Jeff, have you succfessfully run stunnel with a Mesos cluster? I'd anticipate it to be a bit difficult due to the way that slaves dynamically discover masters via zookeeper. If I remember correctly, with stunnel you need to configure all the tunnels beforehand, which would mean that every master would need to enumerate every possible slave beforehand, and vice-versa.
IMO that fairly severely limits the reliability of the system. By the way, is there a design doc for how TLS between slave and master is going to be implemented in 0.23.0? On Thu, Jun 4, 2015 at 4:30 PM, Jeff Schroeder <[email protected]> wrote: > For securing insecure network communication you can use something like > stunnel, then point the app at the local stunnel. It would be a fair bit of > hoops to configure it all with any your config management system, but is > totally doable. > > > On Thursday, June 4, 2015, John Webb <[email protected]> wrote: > >> All, >> >> I'm looking for some recommendations on how to encrypt Mesos Slave & >> Framework communication to the Mesos Master until Mesos v0.23 is released >> which will include SSL support. I'm concerned about having the slave & >> framework user/password being sent across our network in clear text. >> >> I would especially like to hear from people who actually running Mesos in >> production environment. >> >> Thanks, >> John Webb >> > > > -- > Text by Jeff, typos by iPhone >
