Tutorial - Exposing Apps Publicly

Part 6 of the DC/OS 101 tutorial

IMPORTANT: Tutorials are intended to give you hands-on experience working with a limited set of DC/OS features with no implied or explicit warranty of any kind. None of the information provided--including sample scripts, commands, or applications--is officially supported by Mesosphere. You should not use this information in a production environment without independent testing and validation.

Welcome to part 6 of the DC/OS 101 Tutorial.



In this section you will make app2 available from outside the cluster by running it on a public agent node with Marathon-LB.


DC/OS has two different node types:

  1. Private agent nodes
  2. Public agent nodes

Private agent nodes are usually only accessible inside the cluster, while public agent nodes allow for ingress access from outside the cluster.

By default, Marathon starts applications and services on private agent nodes, which cannot be accessed from the outside the cluster. To expose an app to the outside you usually use a load balancer running on one of the public nodes.

You will revisit the topic of load balancing and the different choices for load balancers later in this tutorial, but for now, you will use Marathon-LB as the load balancer. Marathon-LB uses HA-Proxy on a public agent node to provide external access and load balancing for applications running internally in the cluster.

  • Install Marathon-LB: dcos package install marathon-lb

  • Check that it is running using dcos task and identify the IP address of the public agent node (Host) where Marathon-LB is running

    WARNING: If you started your cluster using a cloud provider (especially AWS) dcos task might show you the private IP address of the host, which is not resolvable from outside the cluster. If the marathon-lb task has an RFC1918 address beginning with 192.168 or 10, then this is the private IP address.

    In that case, you need to retrieve the public IP from your cloud provider. For AWS, go to the EC2 dashboard and search using the search box for the private IP assigned to the marathon-lb task shown by dcos task. The public IP will be listed in the IPv4 Public IP field for the returned instance.

  • Connect to the webapp (from your local machine) via <Public IP>:10000. You should see a rendered version of the web page including the physical node and port app2 is running on.

  • Use the web form to add a new Key:Value pair

  • You can verify the new key was added in two ways:

    1. Check the total number of keys using app1: dcos task log app1
    2. Check Redis directly
      • SSH into node where Redis is running:

        dcos node ssh --master-proxy --mesos-id=$(dcos task  redis --json |  jq -r '.[] | .slave_id')
      • Because Redis is running in a Docker container you can list all the Docker containers using docker ps and get the ContainerID of the Redis task.

      • Create a bash session in the running container using the ContainerID from the previous step: sudo docker exec -i -t CONTAINER_ID /bin/bash.

      • Start the Redis CLI: redis-cli.

      • Check the value is there: get <newkey>.


Congratulations! You have used Marathon-LB to expose your application to the public and added a new key to Redis using the web frontend.