At MesosCon 2015, we, along with our collaborators at Mesosphere, officially announced availability of an experimental integration with Apache Mesos (slides here, full talk here). This brings Calico’s simple, scalable, and secure architecture to Mesos clusters.
Why Mesos & Mesosphere?
Apache Mesos helps data center operators do more with scarce resources by increasing utilization: maximizing the number of running workloads without compromising application performance. Mesosphere is the company that is bringing Mesos to the masses with DCOS, their integrated data center operating system. They maintain Marathon and Mesos-DNS (used in our demo above) as open source projects. For operators who use on-demand cloud resources, Mesos packs more workloads into fewer cloud VMs, lowering their costs. The key innovation in Mesos compared with other data center scheduling software is that Mesos itself is not a scheduler: it brokers resource offers from data center hosts, called Agents, to consumers, called Frameworks. This allows rapid innovation in scheduling algorithms, effectively allowing distributed applications to manage themselves in the data center.
Today, Mesos workloads need to share the IP address and port space of the Agent they run on. This implementation had the advantage of being easy to implement. But, it means that schedulers need to either manage the port space as a resource, leading to utilization constraints, or apps need to be modified to use dynamic ports. Dynamic ports cause a service discovery challenge, effectively disqualifying the ubiquitous DNS A or AAAA records as a mechanism, meaning further changes to apps. Security and monitoring is also a huge challenge since protocols don’t operate on standard ports.
Calico wrests back some sanity to this picture by giving every Mesos container its own IP address, ending port conflicts, making dynamic port assignment obsolete, and allowing DNS A-record-based service discovery. You also get the usual Calico benefits of simple operation, high scale, and fine-grained network isolation.
Things are very early stage and in flux, but are ready for you to start trying out. We’d love your feedback, issue reports, or pull requests.