-					"apiserver": p.K8sCfg.Host,
-				}
-				if len(p.Config.EnabledPlugins) > 0 {
-					properties["plugins"] = strings.Join(p.Config.EnabledPlugins, `,`)
-				}
-
-				tel := telemetry.NewAppInsightsTelemetryClient(p.Config.Component, properties)
-				return tel, nil
-			}
-
-			l.Info("telemetry disabled")
-			return telemetry.NewNoopTelemetry(), nil
-		}),
-	)
-
-	Heartbeat = cell.Module(
-		"heartbeat",
-		"sends periodic telemetry heartbeat",
-		cell.Invoke(
-			func(tel telemetry.Telemetry, lifecycle cell.Lifecycle, l logrus.FieldLogger) {
-				ctx, cancelCtx := context.WithCancel(context.Background())
-				lifecycle.Append(cell.Hook{
-					OnStart: func(cell.HookContext) error {
-						l.Info("starting periodic heartbeat")
-						go tel.Heartbeat(ctx, heartbeatInterval)
-						return nil
-					},
-					OnStop: func(cell.HookContext) error {
-						cancelCtx()
-						return nil
-					},
-				})
-			},
-		),
-	)
-)

From 9e3721cbe5dfdd9e9bd76499294f7e63a55ee7ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 10:42:28 -0400
Subject: [PATCH 21/39] deps: bump github.com/golang/mock from 1.1.1 to 1.6.0
 (#521)

Bumps [github.com/golang/mock](https://github.com/golang/mock) from
1.1.1 to 1.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/mock/releases">github.com/golang/mock's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.0</h2>
<h2>Changelog</h2>
<p>317c030 Best effort guesses for output package path (<a
href="https://redirect.github.com/golang/mock/issues/547">#547</a>)
c59ba11 add ARM to support apple M1 chip to releaser (<a
href="https://redirect.github.com/golang/mock/issues/562">#562</a>)
58935d8 add a basic CONTRIBUTING.md (<a
href="https://redirect.github.com/golang/mock/issues/535">#535</a>)
a5582fc add docs on 1.16 install and adding to PATH (<a
href="https://redirect.github.com/golang/mock/issues/534">#534</a>)
0cd3aaf add flags documentation (<a
href="https://redirect.github.com/golang/mock/issues/539">#539</a>)
64b0b80 add notes and error helper for vendor+reflect error (<a
href="https://redirect.github.com/golang/mock/issues/567">#567</a>)
e303461 add type information to error messages (<a
href="https://redirect.github.com/golang/mock/issues/559">#559</a>)
0cdccf5 feat add InAnyOrder matcher (<a
href="https://redirect.github.com/golang/mock/issues/546">#546</a>)
82ce4a7 feat validate Do &amp; DoReturn args (<a
href="https://redirect.github.com/golang/mock/issues/558">#558</a>)
93308c3 fix broken badge (<a
href="https://redirect.github.com/golang/mock/issues/525">#525</a>)
9336b7e fix error message in parse.go (<a
href="https://redirect.github.com/golang/mock/issues/540">#540</a>)
ab03293 fix ill-formatted message with fmt-verbs like %s (<a
href="https://redirect.github.com/golang/mock/issues/564">#564</a>)
bb5fd5e fix linter errors (<a
href="https://redirect.github.com/golang/mock/issues/552">#552</a>)
aba2ff9 fix parse array with the external const correctly (<a
href="https://redirect.github.com/golang/mock/issues/569">#569</a>)
6ff1070 fix parse arrays with const length correctly (<a
href="https://redirect.github.com/golang/mock/issues/520">#520</a>)
7f5f64d fixup some docs and templates (<a
href="https://redirect.github.com/golang/mock/issues/524">#524</a>)
7078515 refactor go:generate lines so they are consistently placed (<a
href="https://redirect.github.com/golang/mock/issues/527">#527</a>)
7105dde refactor mockgen and cleanup (<a
href="https://redirect.github.com/golang/mock/issues/536">#536</a>)
f36d14a test(sample/user_test.go): minor correction at t.Errorf (<a
href="https://redirect.github.com/golang/mock/issues/544">#544</a>)
ef4ad87 update CI for 1.16 (<a
href="https://redirect.github.com/golang/mock/issues/526">#526</a>)
ad820b0 update Finish docs for Go1.14+ (<a
href="https://redirect.github.com/golang/mock/issues/556">#556</a>)
2421472 update dependencies (<a
href="https://redirect.github.com/golang/mock/issues/528">#528</a>)
953a5bb update user mock to be in test package (<a
href="https://redirect.github.com/golang/mock/issues/566">#566</a>)
d19a212 upgrade dependencies (<a
href="https://redirect.github.com/golang/mock/issues/557">#557</a>)</p>
<h2>v1.5.0</h2>
<h2>Changelog</h2>
<p>0b87a54 Add a period to the end of comments (<a
href="https://redirect.github.com/golang/mock/issues/414">#414</a>)
d2fe5cd Add example for Call.Do and Call.DoAndReturn (<a
href="https://redirect.github.com/golang/mock/issues/470">#470</a>)
91d4b5c Add tests for various Do/DoAndReturn calls (<a
href="https://redirect.github.com/golang/mock/issues/430">#430</a>)
92f53b0 Avoid using packages.Load (<a
href="https://redirect.github.com/golang/mock/issues/420">#420</a>)
aff3767 Fix empty error message when call is exhausted (<a
href="https://redirect.github.com/golang/mock/issues/460">#460</a>)
8734ec5 Format generated files with goimports (<a
href="https://redirect.github.com/golang/mock/issues/458">#458</a>)
69e02d3 MOCK-429: add support for assignable types to Eq matcher (<a
href="https://redirect.github.com/golang/mock/issues/481">#481</a>)
d476d65 Parse parenthesized parameter-type. (<a
href="https://redirect.github.com/golang/mock/issues/421">#421</a>)
ccaa079 Using pacakges.NeedName (<a
href="https://redirect.github.com/golang/mock/issues/418">#418</a>)
f67ce0c add CODEOWNERS file (<a
href="https://redirect.github.com/golang/mock/issues/522">#522</a>)
6d816de add default calling of ctrl.Finish() in go1.14+ (<a
href="https://redirect.github.com/golang/mock/issues/422">#422</a>)
7b53c4d check error for os.Setenv in parse_test.go (<a
href="https://redirect.github.com/golang/mock/issues/472">#472</a>)
b9a8584 deduplicate methods to allow overlapping methods on embedded
interfaces (<a
href="https://redirect.github.com/golang/mock/issues/498">#498</a>)
10192bd fix 1.11 ga test failure (<a
href="https://redirect.github.com/golang/mock/issues/511">#511</a>)
dcd893e fix Test_createPackageMap for 1.15 (<a
href="https://redirect.github.com/golang/mock/issues/512">#512</a>)
44e6f1e fix docs for AssignableToTypeOf (<a
href="https://redirect.github.com/golang/mock/issues/452">#452</a>)
a23c5e7 fix issues related to source package imports (<a
href="https://redirect.github.com/golang/mock/issues/507">#507</a>)
11d9cab fix readme docs on removing Finish calls (<a
href="https://redirect.github.com/golang/mock/issues/461">#461</a>)
0f6dc21 format variadic arguments with GotFormatter (<a
href="https://redirect.github.com/golang/mock/issues/434">#434</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mock/commit/aba2ff9a6844d5e3289e8472d3217d5b3090f083"><code>aba2ff9</code></a>
fix parse array with the external const correctly (<a
href="https://redirect.github.com/golang/mock/issues/569">#569</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/bb196fcb041b9d9383ef9da0dac6b53b8a127642"><code>bb196fc</code></a>
fix typo in README (<a
href="https://redirect.github.com/golang/mock/issues/568">#568</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/64b0b80f458052cd8a56d8310258235f2237a214"><code>64b0b80</code></a>
add notes and error helper for vendor+reflect error (<a
href="https://redirect.github.com/golang/mock/issues/567">#567</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/953a5bb40e02a50d43d411521679c19a3843765f"><code>953a5bb</code></a>
update user mock to be in test package (<a
href="https://redirect.github.com/golang/mock/issues/566">#566</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/c59ba111f47eb7255408acd218b0c12f19377bc6"><code>c59ba11</code></a>
add ARM to support apple M1 chip to releaser (<a
href="https://redirect.github.com/golang/mock/issues/562">#562</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/ab032936af9e6e83aff6b6a86e90dec92530ec78"><code>ab03293</code></a>
fix ill-formatted message with fmt-verbs like %s (<a
href="https://redirect.github.com/golang/mock/issues/564">#564</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/0cdccf5f55d777b12c1ac5a93f607cdd1dbf5296"><code>0cdccf5</code></a>
feat add InAnyOrder matcher (<a
href="https://redirect.github.com/golang/mock/issues/546">#546</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/e3034614db1cb7f651faba8942085fbd81a38580"><code>e303461</code></a>
add type information to error messages (<a
href="https://redirect.github.com/golang/mock/issues/559">#559</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/82ce4a77a940bbed5cb83b18dda44488e4640213"><code>82ce4a7</code></a>
feat validate Do &amp; DoReturn args (<a
href="https://redirect.github.com/golang/mock/issues/558">#558</a>)</li>
<li><a
href="https://github.com/golang/mock/commit/d19a21299ddc9ba3207d1f1d3d9428ca68be1093"><code>d19a212</code></a>
upgrade dependencies (<a
href="https://redirect.github.com/golang/mock/issues/557">#557</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/mock/compare/v1.1.1...v1.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/golang/mock&package-manager=go_modules&previous-version=1.1.1&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 1 -
 go.sum | 1 -
 2 files changed, 2 deletions(-)

diff --git a/go.mod b/go.mod
index b2f3bb50de..ba09dba6a5 100644
--- a/go.mod
+++ b/go.mod
@@ -284,7 +284,6 @@ require (
 	github.com/cilium/workerpool v1.2.0
 	github.com/florianl/go-tc v0.4.3
 	github.com/go-logr/zapr v1.3.0
-	github.com/golang/mock v1.1.1
 	github.com/google/gopacket v1.1.19
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/inspektor-gadget/inspektor-gadget v0.27.0
diff --git a/go.sum b/go.sum
index 8e80b1b648..6e117f1625 100644
--- a/go.sum
+++ b/go.sum
@@ -352,7 +352,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=

From af990fe7d13851c2015cdab4c64588984b9349e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 14:46:24 +0000
Subject: [PATCH 22/39] deps: bump github.com/aws/aws-sdk-go-v2/credentials
 from 1.17.21 to 1.17.23 (#517)

Bumps
[github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2)
from 1.17.21 to 1.17.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/4509a600408280c8dcdbc6825ba750cf1628423d"><code>4509a60</code></a>
Release 2024-06-28</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/0c61504d74dd81214542aae8a68993166935fa2a"><code>0c61504</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7ca59bf2c0fc11f80a59f7f0e5c7f4d7805444e3"><code>7ca59bf</code></a>
Update SDK's smithy-go dependency to v1.20.3</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/fe1af5ba9947870b221f0c17b92e4f6d48e318c9"><code>fe1af5b</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b76404f69b8b6b2e398f9fd3f4759e36e3407353"><code>b76404f</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/8ca412df63bb420ae20bf4ae198b8ea57e2aacf6"><code>8ca412d</code></a>
Release 2024-06-27</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6505a148d0d4e3a624fa5fb10c7fc4a226c9257f"><code>6505a14</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/66e5439ffbb921f031bae700e78ecea6b48b3517"><code>66e5439</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/590c9dbbfd52c9f93a2997bcca309c362d7f90e1"><code>590c9db</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7c25c211744bdcff47a7203a7a894b1241f9da50"><code>7c25c21</code></a>
Release 2024-06-26</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.21...credentials/v1.17.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/credentials&package-manager=go_modules&previous-version=1.17.21&new-version=1.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 44 ++++++++++++++++++++++----------------------
 2 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/go.mod b/go.mod
index ba09dba6a5..7e7468bbfe 100644
--- a/go.mod
+++ b/go.mod
@@ -34,19 +34,19 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 // indirect
-	github.com/aws/smithy-go v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
+	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -273,9 +273,9 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
 	github.com/Sytten/logrus-zap-hook v0.1.0
-	github.com/aws/aws-sdk-go-v2 v1.30.0
+	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.21
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.21
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb
diff --git a/go.sum b/go.sum
index 6e117f1625..80f5108e81 100644
--- a/go.sum
+++ b/go.sum
@@ -97,42 +97,42 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
-github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o=
+github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
 github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
 github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 h1:9ja34PaKybhCJjVKvxtDsUjbATUJGN+eF6QnO58u5cI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.0/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
-github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
-github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ=
+github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
+github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 8f2d6b72a3f32aed4c46bf907a49c65e1ee6523a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 10:46:41 -0400
Subject: [PATCH 23/39] deps: bump github.com/go-chi/chi/v5 from 5.0.11 to
 5.1.0 (#516)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from
5.0.11 to 5.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-chi/chi/releases">github.com/go-chi/chi/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>middleware: add Discard method to WrapResponseWriter by <a
href="https://github.com/patrislav"><code>@​patrislav</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/926">go-chi/chi#926</a>
<ul>
<li>Adds <code>Discard()</code> method to the
<code>middleware.WrapResponseWriter</code> interface. This is
technically an API breaking change. However after some discussion at <a
href="https://redirect.github.com/go-chi/chi/pull/926#discussion_r1658333481">go-chi/chi#926</a>,
we decided to move forward, and release as minor version, as we don't
expect anyone to rely on this interface / implement it externally.</li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/patrislav"><code>@​patrislav</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/926">go-chi/chi#926</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-chi/chi/compare/v5.0.14...v5.1.0">https://github.com/go-chi/chi/compare/v5.0.14...v5.1.0</a></p>
<h2>v5.0.14</h2>
<h2>What's Changed</h2>
<ul>
<li>middleware: fix typo in RealIP doc by <a
href="https://github.com/l2dy"><code>@​l2dy</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/903">go-chi/chi#903</a></li>
<li>reduce size of Context struct from 216 bytes to 208 bytes by <a
href="https://github.com/juburr"><code>@​juburr</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/912">go-chi/chi#912</a></li>
<li>Avoid possible memory leak in compress middleware by <a
href="https://github.com/Neurostep"><code>@​Neurostep</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/919">go-chi/chi#919</a></li>
<li>docs: Update stale links in docs for contributing by <a
href="https://github.com/Lutherwaves"><code>@​Lutherwaves</code></a> in
<a
href="https://redirect.github.com/go-chi/chi/pull/904">go-chi/chi#904</a></li>
<li>Revert &quot;Avoid possible memory leak in compress middleware&quot;
by <a
href="https://github.com/VojtechVitek"><code>@​VojtechVitek</code></a>
in <a
href="https://redirect.github.com/go-chi/chi/pull/924">go-chi/chi#924</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/l2dy"><code>@​l2dy</code></a> made their
first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/903">go-chi/chi#903</a></li>
<li><a href="https://github.com/juburr"><code>@​juburr</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/912">go-chi/chi#912</a></li>
<li><a href="https://github.com/Neurostep"><code>@​Neurostep</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/919">go-chi/chi#919</a></li>
<li><a
href="https://github.com/Lutherwaves"><code>@​Lutherwaves</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/904">go-chi/chi#904</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-chi/chi/compare/v5.0.12...v5.0.14">https://github.com/go-chi/chi/compare/v5.0.12...v5.0.14</a></p>
<h2>v5.0.13</h2>
<h2>What's Changed</h2>
<ul>
<li>middleware: fix typo in RealIP doc by <a
href="https://github.com/l2dy"><code>@​l2dy</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/903">go-chi/chi#903</a></li>
<li>reduce size of Context struct from 216 bytes to 208 bytes by <a
href="https://github.com/juburr"><code>@​juburr</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/912">go-chi/chi#912</a></li>
<li>Avoid possible memory leak in compress middleware by <a
href="https://github.com/Neurostep"><code>@​Neurostep</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/919">go-chi/chi#919</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/l2dy"><code>@​l2dy</code></a> made their
first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/903">go-chi/chi#903</a></li>
<li><a href="https://github.com/juburr"><code>@​juburr</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/912">go-chi/chi#912</a></li>
<li><a href="https://github.com/Neurostep"><code>@​Neurostep</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/919">go-chi/chi#919</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-chi/chi/compare/v5.0.12...v5.0.13">https://github.com/go-chi/chi/compare/v5.0.12...v5.0.13</a></p>
<h2>v5.0.12</h2>
<p>Hi everyone, thank you to all contributors + reviewers.</p>
<p>We present chi v5.0.12 which includes support for the new Go 1.22 mux
routing features :)</p>
<p>Specifically, this release adds support for:</p>
<ul>
<li>Routing methods <code>r.Handle(&quot;GET /users/{userID}&quot;,
handler)</code> and similarly in <code>r.HandlerFunc</code> with a very
simple addition to chi, thank you <a
href="https://github.com/Spartan09"><code>@​Spartan09</code></a> and <a
href="https://github.com/angelofallars"><code>@​angelofallars</code></a>
for their work on the PRs to add support (<a
href="https://redirect.github.com/go-chi/chi/pull/897">go-chi/chi#897</a>,
<a
href="https://redirect.github.com/go-chi/chi/pull/901">go-chi/chi#901</a>)</li>
<li>Access url path parameters via
<code>request.PathValue(&quot;xyz&quot;)</code> and
<code>request.PathValue(&quot;*&quot;)</code> on
<code>*http.Request</code> when using the chi router in Go 1.22+. Of
course you may also use <code>chi.URLParam(r, &quot;xyz&quot;)</code>
and <code>chi.URLParam(r, &quot;*&quot;)</code> – these are all
equivalent now in Go 1.22+. Thank you <a
href="https://github.com/angelofallars"><code>@​angelofallars</code></a>
for the PR (<a
href="https://redirect.github.com/go-chi/chi/pull/901">go-chi/chi#901</a>)</li>
<li>For full list of changes, see <a
href="https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12">https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/go-chi/chi/blob/master/CHANGELOG.md">github.com/go-chi/chi/v5's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v5.0.12 (2024-02-16)</h2>
<ul>
<li>History of changes: see <a
href="https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12">https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-chi/chi/commit/67be7d9cafdaeb4e04e887ff78d09e030ee43b00"><code>67be7d9</code></a>
middleware: add Discard method to WrapResponseWriter (<a
href="https://redirect.github.com/go-chi/chi/issues/926">#926</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/7957c0d4ddaee560a01110145dbf2809ffdb6663"><code>7957c0d</code></a>
Revert &quot;fix(middleware): Close created writer in the compressor
middleware (#...</li>
<li><a
href="https://github.com/go-chi/chi/commit/f728a1c1976959d4a313da09bac44e88ec111917"><code>f728a1c</code></a>
docs: Update stale links in docs for contributing (<a
href="https://redirect.github.com/go-chi/chi/issues/904">#904</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/f10dc4a9cab53a47f600f518fcccaa044666e95f"><code>f10dc4a</code></a>
fix(middleware): Close created writer in the compressor middleware (<a
href="https://redirect.github.com/go-chi/chi/issues/919">#919</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/ef31c0bff3f8061e6fba7085691e4970a3d1b7da"><code>ef31c0b</code></a>
reduce context struct size from 216 bytes to 208 bytes (<a
href="https://redirect.github.com/go-chi/chi/issues/912">#912</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/c1f2a7a12e66b0ca0faf57adad98bf82c767df1f"><code>c1f2a7a</code></a>
middleware: fix typo in RealIP doc (<a
href="https://redirect.github.com/go-chi/chi/issues/903">#903</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/1191921289e82fdc56f298a76ff254742f568ece"><code>1191921</code></a>
v5.0.12</li>
<li><a
href="https://github.com/go-chi/chi/commit/ec67a8683291f13a58d419ae8167971f4958d92b"><code>ec67a86</code></a>
go 1.22, PathValue wildcard test</li>
<li><a
href="https://github.com/go-chi/chi/commit/fd0ff0e45e67f04e1e17884c0d2d0550884624ed"><code>fd0ff0e</code></a>
feat(mux): add 1.22-style path value support (<a
href="https://redirect.github.com/go-chi/chi/issues/901">#901</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/60b4f5f52d70851dc4802f68ef96794302bdf854"><code>60b4f5f</code></a>
feat: update HTTP method parsing in patterns for <code>Handle</code> and
<code>HandleFunc</code> (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/go-chi/chi/compare/v5.0.11...v5.1.0">compare
view</a></li>
</ul>
</details>
<br />

<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>

| Dependency Name | Ignore Conditions |
| --- | --- |
| github.com/go-chi/chi/v5 | [< 5.1, > 5.0.11] |
</details>


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5&package-manager=go_modules&previous-version=5.0.11&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7e7468bbfe..dae1d264bf 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/microsoft/retina
 go 1.22.3
 
 require (
-	github.com/go-chi/chi/v5 v5.0.11
+	github.com/go-chi/chi/v5 v5.1.0
 	github.com/google/uuid v1.6.0
 	github.com/prometheus/client_golang v1.19.1
 	github.com/spf13/cobra v1.8.0
diff --git a/go.sum b/go.sum
index 80f5108e81..3dd6b82e17 100644
--- a/go.sum
+++ b/go.sum
@@ -281,8 +281,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
 github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
-github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
-github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=

