Check security identity as part of connectivity test #1100
Labels
kind/enhancement
This would improve or streamline existing functionality.
Comments
sayboras
changed the title
pchaigno
added
the
kind/enhancement
|
This issue has been automatically marked as stale because it has not |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Apart from checking the drop reason and direction, it could be good to check the remote security identity. For that last one, it's probably enough to check that it is neither unknown nor a reserved identity unless expected. Checking the exact pod identity is probably overengineering/overtesting.
Checking the identity may help us catch cases where we dropped the packets because the identity resolution failed and it should have succeeded but failed to find a corresponding policy rule afterward. Definitely less important than checking the drop reason and direction.
Originally posted by @pchaigno in #1046 (comment)
The text was updated successfully, but these errors were encountered: