Merge remote-tracking branch 'tmp/master' into import-cyclonus-to-api2

.github/workflows/go.yml

@@ -0,0 +1,30 @@
+name: Go
+
+on:
+  workflow_dispatch:
+#  push:
+  pull_request:
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.16
+
+    - name: Build
+      run: go build -v ./cmd/cyclonus/main.go
+
+    - name: Format
+      run: go fmt ./cmd/... ./pkg/...
+
+    - name: Vet
+      run: go vet -v ./cmd/... ./pkg/...
+
+    - name: Test
+      run: go test -v ./pkg/...

.github/workflows/kind_antrea.yml

@@ -0,0 +1,17 @@
+name: Kind Antrea Cyclonus
+on:
+  workflow_dispatch:
+#  schedule:
+    # See https://crontab.guru/#0_0_*_*_0:
+    #   At 00:00 on Sunday.
+#    - cron: '0 0 * * 0'
+
+jobs:
+  test-kind-antrea:
+    name: Run Cyclonus on KinD/Antrea
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=antrea RUN_FROM_SOURCE=true ./run-cyclonus.sh

.github/workflows/kind_calico.yml

@@ -0,0 +1,16 @@
+name: Kind Calico Cyclonus
+on:
+  workflow_dispatch:
+#  schedule:
+    # At 01:00 on Sunday.
+#    - cron: '0 1 * * 0'
+
+jobs:
+  test-kind-calico:
+    name: Run Cyclonus on KinD/Calico
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=calico RUN_FROM_SOURCE=true ./run-cyclonus.sh

.github/workflows/kind_cilium.yml

@@ -0,0 +1,16 @@
+name: Kind Cilium Cyclonus
+on:
+  workflow_dispatch:
+#  schedule:
+    # At 03:00 on Sunday.
+#    - cron: '0 3 * * 0'
+
+jobs:
+  test-kind-cilium:
+    name: Run Cyclonus on KinD/Cilium
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=cilium RUN_FROM_SOURCE=true ./run-cyclonus.sh

.github/workflows/kind_cni_from_job.yml

@@ -0,0 +1,17 @@
+name: Kind CNI From Job
+on:
+  workflow_dispatch:
+    inputs:
+      cni:
+        required: true
+
+jobs:
+  test-kind-calico:
+    name: Run Cyclonus on KinD
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=${{ github.event.inputs.cni }} RUN_FROM_SOURCE=false ./run-cyclonus.sh

.github/workflows/kind_cni_from_source.yml

@@ -0,0 +1,25 @@
+name: Kind CNI From Source
+on:
+  workflow_dispatch:
+    inputs:
+      cni:
+        required: true
+      cyclonus_args:
+        required: false
+        default: "generate include --conflict --job-timeout-seconds 2"
+
+jobs:
+  test-kind-calico:
+    name: Run Cyclonus on KinD
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=${{ github.event.inputs.cni }} RUN_FROM_SOURCE=true FROM_SOURCE_ARGS="${{ github.event.inputs.cyclonus_args }}" ./run-cyclonus.sh

.github/workflows/kind_ovn.yml

@@ -0,0 +1,18 @@
+name: Kind Ovn Cyclonus
+on:
+  workflow_dispatch:
+#  schedule:
+    # See https://crontab.guru/#0_2_*_*_0:
+    #   At 02:00 on Sunday.
+#    - cron: '0 2 * * 0'
+
+jobs:
+  test-kind-ovn-kubernetes:
+    name: Run Cyclonus on KinD/Ovn
+    timeout-minutes: 250
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Cyclonus
+        working-directory: hack/kind
+        run: CNI=ovn-kubernetes RUN_FROM_SOURCE=true ./run-cyclonus.sh

.gitignore

@@ -1 +1,5 @@
+ignore/
+
 .idea/
+
+dist/

.goreleaser.yml

@@ -0,0 +1,60 @@
+project_name: cyclonus
+release:
+  github:
+    owner: mattfenwick
+    name: Cyclonus
+builds:
+  - id: cyclonus
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+    env:
+      - CGO_ENABLED=0
+    main: cmd/cyclonus/main.go
+    ldflags: -s -w
+      -X github.com/mattfenwick/cyclonus/pkg/cli.version={{.Version}}
+      -X github.com/mattfenwick/cyclonus/pkg/cli.gitSHA={{.Commit}}
+      -X github.com/mattfenwick/cyclonus/pkg/cli.buildTime={{.Date}}
+      -extldflags "-static"
+    flags: -tags netgo -installsuffix netgo
+    binary: "cyclonus"
+    hooks: {}
+dockers:
+  -
+    goos: linux
+    goarch: amd64
+    goarm: ''
+    ids:
+      - cyclonus
+    image_templates:
+      - "mfenwick100/cyclonus:latest"
+      - "mfenwick100/cyclonus:{{ .Tag }}"
+    skip_push: false
+    dockerfile: cmd/cyclonus/Dockerfile
+#    build_flag_templates:
+#      - "--label=org.opencontainers.image.created={{.Date}}"
+#      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+#      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+#      - "--label=org.opencontainers.image.version={{.Version}}"
+#      - "--pull"
+#      - "--platform=linux/arm64"
+archives:
+  - id: cyclonus
+    builds:
+      - cyclonus
+    format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    wrap_in_directory: true
+    name_template: '{{ .Binary }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+    files:
+      - LICENCE*
+      - README*
+      - CHANGELOG*
+checksum:
+  name_template: "cyclonus_{{ .RawVersion }}_checksums.txt"
+  algorithm: sha256

cyclonus/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Matt Fenwick
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cyclonus/Makefile