From 6ce3c163647d83f3f61d362c274428358a6799e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 14:58:19 +0000
Subject: [PATCH 24/39] deps: bump github.com/spf13/cobra from 1.8.0 to 1.8.1
 (#523)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from
1.8.0 to 1.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.1</h2>
<h2>✨ Features</h2>
<ul>
<li>Add env variable to suppress completion descriptions on create by <a
href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1938">spf13/cobra#1938</a></li>
</ul>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Micro-optimizations by <a
href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1957">spf13/cobra#1957</a></li>
</ul>
<h2>🔧 Maintenance</h2>
<ul>
<li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to
2.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2127">spf13/cobra#2127</a></li>
<li>Consistent annotation names by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2140">spf13/cobra#2140</a></li>
<li>Remove fully inactivated linters by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2148">spf13/cobra#2148</a></li>
<li>Address golangci-lint deprecation warnings, enable some more linters
by <a href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2152">spf13/cobra#2152</a></li>
</ul>
<h2>🧪 Testing &amp; CI/CD</h2>
<ul>
<li>Add test for func in cobra.go by <a
href="https://github.com/korovindenis"><code>@​korovindenis</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2094">spf13/cobra#2094</a></li>
<li>ci: test golang 1.22 by <a
href="https://github.com/cyrilico"><code>@​cyrilico</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2113">spf13/cobra#2113</a></li>
<li>Optimized and added more linting by <a
href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2099">spf13/cobra#2099</a></li>
<li>build(deps): bump actions/setup-go from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2087">spf13/cobra#2087</a></li>
<li>build(deps): bump actions/labeler from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2086">spf13/cobra#2086</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2108">spf13/cobra#2108</a></li>
<li>build(deps): bump actions/cache from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2102">spf13/cobra#2102</a></li>
</ul>
<h2>✏️ Documentation</h2>
<ul>
<li>Fixes and docs for usage as plugin by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2070">spf13/cobra#2070</a></li>
<li>flags: clarify documentation that LocalFlags related function do not
modify the state by <a
href="https://github.com/niamster"><code>@​niamster</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2064">spf13/cobra#2064</a></li>
<li>chore: remove repetitive words by <a
href="https://github.com/racerole"><code>@​racerole</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2122">spf13/cobra#2122</a></li>
<li>Add LXC to the list of projects using Cobra <a
href="https://github.com/VaradBelwalkar"><code>@​VaradBelwalkar</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2071">spf13/cobra#2071</a></li>
<li>Update projects_using_cobra.md by <a
href="https://github.com/marcuskohlberg"><code>@​marcuskohlberg</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2089">spf13/cobra#2089</a></li>
<li>[chore]: update projects using cobra by <a
href="https://github.com/cmwylie19"><code>@​cmwylie19</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2093">spf13/cobra#2093</a></li>
<li>Add Taikun CLI to list of projects by <a
href="https://github.com/Smidra"><code>@​Smidra</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2098">spf13/cobra#2098</a></li>
<li>Add Incus to the list of projects using Cobra by <a
href="https://github.com/montag451"><code>@​montag451</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2118">spf13/cobra#2118</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spf13/cobra/commit/e94f6d0dd9a5e5738dca6bce03c4b1207ffbc0ec"><code>e94f6d0</code></a>
Address golangci-lint deprecation warnings, enable some more linters (<a
href="https://redirect.github.com/spf13/cobra/issues/2152">#2152</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/8003b74a10ef0d0d84fe3c408d3939d86fdeb210"><code>8003b74</code></a>
Remove fully inactivated linters (<a
href="https://redirect.github.com/spf13/cobra/issues/2148">#2148</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/5c2c1d627d35a00153764a3d37400efc66eaca1c"><code>5c2c1d6</code></a>
Consistent annotation names (<a
href="https://redirect.github.com/spf13/cobra/issues/2140">#2140</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/5a1acea3210649f3d70002818ec04b09f6347062"><code>5a1acea</code></a>
build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4
(<a
href="https://redirect.github.com/spf13/cobra/issues/2127">#2127</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/0fc86c2ffd0326b6f6ed5fa36803d26993655c08"><code>0fc86c2</code></a>
docs: update user guide (<a
href="https://redirect.github.com/spf13/cobra/issues/2128">#2128</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/6b5f577ebce858ee70fcdd1f062ea3af4b1c03ab"><code>6b5f577</code></a>
More linting (<a
href="https://redirect.github.com/spf13/cobra/issues/2099">#2099</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/bd914e58d69d65e494b45bdb40e90ca816b92fcc"><code>bd914e5</code></a>
fix: remove deprecated io/ioutils package (<a
href="https://redirect.github.com/spf13/cobra/issues/2120">#2120</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/1f80fa2e23cc550c131e8a54dc72d11b265c6fcf"><code>1f80fa2</code></a>
chore: remove repetitive words (<a
href="https://redirect.github.com/spf13/cobra/issues/2122">#2122</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/c69ae4c36b134dd69e5ab9d3d6b9f571ca5afe1e"><code>c69ae4c</code></a>
ci: test golang 1.22 (<a
href="https://redirect.github.com/spf13/cobra/issues/2113">#2113</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/a30cee5e5ab0949cc888ef00ae6aee24e091e042"><code>a30cee5</code></a>
build(deps): bump actions/cache from 3 to 4 (<a
href="https://redirect.github.com/spf13/cobra/issues/2102">#2102</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index dae1d264bf..d0863f2a01 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/go-chi/chi/v5 v5.1.0
 	github.com/google/uuid v1.6.0
 	github.com/prometheus/client_golang v1.19.1
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.1
 	go.uber.org/zap v1.27.0
 	k8s.io/client-go v0.30.1
 )
diff --git a/go.sum b/go.sum
index 3dd6b82e17..837c393904 100644
--- a/go.sum
+++ b/go.sum
@@ -212,7 +212,7 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr
 github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
@@ -762,8 +762,8 @@ github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNo
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
 github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
-github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=

From 70b226d307122b9874ed45f0892b428c7ae9db31 Mon Sep 17 00:00:00 2001
From: Quang Nguyen <nguyenquang@microsoft.com>
Date: Mon, 1 Jul 2024 11:10:55 -0400
Subject: [PATCH 25/39] fix: windows builds in release pipeline (#514)

# Description
As title. Closes #513
## Related Issue

If this pull request is related to any issue, please mention it here.
Additionally, make sure that the issue is assigned to you before
submitting this pull request.

## Checklist

- [ ] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [ ] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [ ] I have correctly attributed the author(s) of the code.
- [ ] I have tested the changes locally.
- [ ] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes
made.

## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.
---
 .github/workflows/release-images.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml
index 1df6c483d8..fad3c2f257 100644
--- a/.github/workflows/release-images.yaml
+++ b/.github/workflows/release-images.yaml
@@ -66,6 +66,7 @@ jobs:
       matrix:
         platform: ["windows"]
         arch: ["amd64"]
+        year: ["2019", "2022"]
 
     steps:
       - name: Checkout code
@@ -93,6 +94,7 @@ jobs:
           make retina-image-win \
             IMAGE_NAMESPACE=${{ github.repository }} \
             PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \
+            WINDOWS_YEARS=${{ matrix.year }} \
             BUILDX_ACTION=--push
 
       - name: Sign container image

From 9320000af95ebfdd0916b8c0b8c6cdb7e4bca55f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 11:15:30 -0400
Subject: [PATCH 26/39] deps: bump github.com/aws/aws-sdk-go-v2/service/s3 from
 1.56.1 to 1.57.1 (#522)

Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.56.1 to 1.57.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/4509a600408280c8dcdbc6825ba750cf1628423d"><code>4509a60</code></a>
Release 2024-06-28</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/0c61504d74dd81214542aae8a68993166935fa2a"><code>0c61504</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7ca59bf2c0fc11f80a59f7f0e5c7f4d7805444e3"><code>7ca59bf</code></a>
Update SDK's smithy-go dependency to v1.20.3</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/fe1af5ba9947870b221f0c17b92e4f6d48e318c9"><code>fe1af5b</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b76404f69b8b6b2e398f9fd3f4759e36e3407353"><code>b76404f</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/8ca412df63bb420ae20bf4ae198b8ea57e2aacf6"><code>8ca412d</code></a>
Release 2024-06-27</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6505a148d0d4e3a624fa5fb10c7fc4a226c9257f"><code>6505a14</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/66e5439ffbb921f031bae700e78ecea6b48b3517"><code>66e5439</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/590c9dbbfd52c9f93a2997bcca309c362d7f90e1"><code>590c9db</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7c25c211744bdcff47a7203a7a894b1241f9da50"><code>7c25c21</code></a>
Release 2024-06-26</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.56.1...service/s3/v1.57.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.56.1&new-version=1.57.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index d0863f2a01..f01c59f1d1 100644
--- a/go.mod
+++ b/go.mod
@@ -33,16 +33,16 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
@@ -276,7 +276,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.21
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb
 	github.com/cilium/ebpf v0.15.0
diff --git a/go.sum b/go.sum
index 837c393904..2f1b3b0512 100644
--- a/go.sum
+++ b/go.sum
@@ -99,8 +99,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o=
 github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM=
 github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
 github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
@@ -113,18 +113,18 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZ
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 h1:THZJJ6TU/FOiM7DZFnisYV9d49oxXWUzsVIMTuf3VNU=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13/go.mod h1:VISUTg6n+uBaYIWPBaIG0jk7mbBxm7DUqBtU2cUDDWI=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 h1:2jyRZ9rVIMisyQRnhSS/SqlckveoxXneIumECVFP91Y=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15/go.mod h1:bDRG3m382v1KJBk1cKz7wIajg87/61EiiymEyfLvAe0=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 h1:Eq2THzHt6P41mpjS2sUzz/3dJYFRqdWZ+vQaEMm98EM=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13/go.mod h1:FgwTca6puegxgCInYwGjmd4tB9195Dd6LCuA+8MjpWw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 h1:aHPtNY87GZ214N4rShgIo+5JQz7ICrJ50i17JbueUTw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=

