Contributor Guide

Architecture guide

Netchecks runs in Kubernetes as an operator. The operator is implemented in Python using the kopf framework.

The netchecks operator:

  • Listens for NetworkAssertion resources across the kubernetes cluster and creates CronJobs (or Jobs) for each of them.
  • Probe pods are created by the CronJob and run the tests that make up a particular network assertion. External data may be mounted into the Pod for use by the probe.
  • Listens for probe Pods created by the NetworkAssertion's CronJob and parses assertion results from the Pod logs.
  • Creates and updates PolicyReport resources for each NetworkAssertion in response to the assertion results.

Each probe pod uses the netchecks docker image to run the tests that make up a particular network assertion.

The netchecks image is based on the python:3.11-slim image.

Kyverno's PolicyReporter is optionally installed alongside Netchecks to provide a convenient way to expose metrics, view the results, and generate notifications.

Previous
Development
Next
Testing