In this recipe, you will learn how to authenticate agents to prevent alien agents and frameworks joining the cluster.
Before we start configuring authentication, we need to identify the principals of our cluster and generate secrets for them. In the following example, we assume we have two principal marathon (framework) and agent (all agents).
To enable authentication, we need to define which authentication mechanism we want to use. In this example, we will use CRAM-MD5, which is built into Mesos and is, in fact, quite a popular authentication algorithm used in SMTP and LDAP.
Enable authentication of frameworks and agents by setting:
echo true > /etc/mesos-master/authenticate_frameworksecho true > /etc/mesos-master/authenticate_agents
Choose CRAM-MD5 as an authenticator:
echo crammd5 > /etc/mesos-master/authenticators
Create a file with the principals' secrets. Secrets provided by the principal will be checked against this file during...