----- Mail original ----- > De: "Jie Yu" <[email protected]> > À: "dev" <[email protected]> > Cc: "Qian AZ Zhang" <[email protected]>, "Avinash Sridharan" > <[email protected]> > Envoyé: Jeudi 28 Juillet 2016 18:41:33 > Objet: Re: cni / public port questions > > you can still use bridge with CNI (you'll need to use the built-in bridge > plugin of CNI). > > Port mapping is still under development. Expecting this coming soon.
Yes, I had seen that feature ni JIRA, but was wondering if there were other solutions in the meanwhile. As my containers need to expose some ports to public, port mapping is needed for bridge. So either I keep my existing docker containerizer with Docker bridge, either I switch to unified with CNI and port management (more complex to setup and more complex to manage by framework). I would have like not to force my framework users to use a CNI tool while switching my code to unified containerizer. This would complexify code upgrades (impacts mesos install, even for simple bridge CNI). This means that frameworks willing to switch to unifed cont. need to continue to provide docker cont. for existing installations (we can't force a mesos admin to switch to CNI just for a framework). Thanks Olivier > > - Jie > > On Thu, Jul 28, 2016 at 2:44 AM, haosdent <[email protected]> wrote: > > > Hi, @Olivier. The port forwarding of mesos is still under implementing. You > > could subscribe https://issues.apache.org/jira/browse/MESOS-4823 to track > > the progress. > > > > On Thu, Jul 28, 2016 at 4:42 PM, Olivier Sallou <[email protected]> > > wrote: > > > > > Hi, > > > I am looking at using unified containerizer. As it only support host > > mode, > > > it needs cni. > > > However, it is not really clear for me regarding "public" ports. > > > > > > If I have a container that needs to expose a port (let's say port 123), > > > can I expose it via the Mesos API only? > > > > > > When I use cni, as I understood, I allocate an IP per container. If IP is > > > routable in network, are all ports reachable (from any host / other > > > container) ? Or should it be explicitly opened ? > > > > > > To be simple, can I launch a container that would expose to public (any > > > host) only port 123 and other ports reachable only but containers in same > > > "private network" : > > > > > > - container 1 expose public port 123 and private port 456 (accessible by > > > container 2 only) > > > - container 2 connects to container 1 port 456. > > > > > > For the moment, I am using the Docker containerizer with bridge mode, so > > > exposing port was simply a matter of mapping ports. Private networks are > > > managed by user networks of Docker. > > > > > > > > > Thanks > > > > > > Olivier > > > > > > > > > > > > -- > > Best Regards, > > Haosdent Huang > > >
