cilium_policy_trace.md
<!-- This file was autogenerated via cilium cmdref, do not edit manually-->
## cilium policy trace
Trace a policy decision
### Synopsis
Verifies if the source is allowed to consume
destination. Source / destination can be provided as endpoint ID, security ID, Kubernetes Pod, YAML file, set of LABELs. LABEL is represented as
SOURCE:KEY[=VALUE].
dports can be can be for example: 80/tcp, 53 or 23/udp.
If multiple sources and / or destinations are provided, each source is tested whether there is a policy allowing traffic between it and each destination.
--src-k8s-pod and --dst-k8s-pod requires cilium-agent to be running with disable-endpoint-crd option set to "false".
```
cilium policy trace ( -s <label context> | --src-identity <security identity> | --src-endpoint <endpoint ID> | --src-k8s-pod <namespace:pod-name> | --src-k8s-yaml <path to YAML file> ) ( -d <label context> | --dst-identity <security identity> | --dst-endpoint <endpoint ID> | --dst-k8s-pod <namespace:pod-name> | --dst-k8s-yaml <path to YAML file>) [--dport <port>[/<protocol>] [flags]
```
### Options
```
--dport strings L4 destination port to search on outgoing traffic of the source label context and on incoming traffic of the destination label context
-d, --dst strings Destination label context
--dst-endpoint string Destination endpoint
--dst-identity int Destination identity (default -1)
--dst-k8s-pod string Destination k8s pod ([namespace:]podname)
--dst-k8s-yaml string Path to YAML file for destination
-h, --help help for trace
-o, --output string json| jsonpath='{}'
-s, --src strings Source label context
--src-endpoint string Source endpoint
--src-identity int Source identity (default -1)
--src-k8s-pod string Source k8s pod ([namespace:]podname)
--src-k8s-yaml string Path to YAML file for source
-v, --verbose Set tracing to TRACE_VERBOSE
```
### Options inherited from parent commands
```
--config string config file (default is $HOME/.cilium.yaml)
-D, --debug Enable debug messages
-H, --host string URI to server-side API
```
### SEE ALSO
* [cilium policy](../cilium_policy) - Manage security policies