Parse, explain, and probe network policies to understand their implications and help design policies that suit your needs!
Users: check out our Quickstart guide
Developers: check out our Developer guide
Cyclonus functionality:
- run a single network policy test on a cluster
- run network policy conformance tests on a cluster
- understand test runs
- analyze network policies
Cyclonus is available as a krew/kubectl plugin:
- Set up krew
- install:
kubectl krew install cyclonus - use:
kubectl cyclonus -h
Antrea testing: Cyclonus runs network policy tests for Antrea on a daily basis.
Cilium testing: Cyclonus runs network policy tests for Cilium on a daily basis.
Sonobuoy plugin: run Cyclonus tests through Sonobuoy.
Testing network policies for CNI providers on Kubernetes has historically been very difficult, requiring a lot of boiler plate. This was recently improved upstream via truth table based tests (see KEP). Cyclonus is the next evolution of the truth table tests which are part of upstream Kubernetes. Cyclonus generates hundreds of network policies, their connectivity tables, and outputs results in the same, easy to read format.
- @dougsland
- @jayunit100
- @johnSchnake
- @enhaocui
- @matmerr