Getting Started

• Install Marathon
• Setup Recommendations
• High Availability Mode

Using Marathon

• Application Basics
• Application Deployments
• Application Groups
• Authorization and Access Control
• Blue-Green Deployment
• Constraints
• Event Bus
• Health Checks
• Marathon Web Interface
• Networking
• Pods
• Recipes
• Provisioning Containers
• Stateful Applications Using Local Persistent Volumes
• Stateful Applications Using External Persistent Volumes
• Task Environment Variables
• Task Handling
• Task Handling Configuration
• Secret Configuration
• Unreachable Strategy

Administration

• Command Line Flags
• Backup and Restore
• Data Migration
• Framework Authentication
• High Availability
• Metrics
• Deprecated Metrics
• Readiness Checks
• Checks
• Service Discovery and Load Balancing
• SSL and Basic Authentication
• Seccomp
• Using a Private Docker Registry
• Maintenance mode
• Compatibility with Mesos

Upgrading

• Upgrading to a new Version
• Migrating Apps to the 1.5 Networking API
• Migrating Tools to the 1.5 Networking API
• Versioning

Troubleshooting

• Stuck App or Pod Deployments
• No new instances are starting
• An App Requires a Specific Host Port
• Error Using HTTPS with local CA Certificate
• Error Reading Authentication Secret
• Slow Docker apps and deployments
• Exit Codes

Development

• Contributor Guidelines
• Current Marathon Development
• Extend Marathon with Plugins
• Run a Local Version of Marathon

API Reference

• REST API Reference

Docs for Previous Versions

• Version 1.9.x
• Version 1.8.x
• Version 1.7.x

IP-per-task

In version 0.14, Marathon introduced experimental IP-per-task support. With the appropriate configuration, each of an app’s tasks gets its own network interface and IP address.

IP-per-task drastically simplifies service discovery, since you can use Mesos-DNS to rely on DNS for service discovery. Mesos-DNS enables your applications to use address-only (A) DNS records in combination with known ports to connect to other services, as you would do it in a traditional static cluster environment.

Request an IP-per-task with default settings by adding the following to your application definition:

{
  "id": "/i-have-my-own-ip",
  // ... more settings ...
  "ipAddress": {}
}

Marathon passes down the request for the IP to Mesos. You have to make sure that you installed and configured the appropriate Network Isolation Modules and IP Access Manager (IPAM) modules in Mesos. Marathon support for this feature requires Mesos v0.26.

If an application requires IP-per-task, it cannot request ports to be allocated in the agent node.

Currently, this feature does not work in combination with Docker containers. We might still change some aspects of the API and we appreciate your feedback.

Network security groups

If your IP Access Manager (IPAM) supports it, you can refine your IP configuration using network security groups and labels:

{
  "id": "/i-have-my-own-ip",
  // ... more settings ...
  "ipAddress": {
    "groups": ["production"],
    "labels": {
      "some-meaningful-config": "potentially interpreted by the IPAM"
    }
  }
}

Network security groups only allow network traffic between tasks that have at least one of their configured groups in common. This makes it easy to disallow your staging environment to interfere with production traffic.

Named Networks

If your IPAM supports it, you can instruct Mesos to associate your application’s containers with a specific named network:

{
  "id": "/task-assigned-to-named-network",
  ...
  "ipAddress": {
    "networkName": "devops"
  }
}

Applications that specify a named network are automatically assigned an IP address, for each task, by the currently configured IPAM. Named network assignment is influenced by the --default_network_name flag: if a default network name has been configured then:

1. An application that specifies an ipAddress but not its networkName field will implicity use the network named by --default_network_name.
2. An application that specifies an ipAddress.networkName value overrides any value of --default_network_name.
3. If an application MUST use the physical host network then the ipAddress field MUST be omitted from the application definition.

Marathon passes the network name through to Mesos and is the responsibility of Mesos (and/or the loaded IPAM modules) to validate the network name.

Service Discovery

While an application that requires IP-per-task cannot request that ports be allocated in the agent node, you can still specify the ports that the application’s tasks expose:

{
  "id": "/i-have-my-own-ip",
  // ... more settings ...
  "ipAddress": {
    "discovery": {
      "ports": [
        { "number": 80, "name": "http", "protocol": "tcp" }
      ]
    }
      // ... more settings ...
  }
}

Marathon will pass this information to Mesos (inside the DiscoveryInfo message) when starting new tasks. Mesos-DNS will then expose this information through IN SRV records.