Resource isolation

One of the key requirements of a cluster manager is to ensure that the allocation of resources to a particular framework does not have an impact on any active running jobs of some other framework. Provision for isolation mechanisms on slaves to compartmentalize different tasks is thus a key feature of Mesos. Containers are leveraged for resource isolation with a pluggable architecture. The Mesos slave uses the Containerizer API to provide an isolated environment to run a framework's executor and its corresponding tasks. The Containerizer API's objective is to support a wide range of implementations, which implies that custom containerizers and isolators can be developed. When a slave process starts, the containerizer to be used to launch containers and a set of isolators to enforce the resource constraints can be specified.

The Mesos Containerizer API provides a resource isolation of framework executors using Linux-specific functionality, such as control groups and namespaces. It also provides basic support for POSIX systems (only resource usage reporting and not actual isolation). This important topic will be explored at length in subsequent chapters.

Mesos also provides network isolation at a container level to prevent a single framework from capturing all the available network bandwidth or ports. This is not supported by default, however, and additional dependencies need to be installed and configured in order to activate this feature.