rogeruiz/cg-container-networking.markdown

## cg-container-networking.markdown

      
                Raw

        
              cg-container-networking.markdown
            
          
    Tech talk lite: cloud.gov container networking
       _                 _
      | |               | |
   ___| | ___  _   _  __| |  __ _  _____   __
  / __| |/ _ \| | | |/ _` | / _` |/ _ \ \ / /
 | (__| | (_) | |_| | (_| || (_| | (_) \ V /
  \___|_|\___/ \__,_|\__,_(_)__, |\___/ \_/
                             __/ |
                            |___/

                  _        _
                 | |      (_)
   ___ ___  _ __ | |_ __ _ _ _ __   ___ _ __
  / __/ _ \| '_ \| __/ _` | | '_ \ / _ \ '__|
 | (_| (_) | | | | || (_| | | | | |  __/ |
  \___\___/|_| |_|\__\__,_|_|_| |_|\___|_|
            | |                    | |  (_)
  _ __   ___| |___      _____  _ __| | ___ _ __   __ _
 | '_ \ / _ \ __\ \ /\ / / _ \| '__| |/ / | '_ \ / _` |
 | | | |  __/ |_ \ V  V / (_) | |  |   <| | | | | (_| |
 |_| |_|\___|\__| \_/\_/ \___/|_|  |_|\_\_|_| |_|\__, |
                                                  __/ |
                                                 |___/

What is container networking?
██╗    ██╗██╗  ██╗ █████╗ ████████╗    ██╗███████╗    ██╗████████╗██████╗
██║    ██║██║  ██║██╔══██╗╚══██╔══╝    ██║██╔════╝    ██║╚══██╔══╝╚════██╗
██║ █╗ ██║███████║███████║   ██║       ██║███████╗    ██║   ██║     ▄███╔╝
██║███╗██║██╔══██║██╔══██║   ██║       ██║╚════██║    ██║   ██║     ▀▀══╝
╚███╔███╔╝██║  ██║██║  ██║   ██║       ██║███████║    ██║   ██║     ██╗
 ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚═╝╚══════╝    ╚═╝   ╚═╝     ╚═╝

Container networking with Cloud Foundry on cloud.gov is policy-based container
networking feature of Cloud Foundry that cloud.gov shipped around the end of
July 2018.
Sample application with service discovery
              __                  ____
             /\ \__             /|  _ \
  ___     __ \ \ ,_\   ____     |/\   |
 /'___\ /'__`\\ \ \/  /',__\     \// __`\/\
/\ \__//\ \L\.\\ \ \_/\__, `\    /|  \L>  <_
\ \____\ \__/.\_\ \__\/\____/    | \_____/\/
 \/____/\/__/\/_/\/__/\/___/      \/____/\/


  __
 /\ \
 \_\ \    ___     __     ____
 /'_` \  / __`\ /'_ `\  /',__\
/\ \L\ \/\ \L\ /\ \L\ \/\__, `\
\ \___,_\ \____\ \____ \/\____/
 \/__,_ /\/___/ \/___L\ \/___/
                  /\____/
                  \_/__/

I am going to be going over the Cloud Foundry networking examples provided by
the Cloud Foundry community on GitHub
Preparing to push your apps
mkdir -p ~/Developer/cloud.gov/examples/
git clone https://github.com/cloudfoundry/cf-networking-examples
cd cf-networking-examples
export DIR=$(pwd)
cf login -a https://api.fr.cloud.gov --sso
cf target -o sandbox-gsa -s roger.ruiz

Your Cloud Foundry target may vary from mine. I'm using my cloud.gov Sandbox
organization and space. We're going to create an examples directory on our
local machine and then clone the CF networking examples repository into it. Then
after changing into the cf-networking-examples directory, we'll set the $DIR
environmental variable to the current working directory.
Deploying the frontend application
cd $DIR/frontend
cf push frontend -n fe-cnd-rsr

Note you'll probably add your own host name as a -n parameter. I'm using an
acronym that stands for frontend-catsanddogs-rogersteveruiz, since I'll be
typing it.
Use case 1: frontend connects to a single backend
cd $DIR/backend-b
cf push backend-b --no-start -d apps.internal -n beb-cnd-rsr
cf set-env backend-b CATS_PORTS "7007,7008"
cf set-env backend-b UDP_PORTS "9003,9004"
cf start backend-b

Note you'll probably add your own host name as a -n parameter. I'm using an
acronym that stands for backend-b-catsanddogs-rogersteveruiz, since I'll be
typing it.
Communicating between the apps using TCP
Now let's communicate with the backend-b application from the frontend application.
Type the following in your TCP HTTP Test text box:
beb-cnd-rsr.apps.internal:7007

Note your hostname will probably be different than mine. Change your URL to
whatever you see when you run cf app backend-b under routes:.
Allowing access for TCP connections
Without a network policy in place, the request failed. So let's add one. Any
SpaceDeveloper on that particular space can add and remove network policies.
cf add-network-policy frontend --destination-app backend-b --port 7007 --protocol tcp

Communicating between the apps using UDP
Now let's communicate with the backend-b application from the frontend application.
Type the following in your UDP HTTP Test text box:
beb-cnd-rsr.apps.internal:9003

Note your hostname will probably be different than mine. Change your URL to
whatever you see when you run cf app backend-b under routes:.
Allowing access for UDP connections
Without a network policy in place, the request failed. So let's add one. Any
SpaceDeveloper on that particular space can add and remove network policies.
cf add-network-policy frontend --destination-app backend-b --port 9003 --protocol udp

Use case 2: frontend connects to multiple backends
cd $DIR/backend-a
cf push backend-a --no-start -d apps.internal -n bea-cnd-rsr
cf set-env backend-a CATS_PORTS "7007,7008"
cf set-env backend-a UDP_PORTS "9003,9004"
cf start backend-a

Set the network policies for backend-a
cf add-network-policy frontend --destination-app backend-a --port 7007 --protocol tcp
cf add-network-policy frontend --destination-app backend-a --port 9003 --protocol udp

Set the routes up for backend-a and backend-b to use the same internal route
cf create-route roger.ruiz apps.internal --hostname be-cnd-rsr
cf map-route backend-a apps.internal --hostname be-cnd-rsr
cf map-route backend-b apps.internal --hostname be-cnd-rsr