Open sargun opened 8 years ago
@jdef As a stop-gap, I think rather than removing "netinfo" as a source in config.go, we add the "sources" field to config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't break old installations relying on the behaviour, but everyone who starts from the config.json.sample is in good shape.
Some thoughts:
netinfo
from config.ipsources
. though i'm more inclined to make
the change to the coded defaults for ipsources since docker, by default,
breaks mesos-dns for people (given our current defaults list).labels
or source
field associated with each
IPAddress so that we could apply some better filtering, otherwise we have
no idea which IP's come from the docker containerizer, or some random mesos
networking module.On Tue, Nov 24, 2015 at 12:13 PM, Sargun Dhillon notifications@github.com wrote:
@jdef https://github.com/jdef As a stop-gap, I think rather than removing "netinfo" as a source in config.go, we add the "sources" field to config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't break old installations relying on the behaviour, but everyone who starts from the config.json.sample is in good shape.
— Reply to this email directly or view it on GitHub https://github.com/mesosphere/mesos-dns/issues/369#issuecomment-159344444 .
We added NetInfo to IPSources in 0.4, which allows Mesos-DNS to pull A record information from the "NetworkInfo" field in state.json. In our understanding this was only to be used by the modules which were using this for customizing the IPs per container.
Unfortunately, this was not the case! The docker containerizer uses NetworkInfo as well, and can set the inside container of the IP in NetworkInfo. This means that this becomes the A record in Mesos-DNS, rendering the container inaccessible.
There are a couple things here:
Add it back in, but with a reachability-checker, that does an ICMP ping before allowing an address to be marked as valid.
This would require that people either run Mesos-DNS as root, or we configure: net.ipv4.ping_group_range