[jira] [Commented] (MESOS-4823) Implement port forwarding in `network/cni` isolator

Sat, 19 Mar 2016 04:42:40 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-4823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15197757#comment-15197757
 ] 

Dan Osborne commented on MESOS-4823:
------------------------------------

What is the use case for requiring port forwarding? 

I don't believe this feature request should be implemented, as I don't believe 
that port forwarding fits into the larger CNI story.

CNI defines a container's network as "a group of entities that are uniquely 
addressable". In general, CNI plugins do not make use of port forwarding 
because addresses in their network are *uniquely* addressable. 

The port which a container is running services on should be accessible on the 
IP address the CNI network assigned to it. I believe that forwarding a port on 
the agent's IP to a port on the CNI network's IP is fundamentally wrong, as it 
suggests that the container's CNI IP is not uniquely addressable.

> Implement port forwarding in `network/cni` isolator
> ---------------------------------------------------
>
>                 Key: MESOS-4823
>                 URL: https://issues.apache.org/jira/browse/MESOS-4823
>             Project: Mesos
>          Issue Type: Task
>          Components: containerization
>         Environment: linux
>            Reporter: Avinash Sridharan
>            Assignee: Avinash Sridharan
>            Priority: Critical
>              Labels: mesosphere
>
> Most docker and appc images wish ports that micro-services are listening on, 
> to the outside world. When containers are running on bridged (or ptp) 
> networking this can be achieved by installing port forwarding rules on the 
> agent (using iptables). This can be done in the `network/cni` isolator. 
> The reason we would like this functionality to be implemented in the 
> `network/cni` isolator, and not a CNI plugin, is that the specifications 
> currently do not support specifying port forwarding rules. Further, to 
> install these rules the isolator needs two pieces of information, the exposed 
> ports and the IP address associated with the container. Bother are available 
> to the isolator.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to