support for network policies

anishp55 commented 4 years ago

Frontend Deployment type

[X ] Cloud Foundry Application (cf push)
[ ] Kubernetes, using a helm chart
[ ] Docker, single container deploying all components
[ ] npm run start
[ ] Other (please specify below)

Backend (Jet Stream) Deployment type

[X ] Cloud Foundry Application (cf push)
[ ] Kubernetes, using a helm chart
[ ] Docker, single container deploying all components
[ ] Other (please specify below)

Detailed Description

support for configuring and displaying network policies.

Context

this is useful for auditors or people unfamiliar with the CLI to get a quick view of network policies for C2C networking, and possible edit them.

Possible Implementation

implement a networks tab that has this detail (the T is for trash/delete)

+-------------------------------------------------------------------------------+---+
|   Source App        |    Destination App        |    Protocol     | Port(s)   | T |
+-------------------------------------------------------------------------------+---+
|   App  a            |    App b                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+
|   App  a            |    App c                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+
|   App  b            |    App a                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+
|   App  b            |    App c                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+
|   App  c            |    App a                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+
|   App  c            |    App b                  |    tcp          | 8080      |   |
+-------------------------------------------------------------------------------+---+

richard-cox commented 4 years ago

This would be a cool feature to implement. There's some things we need to investigate though

We'll need to look at how the cli provides this feature. It's not part of the standard cf v2 or v3 api, but reaches out to networking/v1/external instead of v2/v3 (more info here).
We also need to ensure users have the correct privileges (network.admin for cf admin or space developer for conjoining apps) (more info here).
Another thing to consider is Eirini support

anishp55 commented 4 years ago

are there any talks on how container to container networking will be handled on Erini? is there a strawman implementation currently that we can look at as a reference?

richard-cox commented 4 years ago

I'm not familiar with the plans, however do know that it's currently not supported in v1

cloudfoundry / stratos