A Garden-runC add-on that provides container networking for CloudFoundry.
netman provides a batteries included container to container system and several APIs for swapping in third party components.
- IPAM and connectivity are provided by a swappable CNI plugin (
flannelin the batteries included case). - A swappable policy agent polls garden and the policy server for polices to enforce on the cell. In the provided solution, the VXLAN policy agent writes iptables rules to filter packets based on VXLAN gbp tags.
- Inbound traffic from the gorouter is port forwarded from the cell to the container via a NetIn rule. NetIn calls are made by garden to the external networker which then writes the iptables NAT rule.
- Application security groups are enforced by NetOut calls from garden. The external networker also writes iptables rules to enforce ASGs.
- Architecture
- Deploy to BOSH-lite
- Deploy to AWS
- Configuring Policies - CLI and API
- Examples
- 3rd Party Plugin Development
- Contributing to Netman
- Operation
- Known Issues
- Design doc for Container Networking Policy
- Engineering backlog
- Chat with us at the
#container-networkingchannel on CloudFoundry Slack - CI dashboard and config
- Documentation