This talk will provide an overview of multi-tenancy in Apache Mesos, including recent work that was done to enable multi-tenant frameworks (with multi-role framework support and support for hierarchical roles). Topics include multi-tenant resource management, isolation, security, and other multi-tenancy concerns. This talk will also cover some upcoming work.
Mesos, different from some other container orchestrators, has its own native container runtime. Based on the pure Linux Kernel namespaces and cgroups, Mesos supports different container image formats with advantages of extensible container storage, networking, and security.
As of today it support all major container image formats such as OCI or Docker Image format, as well as default storage and networking plugins formats with CSI and CNI.
Historically, Mesos has provided a command executor for running one off tasks by schedulers e.g., Marathon. For launching a group of co-located tasks, the recommended way was to implement the logic using a custom executor. With the support for task groups aka Pods in Mesos, the default executor is the new recommended way for running pods in production. Moreover, based on nested containers, debug containers become realistic to enter any containers namespaces.
In this talk you will learn the following:
- Overview of the Mesos Agent API’s for nested containers used by the default executor
- Best practices for running sidecar/adapter containers and transient tasks
- Health Checks and Probes (Non-interpreted health checks)
- Default Termination Policy for the default executor
- New planned upcoming features on the roadmap