github-actions[bot]
commented
3 weeks ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Open sayboras opened 2 years ago
github-actions[bot]
commented
3 weeks ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Apart from checking the drop reason and direction, it could be good to check the remote security identity. For that last one, it's probably enough to check that it is neither unknown nor a reserved identity unless expected. Checking the exact pod identity is probably overengineering/overtesting.
Checking the identity may help us catch cases where we dropped the packets because the identity resolution failed and it should have succeeded but failed to find a corresponding policy rule afterward. Definitely less important than checking the drop reason and direction.
Originally posted by @pchaigno in https://github.com/cilium/cilium-cli/issues/1046#issuecomment-1222332774