Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-2610

Add linux capabilities into the Metronome API

    Details

    • Type: Task
    • Status: Accepted
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: metronome
    • Labels:
    • Sprint:
      Marathon 2018-22, Marathon 2018-23
    • Story Points:
      7
    • Parent Feature:
      DCOS-28519 - [J & Q] As Dan, I need to ensure all jobs in my cluster run without NET_RAW permission

      Description

      Add a new property to the jobspec. Possible solution:

      {
        "id": "long-sleeper",
        "run": {
          "cmd": "sleep 120",
          "docker": {
            "image": "busybox" },
          "capabilities": {
      	"add" : ["SYS_ADMIN", "NET_RAW"],
      	"drop" : [] }
        }
      }
      

      Using capabilities inside jobspec would automatically mean your job will be run using UCR.

      Acceptance criteria

      It will be possible to specify capabilities add and drop for every jobspec.
      No capabilities not supported by UCR will be exposed.
      This capabilities will be passed to the RunSpec when submitting to Marathon launch queue.

        Attachments

          Activity

            People

            • Assignee:
              ken Ken Sipe
              Reporter:
              alenavarkockova Alena Varkockova
              Team:
              Orchestration Team
              Watchers:
              Alena Varkockova, daltonmatos, Ken Sipe, Matthias Eichstedt
            • Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: