mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Peach (JIRA)" <>
Subject [jira] [Assigned] (MESOS-8018) Allow framework to opt-in to forward executor's JWT token to the tasks
Date Thu, 02 Nov 2017 23:31:16 GMT


James Peach reassigned MESOS-8018:

    Assignee: James Peach

> Allow framework to opt-in to forward executor's JWT token to the tasks
> ----------------------------------------------------------------------
>                 Key: MESOS-8018
>                 URL:
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Zhitao Li
>            Assignee: James Peach
>            Priority: Major
> Nested container API is an awesome feature and enabled a lot of interesting use cases.
A pattern we have seen multiple times is that a task (often the only one) launched by default
executor wants to further creates containers nested behind itself (or the executor) to run
some different workload.
> Because the entire request is 1) completely local to the executor container, 2) okay
to be bounded within the executor's lifecycle, we'd like to allow the task to use the mesos
agent API directly to create these nested containers. However, it creates a problem when we
want to enable HTTP executor authentication because the JWT auth tokens are only available
to the executor so the task's API request will be rejected.
> Requiring framework owner to fork or create a custom executor simply for this purpose
also seems a bit too heavy.
> My proposal is to allow framework to opt-in with some field so that the launched task
will receive certain environment variables from default executor, so the task can "act upon"
the executor. One idea is to add a new field to allow certain environment variables to be
forwarded from executor to task.

This message was sent by Atlassian JIRA

View raw message