Awesome-sauce ! I plan to be there at the conference. To me, this is the natural progression with mesos. Will this be integrated with a mesos release?
Trevor Alexander Powell Sr. Manager, Cloud Engineer & Architecture 7575 Gateway Blvd. Newark, CA 94560 T: +1.510.713.3751 M: +1.650.325.7467 www.rms.com On Aug 10, 2015 11:50 PM, Christos Kozyrakis <kozyr...@gmail.com> wrote: Hi Trevor, we are working with Project Calico in order to implement two important features (urgently missing in Mesos imho): - IPs per container: this will eliminate port conflicts when apps with specific port needs get deployed on the same slave - network-level isolation: so that you can control which apps can reach each other and how, within or across slaves. The details will be presented at MesosCon and code released soon after that to the open source. Let me know if you need more info ahead of time. On Mon, Aug 10, 2015 at 11:24 PM, Trevor Powell <trevor.pow...@rms.com<mailto:trevor.pow...@rms.com>> wrote: Anyone have any thoughts on how Mesos may accomplish this use case? We have several workloads that span multiple slaves and we want to ensure those work loads can see each other, the internet, and nothing else. Basically we have untrusted groups of work loads. We trust the load to talk to itself across a several slaves. But we don’t trust it to not affect or inspect other work loads on the same slave. Basically we are looking to place “blinders” on the work load. So it can only see what it needs to see from the network level. I have heard of things like weave or Project calico (http://www.projectcalico.org/learn/) . They seem promising. But I ponder what Mesos is looking to do long term. -- [cid:E81DB7C8-03F6-42D9-8B9C-5BD2135A06C9]<http://www.rms.com/> Trevor Alexander Powell Sr. Manager, Cloud Engineer & Architecture 7575 Gateway Blvd. Newark, CA 94560 T: +1.510.713.3751 M: +1.650.325.7467 www.rms.com<http://www.rms.com/> -- Christos
