diff --git a/pkg/observer/observertesthelper/observer_test_helper.go b/pkg/observer/observertesthelper/observer_test_helper.go
index d7481f4ffda..4e90506c90a 100644
--- a/pkg/observer/observertesthelper/observer_test_helper.go
+++ b/pkg/observer/observertesthelper/observer_test_helper.go
@@ -35,6 +35,7 @@ import (
 	"github.com/cilium/tetragon/pkg/cilium"
 	"github.com/cilium/tetragon/pkg/exporter"
 	tetragonGrpc "github.com/cilium/tetragon/pkg/grpc"
+	"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
 	"github.com/cilium/tetragon/pkg/logger"
 	"github.com/cilium/tetragon/pkg/option"
 	"github.com/cilium/tetragon/pkg/process"
@@ -539,6 +540,10 @@ func (f *fakeK8sWatcher) FindServiceByIP(ip string) ([]*corev1.Service, error) {
 	return nil, fmt.Errorf("service with IP %s not found", ip)
 }
 
+func (f *fakeK8sWatcher) FindPodInfoByIP(ip string) ([]*v1alpha1.PodInfo, error) {
+	return nil, fmt.Errorf("PodInfo with IP %s not found", ip)
+}
+
 // Used to wait for a process to start, we do a lookup on PROCFS because this
 // may be called before obs is created.
 func WaitForProcess(process string) error {
diff --git a/pkg/watcher/fake.go b/pkg/watcher/fake.go
index cc6cf0e8d58..aa302fe4cc5 100644
--- a/pkg/watcher/fake.go
+++ b/pkg/watcher/fake.go
@@ -6,6 +6,7 @@ package watcher
 import (
 	"fmt"
 
+	"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -71,3 +72,7 @@ func (watcher *FakeK8sWatcher) AddService(service *corev1.Service) {
 func (watcher *FakeK8sWatcher) ClearAllServices() {
 	watcher.services = nil
 }
+
+func (watcher *FakeK8sWatcher) FindPodInfoByIP(ip string) ([]*v1alpha1.PodInfo, error) {
+	return nil, fmt.Errorf("PodInfo with IP %q not found", ip)
+}
diff --git a/pkg/watcher/watcher.go b/pkg/watcher/watcher.go
index 9506843d5cc..8e5431d58db 100644
--- a/pkg/watcher/watcher.go
+++ b/pkg/watcher/watcher.go
@@ -10,15 +10,18 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	"github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned"
+	"github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake"
+	"github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions"
 	"github.com/cilium/tetragon/pkg/logger"
 	"github.com/cilium/tetragon/pkg/podhooks"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
-
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -26,11 +29,13 @@ const (
 	containerIdx   = "containers-ids"
 	podIdx         = "pod-ids"
 	serviceIPsIdx  = "service-ips"
+	podInfoIPsIdx  = "pod-info-ips"
 )
 
 var (
 	errNoPod     = errors.New("object is not a *corev1.Pod")
 	errNoService = errors.New("object is not a *corev1.Service")
+	errNoPodInfo = errors.New("object is not a *PodInfo")
 )
 
 // K8sResourceWatcher defines an interface for accessing various resources from Kubernetes API.
@@ -43,12 +48,16 @@ type K8sResourceWatcher interface {
 
 	// FindServiceByIP finds a service given the IP address.
 	FindServiceByIP(ip string) ([]*corev1.Service, error)
+
+	// FindPodInfoByIP finds a service given the IP address.
+	FindPodInfoByIP(ip string) ([]*v1alpha1.PodInfo, error)
 }
 
 // K8sWatcher maintains a local cache of k8s resources.
 type K8sWatcher struct {
 	podInformer     cache.SharedIndexInformer
 	serviceInformer cache.SharedIndexInformer
+	podInfoInformer cache.SharedIndexInformer
 }
 
 func podIndexFunc(obj interface{}) ([]string, error) {
@@ -115,8 +124,26 @@ func serviceIPIndexFunc(obj interface{}) ([]string, error) {
 	return nil, fmt.Errorf("%w - found %T", errNoService, obj)
 }
 
+// podInfoIPIndexFunc indexes services by their IP addresses
+func podInfoIPIndexFunc(obj interface{}) ([]string, error) {
+	switch t := obj.(type) {
+	case *v1alpha1.PodInfo:
+		var ips []string
+		for _, ip := range t.Status.PodIPs {
+			ips = append(ips, ip.IP)
+		}
+		return ips, nil
+	}
+	return nil, fmt.Errorf("%w - found %T", errNoPodInfo, obj)
+}
+
 // NewK8sWatcher returns a pointer to an initialized K8sWatcher struct.
 func NewK8sWatcher(k8sClient kubernetes.Interface, stateSyncIntervalSec time.Duration) *K8sWatcher {
+	return NewK8sWatcherWithTetragonClient(k8sClient, fake.NewSimpleClientset(), stateSyncIntervalSec)
+}
+
+// NewK8sWatcherWithTetragonClient returns a pointer to an initialized K8sWatcher struct.
+func NewK8sWatcherWithTetragonClient(k8sClient kubernetes.Interface, tetragonClient versioned.Interface, stateSyncIntervalSec time.Duration) *K8sWatcher {
 	nodeName := os.Getenv("NODE_NAME")
 	if nodeName == "" {
 		logger.GetLogger().Warn("env var NODE_NAME not specified, K8s watcher will not work as expected")
@@ -150,15 +177,29 @@ func NewK8sWatcher(k8sClient kubernetes.Interface, stateSyncIntervalSec time.Dur
 		panic(err)
 	}
 
+	podInfoInformerFactory := externalversions.NewSharedInformerFactory(tetragonClient, stateSyncIntervalSec)
+	podInfoInformer := podInfoInformerFactory.Cilium().V1alpha1().PodInfo().Informer()
+	err = podInfoInformer.AddIndexers(map[string]cache.IndexFunc{
+		podInfoIPsIdx: podInfoIPIndexFunc,
+	})
+	if err != nil {
+		// Panic during setup since this should never fail, if it fails is a
+		// developer mistake.
+		panic(err)
+	}
+
 	podhooks.InstallHooks(podInformer)
 
 	k8sInformerFactory.Start(wait.NeverStop)
 	k8sInformerFactory.WaitForCacheSync(wait.NeverStop)
 	serviceInformerFactory.Start(wait.NeverStop)
 	serviceInformerFactory.WaitForCacheSync(wait.NeverStop)
+	podInfoInformerFactory.Start(wait.NeverStop)
+	podInfoInformerFactory.WaitForCacheSync(wait.NeverStop)
 	logger.GetLogger().WithField("num_pods", len(podInformer.GetStore().ListKeys())).Info("Initialized pod cache")
 	logger.GetLogger().WithField("num_services", len(serviceInformer.GetStore().ListKeys())).Info("Initialized service cache")
-	return &K8sWatcher{podInformer, serviceInformer}
+	logger.GetLogger().WithField("num_pod_info", len(podInfoInformer.GetStore().ListKeys())).Info("Initialized pod info cache")
+	return &K8sWatcher{podInformer, serviceInformer, podInfoInformer}
 }
 
