[
https://issues.apache.org/jira/browse/AURORA-1107?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326651#comment-14326651
]
Bill Farner commented on AURORA-1107:
-------------------------------------
A slice of this ticket could be considered for the purposes of distributing
secrets (e.g. credentials) to tasks. This could mean a read-only mount applied
globally by the cluster administrator, which sidesteps the more complicated
strategy of authorizing specific mounts requested by users.
> Add support for mounting external volumes into docker containers
> ----------------------------------------------------------------
>
> Key: AURORA-1107
> URL: https://issues.apache.org/jira/browse/AURORA-1107
> Project: Aurora
> Issue Type: Task
> Components: Docker
> Reporter: Steve Niemitz
> Assignee: Steve Niemitz
> Priority: Minor
>
> The Mesos docker API allows specifying volumes on the host to mount into the
> container when it runs. We should expose this. I propose:
> - Add a volumes() set to the Docker object in base.py
> - Add a similar set to the DockerContainer struct in api.thrift
> - Create a way for administrators to restrict the ability to use this.
> Because mounts are set up by the docker daemon, they effectively allow
> someone who can configure mounts to access anything on the machine.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
