Porting Marathon Networking Doc to DC/OS #1066
Conversation
| --- | ||
|
|
||
| This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating. | ||
|
|
There was a problem hiding this comment.
Do DC/OS users need to know about the networking API changes? it's only relevant if they've modified their native marathon instances AFAIK.
There was a problem hiding this comment.
yes, DCOS users need to know about the marathon networking API changes. for example, they may have built external tooling that depends on the old (deprecated) APIs that are no longer emitted by Marathon
| ``` | ||
|
|
||
| In this example, we specify three dynamically assigned host ports, which would then be available to our command via the environment variables `$PORT_HTTP`, `$PORT_HTTPS` and `$PORT_MON`. | ||
|
|
There was a problem hiding this comment.
What's meant by "command" here? Is it that they're available to the app/service?
|
|
||
| If there is a `--default_network_name` configured for Marathon, then specifying a network name for the `container` network is optional: | ||
| `container` networks with an unspecified (`null`) `name` will inherit the value of the `--default_network_name` flag. | ||
|
|
There was a problem hiding this comment.
I don't think this is needed for DC/OS users?
There was a problem hiding this comment.
There's a DCOS configuration for controlling the value of this root Marathon command line flag.
It's called dcos_overlay_network_default_name as per:
https://github.com/dcos/dcos/blob/ca564b4b90f069b6336cd445e36e9b83ddbabd6c/gen/calc.py#L943
(pretty sure we added this back in 1.9)
| Similar to `container` networking, an application should be allocated its own network namespace and IP address; | ||
| Mesos CNI provides a special `mesos-bridge` that application containers are attached to. | ||
| When using the Docker containerizer, this translates to the Docker "default bridge" network. | ||
|
|
There was a problem hiding this comment.
I don't understand this part well enough to know if all of this is relevant for DC/OS users.
There was a problem hiding this comment.
yes, it's relevant. it used to be called docker BRIDGE mode networking. there was not previously a Mesos (UCR) equivalent, so it's new functionality for UCR consumers
| In container networking, an application should be allocated its own network namespace and IP address; | ||
| Mesos network isolators are responsible for providing backend support for this. | ||
| When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`. | ||
|
|
There was a problem hiding this comment.
I don't understand this part well enough to know if all of this is relevant for DC/OS users.
There was a problem hiding this comment.
yes, it's relevant. this went by various names before: docker USER mode networking, or Mesos IP/CT networking. now that we've consolidated the API it's simply container Networking
| --- | ||
|
|
||
| This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating. | ||
|
|
There was a problem hiding this comment.
yes, DCOS users need to know about the marathon networking API changes. for example, they may have built external tooling that depends on the old (deprecated) APIs that are no longer emitted by Marathon
| In container networking, an application should be allocated its own network namespace and IP address; | ||
| Mesos network isolators are responsible for providing backend support for this. | ||
| When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`. | ||
|
|
There was a problem hiding this comment.
yes, it's relevant. this went by various names before: docker USER mode networking, or Mesos IP/CT networking. now that we've consolidated the API it's simply container Networking
| Similar to `container` networking, an application should be allocated its own network namespace and IP address; | ||
| Mesos CNI provides a special `mesos-bridge` that application containers are attached to. | ||
| When using the Docker containerizer, this translates to the Docker "default bridge" network. | ||
|
|
There was a problem hiding this comment.
yes, it's relevant. it used to be called docker BRIDGE mode networking. there was not previously a Mesos (UCR) equivalent, so it's new functionality for UCR consumers
| ``` | ||
|
|
||
| In this example, we specify three dynamically assigned host ports, which would then be available to our command via the environment variables `$PORT_HTTP`, `$PORT_HTTPS` and `$PORT_MON`. | ||
|
|
|
|
||
| If there is a `--default_network_name` configured for Marathon, then specifying a network name for the `container` network is optional: | ||
| `container` networks with an unspecified (`null`) `name` will inherit the value of the `--default_network_name` flag. | ||
|
|
There was a problem hiding this comment.