 // FindContainer implements K8sResourceWatcher.FindContainer.
@@ -260,3 +301,22 @@ func (watcher *K8sWatcher) FindServiceByIP(ip string) ([]*corev1.Service, error)
 	}
 	return services, nil
 }
+
+func (watcher *K8sWatcher) FindPodInfoByIP(ip string) ([]*v1alpha1.PodInfo, error) {
+	objs, err := watcher.podInfoInformer.GetIndexer().ByIndex(podInfoIPsIdx, ip)
+	if err != nil {
+		return nil, fmt.Errorf("pod info watcher returned: %w", err)
+	}
+	if len(objs) == 0 {
+		return nil, fmt.Errorf("PodInfo with IP %s not found", ip)
+	}
+	var podInfo []*v1alpha1.PodInfo
+	for _, obj := range objs {
+		service, ok := obj.(*v1alpha1.PodInfo)
+		if !ok {
+			return nil, fmt.Errorf("unexpected type %t", objs[0])
+		}
+		podInfo = append(podInfo, service)
+	}
+	return podInfo, nil
+}
diff --git a/pkg/watcher/watcher_test.go b/pkg/watcher/watcher_test.go
index 2058556c4e1..ec080c18e48 100644
--- a/pkg/watcher/watcher_test.go
+++ b/pkg/watcher/watcher_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	fakeTetragon "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake"
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,3 +48,39 @@ func TestFindServiceByIP(t *testing.T) {
 	assert.Len(t, res, 1)
 	assert.Equal(t, "svc3", res[0].Name)
 }
+
+func TestPodInfoByIP(t *testing.T) {
+	ctx := context.Background()
+	k8sClient := fake.NewSimpleClientset()
+	tetragonClient := fakeTetragon.NewSimpleClientset()
+	watcher := NewK8sWatcherWithTetragonClient(k8sClient, tetragonClient, 0)
+	pod1 := v1alpha1.PodInfo{
+		ObjectMeta: metav1.ObjectMeta{Name: "pod1"},
+		Status:     v1alpha1.PodInfoStatus{PodIPs: []v1alpha1.PodIP{{IP: "1.1.1.1"}}},
+	}
+	pod2 := v1alpha1.PodInfo{
+		ObjectMeta: metav1.ObjectMeta{Name: "pod2"},
+		Status:     v1alpha1.PodInfoStatus{PodIPs: []v1alpha1.PodIP{{IP: "2.2.2.2"}}},
+	}
+	pod3 := v1alpha1.PodInfo{
+		ObjectMeta: metav1.ObjectMeta{Name: "pod3"},
+		Status:     v1alpha1.PodInfoStatus{PodIPs: []v1alpha1.PodIP{{IP: "3.3.3.3"}, {IP: "4.4.4.4"}}},
+	}
+	_, err := tetragonClient.CiliumV1alpha1().PodInfo("my-ns").Create(ctx, &pod1, metav1.CreateOptions{})
+	assert.NoError(t, err)
+	_, err = tetragonClient.CiliumV1alpha1().PodInfo("my-ns").Create(ctx, &pod2, metav1.CreateOptions{})
+	assert.NoError(t, err)
+	_, err = tetragonClient.CiliumV1alpha1().PodInfo("my-ns").Create(ctx, &pod3, metav1.CreateOptions{})
+	assert.NoError(t, err)
+	assert.Eventually(t, func() bool { return len(watcher.podInfoInformer.GetStore().List()) == 3 }, 10*time.Second, 1*time.Second)
+	res, err := watcher.FindPodInfoByIP("1.1.1.1")
+	assert.NoError(t, err)
+	assert.Len(t, res, 1)
+	assert.Equal(t, "pod1", res[0].Name)
+	res, err = watcher.FindPodInfoByIP("4.4.4.4")
+	assert.NoError(t, err)
+	assert.Len(t, res, 1)
+	assert.Equal(t, "pod3", res[0].Name)
+	_, err = watcher.FindPodInfoByIP("5.5.5.5")
+	assert.Error(t, err)
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go
new file mode 100644
index 00000000000..4cb28652cec
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	clientset "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned"
+	ciliumv1alpha1 "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1"
+	fakeciliumv1alpha1 "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/watch"
+	"k8s.io/client-go/discovery"
+	fakediscovery "k8s.io/client-go/discovery/fake"
+	"k8s.io/client-go/testing"
+)
+
+// NewSimpleClientset returns a clientset that will respond with the provided objects.
+// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
+// without applying any validations and/or defaults. It shouldn't be considered a replacement
+// for a real clientset and is mostly useful in simple unit tests.
+func NewSimpleClientset(objects ...runtime.Object) *Clientset {
+	o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
+	for _, obj := range objects {
+		if err := o.Add(obj); err != nil {
+			panic(err)
+		}
+	}
+
+	cs := &Clientset{tracker: o}
+	cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
+	cs.AddReactor("*", "*", testing.ObjectReaction(o))
+	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
+		gvr := action.GetResource()
+		ns := action.GetNamespace()
+		watch, err := o.Watch(gvr, ns)
+		if err != nil {
+			return false, nil, err
+		}
+		return true, watch, nil
+	})
+
+	return cs
+}
+
+// Clientset implements clientset.Interface. Meant to be embedded into a
+// struct to get a default implementation. This makes faking out just the method
+// you want to test easier.
+type Clientset struct {
+	testing.Fake
+	discovery *fakediscovery.FakeDiscovery
+	tracker   testing.ObjectTracker
+}
+
+func (c *Clientset) Discovery() discovery.DiscoveryInterface {
+	return c.discovery
+}
+
+func (c *Clientset) Tracker() testing.ObjectTracker {
+	return c.tracker
+}
+
+var (
+	_ clientset.Interface = &Clientset{}
+	_ testing.FakeClient  = &Clientset{}
+)
+
+// CiliumV1alpha1 retrieves the CiliumV1alpha1Client
+func (c *Clientset) CiliumV1alpha1() ciliumv1alpha1.CiliumV1alpha1Interface {
+	return &fakeciliumv1alpha1.FakeCiliumV1alpha1{Fake: &c.Fake}
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/doc.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/doc.go
new file mode 100644
index 00000000000..9b4fecfef2b
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/doc.go
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated fake clientset.
+package fake
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/register.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/register.go
new file mode 100644
index 00000000000..7c4ea8398e2
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake/register.go
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	ciliumv1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+)
+
+var scheme = runtime.NewScheme()
+var codecs = serializer.NewCodecFactory(scheme)
+
+var localSchemeBuilder = runtime.SchemeBuilder{
+	ciliumv1alpha1.AddToScheme,
+}
+
+// AddToScheme adds all types of this clientset into the given scheme. This allows composition
+// of clientsets, like in:
+//
+//	import (
+//	  "k8s.io/client-go/kubernetes"
+//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
+//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
+//	)
+//
+//	kclientset, _ := kubernetes.NewForConfig(c)
+//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
+//
+// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
+// correctly.
+var AddToScheme = localSchemeBuilder.AddToScheme
+
+func init() {
+	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
+	utilruntime.Must(AddToScheme(scheme))
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/doc.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/doc.go
new file mode 100644
index 00000000000..b26f3ccd0bf
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/doc.go
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_cilium.io_client.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_cilium.io_client.go
new file mode 100644
index 00000000000..d91edfe95e4
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_cilium.io_client.go
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1"
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+)
+
+type FakeCiliumV1alpha1 struct {
+	*testing.Fake
+}
+
+func (c *FakeCiliumV1alpha1) PodInfo(namespace string) v1alpha1.PodInfoInterface {
+	return &FakePodInfo{c, namespace}
+}
+
+func (c *FakeCiliumV1alpha1) TracingPolicies() v1alpha1.TracingPolicyInterface {
+	return &FakeTracingPolicies{c}
+}
+
+func (c *FakeCiliumV1alpha1) TracingPoliciesNamespaced(namespace string) v1alpha1.TracingPolicyNamespacedInterface {
+	return &FakeTracingPoliciesNamespaced{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeCiliumV1alpha1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go
new file mode 100644
index 00000000000..b33229b2114
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakePodInfo implements PodInfoInterface
+type FakePodInfo struct {
+	Fake *FakeCiliumV1alpha1
+	ns   string
+}
+
+var podinfoResource = v1alpha1.SchemeGroupVersion.WithResource("podinfo")
+
+var podinfoKind = v1alpha1.SchemeGroupVersion.WithKind("PodInfo")
+
+// Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any.
+func (c *FakePodInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(podinfoResource, c.ns, name), &v1alpha1.PodInfo{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PodInfo), err
+}
+
+// List takes label and field selectors, and returns the list of PodInfo that match those selectors.
+func (c *FakePodInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(podinfoResource, podinfoKind, c.ns, opts), &v1alpha1.PodInfoList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PodInfoList{ListMeta: obj.(*v1alpha1.PodInfoList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PodInfoList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested podInfo.
+func (c *FakePodInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(podinfoResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a podInfo and creates it.  Returns the server's representation of the podInfo, and an error, if there is any.
+func (c *FakePodInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PodInfo), err
+}
+
+// Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any.
+func (c *FakePodInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PodInfo), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakePodInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(podinfoResource, "status", c.ns, podInfo), &v1alpha1.PodInfo{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PodInfo), err
+}
+
+// Delete takes name of the podInfo and deletes it. Returns an error if one occurs.
+func (c *FakePodInfo) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(podinfoResource, c.ns, name, opts), &v1alpha1.PodInfo{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePodInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(podinfoResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PodInfoList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched podInfo.
+func (c *FakePodInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(podinfoResource, c.ns, name, pt, data, subresources...), &v1alpha1.PodInfo{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PodInfo), err
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go
new file mode 100644
index 00000000000..d0d0e206217
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go
@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeTracingPolicies implements TracingPolicyInterface
+type FakeTracingPolicies struct {
+	Fake *FakeCiliumV1alpha1
+}
+
+var tracingpoliciesResource = v1alpha1.SchemeGroupVersion.WithResource("tracingpolicies")
+
+var tracingpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("TracingPolicy")
+
+// Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any.
