The netchecks operator:
- Listens for
NetworkAssertionresources across the kubernetes cluster and creates
Jobs) for each of them.
- Probe pods are created by the
CronJoband run the tests that make up a particular network assertion. External data may be mounted into the Pod for use by the probe.
- Listens for probe Pods created by the NetworkAssertion's CronJob and parses assertion results from the Pod logs.
- Creates and updates
PolicyReportresources for each NetworkAssertion in response to the assertion results.
Each probe pod uses the
netchecks docker image to run the tests that make up a particular network assertion.
netchecks image is based on the python:3.11-slim image.
Kyverno's PolicyReporter is optionally installed alongside Netchecks to provide a convenient way to expose metrics, view the results, and generate notifications.