Test Overlay Network of your Kubernetes Cluster
This is a Go client of the Overlay Network Test, a shell script paired with a DaemonSet to check connectivity in Overlay Network in Kubernetes Cluster.
- kube-config with connection to a working Kubernetes Cluster
- access
kube-systemnamespace where the application will deploy (needs privileged mode for network ping command)
Download artifact from Release Page and execute:
# Basic usage
./overlaytest
# Show version
./overlaytest -version
# Reuse existing deployment
./overlaytest -reuse
# Custom kubeconfig
./overlaytest -kubeconfig /path/to/kubeconfigThe application version can be configured in multiple ways (priority order):
-
Environment variable (runtime):
APP_VERSION=1.0.7 ./overlaytest -version
-
Build-time ldflags (compile time):
go build -ldflags "-X github.com/eumel8/overlaytest/pkg/overlaytest.Version=1.0.7" -o overlaytest ./cmd/overlaytest -
Default version: Falls back to hardcoded version (1.0.6)
The project follows standard Go layout:
overlaytest/
├── cmd/overlaytest/ # Main application entry point
│ └── main.go
├── pkg/overlaytest/ # Library code
│ ├── version.go # Version management
│ ├── config.go # Configuration handling
│ ├── client.go # Kubernetes client setup
│ ├── daemonset.go # DaemonSet management
│ ├── network.go # Network testing logic
│ └── *_test.go # Unit tests
├── Dockerfile # Container image definition
└── .github/workflows/ # CI/CD pipelines
Current Image: ghcr.io/eumel8/overlaytest:latest
The project includes a minimal Alpine-based container image (~10MB compressed) with:
- bash shell
- ping command
- Non-root user (UID 1000)
docker build -t overlaytest:local .
docker run --rm overlaytest:local ping -c 2 8.8.8.8You can specify a custom container image:
config := overlaytest.DefaultConfig()
config.Image = "your-registry/your-image:tag"Previous Image (deprecated): mtr.devops.telekom.de/mcsps/swiss-army-knife:latest
The DaemonSet includes comprehensive security context configuration:
- ✅ Privileged mode: Required for ping operations
- ✅ Non-root user: Runs as UID/GID 1000
- ✅ Read-only root filesystem: Enhanced security
- ✅ Seccomp profile: RuntimeDefault (Kubernetes security standard)
- ✅ Resource limits: CPU (100m-200m), Memory (64Mi-128Mi)
- ✅ Kyverno policies: Meets resource and seccomp requirements
- ✅ Pod Security Standards: Compatible with restricted policies (except privileged requirement)
- ✅ Issue #179: All requirements addressed
- Go 1.25 or later
- Docker (for container image builds)
# Clone the repository
git clone https://github.com/eumel8/overlaytest.git
cd overlaytest
# Build with default version
go build -o overlaytest ./cmd/overlaytest
# Build with custom version
go build -ldflags "-X github.com/eumel8/overlaytest/pkg/overlaytest.Version=1.0.7" \
-o overlaytest ./cmd/overlaytest
# Run tests
go test -v ./...# Build for multiple architectures
docker buildx build --platform linux/amd64,linux/arm64 \
-t ghcr.io/eumel8/overlaytest:latest .
# Build and push (requires authentication)
docker buildx build --platform linux/amd64,linux/arm64 \
-t ghcr.io/eumel8/overlaytest:latest --push .The project includes automated GitHub Actions workflows:
release.yaml: Builds multi-platform binaries on releasedocker-build.yaml: Builds and pushes container imagese2e-test.yaml: End-to-end tests with Kind clusterscoverage.yaml: Code coverage reporting
# Run all tests
go test ./...
# Run with coverage
go test -cover ./...
# Run specific package tests
go test -v ./pkg/overlaytest/cmd/overlaytest/: Main application entry pointpkg/overlaytest/: Reusable library codeDockerfile: Container image definition.github/workflows/: CI/CD automation
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes with tests
- Run
go test ./...to verify - Submit a pull request
Frank Kloeker f.kloeker@telekom.de
Life is for sharing. If you have an issue with the code or want to improve it, feel free to open an issue or an pull request.