You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Zhitao Li (JIRA)" <ji...@apache.org> on 2017/09/26 17:18:00 UTC

[jira] [Created] (MESOS-8018) Allow framework to opt-in to forward executor's JWT token to the tasks

Zhitao Li created MESOS-8018:
--------------------------------

             Summary: Allow framework to opt-in to forward executor's JWT token to the tasks
                 Key: MESOS-8018
                 URL: https://issues.apache.org/jira/browse/MESOS-8018
             Project: Mesos
          Issue Type: Improvement
            Reporter: Zhitao Li


Nested container API is an awesome feature and enabled a lot of interesting use cases. A pattern we have seen multiple times is that a task (often the only one) launched by default executor wants to further creates containers nested behind itself (or the executor) to run some different workload.

Because the entire request is 1) completely local to the executor container, 2) okay to be bounded within the executor's lifecycle, we'd like to allow the task to use the mesos agent API directly to create these nested containers. However, it creates a problem when we want to enable HTTP executor authentication because the JWT auth tokens are only available to the executor so the task's API request will be rejected.

Requiring framework owner to fork or create a custom executor simply for this purpose also seems a bit too heavy.

My proposal is to allow framework to opt-in with some field so that the launched task will receive certain environment variables from default executor, so the task can "act upon" the executor. One idea is to add a new field to allow certain environment variables to be forwarded from executor to task.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)