[jira] [Commented] (MESOS-4823) Implement port forwarding in `network/cni` isolator

Sat, 19 Mar 2016 04:09:25 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-4823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15198340#comment-15198340
 ] 

Avinash Sridharan commented on MESOS-4823:
------------------------------------------

You are right, we don't want to do this every container that has `EXPOSED` 
ports (I am taking docker images as an example here). This should be an opt-in 
from frameworks launching the container. The idea was to introduce fields in 
the `NetworkInfo` protobuf that will allow frameworks to set two pieces of 
information:
a) A boolean specifying if the framework wants the containers ports to be 
exposed.
b) If (a) is true, a range of ports to select the port mapping from, or 
container-port:host-port mapping. For the former case we would need the set of 
ports being exposed to be specified in the `ImageManifest`. 

For starters we are thinking about taking docker images as an example. Since, 
docker images have the `EXPOSE` directive. 


Comments are welcome.

> Implement port forwarding in `network/cni` isolator
> ---------------------------------------------------
>
>                 Key: MESOS-4823
>                 URL: https://issues.apache.org/jira/browse/MESOS-4823
>             Project: Mesos
>          Issue Type: Task
>          Components: containerization
>         Environment: linux
>            Reporter: Avinash Sridharan
>            Assignee: Avinash Sridharan
>            Priority: Critical
>              Labels: mesosphere
>
> Most docker and appc images wish to expose ports that micro-services are 
> listening on, to the outside world. When containers are running on bridged 
> (or ptp) networking this can be achieved by installing port forwarding rules 
> on the agent (using iptables). This can be done in the `network/cni` 
> isolator. 
> The reason we would like this functionality to be implemented in the 
> `network/cni` isolator, and not a CNI plugin, is that the specifications 
> currently do not support specifying port forwarding rules. Further, to 
> install these rules the isolator needs two pieces of information, the exposed 
> ports and the IP address associated with the container. Bother are available 
> to the isolator.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to