In brave new DCOS it's impossible to call admin router from a slave/agent unless you provide an auth token.
using admin router to access service APIs is an important method of service discovery
example use case 1:
I use Spark with Cassandra driver. The Cassandra driver needs 1 (or more) cassandra addresses (iport) to bootstrap itself. How am I supposed to get this? Querying above API is a good solution.
example use case 2:
I have an app that writes to Kafka. My app needs 1 (or more) kafka broker addresses (iport) to bootstrap itself. How am I supposed to get this? Querying above API is a good solution.
It's not practical or particularly good for security if I have to give every app an auth token to use the above APIs.
To allow internal calls to admin router I suggest having the option of running admin router without the auth layer on a separate port that is not accessible (i.e. using firewall restrictions) from outside the cluster.