There's a DCOS configuration for controlling the value of this root Marathon command line flag.
It's called dcos_overlay_network_default_name as per:
https://github.com/dcos/dcos/blob/ca564b4b90f069b6336cd445e36e9b83ddbabd6c/gen/calc.py#L943
(pretty sure we added this back in 1.9)
There was a problem hiding this comment.
This topic seems to be all over the place organizationally. There seems to be a lot of cases where Marathon properties and command syntax are used instead of the higher level concept (e.g. container/bridge Networking, rather than Bridge Networking). There isn't any place that explains that all of these command-sytnax terms are actual Marathon properties. The topic mixes reference, usage, and examples and duplicates much of the reference content here: https://dcos.io/docs/1.9/deploying-services/marathon-parameters/.
In revising this topic, I would suggest making it a practical task topic that walks the user through configuring their networks and ports - and points off to reference topic when appropriate.
| menu_order: 0.5 | ||
| --- | ||
|
|
||
| This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating. |
There was a problem hiding this comment.
You can choose networking modes and assign ports in your DC/OS service definitions.
|
|
||
| # VIPs | ||
|
|
||
| We recommend using [virtual addresses (VIPs)](/docs/1.9/usage/service-discovery/virtual-ip-addresses/) to make ports management easier. VIPs map traffic from a single virtual address to multiple IP addresses and ports. They simplify inter-app communication and implement a reliable service-oriented architecture. |
|
|
||
| # Networking Modes | ||
|
|
||
| DC/OS services and pods declare `networks` the same way. Three modes of networking are supported: |
There was a problem hiding this comment.
why use command syntax for "networks"?
|
|
||
| # Networking Modes | ||
|
|
||
| DC/OS services and pods declare `networks` the same way. Three modes of networking are supported: |
There was a problem hiding this comment.
suggest not using three since it's somewhat arbitrary: These networking modes are supported:
|
|
||
| DC/OS services and pods declare `networks` the same way. Three modes of networking are supported: | ||
|
|
||
| ## `host` Networking |
There was a problem hiding this comment.
Host Networking - without command syntax?
| Mesos network isolators are responsible for providing backend support for this. | ||
| When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`. | ||
|
|
||
| ## `container/bridge` Networking |
There was a problem hiding this comment.
can this title simply be Bridge Networking?
|
|
||
| # Ports for Services | ||
|
|
||
| DC/OS services declare ports differently than pods. The following section is only relevant to services. |
There was a problem hiding this comment.
replace these two sentences with: This section describes how to declare ports for services.
|
|
||
| **Note:** Pods (endpoints) do not support service ports. | ||
|
|
||
| ### Declaring ports in an application |
|
|
||
| ### Referencing Ports | ||
|
|
||
| You can reference the *host-port*s in the Dockerfile for our fictitious app as follows: |
There was a problem hiding this comment.
...for our sample app as follows:
| @@ -0,0 +1,422 @@ | |||
| --- | |||
| post_title: Service and Pod Networking | |||
There was a problem hiding this comment.
change title to: Configuring Networks and Ports
| @@ -17,6 +17,8 @@ DC/OS services and pods declare `networks` the same way. Three modes of networki | |||
|
|
|||
| In `host` networking, an application shares the network namespace of the Mesos agent process, typically the host network namespace. | |||
|
|
|||
| **Note:** The `Network.name` parameter cannot be used with `host` networking. | |||
There was a problem hiding this comment.
so .. it's actually only useful for container mode. not host and not container/bridge.
| **Notes:**: | ||
|
|
||
| - The UCR and Docker Containerizer support all network modes. | ||
| - The `Network.name` parameter is only supported with `container` networking. |
|
@pavisandhu This is a work in progress. We need to incorporate the marathon networking doc into the dc/os site however you think it's best. |
Description
@jdef I'm assigning this to you because it's related to the Marathon networking doc you authored. I'm porting it over to the DC/OS site and I have some related questions. I also moved some information from the examples section up into the reference section because it seemed pretty important.
Urgency
Requirements