Skip to content

redhat-best-practices-for-k8s/certsuite-probe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
.github
.github
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

certsuite-probe

Test/push the probe image Test Incoming Changes Preflight Daily

A repository that builds and publishes the certsuite-probe container image used by the CNF Certification Suite.

What is the Probe?

The certsuite-probe is a utility container image that serves as a testing and debugging tool deployed into Kubernetes clusters during CNF certification testing. It provides a comprehensive set of networking, debugging, and system inspection tools needed to validate Cloud-Native Network Functions (CNFs) against Red Hat's best practices.

Key Components

The probe image includes:

  • Networking Tools: ethtool, iproute, iptables, nftables, net-tools, iputils - for network configuration inspection and testing
  • System Utilities: pciutils, procps-ng, util-linux - for hardware and process inspection
  • Container Runtime: Podman v4.9.5 - for container operations within the test environment
  • API Testing: grpcurl - for gRPC API validation
  • Additional Tools: jq, libselinux-utils, golang - for JSON processing, SELinux inspection, and Go-based tooling

Why It's Used in the Certsuite

The certsuite needs to perform in-cluster validation of CNFs, which requires:

  1. Network Testing: Verifying connectivity, DNS resolution, and network policy enforcement
  2. Resource Inspection: Checking CPU, memory, PCI devices, and block storage configurations
  3. Security Validation: Inspecting SELinux contexts, capabilities, and container security settings
  4. Container Operations: Testing container lifecycle, image pulling, and pod-to-pod communication

Rather than requiring test subjects to have these tools pre-installed, the certsuite deploys the probe as a DaemonSet or Pod to perform tests from within the cluster. This approach:

  • Maintains a consistent testing environment across different CNF deployments
  • Avoids modifying the CNF containers themselves
  • Provides a controlled, verified toolset for certification testing
  • Enables parallel testing across multiple nodes

Image Distribution

The probe image is published to Quay.io at:

  • quay.io/redhat-best-practices-for-k8s/certsuite-probe:latest
  • Legacy location: quay.io/testnetworkfunction/k8s-best-practices-debug:latest

Images are built and pushed:

  • Daily (nightly builds with latest security patches)
  • On every release
  • Multi-architecture support: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x

License

See LICENSE for details.

About

A repository that builds and publishes the debug image

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 29

v0.0.29 Latest
Oct 28, 2025
+ 28 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages