You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 23, 2024. It is now read-only.
We added NetInfo to IPSources in 0.4, which allows Mesos-DNS to pull A record information from the "NetworkInfo" field in state.json. In our understanding this was only to be used by the modules which were using this for customizing the IPs per container.
Unfortunately, this was not the case! The docker containerizer uses NetworkInfo as well, and can set the inside container of the IP in NetworkInfo. This means that this becomes the A record in Mesos-DNS, rendering the container inaccessible.
There are a couple things here:
Remove NetInfo from the default list of IPSources in Mesos-DNS
Add it back in, but with a reachability-checker, that does an ICMP ping before allowing an address to be marked as valid.
This would require that people either run Mesos-DNS as root, or we configure: net.ipv4.ping_group_range
The text was updated successfully, but these errors were encountered:
@jdef As a stop-gap, I think rather than removing "netinfo" as a source in config.go, we add the "sources" field to config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't break old installations relying on the behaviour, but everyone who starts from the config.json.sample is in good shape.
if we're not removing it from the coded defaults, then it needs to be very clear from the documentation that - by default - users can expect
to encounter problems w/ mesos-dns and a docker-based cluster unless they
remove netinfo from config.ipsources. though i'm more inclined to make
the change to the coded defaults for ipsources since docker, by default,
breaks mesos-dns for people (given our current defaults list).
ideally we'd have a labels or source field associated with each
IPAddress so that we could apply some better filtering, otherwise we have
no idea which IP's come from the docker containerizer, or some random mesos
networking module.
reachability checks: i'd rather see this written up as a separate
proposal so that we can flesh out requirements and any potential concerns
(e.g. scalability of pinging for reachability in cluster w/ 1 million
tasks).
@jdefhttps://github.com/jdef As a stop-gap, I think rather than
removing "netinfo" as a source in config.go, we add the "sources" field to
config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't
break old installations relying on the behaviour, but everyone who starts
from the config.json.sample is in good shape.
—
Reply to this email directly or view it on GitHub #369 (comment)
.
We added NetInfo to IPSources in 0.4, which allows Mesos-DNS to pull A record information from the "NetworkInfo" field in state.json. In our understanding this was only to be used by the modules which were using this for customizing the IPs per container.
Unfortunately, this was not the case! The docker containerizer uses NetworkInfo as well, and can set the inside container of the IP in NetworkInfo. This means that this becomes the A record in Mesos-DNS, rendering the container inaccessible.
There are a couple things here:
Remove NetInfo from the default list of IPSources in Mesos-DNS
Add it back in, but with a reachability-checker, that does an ICMP ping before allowing an address to be marked as valid.
This would require that people either run Mesos-DNS as root, or we configure: net.ipv4.ping_group_range
The text was updated successfully, but these errors were encountered: