Add access level mark on discovered services about forecastle HOT 6 CLOSED

Do you have any idea on how would you approach this? Can we somehow look for NetworkPolicy or PodSecurityPolicy and add the indication based on that? Or should we just have a simple annotation that needs to be explicitly set by the user to indicate that this is a network restricted service? @usamaahmadkhan

from forecastle.

How about adding a default check for nginx-ingress annotation. external-ingress means it is public and internal-ingress means it is network restricted.

from forecastle.

I believe that is just our usecase that we have 2 different nginx ingress controllers with specific names internal-ingress and external-ingress. Implementing it like you mentioned would restrict users to use this feature in many ways. Lets say they don't even run an nginx controller and they don't have annotations specified for their controller. I think we need to approach this in a more generic and decoupled way in which our scenario can also easily fit

from forecastle.

Then NetworkPolicy should do it. We should assign labels like network-restricted=true/false to pod that require restriction and then use PodSelector in NetworkPolicy to restrict those pods. Similarly watching these labels when adding a mark on the UI.

from forecastle.

@usamaahmadkhan I think we should start from the basic, i.e., allow users to specify whether an app is network restricted or not manually. And then support automatic detection. Partial support is already in for this in #78 . We can use the annotation forecastle.stakater.com/network-restricted to specify if an app is restricted or not

from forecastle.

The feature has been implemented in #80

from forecastle.