Authentication and authorization have been added to most Mesos APIs at this point. Schedulers making use of the Mesos HTTP scheduler library however, currently only support a hard wired basic HTTP authentication.
To secure the master’s HTTP scheduler API, the /api/v1/scheduler endpoint must be authenticated. Without authentication, a malicious or buggy actor from within or outside the cluster could send requests to these master endpoints, potentially disrupting running schedulers or tasks, injecting harmful tasks, or exposing privileged information.
- Support custom authentication of schedulers based on the Mesos V1 HTTP scheduler API library /src/scheduler/scheduler.cpp.
- Require minimal operator configuration when enabling scheduler authentication for a simple default use case.
- Provide a thin, reusable layer of abstraction enabling any HTTP API consumer to authenticate.