Hi Trevor, we are working with Project Calico in order to implement two important features (urgently missing in Mesos imho): - IPs per container: this will eliminate port conflicts when apps with specific port needs get deployed on the same slave - network-level isolation: so that you can control which apps can reach each other and how, within or across slaves.
The details will be presented at MesosCon and code released soon after that to the open source. Let me know if you need more info ahead of time. On Mon, Aug 10, 2015 at 11:24 PM, Trevor Powell <[email protected]> wrote: > Anyone have any thoughts on how Mesos may accomplish this use case? > > We have several workloads that span multiple slaves and we want to ensure > those work loads can see each other, the internet, and nothing else. > Basically we have untrusted groups of work loads. We trust the load to talk > to itself across a several slaves. But we don’t trust it to not affect or > inspect other work loads on the same slave. Basically we are looking to > place “blinders” on the work load. So it can only see what it needs to see > from the network level. > > I have heard of things like weave or Project calico ( > http://www.projectcalico.org/learn/) . They seem promising. But I ponder > what Mesos is looking to do long term. > > -- > > [image: cid:E81DB7C8-03F6-42D9-8B9C-5BD2135A06C9] <http://www.rms.com/> > > *Trevor Alexander Powell* > > Sr. Manager, Cloud Engineer & Architecture > > 7575 Gateway Blvd. Newark, CA 94560 > > T: +1.510.713.3751 > > M: +1.650.325.7467 > > www.rms.com > -- Christos
