[
https://issues.apache.org/jira/browse/MESOS-4823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15198135#comment-15198135
]
Dan Osborne edited comment on MESOS-4823 at 3/16/16 8:55 PM:
-------------------------------------------------------------
Thank you for providing the example use case. Can you explain, on a technical
level, on what conditions you are planning to trigger creation of these
ip-tables rules?
I'm concerned that the capability you're trying to provide makes a lot of
assumptions about both the mesos cluster and the CNI network's configurations,
and to what degree both are accessible by the public network.
I believe that if this behavior goes in, to some degree it should be opt-in or
opt-out, as not all clusters nor CNI network's would want such a behavior.
Some counter use cases -
1. if the CNI network _is_ assigning publicly accessible addresses, the port
mapping becomes a redundant.
2. if they are using a load balancer, they would not need port forwarding as
the load balancer will forward public requests onto the private CNI network.
was (Author: djosborne):
Thank you for providing the example use case. Can you explain, on a technical
level, what condition you are planning that will trigger creation of these
ip-tables rules?
I'm concerned that the capability you're trying to provide makes a lot of
assumptions about both the mesos cluster and the CNI network's configurations,
and to what degree both are accessible by the public network.
I believe that if this behavior goes in, to some degree it should be opt-in or
opt-out, as not all clusters nor CNI network's would want such a behavior.
Some counter use cases -
1. if the CNI network _is_ assigning publicly accessible addresses, the port
mapping becomes a redundant.
2. if they are using a load balancer, they would not need port forwarding as
the load balancer will forward public requests onto the private CNI network.
> Implement port forwarding in `network/cni` isolator
> ---------------------------------------------------
>
> Key: MESOS-4823
> URL: https://issues.apache.org/jira/browse/MESOS-4823
> Project: Mesos
> Issue Type: Task
> Components: containerization
> Environment: linux
> Reporter: Avinash Sridharan
> Assignee: Avinash Sridharan
> Priority: Critical
> Labels: mesosphere
>
> Most docker and appc images wish ports that micro-services are listening on,
> to the outside world. When containers are running on bridged (or ptp)
> networking this can be achieved by installing port forwarding rules on the
> agent (using iptables). This can be done in the `network/cni` isolator.
> The reason we would like this functionality to be implemented in the
> `network/cni` isolator, and not a CNI plugin, is that the specifications
> currently do not support specifying port forwarding rules. Further, to
> install these rules the isolator needs two pieces of information, the exposed
> ports and the IP address associated with the container. Bother are available
> to the isolator.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