From 408397daf2eceb1a3a1589291228b6c5975cedd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 14:46:25 -0400
Subject: [PATCH 27/39] deps: bump github.com/aws/aws-sdk-go-v2/config from
 1.27.21 to 1.27.23 (#518)

Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2)
from 1.27.21 to 1.27.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/4509a600408280c8dcdbc6825ba750cf1628423d"><code>4509a60</code></a>
Release 2024-06-28</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/0c61504d74dd81214542aae8a68993166935fa2a"><code>0c61504</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7ca59bf2c0fc11f80a59f7f0e5c7f4d7805444e3"><code>7ca59bf</code></a>
Update SDK's smithy-go dependency to v1.20.3</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/fe1af5ba9947870b221f0c17b92e4f6d48e318c9"><code>fe1af5b</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b76404f69b8b6b2e398f9fd3f4759e36e3407353"><code>b76404f</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/8ca412df63bb420ae20bf4ae198b8ea57e2aacf6"><code>8ca412d</code></a>
Release 2024-06-27</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6505a148d0d4e3a624fa5fb10c7fc4a226c9257f"><code>6505a14</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/66e5439ffbb921f031bae700e78ecea6b48b3517"><code>66e5439</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/590c9dbbfd52c9f93a2997bcca309c362d7f90e1"><code>590c9db</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/7c25c211744bdcff47a7203a7a894b1241f9da50"><code>7c25c21</code></a>
Release 2024-06-26</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.21...config/v1.27.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/config&package-manager=go_modules&previous-version=1.27.21&new-version=1.27.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f01c59f1d1..68136f1156 100644
--- a/go.mod
+++ b/go.mod
@@ -274,7 +274,7 @@ require (
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
 	github.com/Sytten/logrus-zap-hook v0.1.0
 	github.com/aws/aws-sdk-go-v2 v1.30.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.21
+	github.com/aws/aws-sdk-go-v2/config v1.27.23
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
diff --git a/go.sum b/go.sum
index 2f1b3b0512..706850408e 100644
--- a/go.sum
+++ b/go.sum
@@ -101,8 +101,8 @@ github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NP
 github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM=
-github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM=
-github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM=
+github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac=
+github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=

From 3ad509a3c4c72958dafa97e1edf35b4070f7b9f9 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 1 Jul 2024 18:54:31 +0000
Subject: [PATCH 28/39] set operator file to only build on linux

---
 operator/cmd/cilium-crds/{cells.go => cells_linux.go}     | 0
 operator/cmd/cilium-crds/{root.go => root_linux.go}       | 0
 operator/cmd/cilium-crds/{zap.go => zap_linux.go}         | 0
 operator/cmd/{cilium-crds.go => cilium_crds_cmd_linux.go} | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename operator/cmd/cilium-crds/{cells.go => cells_linux.go} (100%)
 rename operator/cmd/cilium-crds/{root.go => root_linux.go} (100%)
 rename operator/cmd/cilium-crds/{zap.go => zap_linux.go} (100%)
 rename operator/cmd/{cilium-crds.go => cilium_crds_cmd_linux.go} (100%)

diff --git a/operator/cmd/cilium-crds/cells.go b/operator/cmd/cilium-crds/cells_linux.go
similarity index 100%
rename from operator/cmd/cilium-crds/cells.go
rename to operator/cmd/cilium-crds/cells_linux.go
diff --git a/operator/cmd/cilium-crds/root.go b/operator/cmd/cilium-crds/root_linux.go
similarity index 100%
rename from operator/cmd/cilium-crds/root.go
rename to operator/cmd/cilium-crds/root_linux.go
diff --git a/operator/cmd/cilium-crds/zap.go b/operator/cmd/cilium-crds/zap_linux.go
similarity index 100%
rename from operator/cmd/cilium-crds/zap.go
rename to operator/cmd/cilium-crds/zap_linux.go
diff --git a/operator/cmd/cilium-crds.go b/operator/cmd/cilium_crds_cmd_linux.go
similarity index 100%
rename from operator/cmd/cilium-crds.go
rename to operator/cmd/cilium_crds_cmd_linux.go

From 4af5eac4d8d974a967fab03b11e67ae9c1e894d5 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 1 Jul 2024 19:54:24 +0000
Subject: [PATCH 29/39] fix lint

---
 operator/cilium-crds/config/{config.go => config_linux.go} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename operator/cilium-crds/config/{config.go => config_linux.go} (100%)

diff --git a/operator/cilium-crds/config/config.go b/operator/cilium-crds/config/config_linux.go
similarity index 100%
rename from operator/cilium-crds/config/config.go
rename to operator/cilium-crds/config/config_linux.go

From 07550e771147a91b6f56f17259bd88c9fff869f1 Mon Sep 17 00:00:00 2001
From: Quang Nguyen <nguyenquang@microsoft.com>
Date: Mon, 1 Jul 2024 18:50:56 -0400
Subject: [PATCH 30/39] fix: signing images based on matrix and only run
 release charts on tags (#524)

# Description

As title. Closed #513
## Related Issue

If this pull request is related to any issue, please mention it here.
Additionally, make sure that the issue is assigned to you before
submitting this pull request.

## Checklist

- [ ] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [ ] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [ ] I have correctly attributed the author(s) of the code.
- [ ] I have tested the changes locally.
- [ ] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes
made.

## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.
---
 .github/workflows/release-charts.yaml |  2 +-
 .github/workflows/release-images.yaml | 10 ++++------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml
index cf6738b1a9..0bd4fa5989 100644
--- a/.github/workflows/release-charts.yaml
+++ b/.github/workflows/release-charts.yaml
@@ -16,7 +16,7 @@ jobs:
   push-retina-charts:
     name: Publish Retina Helm Charts
     runs-on: ubuntu-latest
-
+    if: github.ref_type == 'tag'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml
index fad3c2f257..0ad731c018 100644
--- a/.github/workflows/release-images.yaml
+++ b/.github/workflows/release-images.yaml
@@ -99,12 +99,10 @@ jobs:
 
       - name: Sign container image
         run: |
-          for year in 2019 2022; do
-            for image in retina-agent ; do
-              IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG-windows-ltsc$year-${{ matrix.arch }}"
-              DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-$image-$TAG-windows-ltsc$year-${{ matrix.arch }}.json) 
-              cosign sign --yes ${IMAGE_PATH}@${DIGEST} 
-            done
+          for image in retina-agent ; do
+            IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG-windows-ltsc${{ matrix.year }}-${{ matrix.arch }}"
+            DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-$image-$TAG-windows-ltsc${{ matrix.year }}-${{ matrix.arch }}.json) 
+            cosign sign --yes ${IMAGE_PATH}@${DIGEST}
           done
 
   operator-images:

From 2d09ffde8fec2f2d629b9c1167d95bd23d48cbfe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Jul 2024 11:28:32 -0400
Subject: [PATCH 31/39] deps: bump github.com/aws/aws-sdk-go-v2/service/s3 from
 1.57.1 to 1.58.0 (#527)

Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.57.1 to 1.58.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/66f75b6c7fba726f68fbd28790b68ce1e6cbe050"><code>66f75b6</code></a>
Release 2024-07-02</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/607ebbf2c1801759227d8ff8560d493962b91d77"><code>607ebbf</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/23079711e886b1d295c9f9dcc9a64a76a1b0ec0f"><code>2307971</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/59bb031cb9935169618cc8237150f2154df079e4"><code>59bb031</code></a>
Release 2024-07-01</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/bdced9df4acc57b453ecba3747ec553fc62c9ad6"><code>bdced9d</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/ee8f0446c7418eed12862575f47b334dc9c9fdc6"><code>ee8f044</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/0eeba41ba755676d769c442c8fe21f80641f439b"><code>0eeba41</code></a>
Update API model</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.57.1...service/s3/v1.58.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.57.1&new-version=1.58.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 68136f1156..d1bf384466 100644
--- a/go.mod
+++ b/go.mod
@@ -276,7 +276,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.23
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb
 	github.com/cilium/ebpf v0.15.0
diff --git a/go.sum b/go.sum
index 706850408e..82b54323a4 100644
--- a/go.sum
+++ b/go.sum
@@ -123,8 +123,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF10
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 h1:Eq2THzHt6P41mpjS2sUzz/3dJYFRqdWZ+vQaEMm98EM=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13/go.mod h1:FgwTca6puegxgCInYwGjmd4tB9195Dd6LCuA+8MjpWw=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 h1:aHPtNY87GZ214N4rShgIo+5JQz7ICrJ50i17JbueUTw=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 h1:4rhV0Hn+bf8IAIUphRX1moBcEvKJipCPmswMCl6Q5mw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=

From d09b35587e2ed754ee9c3d59f37405f2d4f8b038 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Jul 2024 11:29:05 -0400
Subject: [PATCH 32/39] deps: bump go.opentelemetry.io/otel from 1.27.0 to
 1.28.0 (#528)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go)
from 1.27.0 to 1.28.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel's
changelog</a>.</em></p>
<blockquote>
<h2>[1.28.0/0.50.0/0.4.0] 2024-07-02</h2>
<h3>Added</h3>
<ul>
<li>The <code>IsEmpty</code> method is added to the
<code>Instrument</code> type in
<code>go.opentelemetry.io/otel/sdk/metric</code>.
This method is used to check if an <code>Instrument</code> instance is a
zero-value. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5431">#5431</a>)</li>
<li>Store and provide the emitted <code>context.Context</code> in
<code>ScopeRecords</code> of
<code>go.opentelemetry.io/otel/sdk/log/logtest</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5468">#5468</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.26.0</code> package.
The package contains semantic conventions from the <code>v1.26.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5476">#5476</a>)</li>
<li>The <code>AssertRecordEqual</code> method to
<code>go.opentelemetry.io/otel/log/logtest</code> to allow comparison of
two log records in tests. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5499">#5499</a>)</li>
<li>The <code>WithHeaders</code> option to
<code>go.opentelemetry.io/otel/exporters/zipkin</code> to allow
configuring custom http headers while exporting spans. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5530">#5530</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Tracer.Start</code> in
<code>go.opentelemetry.io/otel/trace/noop</code> no longer allocates a
span for empty span context. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5457">#5457</a>)</li>
<li>Upgrade <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.26.0</code> in
<code>go.opentelemetry.io/otel/example/otel-collector</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5490">#5490</a>)</li>
<li>Upgrade <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.26.0</code> in
<code>go.opentelemetry.io/otel/example/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5490">#5490</a>)</li>
<li>Upgrade <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.26.0</code> in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5490">#5490</a>)
<ul>
<li>The exporter no longer exports the deprecated
&quot;otel.library.name&quot; or &quot;otel.library.version&quot;
attributes.</li>
</ul>
</li>
<li>Upgrade <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.26.0</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5490">#5490</a>)</li>
<li>Upgrade <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.26.0</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5490">#5490</a>)</li>
<li><code>SimpleProcessor.OnEmit</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> no longer allocates a
slice which makes it possible to have a zero-allocation log processing
using <code>SimpleProcessor</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5493">#5493</a>)</li>
<li>Use non-generic functions in the <code>Start</code> method of
<code>&quot;go.opentelemetry.io/otel/sdk/trace&quot;.Trace</code> to
reduce memory allocation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5497">#5497</a>)</li>
<li><code>service.instance.id</code> is populated for a
<code>Resource</code> created with
<code>&quot;go.opentelemetry.io/otel/sdk/resource&quot;.Default</code>
with a default value when <code>OTEL_GO_X_RESOURCE</code> is set. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5520">#5520</a>)</li>
<li>Improve performance of metric instruments in
<code>go.opentelemetry.io/otel/sdk/metric</code> by removing unnecessary
calls to <code>time.Now</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5545">#5545</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Log a warning to the OpenTelemetry internal logger when a
<code>Record</code> in <code>go.opentelemetry.io/otel/sdk/log</code>
drops an attribute due to a limit being reached. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5376">#5376</a>)</li>
<li>Identify the <code>Tracer</code> returned from the global
<code>TracerProvider</code> in
<code>go.opentelemetry.io/otel/global</code> with its schema URL. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5426">#5426</a>)</li>
<li>Identify the <code>Meter</code> returned from the global
<code>MeterProvider</code> in
<code>go.opentelemetry.io/otel/global</code> with its schema URL. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5426">#5426</a>)</li>
<li>Log a warning to the OpenTelemetry internal logger when a
<code>Span</code> in <code>go.opentelemetry.io/otel/sdk/trace</code>
drops an attribute, event, or link due to a limit being reached. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5434">#5434</a>)</li>
<li>Document instrument name requirements in
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5435">#5435</a>)</li>
<li>Prevent random number generation data-race for experimental rand
exemplars in <code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5456">#5456</a>)</li>
<li>Fix counting number of dropped attributes of <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5464">#5464</a>)</li>
<li>Fix panic in baggage creation when a member contains
<code>0x80</code> char in key or value. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5494">#5494</a>)</li>
<li>Correct comments for the priority of the <code>WithEndpoint</code>
and <code>WithEndpointURL</code> options and their corresponding
environment variables in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5508">#5508</a>)</li>
<li>Retry trace and span ID generation if it generated an invalid one in
<code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5514">#5514</a>)</li>
<li>Fix stale timestamps reported by the last-value aggregation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5517">#5517</a>)</li>
<li>Indicate the <code>Exporter</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
must be created by the <code>New</code> method. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5521">#5521</a>)</li>
<li>Improved performance in all
<code>{Bool,Int64,Float64,String}SliceValue</code> functions of
<code>go.opentelemetry.io/attributes</code> by reducing the number of
allocations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5549">#5549</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/81216fb002a6a76d32fdab6ef999bcf65794130d"><code>81216fb</code></a>
Releases v1.28.0/v0.50.0/v0.4.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5569">#5569</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/8279a1a12efbd2221f1fc424d6a3cb96a42fa5a5"><code>8279a1a</code></a>
Add <a href="https://github.com/XSAM"><code>@​XSAM</code></a> and <a
href="https://github.com/dmathieu"><code>@​dmathieu</code></a> as
repository maintainers (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5558">#5558</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/cff1a2509ae9483660009a723ad9e429b1d8d70d"><code>cff1a25</code></a>
chore(deps): update otel/opentelemetry-collector-contrib docker tag to
v0.104...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/0485de287ec48767a58e9fc2eda30b3dc1836668"><code>0485de2</code></a>
Move time.Now call into exemplar reservoir to improve performance (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5545">#5545</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/1cefb17de7913dd3776f0bead0adfa7fef058bb9"><code>1cefb17</code></a>
chore(deps): update google.golang.org/genproto/googleapis/rpc digest to
f6361...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/874f2a2a39e30c0935f8b7f5271e67f38908a2f1"><code>874f2a2</code></a>
chore(deps): update google.golang.org/genproto/googleapis/api digest to
f6361...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b477e34939e2def529c95eb93883d67bdae8cfc1"><code>b477e34</code></a>
sdk/log: Add filtering Processor example (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5543">#5543</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/d7e5001b4d560292edc39697a1a235cacbea6ad0"><code>d7e5001</code></a>
sdk/log: Fix ExampleProcessor_redact to clone the record (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5559">#5559</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4987a1dd4b94781c1bce7c50dd4cf5b539469d37"><code>4987a1d</code></a>
Split the span start/end benchmarks and test start with links and
attributes ...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/82fe9aa1e35b45b6487bf9701f480a2847ee5280"><code>82fe9aa</code></a>
Generate <code>internal/transform</code> in <code>otlploggrpc</code> (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5553">#5553</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/otel&package-manager=go_modules&previous-version=1.27.0&new-version=1.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index d1bf384466..358677f6ab 100644
--- a/go.mod
+++ b/go.mod
@@ -230,7 +230,7 @@ require (
 
 require (
 	github.com/go-chi/chi v4.1.2+incompatible
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.6.0
@@ -300,9 +300,9 @@ require (
 	github.com/spf13/viper v1.19.0
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
 	go.etcd.io/etcd v3.3.27+incompatible
-	go.opentelemetry.io/otel v1.27.0
-	go.opentelemetry.io/otel/metric v1.27.0
-	go.opentelemetry.io/otel/trace v1.27.0
+	go.opentelemetry.io/otel v1.28.0
+	go.opentelemetry.io/otel/metric v1.28.0
+	go.opentelemetry.io/otel/trace v1.28.0
 	go.uber.org/mock v0.4.0
 	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
diff --git a/go.sum b/go.sum
index 82b54323a4..34e74e6f86 100644
--- a/go.sum
+++ b/go.sum
@@ -292,8 +292,8 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
@@ -836,18 +836,18 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
-go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY=
-go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
-go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
 go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
 go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
-go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
-go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
 go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=

From 4a72fb63e915eeca90b8446d4a8a7fc3ad906128 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jul 2024 14:07:50 -0400
Subject: [PATCH 33/39] deps: bump github.com/aws/aws-sdk-go-v2/config from
 1.27.23 to 1.27.24 (#533)

Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2)
from 1.27.23 to 1.27.24.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/9005edfbb1194c8f340b9bb7288698b58fc7274a"><code>9005edf</code></a>
Release 2024-07-03</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/4d2473c78acb422be1c24a901930a8fb16349694"><code>4d2473c</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/a04e14633d631a9ebf78d277232ce02b714ca15a"><code>a04e146</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/1dfec25b923b5e903d95b4fe34a0a5074a29e9de"><code>1dfec25</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/66f75b6c7fba726f68fbd28790b68ce1e6cbe050"><code>66f75b6</code></a>
Release 2024-07-02</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/607ebbf2c1801759227d8ff8560d493962b91d77"><code>607ebbf</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/23079711e886b1d295c9f9dcc9a64a76a1b0ec0f"><code>2307971</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/59bb031cb9935169618cc8237150f2154df079e4"><code>59bb031</code></a>
Release 2024-07-01</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/bdced9df4acc57b453ecba3747ec553fc62c9ad6"><code>bdced9d</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/ee8f0446c7418eed12862575f47b334dc9c9fdc6"><code>ee8f044</code></a>
Update endpoints model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.23...config/v1.27.24">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/config&package-manager=go_modules&previous-version=1.27.23&new-version=1.27.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 358677f6ab..89845c1c89 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
 	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -274,8 +274,8 @@ require (
 	github.com/Microsoft/hcsshim v0.12.0-rc.3
 	github.com/Sytten/logrus-zap-hook v0.1.0
 	github.com/aws/aws-sdk-go-v2 v1.30.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.23
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
+	github.com/aws/aws-sdk-go-v2/config v1.27.24
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.24
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0
 	github.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5
 	github.com/cilium/cilium v1.16.0-pre.1.0.20240403152809-b9853ecbcaeb
diff --git a/go.sum b/go.sum
index 34e74e6f86..2d055574a2 100644
--- a/go.sum
+++ b/go.sum
@@ -101,10 +101,10 @@ github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NP
 github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM=
-github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac=
-github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY=
+github.com/aws/aws-sdk-go-v2/config v1.27.24 h1:NM9XicZ5o1CBU/MZaHwFtimRpWx9ohAUAqkG6AqSqPo=
+github.com/aws/aws-sdk-go-v2/config v1.27.24/go.mod h1:aXzi6QJTuQRVVusAO8/NxpdTeTyr/wRcybdDtfUwJSs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.24 h1:YclAsrnb1/GTQNt2nzv+756Iw4mF8AOzcDfweWwwm/M=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.24/go.mod h1:Hld7tmnAkoBQdTMNYZGzztzKRdA4fCdn9L83LOoigac=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc=
@@ -127,8 +127,8 @@ github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 h1:4rhV0Hn+bf8IAIUphRX1moBcEvKJi
 github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 h1:ORnrOK0C4WmYV/uYt3koHEWBLYsRDwk2Np+eEoyV4Z0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ=
 github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=

From c04cd000610af6b4d63656419d193a6c98f007d6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Jul 2024 16:58:40 -0400
Subject: [PATCH 34/39] deps: bump golang.org/x/sys from 0.21.0 to 0.22.0
 (#534)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to
0.22.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/sys/commit/faed7ec2641160cebe7fdf3fa6d401d848d2710f"><code>faed7ec</code></a>
unix: add PthreadChdir and PthreadFchdir on darwin</li>
<li><a
href="https://github.com/golang/sys/commit/c892bb7ec2a2624d5417525f44698a5e241dfb04"><code>c892bb7</code></a>
unix: fix MmapPtr test failing on OpenBSD</li>
<li><a
href="https://github.com/golang/sys/commit/a0ef40af1f19dfed5b852735bcdebe22554248ce"><code>a0ef40a</code></a>
unix: fix MremapPtr test failing on NetBSD</li>
<li><a
href="https://github.com/golang/sys/commit/daa239428c2d61fe52eab0fce9e8d0921c9dbbed"><code>daa2394</code></a>
unix: add unsafe mmap, munmap, mremap</li>
<li><a
href="https://github.com/golang/sys/commit/76700875dfcc135287c18189252576117307b695"><code>7670087</code></a>
windows: add GetAce Windows API</li>
<li><a
href="https://github.com/golang/sys/commit/348425aa18d7aba1101fc962319ecb7f07879fe2"><code>348425a</code></a>
windows/svc: do not pass theService to
windows.RegisterServiceCtrlHandlerEx</li>
<li>See full diff in <a
href="https://github.com/golang/sys/compare/v0.21.0...v0.22.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/sys&package-manager=go_modules&previous-version=0.21.0&new-version=0.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 89845c1c89..4bdf0f6fbd 100644
--- a/go.mod
+++ b/go.mod
@@ -245,7 +245,7 @@ require (
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sync v0.7.0
-	golang.org/x/sys v0.21.0
+	golang.org/x/sys v0.22.0
 	golang.org/x/term v0.21.0 // indirect
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 2d055574a2..3e3213aeb9 100644
--- a/go.sum
+++ b/go.sum
@@ -997,8 +997,9 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 798448c573300a57765e85991906c2feaab934db Mon Sep 17 00:00:00 2001
From: Timm Hirsens <timmhirsens@gmail.com>
Date: Mon, 8 Jul 2024 19:20:16 +0200
Subject: [PATCH 35/39] fix: operator deployment ignores custom namespace
 (#531)

# Description

This fixes the operator deployment actually using the namespace defined
in the helm values. Without this fix, the deployment will fail, since
the configuration ConfigMap for the operator is deployed in the
specified namespace while the operator itself is deployed in
`kube-system`.

