Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Porting Marathon Networking Doc to DC/OS #1066

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

sascala
Copy link
Contributor

@sascala sascala commented May 19, 2017

Description

@jdef I'm assigning this to you because it's related to the Marathon networking doc you authored. I'm porting it over to the DC/OS site and I have some related questions. I also moved some information from the examples section up into the reference section because it seemed pretty important.

Urgency

  • Blocker
  • High
  • Medium

Requirements

@sascala sascala self-assigned this May 19, 2017
---

This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do DC/OS users need to know about the networking API changes? it's only relevant if they've modified their native marathon instances AFAIK.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, DCOS users need to know about the marathon networking API changes. for example, they may have built external tooling that depends on the old (deprecated) APIs that are no longer emitted by Marathon

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

```

In this example, we specify three dynamically assigned host ports, which would then be available to our command via the environment variables `$PORT_HTTP`, `$PORT_HTTPS` and `$PORT_MON`.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's meant by "command" here? Is it that they're available to the app/service?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, app


If there is a `--default_network_name` configured for Marathon, then specifying a network name for the `container` network is optional:
`container` networks with an unspecified (`null`) `name` will inherit the value of the `--default_network_name` flag.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is needed for DC/OS users?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a DCOS configuration for controlling the value of this root Marathon command line flag.

It's called dcos_overlay_network_default_name as per:
https://github.com/dcos/dcos/blob/ca564b4b90f069b6336cd445e36e9b83ddbabd6c/gen/calc.py#L943

(pretty sure we added this back in 1.9)

Similar to `container` networking, an application should be allocated its own network namespace and IP address;
Mesos CNI provides a special `mesos-bridge` that application containers are attached to.
When using the Docker containerizer, this translates to the Docker "default bridge" network.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this part well enough to know if all of this is relevant for DC/OS users.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's relevant. it used to be called docker BRIDGE mode networking. there was not previously a Mesos (UCR) equivalent, so it's new functionality for UCR consumers

In container networking, an application should be allocated its own network namespace and IP address;
Mesos network isolators are responsible for providing backend support for this.
When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this part well enough to know if all of this is relevant for DC/OS users.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's relevant. this went by various names before: docker USER mode networking, or Mesos IP/CT networking. now that we've consolidated the API it's simply container Networking

@sascala sascala requested a review from jdef May 23, 2017 23:49
Copy link

@jdef jdef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

almost feels like the app ports section should be split off into a separate page. so then this page becomes the "app and pod services networking" page. with links to "app port configuration" and "pod endpoint configuration" pages. thoughts?

---

This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, DCOS users need to know about the marathon networking API changes. for example, they may have built external tooling that depends on the old (deprecated) APIs that are no longer emitted by Marathon

In container networking, an application should be allocated its own network namespace and IP address;
Mesos network isolators are responsible for providing backend support for this.
When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's relevant. this went by various names before: docker USER mode networking, or Mesos IP/CT networking. now that we've consolidated the API it's simply container Networking

Similar to `container` networking, an application should be allocated its own network namespace and IP address;
Mesos CNI provides a special `mesos-bridge` that application containers are attached to.
When using the Docker containerizer, this translates to the Docker "default bridge" network.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's relevant. it used to be called docker BRIDGE mode networking. there was not previously a Mesos (UCR) equivalent, so it's new functionality for UCR consumers

```

In this example, we specify three dynamically assigned host ports, which would then be available to our command via the environment variables `$PORT_HTTP`, `$PORT_HTTPS` and `$PORT_MON`.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, app


If there is a `--default_network_name` configured for Marathon, then specifying a network name for the `container` network is optional:
`container` networks with an unspecified (`null`) `name` will inherit the value of the `--default_network_name` flag.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a DCOS configuration for controlling the value of this root Marathon command line flag.

It's called dcos_overlay_network_default_name as per:
https://github.com/dcos/dcos/blob/ca564b4b90f069b6336cd445e36e9b83ddbabd6c/gen/calc.py#L943

(pretty sure we added this back in 1.9)

Copy link
Contributor

@joel-hamill joel-hamill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This topic seems to be all over the place organizationally. There seems to be a lot of cases where Marathon properties and command syntax are used instead of the higher level concept (e.g. container/bridge Networking, rather than Bridge Networking). There isn't any place that explains that all of these command-sytnax terms are actual Marathon properties. The topic mixes reference, usage, and examples and duplicates much of the reference content here: https://dcos.io/docs/1.9/deploying-services/marathon-parameters/.

In revising this topic, I would suggest making it a practical task topic that walks the user through configuring their networks and ports - and points off to reference topic when appropriate.

menu_order: 0.5
---

This document describes how to specify networking modes and assign ports in the service definition for a DC/OS Service you are creating.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can choose networking modes and assign ports in your DC/OS service definitions.


# VIPs

We recommend using [virtual addresses (VIPs)](/docs/1.9/usage/service-discovery/virtual-ip-addresses/) to make ports management easier. VIPs map traffic from a single virtual address to multiple IP addresses and ports. They simplify inter-app communication and implement a reliable service-oriented architecture.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

port management


# Networking Modes

DC/OS services and pods declare `networks` the same way. Three modes of networking are supported:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why use command syntax for "networks"?


# Networking Modes

DC/OS services and pods declare `networks` the same way. Three modes of networking are supported:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest not using three since it's somewhat arbitrary: These networking modes are supported:


DC/OS services and pods declare `networks` the same way. Three modes of networking are supported:

## `host` Networking
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Host Networking - without command syntax?

Mesos network isolators are responsible for providing backend support for this.
When using the Docker containerizer, this translates to a Docker "user" network. You can name your container network in the `networks.container` parameter of your service definition. If you do not provide a name for your container network, it will have the default container network name, `DEFAULT NAME`.

## `container/bridge` Networking
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this title simply be Bridge Networking?


# Ports for Services

DC/OS services declare ports differently than pods. The following section is only relevant to services.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace these two sentences with: This section describes how to declare ports for services.


**Note:** Pods (endpoints) do not support service ports.

### Declaring ports in an application
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...in a service?


### Referencing Ports

You can reference the *host-port*s in the Dockerfile for our fictitious app as follows:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...for our sample app as follows:

@@ -0,0 +1,422 @@
---
post_title: Service and Pod Networking
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change title to: Configuring Networks and Ports

@@ -17,6 +17,8 @@ DC/OS services and pods declare `networks` the same way. Three modes of networki

In `host` networking, an application shares the network namespace of the Mesos agent process, typically the host network namespace.

**Note:** The `Network.name` parameter cannot be used with `host` networking.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so .. it's actually only useful for container mode. not host and not container/bridge.

**Notes:**:

- The UCR and Docker Containerizer support all network modes.
- The `Network.name` parameter is only supported with `container` networking.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@sascala
Copy link
Contributor Author

sascala commented Jan 18, 2018

@pavisandhu This is a work in progress. We need to incorporate the marathon networking doc into the dc/os site however you think it's best.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants