Enable universal support for container-to-host communication

[karolz-ms]

Description

Leverages the container tunnel capability that has been recently added to DCP to provide container-to-host connectivity independent from what is supported by container orchestrators.

To make this work, I had to make some changes to how EndpointReferences work. Specifically, EndpointReferences are not resolved in context of a network (represented by abstract NetworkIdentifier). They are also tracked by their EndpointAnnotation so we can answer questions like "who is referencing this particular Endpoint".

Marking as draft for now because this is a big change that affects the core of Aspire application model. It needs more testing, automated tests, and most likely, fixes to existing tests.

Fixes #6547

Checklist

• Is this feature complete?
  • Yes. Ready to ship. KarolZ: the feature is usable as-is; there are no major parts missing.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No KarolZ: but I am planning to work on adding more tests in near future
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Link to aspire-docs issue (consider using one of the following templates):
      • New (or update) doc-idea template
      • New breaking-change template
      • New diagnostic template
  • No

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 12361

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 12361"

[Copilot]

Pull Request Overview

This PR enables universal container-to-host communication by leveraging a new container tunnel capability in DCP. The changes introduce a network-aware model where EndpointReference objects are resolved in the context of specific networks (represented by NetworkIdentifier). This allows endpoints to be resolved differently depending on whether they're accessed from localhost, container networks, or public internet contexts.

Key changes:

• Introduced NetworkIdentifier type and network-aware value resolution via INetworkAwareValueProvider
• Modified EndpointReference and EndpointAnnotation to support multiple allocated endpoints per network context
• Added container tunnel proxy infrastructure to enable container-to-host connectivity
• Refactored expression resolution to be network-context-aware instead of using a single "container host name"

Reviewed Changes

Copilot reviewed 42 out of 42 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
src/Aspire.Hosting/ApplicationModel/Network.cs	Introduces NetworkIdentifier and KnownNetworkIdentifiers/KnownHostNames for network context modeling
src/Aspire.Hosting/ApplicationModel/EndpointAnnotation.cs	Adds support for multiple allocated endpoints per network and tracks endpoint references
src/Aspire.Hosting/ApplicationModel/EndpointReference.cs	Modified to resolve endpoints in specific network contexts
src/Aspire.Hosting/ApplicationModel/ExpressionResolver.cs	Refactored to use NetworkIdentifier instead of containerHostName parameter
src/Aspire.Hosting/ApplicationModel/INetworkAwareValueProvider.cs	New interface for network-aware value resolution
src/Aspire.Hosting/Dcp/DcpExecutor.cs	Major refactoring to create container tunnels and handle network-specific endpoint allocation
src/Aspire.Hosting/Dcp/Model/ContainerTunnel.cs	New DCP model types for container tunnel proxy functionality
tests/**/*.cs	Updated tests to use new network-aware APIs and fix broken assumptions about container host names

Comments suppressed due to low confidence (1)

src/Aspire.Hosting/ApplicationModel/EndpointReference.cs:1

• Add space between XML tag and 'object' in the returns documentation

// Licensed to the .NET Foundation under one or more agreements.

[captainsafia]

I assume we expect this value to not be set in certain scenarios. For example, I'd expect this to be null during deployment mode. If so, how do we think about modeling the ValueProviderContext under different execution contexts?

[karolz-ms]

It is a property bag-like, so I can imagine stuffing some deployment-mode data into it in future. Maybe, as you suggested offline, have a proper property bag (dictionary) with data on it too.

[davidfowl]

I think we could model this like:

class ValueProviderContext 
{ 
    public IServiceProvider? Services { get; init; }
    public IResource? Caller { get; init; }
} 

class NetworkValueProviderContext : ValueProviderContext 
{
    public NetworkIdentifier? Network { get; init; }
} 

[davidfowl]

cc @eerhardt

[davidfowl]

Is this needed? What happens if we leave this as is?

[karolz-ms]

Yes. If this change is reverted, the test will hang forever, waiting for endpoint address to be allocated.

The reason is we are simulating endpoint allocation and then testing container-to-container communication. So we need an AllocatedEndpoint in container network space.

Endpoint.AllocatedEndpoint = something allocates endpoint in localhost network space.