{"id":1707,"date":"2022-08-09T13:36:36","date_gmt":"2022-08-09T13:36:36","guid":{"rendered":"https:\/\/brakkee.org\/site\/?p=1707"},"modified":"2022-08-14T08:55:18","modified_gmt":"2022-08-14T08:55:18","slug":"kubernetes-network-policy-tester","status":"publish","type":"post","link":"https:\/\/brakkee.org\/site\/2022\/08\/09\/kubernetes-network-policy-tester\/","title":{"rendered":"Kubernetes Network Policy Tester"},"content":{"rendered":"<p>As mentioned in my <a href=\"https:\/\/brakkee.org\/site\/index.php\/2022\/07\/23\/securing-network-communication-on-kubernetes-using-network-policies\/\">previous post<\/a> I would follow up with a tool for testing network policies. This tool is finally here and is available <a href=\"https:\/\/github.com\/ErikEngerd\/policytester\">on github<\/a>. It is written in python an available through install on <a href=\"https:\/\/pypi.org\/project\/policytester\/\">PyPi<\/a>.<\/p>\n<p><!--more--><\/p>\n<p>The idea behind the tool is to &#8216;instrument&#8217; pods by adding a debug container to them, and then from this debug container to do network checks. Then &#8216;all&#8217; that remains is creating a input configuration file, parsing and validating it, running the tests, printing test results, etc.<\/p>\n<p>All in all, most of the work went into finding out how to add a debug container to a pod using the kubernetes python API. This resulted in an <a href=\"https:\/\/github.com\/kubernetes-client\/python\/issues\/1859\">issue<\/a> to which I found a workaround myself.<\/p>\n<p>Then most of the work went into validating the input using the python <a href=\"https:\/\/docs.python-cerberus.org\/en\/stable\/\">cerberus<\/a> package together with my own validation checks on top. The rest was actually quite straightforward.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As mentioned in my previous post I would follow up with a tool for testing network policies. This tool is finally here and is available on github. It is written in python an available through install on PyPi.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/posts\/1707"}],"collection":[{"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/comments?post=1707"}],"version-history":[{"count":8,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/posts\/1707\/revisions"}],"predecessor-version":[{"id":1718,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/posts\/1707\/revisions\/1718"}],"wp:attachment":[{"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/media?parent=1707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/categories?post=1707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brakkee.org\/site\/wp-json\/wp\/v2\/tags?post=1707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}