As mentioned in my previous post I would follow up with a tool for testing network policies. This tool is finally here and is available on github. It is written in python an available through install on PyPi.
The idea behind the tool is to ‘instrument’ pods by adding a debug container to them, and then from this debug container to do network checks. Then ‘all’ that remains is creating a input configuration file, parsing and validating it, running the tests, printing test results, etc.
All in all, most of the work went into finding out how to add a debug container to a pod using the kubernetes python API. This resulted in an issue to which I found a workaround myself.
Then most of the work went into validating the input using the python cerberus package together with my own validation checks on top. The rest was actually quite straightforward.