Secure Admin-Access

[Slartibartfast27]

Data shall not be transferred without encryption. Especially the management console of mesosphere shall only be reachable via https and some kind of authentication (username/password or ssh-key)

Quote from https://docs.mesosphere.com/overview/dcosarchitecture/ (2015-10-23):

• This version of DCOS has no authentication.
• The DCOS CLI and web interface do not currently use an encrypted channel for communication. However, you can upload your own SSL certificate to the masters and change your CLI and web interface configuration to use HTTPS instead of HTTP.
• You must secure your cluster by using security rules. It is strongly recommended that you only allow internal traffic.
• If there is sensitive data in your cluster, follow standard cloud policies for accessing that data. Either set up a point to point VPN between your secure networks or run a VPN server inside your DCOS cluster.

[mspringma]

Since DC/OS 1.7, access to master and services via the master, require a weblogin aligned with dcos auth login. That should be okay for now.