Infrastructure-agnostic network-level visibility and policy enforcement for containers

The invention claimed is: 1. A method for facilitating visibility into traffic flow data associated with containers, the method comprising: executing a container on a host operating system of a processing device, wherein host processes of the host operating system are associated with a host namespace and the container is associated with a container namespace; monitoring, by a traffic control and monitoring module executing in the container namespace, communications associated with the container namespace to identify traffic flows associated with the container; obtaining, by a traffic flow reporting module executing in the host namespace, the traffic flows associated with the container; and transmitting, by the traffic flow reporting module, the obtained traffic flows to a server. 2. The method of claim 1 , further comprising: obtaining, by a configuration generation module executing in the host namespace of the host operating system, management instructions from the server for controlling communications to and from the container; configuring, by the configuration generation module, the traffic control and monitoring module executing within the container namespace to carry out the management instructions; and operating the traffic control and monitoring module to control the communications to and from the container. 3. The method of claim 2 , further comprising: obtaining a label set associated with the container from a container orchestration layer of the host operating system, the label set comprising one or more labels; transmitting the label set to the server, wherein the server generates the management instructions for the container based on the label set. 4. The method of claim 3 , the further comprising: receiving, from the server, a globally unique workload identifier for the container in response to transmitting the label set to the server; storing, by the host operating system, an association between the globally unique workload identifier and the container namespace; and upon obtaining the management instructions, mapping the globally unique workload identifier referenced in the management instructions to the container namespace. 5. The method of claim 1 , further comprising: executing a command to select the container namespace; and executing a utility program to configure tables of an operating system firewall associated with the container namespace to configure the traffic control and reporting module to monitor the communications associated with the container namespace. 6. The method of claim 1 , wherein processes of the container are isolated from the host processes executing outside of the container namespace. 7. The method of claim 1 , wherein the container namespace and the host namespace share a kernel of the operating system instance. 8. A non-transitory computer-readable storage medium storing instructions for facilitating visibility into traffic flow data associated with containers, the instructions when executed by a processor causing the processor to perform steps including: executing a container on a host operating system of a processing device, wherein host processes of the host operating system are associated with a host namespace and the container is associated with a container namespace; monitoring, by a traffic control and monitoring module executing in the container namespace, communications associated with the container namespace to identify traffic flows associated with the container; obtaining, by a traffic flow reporting module executing in the host namespace, the traffic flows associated with the container; and transmitting, by the traffic flow reporting module, the obtained traffic flows to a server. 9. The non-transitory computer-readable storage medium of claim 8 , the instructions when executed further causing the processor to perform steps including: obtaining, by a configuration generation module executing in the host namespace of the host operating system, management instructions from the server for controlling communications to and from the container; configuring, by the configuration generation module, the traffic control and monitoring module executing within the container namespace to carry out the management instructions; and operating the traffic control and monitoring module to control the communications to and from the container. 10. The non-transitory computer-readable storage medium of claim 9 , the instructions when executed further causing the processor to perform steps including: obtaining a label set associated with the container from a container orchestration layer of the host operating system, the label set comprising one or more labels; transmitting the label set to the server, wherein the server generates the management instructions for the container based on the label set. 11. The non-transitory computer-readable storage medium of claim 10 , the instructions when executed further causing the processor to perform steps including: receiving, from the server, a globally unique workload identifier for the container in response to transmitting the label set to the server; storing, by the host operating system, an association between the globally unique workload identifier and the container namespace; and upon obtaining the management instructions, mapping the globally unique workload identifier referenced in the management instructions to the container namespace. 12. The non-transitory computer-readable storage medium of claim 8 , the instructions when executed further causing the processor to perform steps including: executing a command to select the container namespace; and executing a utility program to configure tables of an operating system firewall associated with the container namespace to configure the traffic control and reporting module to monitor the communications associated with the container namespace. 13. The non-transitory computer-readable storage medium of claim 8 , wherein processes of the container are isolated from the host processes executing outside of the container namespace. 14. The non-transitory computer-readable storage medium of claim 8 , wherein the container namespace and the host namespace share a kernel of the operating system instance. 15. A computing device for facilitating visibility into traffic flow data associated with containers, the computing device comprising: one or more processors; and a non-transitory computer-readable storage medium storing instructions that when executed by the one or more processors cause the one or more processors to perform steps including: executing a container on a host operating system of a processing device, wherein host processes of the host operating system are associated with a host namespace and the container is associated with a container namespace; monitoring, by a traffic control and monitoring module executing in the container namespace, communications associated with the container namespace to identify traffic flows associated with the container; obtaining, by a traffic flow reporting module executing in the host namespace, the traffic flows associated with the container; and transmitting, by the traffic flow reporting module, the obtained traffic flows to a server. 16. The computing device of claim 15 , the instructions when executed further causing the one or more processors to perform steps including: obtaining, by a configuration generation module executing in the host namespace of the host operating system, management instructions from the server for controlling communications to and from the container; con