Proposal: container networking for applications
Hi, CF-dev community members!
Our cross-company team is happy to present a proposal to support direct
container-to-container networking and communication. We aim to provide
value to developers and admins by enabling new capabilities while providing
network access controls, and by providing first-class network-operations
- The current network implementation in Cloud Foundry restricts developers
and admins from secure, performant network communications directly between
containers. To support new service architectures, customers often need
fast, direct container-to-container communication while maintaining
granular control of network security in CF.
- Physical network configuration is inflexible with one addressing and
routing topology, while customers are demanding support for a variety of
network configurations and virtualization stacks, often driven by security
and IT standards.
We propose an improved container networking infrastructure, rooted in two
principles: declarative network policy, and modular network topology. Our
goal is to allow developers and admins to define container-to-container
network graphs that make sense for their business in a high-level,
build-time manner, and then mapping that logical topology onto supported
network stacks, enabled by the modular network capabilities in libnetwork
from the Docker project.
We specifically request feedback on potential service discovery mechanisms
to support this container-to-container capability. As containers and
microservices gain the ability to communicate directly, how should they
locate their peers or each other?
We invite your comments on all aspects of the proposal, here and in the
Jason Sherron on behalf of the working group