## Related Issue

Fixes #492

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [x] I have updated the documentation, if necessary.
- [x] I have added tests, if applicable.
---
 .../helm/retina/templates/operator/clusterrolebinding.yaml      | 2 +-
 .../controller/helm/retina/templates/operator/deployment.yaml   | 2 +-
 .../helm/retina/templates/operator/serviceaccount.yaml          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
index 09580886c7..3138f41fbf 100644
--- a/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/clusterrolebinding.yaml
@@ -17,6 +17,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: retina-operator
-  namespace: kube-system
+  namespace: {{ .Values.namespace }}
 
 {{- end -}}
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
index 7aed8c5281..60bbf52647 100644
--- a/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: retina-operator
-  namespace: kube-system
+  namespace: {{ .Values.namespace }}
   labels:
     app: retina-operator
     control-plane: retina-operator
diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
index 5bc62e53ba..161637850c 100644
--- a/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/serviceaccount.yaml
@@ -11,6 +11,6 @@ metadata:
     app.kubernetes.io/part-of: operator
     app.kubernetes.io/managed-by: kustomize
   name: retina-operator
-  namespace: kube-system
+  namespace: {{ .Values.namespace }}
 
 {{- end -}}

From 3f94dead11475eb3191bb9e1a00a96028d422a09 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 8 Jul 2024 21:08:43 +0000
Subject: [PATCH 36/39] fix operator crd create

---
 .../helm/retina/templates/operator/deployment.yaml          | 2 +-
 deploy/hubble/manifests/controller/helm/retina/values.yaml  | 2 +-
 operator/cilium-crds/k8s/apis/register.go                   | 6 +++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
index dff107a14f..307fa06350 100644
--- a/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
+++ b/deploy/hubble/manifests/controller/helm/retina/templates/operator/deployment.yaml
@@ -52,7 +52,7 @@ spec:
           name: retina-operator
           {{- if .Values.operator.container.command }}
           command:
-          {{- range Values.operator.container.command }}
+          {{- range .Values.operator.container.command }}
           - {{ . }}
           {{- end }}
           {{- end }}
diff --git a/deploy/hubble/manifests/controller/helm/retina/values.yaml b/deploy/hubble/manifests/controller/helm/retina/values.yaml
index 592e7d5bb5..e25da21497 100644
--- a/deploy/hubble/manifests/controller/helm/retina/values.yaml
+++ b/deploy/hubble/manifests/controller/helm/retina/values.yaml
@@ -25,7 +25,7 @@ operator:
     command:
       - "/retina-operator"
     args:
-      - "v2"
+      - "manage-cilium-crds"
       - "--config-dir"
       - "/retina"
 
diff --git a/operator/cilium-crds/k8s/apis/register.go b/operator/cilium-crds/k8s/apis/register.go
index 8e4b5c8476..ef0cd643c1 100644
--- a/operator/cilium-crds/k8s/apis/register.go
+++ b/operator/cilium-crds/k8s/apis/register.go
@@ -64,8 +64,12 @@ func createCustomResourceDefinitions(clientset apiextensionsclient.Interface) er
 			return createCRD(crd.Name, crd.FullName)(clientset)
 		})
 	}
+	
+    if err := g.Wait(); err != nil {
+        return fmt.Errorf("Unable to create CRD: %w", err)
+    }
 
-	return fmt.Errorf("Unable to create CRD: %w", g.Wait())
+    return nil
 }
 
 func customResourceDefinitionList() (map[string]*apisclient.CRDList, error) {

From b94040499dbbd75a6b08a56187cb2afab8b1b4d1 Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Mon, 8 Jul 2024 21:41:27 +0000
Subject: [PATCH 37/39] make fmt

---
 operator/cilium-crds/k8s/apis/register.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/operator/cilium-crds/k8s/apis/register.go b/operator/cilium-crds/k8s/apis/register.go
index ef0cd643c1..54429415e2 100644
--- a/operator/cilium-crds/k8s/apis/register.go
+++ b/operator/cilium-crds/k8s/apis/register.go
@@ -64,12 +64,12 @@ func createCustomResourceDefinitions(clientset apiextensionsclient.Interface) er
 			return createCRD(crd.Name, crd.FullName)(clientset)
 		})
 	}
-	
-    if err := g.Wait(); err != nil {
-        return fmt.Errorf("Unable to create CRD: %w", err)
-    }
 
-    return nil
+	if err := g.Wait(); err != nil {
+		return fmt.Errorf("Unable to create CRD: %w", err)
+	}
+
+	return nil
 }
 
 func customResourceDefinitionList() (map[string]*apisclient.CRDList, error) {

From 6dc50c6fc44c44593740a7d0d0e0a3bdafacd6bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Jul 2024 10:32:41 -0700
Subject: [PATCH 38/39] deps: bump aquasecurity/trivy-action from 0.23.0 to
 0.24.0 (#535)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action)
from 0.23.0 to 0.24.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.24.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade trivy to v0.53.0 by <a
href="https://github.com/Dr-DevOps"><code>@​Dr-DevOps</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/369">aquasecurity/trivy-action#369</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0">https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8"><code>6e7b7d1</code></a>
Upgrade trivy to v0.53.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/369">#369</a>)</li>
<li>See full diff in <a
href="https://github.com/aquasecurity/trivy-action/compare/7c2007bcb556501da015201bcba5aa14069b74e2...6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy-action&package-manager=github_actions&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/trivy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index a2875ce361..25e1291438 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -30,7 +30,7 @@ jobs:
           echo "TAG=$(make version)" >> $GITHUB_ENV
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
         with:
           image-ref: "ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ env.TAG }}"
           format: "template"

From fc51241a1ae11bf17b0187e850d5d4ddc686505e Mon Sep 17 00:00:00 2001
From: Jacques I Massa <jac.massa0908@gmail.com>
Date: Tue, 9 Jul 2024 20:37:47 +0000
Subject: [PATCH 39/39] add cert generation script

---
 Makefile         |  4 ++++
 get-certs.sh     | 30 ++++++++++++++++++++++++++++++
 operator/main.go |  1 -
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100755 get-certs.sh

diff --git a/Makefile b/Makefile
index 28c3d6142a..94ff37e062 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,10 @@ RMDIR := rm -rf
 ## Globals
 GIT_CURRENT_BRANCH_NAME	:= $(shell git rev-parse --abbrev-ref HEAD) 
 
+CERT_FILES := tls.crt:tls-client-cert-file \
+              tls.key:tls-client-key-file \
+              ca.crt:tls-ca-cert-files
+
 REPO_ROOT = $(shell git rev-parse --show-toplevel)
 ifndef TAG
 	TAG ?= $(shell git describe --tags --always)
diff --git a/get-certs.sh b/get-certs.sh
new file mode 100755
index 0000000000..880a77bdcb
--- /dev/null
+++ b/get-certs.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+set -x
+
+# Directory where certificates will be stored
+CERT_DIR="$(pwd)/.certs"
+mkdir -p "$CERT_DIR"
+
+declare -A CERT_FILES=(
+  ["tls.crt"]="tls-client-cert-file"
+  ["tls.key"]="tls-client-key-file"
+  ["ca.crt"]="tls-ca-cert-files"
+)
+
+for FILE in "${!CERT_FILES[@]}"; do
+  KEY="${CERT_FILES[$FILE]}"
+  JSONPATH="{.data['${FILE//./\\.}']}"
+
+  # Retrieve the secret and decode it
+  kubectl get secret hubble-relay-client-certs -n kube-system \
+    -o jsonpath="${JSONPATH}" | \
+    base64 -d > "$CERT_DIR/$FILE"
+
+  # Set the appropriate hubble CLI config
+  hubble config set "$KEY" "$CERT_DIR/$FILE"
+done
+
+hubble config set tls true
+hubble config set tls-server-name instance.hubble-relay.cilium.io
diff --git a/operator/main.go b/operator/main.go
index 385b7be07d..ea58c130a9 100644
--- a/operator/main.go
+++ b/operator/main.go
@@ -5,7 +5,6 @@ package main
 
 import "github.com/microsoft/retina/operator/cmd"
 
-
 func main() {
 	cmd.Execute()
 }