Details

    • Type: Epic
    • Status: Resolved
    • Priority: High
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: metronome
    • Labels:
    • Epic Name:
      Linux Capabilities Metronome
    • Epic Status:
      Done
    • Parent Feature:
      DCOS-28519 - [J & Q] As Dan, I need to ensure all jobs in my cluster run without NET_RAW permission
    • Total Story Points:
      24
    • Remaining Story Points:
      0
    • Progress (%):
      100
    • Progress Bar:
      100%

      Description

      For a customer we need to support the possibility to drop capabilities when running a job in Metronome, see https://jira.mesosphere.com/browse/PRODUCT-946

      The customer is currently running their jobs using Docker.

      To get there we need:

      • create API that is not bound to docker containerizer in any way
      • do not expose docker specific capabilities
      • allow to add and drop capabilities when launching a job

      In general there are two approaches:

      • support capabilities and map them to docker params in the background (meaning support capabilities also on Docker) (I understand as of today this is the preffered choice)
      • support capabilities only on UCR

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alenavarkockova Alena Varkockova
              Team:
              Orchestration Team
              Watchers:
              Alena Varkockova, daltonmatos, Ken Sipe, Matthias Eichstedt
            • Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: