[MESOS-4344] Allow operators to assign net_cls major handles to mesos agents - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.28.0
Component/s: containerization
Labels:
- container
- mesosphere

Epic Link:
net_cls
Sprint:
Mesosphere Sprint 27, Mesosphere Sprint 28
Story Points:
1

Description

The net_cls cgroup associates a 16-bit major and 16-bit minor network handle to packets originating from tasks associated with a specific net_cls cgroup. In mesos we need to give the operator the ability to fix the 16-bit major handle used in an agent (the minor handle will be allocated by the agent. See ~~MESOS-4345~~). Fixing the parent handle on the agent allows operators to install default firewall rules using the parent handle to enforce a default policy (say DENY ALL) for all container traffic till the container is allocated a minor handle.

A simple way to achieve this requirement is to pass the major handle as a flag to the agent at startup.

Attachments

Issue Links

relates to

MESOS-4345 Implement a network-handle manager for net_cls cgroup subsystem

Resolved

links to

RB 42781

RB 42782

Activity

People

Assignee:: Avinash Sridharan

Reporter:: Avinash Sridharan

Shepherd:: Jie Yu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Jan/16 17:00

Updated:: 26/Nov/18 12:21

Resolved:: 26/Nov/18 12:21