@@ -0,0 +1,12 @@
+test:
+	go test ./pkg/...
+
+fmt:
+	go fmt ./cmd/... ./pkg/...
+
+vet:
+	go vet ./cmd/... ./pkg/...
+
+cyclonus:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./cmd/cyclonus/cyclonus ./cmd/cyclonus
+	docker build -t docker.io/mfenwick100/cyclonus:latest ./cmd/cyclonus

cyclonus/README.md

@@ -0,0 +1,51 @@
+# Cyclonus
+
+## Network policy explainer, prober, and test case generator
+
+Parse, explain, and probe network policies to understand their implications and help design
+policies that suit your needs!
+
+## Quickstart
+
+Users: check out our [Quickstart guide](./docs/quickstart.md)
+
+Developers: check out our [Developer guide](./docs/developer-guide.md)
+
+Cyclonus functionality:
+
+ - [run a single network policy test on a cluster](./docs/probe.md)
+ - [run network policy conformance tests on a cluster](./docs/generator.md)
+ - [understand test runs](./docs/test-runs.md)
+ - [analyze network policies](./docs/analyze.md)
+
+
+## Integrations
+
+Cyclonus is available as a [**krew/kubectl plugin**](https://github.com/mattfenwick/kubectl-cyclonus):
+
+ - [Set up krew](https://krew.sigs.k8s.io/docs/user-guide/quickstart/)
+ - install: `kubectl krew install cyclonus`
+ - use: `kubectl cyclonus -h`
+
+**Antrea testing**: [Cyclonus runs network policy tests for Antrea on a daily basis](https://github.com/vmware-tanzu/antrea/actions/workflows/netpol_cyclonus.yml).
+
+**Cilium testing**: [Cyclonus runs network policy tests for Cilium on a daily basis](https://github.com/cilium/cilium/pull/14889).
+
+**Sonobuoy plugin**: [run Cyclonus tests through Sonobuoy](./hack/sonobuoy).
+
+
+## Motivation and History
+
+Testing network policies for CNI providers on Kubernetes has historically been very difficult, requiring a lot of boiler plate.
+This was recently improved upstream via truth table based tests 
+([see KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1611-network-policy-validation)).
+Cyclonus is the next evolution of the truth table tests which are part of upstream Kubernetes.
+Cyclonus generates hundreds of network policies, their connectivity tables, and outputs results in the same, easy to read format.
+
+## Thanks to contributors
+
+ - @dougsland
+ - @jayunit100
+ - @johnSchnake
+ - @enhaocui
+ - @matmerr

cyclonus/cmd/cyclonus/Dockerfile

@@ -0,0 +1,5 @@
+FROM alpine:3.13
+
+ENTRYPOINT ["/cyclonus"]
+
+COPY cyclonus /

cyclonus/cmd/cyclonus/Dockerfile.windows

@@ -0,0 +1,8 @@
+FROM golang:windowsservercore-ltsc2022 AS builder
+WORKDIR /go/src/github.com/cyclonus/
+COPY . .
+RUN $Env:CGO_ENABLED=0; go build -v -o /cyclonus.exe ./cmd/cyclonus/
+
+FROM mcr.microsoft.com/windows/nanoserver:ltsc2022
+COPY --from=builder /cyclonus.exe cyclonus.exe
+CMD [ "cyclonus.exe" ] 

cyclonus/cmd/cyclonus/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"github.com/mattfenwick/cyclonus/pkg/cli"
+)
+
+func main() {
+	cli.RunRootCommand()
+}

cyclonus/cmd/recipes/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"github.com/mattfenwick/cyclonus/pkg/recipes"
+)
+
+func main() {
+	recipes.Run()
+}

cyclonus/cmd/worker/Dockerfile

@@ -0,0 +1,5 @@
+FROM k8s.gcr.io/e2e-test-images/agnhost:2.33
+
+ENTRYPOINT ["/worker"]
+
+COPY worker /

cyclonus/cmd/worker/build.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+set -xv
+
+CLUSTER=${CLUSTER:-netpol-calico}
+IMAGE=mfenwick100/cyclonus-worker:latest
+
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o worker ./main.go
+
+docker build -t $IMAGE .
+
+kind load docker-image $IMAGE --name "$CLUSTER"

cyclonus/cmd/worker/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"github.com/mattfenwick/cyclonus/pkg/worker"
+)
+
+func main() {
+	worker.Run()
+}