+func (c *FakeTracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(tracingpoliciesResource, name), &v1alpha1.TracingPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicy), err
+}
+
+// List takes label and field selectors, and returns the list of TracingPolicies that match those selectors.
+func (c *FakeTracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(tracingpoliciesResource, tracingpoliciesKind, opts), &v1alpha1.TracingPolicyList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.TracingPolicyList{ListMeta: obj.(*v1alpha1.TracingPolicyList).ListMeta}
+	for _, item := range obj.(*v1alpha1.TracingPolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested tracingPolicies.
+func (c *FakeTracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(tracingpoliciesResource, opts))
+}
+
+// Create takes the representation of a tracingPolicy and creates it.  Returns the server's representation of the tracingPolicy, and an error, if there is any.
+func (c *FakeTracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicy), err
+}
+
+// Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any.
+func (c *FakeTracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicy), err
+}
+
+// Delete takes name of the tracingPolicy and deletes it. Returns an error if one occurs.
+func (c *FakeTracingPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(tracingpoliciesResource, name, opts), &v1alpha1.TracingPolicy{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeTracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(tracingpoliciesResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched tracingPolicy.
+func (c *FakeTracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(tracingpoliciesResource, name, pt, data, subresources...), &v1alpha1.TracingPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicy), err
+}
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go
new file mode 100644
index 00000000000..aee9d1daa68
--- /dev/null
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go
@@ -0,0 +1,116 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeTracingPoliciesNamespaced implements TracingPolicyNamespacedInterface
+type FakeTracingPoliciesNamespaced struct {
+	Fake *FakeCiliumV1alpha1
+	ns   string
+}
+
+var tracingpoliciesnamespacedResource = v1alpha1.SchemeGroupVersion.WithResource("tracingpoliciesnamespaced")
+
+var tracingpoliciesnamespacedKind = v1alpha1.SchemeGroupVersion.WithKind("TracingPolicyNamespaced")
+
+// Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any.
+func (c *FakeTracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(tracingpoliciesnamespacedResource, c.ns, name), &v1alpha1.TracingPolicyNamespaced{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicyNamespaced), err
+}
+
+// List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors.
+func (c *FakeTracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(tracingpoliciesnamespacedResource, tracingpoliciesnamespacedKind, c.ns, opts), &v1alpha1.TracingPolicyNamespacedList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.TracingPolicyNamespacedList{ListMeta: obj.(*v1alpha1.TracingPolicyNamespacedList).ListMeta}
+	for _, item := range obj.(*v1alpha1.TracingPolicyNamespacedList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced.
+func (c *FakeTracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(tracingpoliciesnamespacedResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a tracingPolicyNamespaced and creates it.  Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any.
+func (c *FakeTracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicyNamespaced), err
+}
+
+// Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any.
+func (c *FakeTracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicyNamespaced), err
+}
+
+// Delete takes name of the tracingPolicyNamespaced and deletes it. Returns an error if one occurs.
+func (c *FakeTracingPoliciesNamespaced) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(tracingpoliciesnamespacedResource, c.ns, name, opts), &v1alpha1.TracingPolicyNamespaced{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeTracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(tracingpoliciesnamespacedResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyNamespacedList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched tracingPolicyNamespaced.
+func (c *FakeTracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(tracingpoliciesnamespacedResource, c.ns, name, pt, data, subresources...), &v1alpha1.TracingPolicyNamespaced{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.TracingPolicyNamespaced), err
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 54bdc249d87..e315dd17a86 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -230,8 +230,10 @@ github.com/cilium/tetragon/pkg/k8s/apis/cilium.io
 github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client
 github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1
 github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned
+github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/fake
 github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme
 github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1
+github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake
 github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions
 github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/cilium.io
 github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/cilium.io/v1alpha1