proper policy for marathon-lb missing in docs

[ptulpen]

Expected Behavior

In the explanation for marathon-lb https://docs.projectcalico.org/v2.6/getting-started/mesos/tutorials/connecting-tasks#load-balancing--external-service-discovery

There are no steps regarding how does the policy have to be design to let marathon-lb access the calico networks

currently I use for this

    ingress:
    - action: allow
      protocol: tcp
      source:
        nets:
        - 192.168.65.60/32
        - 192.168.65.70/32
        - 192.168.65.80/32
      destination:
        ports: [80]

where the IP adresses are the hostIPs of the public nodes

I dont think this is best practice,since it is quite unflexible But I am not sure what is best practice (maybe using mesos dns somehow? )

Your Environment

• Calico version 2.6
• Orchestrator version: mesos - DC/OS 1.10.2
• Operating System and version: Centos 7

[caseydavenport]

I think that's the best available in Calico v2.6. Later releases introduce global network sets, which provide a better abstraction here, but Calico v2.6 is the last version to support integration with Mesos / Marathon.