This release adds the ability for operators to configure their deployment to enable self-service app to app policy creation for all space developers.
When enabled, network.write
does not need to be explicitly granted to individual space developers in order for them to be able to create policies between apps in spaces for which they have the SpaceDeveloper role.
Space developers now have a configurable quota for the maximum number of policies they can create for any given app as a source. The quota defaults to 50 but does not apply to users with network.admin
.
Give us your feedback in the #container-networking channel on cloudfoundry.slack.com. Take a look at known issues for current limitations and known issues.
Verified with the following:
Manifest Changes
New Properties
- An optional parameter has been added to allow all space developers to create policies (default
false
).
If this property is not set, a space developer must havenetwork.write
to create policies.cf_networking.enable_space_developer_self_service
- An optional parameter has benn added to configure the maximum number of policies a space
developer can write for a given source app. Defaults to 50 if it is not set. Does not apply to
users withnetwork.admin
:cf_networking.max_policies_per_app_source
Significant Changes
Space Developer Self-Service
- An operator can configure the max policies/app at deploy time
- As an operator I can enable self service for all space developers