add support for ip-per-task apps in the adminrouter cache #1628
Conversation
|
This repo has @mesosphere-mergebot integration. You can interact with the following commands.
|
|
@vespian not sure who to reference for this, but since you had a similar PR related to the AdminRouter I guess maybe you can help me out with this :-)
|
|
@SlevinBE Thanks for the contribution! I am sorry for the trouble with the CI, I will be taking care of making As for the |
|
@karlkfi I'd be interested to hear if you agree that we can maintain this feature in Admin Router in the long term. @SlevinBE please let us know if you are interested in also updating the rudimentary documentation at https://github.com/dcos/dcos/tree/master/packages/adminrouter/extra/src#service-endpoints :-). |
|
@vespian thanks! I've resolved the pep8 code style issues. Shouldn't the code-quality build have fail ed in this case (because it didn't)? Or is this build serving a different purpose? |
|
@SlevinBE Code quality check verifies the DC/OS build scripts, AR code quality checks have not been integrated yet. |
|
@jgehrcke I've updated the service endpoints documentation to describe the ip-per-task behaviour |
|
does this work for VIPs or just overlays? |
I personally dislike the
Besides that, I don't have a problem with proxying to overlay IPs and host IPs, but I would expect such a system to also work with VIPs. |
| ``` | ||
|
|
||
| In this case `http://<dcos-cluster>/service/service-name` would be forwarded to the host running the task using the first port allocated to the task. | ||
| When your container/task has its own IP (typically when running in a virtual network), `http://<dcos-cluster>/service/service-name` would be forwarded to the container/task's IP using the first port mapping or port definition when USER networking is enabled or the first discovery port otherwise. When your task/container is mapped to the host, it would be forwarded to the host running the task using the first port allocated to the task. |
There was a problem hiding this comment.
using the first port mapping or port definition
I would prefer this mapping was triggered by a specific port name, like "http" or "https", rather than using the first one in the list. Do ports have labels too? That might be even better. Then we could require labels specific to Admin Router and not overload the names.
There was a problem hiding this comment.
Actually this is an error on my part in the documentation. The chosen port is defined by the DCOS_SERVICE_PORT_INDEX label, which is a required label.
|
@karlkfi this PR only implements the ip-per-task (overlays) functionality and does not include VIP support. |
|
Alright, I see the DCOS_SERVICE_PORT_INDEX code already existed. I wish it used the port name, not the port index, but that's not a new problem. |
|
@mesosphere-mergebot bump-ee |
|
Your pull request's branch is not based on the most recent version of |
SlevinBE
force-pushed
the
ip-per-container-dcos-service
branch
from
16760fd to
4b2ccaa
Compare
|
I've rebased to master as per mesosphere-mergebot's request |
|
@mesosphere-mergebot bump-ee |
|
Enterprise Bump PR: mesosphere/dcos-enterprise/pull/1114 |
|
@SlevinBE please excuse the slow turnaround. Can you please squash your commits into a single one and add the prefix |
SlevinBE
force-pushed
the
ip-per-container-dcos-service
branch
from
4b2ccaa to
438f5a9
Compare
|
@jgehrcke done. Squashed them into one commit with the suggested prefix. |
|
@mesosphere-mergebot bump-ee |
|
Enterprise Bump mesosphere/dcos-enterprise/pull/1114 updated. |
|
@SlevinBE We're super sorry for the inconvenience, but we need to ask you to rebase one more time onto dcos/dcos' master branch. Otherwise we will not be able to get green light from the CI 🍏. |
SlevinBE
force-pushed
the
ip-per-container-dcos-service
branch
from
438f5a9 to
287e3a0
Compare
|
@jgehrcke done |
|
@mesosphere-mergebot bump-ee |
|
Your pull request's branch is not based on the most recent version of |
|
@SlevinBE Hi! I have not been able to get the Enterprise DC/OS PR pulling your changes to pass the CI, will keep investing it tomorrow. Thanks for your patience! |
|
@vespian so a new rebase on master is not required as requested by the mergebot? |
Not sure yet, I wanted to double check before asking you to do it again. |
|
@SlevinBE After rebasing all went green. We have two options:
Please drop me a line which option suits you best. Thanks! |
|
Let's use your test-PR, seems like the easiest solution. |
|
@SlevinBE I got the |
8 participants
High Level Description
The current DC/OS AdminRouter, the component which handles all the admin UI traffic of DC/OS, is not able to handle services which run in a virtual network (in our case Calico). Containers running in a virtual network get assigned their own IP, but the AdminRouter always takes the host name and port instead of the container's IP and port.
Therefore it's currently not possible to expose an ip-per-task app via the DC/OS admin interface (using the DCOS_SERVICE_NAME, DCOS_SERVICE_SCHEME and DCOS_SERVICE_PORT_INDEX app labels).
This PR tries to fix this issue in the AdminRouter's cache by taking the task's IP and port when it's an ip-per-task app (determined by the presence of the 'ipAddress' field on an app's definition) or taking the host's IP and port in case of a regular task (the default behaviour which existed until now).
I've used a similar approach as how it's implemented in Marathon-lb: https://github.com/mesosphere/marathon-lb/blob/master/utils.py#L314-L347
Related Issues
N/A
Checklist for all PR's
Checklist for component/package updates:
If you are changing components or packages in DC/OS (e.g. you are bumping the sha or ref of anything underneath
packages), then in addition to the above please also include: