As a user of Mesos, I would like to have control over inbound and outbound network communication of a launched Mesos container. The intention is to gain improved security and isolation of user processes on the network level.
- Preventing outgoing connections to external endpoints which have not been whitelisted (e.g., deny internet connections, only allow connections to this one production database but not the others, ...)
- Prevent incoming connections from external systems or containers which have not been whitelisted (e.g., don't allow a rough or even hijacked services to interfere with another service)
The last usecase is somewhat tricky due to the dynamic nature of a Mesos cluster but might be achieved using the available DiscoveryInfo (e.g., block all connections from foreign environments).