Is there an existing issue for this?

• I have searched the existing issues

What happened?

When doing cilium monitor --related-to 429 -t policy-verdict to monitor a certain endpoint, I see some requests being denied

Policy verdict log: flow 0x88362923 local EP ID 429, remote ID 6552143, proto 6, ingress, action deny, match none, 10.210.107.97:38764 -> 10.210.120.103:8080 tcp SYN
Policy verdict log: flow 0x34c4a2e6 local EP ID 429, remote ID 6552143, proto 6, ingress, action deny, match none, 10.210.107.97:38764 -> 10.210.120.103:8080 tcp SYN

But then when I try to verify what identity is 6552143 with cilium identity get 6552143 I got

Error: Cannot get identity for given ID 6552143: [GET /identity/{id}][404] getIdentityIdNotFound

Same request show as dropped in Hubble UI with the same identity. Since the identity is not found, I can’t make a policy to allow this traffic

Cilium Version

Client: 1.12.0 9447cd1 2022-07-19T12:22:00+02:00 go version go1.18.4 linux/amd64
Daemon: 1.12.0 9447cd1 2022-07-19T12:22:00+02:00 go version go1.18.4 linux/amd64

Kernel Version

Linux ip-10-210-119-39.eu-west-1.compute.internal 5.4.204-113.362.amzn2.x86_64 #1 SMP Wed Jul 13 21:34:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Kubernetes Version

Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.11-eks-18ef993", GitCommit:"b9628d6d3867ffd84c704af0befd31c7451cdc37", GitTreeState:"clean", BuildDate:"2022-07-06T18:06:23Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}

Sysdump

https://drive.google.com/file/d/13EFmujbyu8ljLOvWnrNvlf2PPnfAURQT/view?usp=sharing

Relevant log output

No response

Anything else?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct