[Policy Assistant] user experience for specifying pods/traffic

[huntergregory]

Parent issue: #150

TL;DR

Write go code to get a Deployment/DaemonSet from a cluster and create a corresponding TrafficPeer (see struct referenced below).

Overview

Our KubeCon demo (video, slides, code) used hard-coded Pods and traffic (Pod a to Pod b on port 80 and 81).

Of course, a user should be able to specify their own Pods/traffic. Ideally, a user can:

• Quickly/easily specify traffic of interest.
• Reference Pods in a Kubernetes-native way.

Ideas

A helpful starting point is Matt's Traffic struct. Here's a snippet of this example json:

{
  "Source": {
    "IP": "8.8.8.8"
  },
  "Destination": {
    "Internal": {
      "PodLabels": {"pod": "a"},
      "NamespaceLabels": {"ns":  "y"},
      "Namespace": "y"
      // we will also need NodeLabels for AdminNetworkPolicy's node selector
    },
    "IP": "192.168.1.10"
  },
  "Protocol": "TCP",
  "ResolvedPort": 80,
  "ResolvedPortName": "serve-80-tcp"
}

It would be nice if a user could instead reference a Pod/Deployment/DaemonSet, and then Policy Assistant queries someone's cluster to fill in:

• pod labels
• namespace labels
• node labels
• IP (or IPs of a Deployment, for instance)

We could start by building go code to convert a Deployment or DaemonSet to a TrafficPeer for a user's Kubernetes cluster.

Separate Discussion: what should be the CLI Experience?

For the command in the screenshot above, should a user specify that configuration in JSON like so?

policy-assistant analyze --mode walkthrough --traffic-file traffic.json

where traffic.json is like:

{
    "Traffic": [
        {
            "From": "ns-dev/deployment/frontend",
            "To": "ns-dev/daemonset/backend",
            "Protocol": "TCP",
            "PortName": "serve-80-tcp"
        },
        {
            "From": "10.0.0.5",
            "To": "ns-dev/daemonset/backend",
            "Protocol": "UDP",
            "Port": "81"
        },
    ]
}

[gabrielggg]

/assign