Skip to content

feat: add TCP probe type#315

Merged
hardbyte merged 2 commits intomainfrom
feat/tcp-probe
Mar 4, 2026
Merged

feat: add TCP probe type#315
hardbyte merged 2 commits intomainfrom
feat/tcp-probe

Conversation

@hardbyte
Copy link
Owner

@hardbyte hardbyte commented Mar 4, 2026

Summary

  • Adds type: tcp probe that tests raw TCP socket connectivity to host:port
  • Uses stdlib socket.create_connection — no new dependencies
  • Returns connected (bool) and error (string/null) in probe data

Changes

  • netcheck/checks/tcp.py — new TCP check module
  • netcheck/runner.py — TCP dispatch case + default validation rule
  • netcheck/cli.pynetcheck tcp CLI command
  • Unit tests (6 new, all 30 pass)
  • E2E test manifest (tcp-job.yaml) + test file
  • K8s example (operator/examples/default-k8s/tcp.yaml)
  • SOC2 boundary protection example using TCP probes
  • Documentation page + nav link

Test plan

  • Unit tests pass locally (30/30)
  • CLI smoke tests (netcheck tcp, netcheck tcp --host localhost --port 1)
  • Ruff linting clean
  • Docker image builds and runs correctly
  • CI unit tests (all platforms)
  • CI Docker build
  • CI K8s integration tests

@hardbyte
feat: add TCP probe type for raw connectivity checks
1123045 
TCP probes test raw socket connectivity to a host:port, filling the gap
for non-HTTP services like databases and caches. Uses stdlib
socket.create_connection — no new dependencies.

Adds CLI command, runner integration, unit tests, E2E test manifest,
K8s example, SOC2 boundary protection example, and documentation.
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 4, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Mar 4, 2026
edited
Loading

Deploying netchecks-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 32a4bf5
Status: ✅  Deploy successful!
Preview URL: https://58987338.netchecks-docs.pages.dev
Branch Preview URL: https://feat-tcp-probe.netchecks-docs.pages.dev

View logs

@coveralls
Copy link

coveralls commented Mar 4, 2026
edited
Loading

Pull Request Test Coverage Report for Build 22689564324

Details

  • 41 of 48 (85.42%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.8%) to 91.26%
Changes Missing Coverage Covered Lines Changed/Added Lines %
netcheck/checks/tcp.py 20 27 74.07%
Totals Coverage Status
Change from base Build 21792458631: -0.8%
Covered Lines: 355
Relevant Lines: 389
💛 - Coveralls

@hardbyte
feat: add Cilium TCP egress policy E2E test
32a4bf5 
Validates that Cilium network policies actually enforce TCP egress
restrictions. Applies a policy allowing only port 443 to the K8s API,
then asserts that allowed connections succeed and blocked ports are
dropped — testing real policy enforcement, not just reachability.
@hardbyte hardbyte merged commit ff54a60 into main Mar 4, 2026
19 checks passed
@hardbyte hardbyte deleted the feat/tcp-probe branch March 4, 2026 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hardbyte @coveralls