Tools for understanding, measuring, and applying network policies effectively in kubernetes
Parse, explain, and probe network policies to understand their implications and help design policies that suit your needs!
Users: check out the:
Developers: check out the Developer guide
cyclonus analyze
: leverage network policy engine to precisely understand your policies
cyclonus generate
: run network policy conformance test suites on a cluster
cyclonus probe
: run a single network policy test on a cluster
If you're looking for the official kubernetes network policy tool, check out: https://github.com/kubernetes-sigs/network-policy-api . Active development of network policy verification is continuing there.
https://github.com/mattfenwick/cyclonus will remain open and be used for research, experimentation, and hacking!
Cyclonus is available as a krew/kubectl plugin:
kubectl krew install cyclonus
kubectl cyclonus -h
Antrea testing: Cyclonus runs network policy tests for Antrea on a daily basis.
Cilium testing: Cyclonus runs network policy tests for Cilium on a daily basis.
Sonobuoy plugin: run Cyclonus tests through Sonobuoy.
Testing network policies for CNI providers on Kubernetes has historically been very difficult, requiring a lot of boilerplate.
This was recently improved upstream via truth table based tests:
Cyclonus is the next evolution: in addition to truth-table connectivity tests, it adds two new components:
Cyclonus aims to make network policies and implementations easy to understand, easy to use correctly, and easy to verify.