cilium
Check security identity as part of connectivity test
Apart from checking the drop reason and direction, it could be good to check the remote security identity. For that last one, it's probably enough to check that it is neither unknown nor a reserved identity unless expected. Checking the exact pod identity is probably overengineering/overtesting.
Checking the identity may help us catch cases where we dropped the packets because the identity resolution failed and it should have succeeded but failed to find a corresponding policy rule afterward. Definitely less important than checking the drop reason and direction.
Originally posted by @pchaigno in https://github.com/cilium/cilium-cli/issues/1046#issuecomment-1222332774
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has not seen any activity since it was marked stale. Closing.