m/n/kubernetes/networkpolicy: add Cyclonus test suite This adds a test for the network policy controller, based on the Cyclonus test suite. Running Cyclonus on a real cluster takes multiple hours, as there are over 200 test cases, each of which takes around 1 minute. The test implemented here uses a fake Kubernetes API and pods, which allows running all tests in around 15 seconds. IPv6 is partially implemented but disabled. The tests pass, but each test takes around 2 seconds, because some ICMPv6 replies for blocked TCP connections seem to get lost somewhere and are only processed when the TCP SYN is resent one second later. Change-Id: Id77f2dd4d884b6d156e238e07e88c222e3bbe9a2 Reviewed-on: https://review.monogon.dev/c/monogon/+/3905 Reviewed-by: Lorenz Brun <lorenz@monogon.tech> Tested-by: Jenkins CI

commit: 17ad63fa0b09d3dfe461ac237cd5db5eaeefc2ed [log] [tgz]
author: Jan Schär <jan@monogon.tech> Thu Feb 27 14:43:56 2025 +0100
committer: Jan Schär <jan@monogon.tech> Thu Feb 27 17:33:51 2025 +0000
tree: aa133f4b89c91044047c902dad5b752696098b14
parent: 12e4b549f88c91e5eccb2abe1631793c879a66c6 [diff] [blame]
diff --git a/build/bazel/go.MODULE.bazel b/build/bazel/go.MODULE.bazel
index a723144..5afba0f 100644
--- a/build/bazel/go.MODULE.bazel
+++ b/build/bazel/go.MODULE.bazel

@@ -41,6 +41,7 @@
     "com_github_kballard_go_shellquote",
     "com_github_klauspost_compress",
     "com_github_lib_pq",
+    "com_github_mattfenwick_cyclonus",
     "com_github_mattn_go_shellwords",
     "com_github_mdlayher_arp",
     "com_github_mdlayher_ethernet",
commit	17ad63fa0b09d3dfe461ac237cd5db5eaeefc2ed	[log] [tgz]
author	Jan Schär <jan@monogon.tech>	Thu Feb 27 14:43:56 2025 +0100
committer	Jan Schär <jan@monogon.tech>	Thu Feb 27 17:33:51 2025 +0000
tree	aa133f4b89c91044047c902dad5b752696098b14
parent	12e4b549f88c91e5eccb2abe1631793c879a66c6 [diff] [blame]