NetworkPolicy Analyzer

Analyze Kubernetes NetworkPolicy configurations for pods in a cluster. The npa crate provides an Analyzer that resolves allowed ingress/egress traffic into CIDR/port/protocol rules. The npa-cli binary wraps the same logic for quick inspection from the command line.

Implementation is not fully tested so bugs are to be expected.

CLI Usage

Install

cargo install --path npa-cli/

Usage

Pod

❯ npa pod prometheus --namespace=montoring
+-----------+------------------------+--------------------------------------+
| DIRECTION | TRAFFIC                | POD                                  |
+-----------+------------------------+--------------------------------------+
| INGRESS   | 0.0.0.0/0:*/ANY        | DEFAULT/IPBLOCK                      |
|           | ::/0:*/ANY             | DEFAULT/IPBLOCK                      |
+-----------+------------------------+--------------------------------------+
| EGRESS    | 10.244.2.144/32:53/TCP | kube-system/coredns-6b4c956686-mmvwv |
|           | 10.244.2.144/32:53/UDP | kube-system/coredns-6b4c956686-mmvwv |
|           | 10.244.1.228/32:53/TCP | kube-system/coredns-6b4c956686-w9czp |
|           | 10.244.1.228/32:53/UDP | kube-system/coredns-6b4c956686-w9czp |
+-----------+------------------------+--------------------------------------+

NetworkPolicy

 npa netpol selects metrics
+--------------------+
| POD                |
+--------------------+
| ns-test/prometheus |
+--------------------+

❯ npa netpol ingress metrics
+-----------+------+---------------+
| NAMESPACE | PODS | PORT/PROTOCOL |
+-----------+------+---------------+
| NONE      | NONE | NONE          |
+-----------+------+---------------+

❯ npa netpol egress metrics
+-------------+--------------------------+----------------+
| NAMESPACE   | PODS                     | PORT/PROTOCOL  |
+-------------+--------------------------+----------------+
| kube-system | coredns-6b4c956686-mmvwv | 53/TCP, 53/UDP |
|             | coredns-6b4c956686-w9czp | 53/TCP, 53/UDP |
+-------------+--------------------------+----------------+
| ns-test     | backend                  | 9090/TCP       |
|             | frontend                 | 9091/TCP       |
|             | prometheus               | 9092/TCP       |
+-------------+--------------------------+----------------+

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
.github/workflows		.github/workflows
npa-cli		npa-cli
npa		npa
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
justfile		justfile
rustfmt.toml		rustfmt.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

NetworkPolicy Analyzer

CLI Usage

Install

Usage

Pod

NetworkPolicy

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

NetworkPolicy Analyzer

CLI Usage

Install

Usage

Pod

NetworkPolicy

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages