github.phpd.cn/cilium/cilium@v1.6.12/Documentation/cmdref/cilium_policy_trace.md

github.phpd.cn/cilium/cilium@v1.6.12/Documentation/cmdref/cilium_policy_trace.md (about)

     1  <!-- This file was autogenerated via cilium cmdref, do not edit manually-->
     2  
     3  ## cilium policy trace
     4  
     5  Trace a policy decision
     6  
     7  ### Synopsis
     8  
     9  Verifies if the source is allowed to consume
    10  destination. Source / destination can be provided as endpoint ID, security ID, Kubernetes Pod, YAML file, set of LABELs. LABEL is represented as
    11  SOURCE:KEY[=VALUE].
    12  dports can be can be for example: 80/tcp, 53 or 23/udp.
    13  If multiple sources and / or destinations are provided, each source is tested whether there is a policy allowing traffic between it and each destination.
    14  --src-k8s-pod and --dst-k8s-pod requires cilium-agent to be running with disable-endpoint-crd option set to "false".
    15  
    16  ```
    17  cilium policy trace ( -s <label context> | --src-identity <security identity> | --src-endpoint <endpoint ID> | --src-k8s-pod <namespace:pod-name> | --src-k8s-yaml <path to YAML file> ) ( -d <label context> | --dst-identity <security identity> | --dst-endpoint <endpoint ID> | --dst-k8s-pod <namespace:pod-name> | --dst-k8s-yaml <path to YAML file>) [--dport <port>[/<protocol>] [flags]
    18  ```
    19  
    20  ### Options
    21  
    22  ```
    23        --dport strings         L4 destination port to search on outgoing traffic of the source label context and on incoming traffic of the destination label context
    24    -d, --dst strings           Destination label context
    25        --dst-endpoint string   Destination endpoint
    26        --dst-identity int      Destination identity (default -1)
    27        --dst-k8s-pod string    Destination k8s pod ([namespace:]podname)
    28        --dst-k8s-yaml string   Path to YAML file for destination
    29    -h, --help                  help for trace
    30    -o, --output string         json| jsonpath='{}'
    31    -s, --src strings           Source label context
    32        --src-endpoint string   Source endpoint
    33        --src-identity int      Source identity (default -1)
    34        --src-k8s-pod string    Source k8s pod ([namespace:]podname)
    35        --src-k8s-yaml string   Path to YAML file for source
    36    -v, --verbose               Set tracing to TRACE_VERBOSE
    37  ```
    38  
    39  ### Options inherited from parent commands
    40  
    41  ```
    42        --config string   config file (default is $HOME/.cilium.yaml)
    43    -D, --debug           Enable debug messages
    44    -H, --host string     URI to server-side API
    45  ```
    46  
    47  ### SEE ALSO
    48  
    49  * [cilium policy](../cilium_policy)	 - Manage security policies
    50