Ein Mann steht an einem Rednerpult vor Publikum

Network Policies Illuminatio

Trust is good, control is better – A short story about Network Policies.


Testing the effectiveness of Kubernetes Network Policies can be done using different approaches. In this talk Johannes Scheuermann and Maximilian Bischoff will show you the benefits and drawbacks of different methods and which solution we eventually chose.

Probably everybody who uses Kubernetes in a productive environment with multiple users has looked at policies. Often the operators of the cluster(s) just trust the policies but in some cases it might be useful to control if the policies actually have taken action and often there are just to many Policies in the cluster setup to manually test them all (and obviously you don’t want to do this). Testing the effectiveness of the Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose.

We will also present other tools and how they complement our solution. As a takeaway you will get an overview of different testing strategies for policies as well as understanding challenges in testing policies, in general and in the Kubernetes ecosystem. You will get a feeling that it’s not always the best idea to just trust other plugins to implement the policies correctly. Our solution is open-sourced at https://github.com/inovex/illuminatio/.

Event: inovex Online Meetup

Datum: 28.05.2020

Wie kann ich Sie unterstützen?

Igor Lankin

Head of Cloud Development