Yan Xu created MESOS-8306:
-----------------------------
Summary: Restrict which agents can statically reserve resources
for which roles
Key: MESOS-8306
URL: https://issues.apache.org/jira/browse/MESOS-8306
Project: Mesos
Issue Type: Improvement
Reporter: Yan Xu
In some use cases part of a Mesos cluster could be reserved for certain
frameworks/roles. A common approach is to use static reservation so the
resources of an agent are only offered to frameworks of the designated roles.
However without proper authorization any (compromised) agent can register with
these special roles and accept workload from these frameworks.
We can enhance the {{RegisterAgent}} ACL to express: agent principal {{foo}} is
allowed to register with static reservation roles {{bar, baz}}; no other
principals are allowed to register with static reservation roles {{bar, baz}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
