Skip to first unread message
Carlo Alberto Ferraris
Mar 8, 2015, 8:58:53 PM3/8/15
to vcap...@cloudfoundry.org
Is there a way to restrict a certain application to run only on a subset of DEAs, e.g. one of the BOSH DEA pools? This would allow to provide users with tiered services (low-perf/oversubscribed DEAs vs. high-perf/dedicated DEAs) as well as to enforce other properties (such as restricting network access - e.g. prevent non-PROD app instances from connecting to PROD services outside CF).
The obvious solution would be to have separate CF environments for each DEA pool, but I was wondering if there was a provision to have such kind of heterogeneous pools in the same environment.
Josh Ghiloni
Mar 8, 2015, 9:14:35 PM3/8/15
to vcap...@cloudfoundry.org
My first thought would be to create a filesystem stack[1] and pin apps to them. I don't see why you couldn't enforce things like iptables in that filesystem.
On Sun, Mar 8, 2015 at 6:58 PM, Carlo Alberto Ferraris <ca...@strayorange.com> wrote:
Is there a way to restrict a certain application to run only on a subset of DEAs, e.g. one of the BOSH DEA pools? This would allow to provide users with tiered services (low-perf/oversubscribed DEAs vs. high-perf/dedicated DEAs) as well as to enforce other properties (such as restricting network access - e.g. prevent non-PROD app instances from connecting to PROD services outside CF).The obvious solution would be to have separate CF environments for each DEA pool, but I was wondering if there was a provision to have such kind of heterogeneous pools in the same environment.
--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/d751afb4-65ff-4f27-9d5d-25f03323671f%40cloudfoundry.org.
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
Carlo Alberto Ferraris
Mar 8, 2015, 9:47:46 PM3/8/15
to vcap...@cloudfoundry.org
So basically, supposing we have N tiers T1 ... TN:
- for each stack S, create tiered stacks S_T1 ... S_TN - these would be identical apart from the name
- populate each DEA pool with the appropriate tiered stack
- for each buildpack P, create tiered buildpacks P_T1 ... P_TN - these would be identical apart from the name and the fact that each buildpack P_Tx requires exclusively the corresponding tiered stack S_Tx
- when the application wants to use tier Tx, it will specify buildpack P_Tx
Did I get that right?
Pablo Alonso Rodriguez
Mar 9, 2015, 8:30:29 AM3/9/15
to vcap...@cloudfoundry.org
I think so.
However, I am not sure whether you want to allow or deny certain users to use certain DEA pools. If you wanted that, you would have to be able to prevent users
from using concrete buildpacks. Is there a way to do that? As far as I know, you can only enable or disable buildpacks but you cannot specify a restricted list of
users allowed to use a buildpack.
However, I am not sure whether you want to allow or deny certain users to use certain DEA pools. If you wanted that, you would have to be able to prevent users
from using concrete buildpacks. Is there a way to do that? As far as I know, you can only enable or disable buildpacks but you cannot specify a restricted list of
users allowed to use a buildpack.
Dieu Cao
Mar 9, 2015, 12:53:49 PM3/9/15
to vcap...@cloudfoundry.org
It's not currently possible to restrict applications from using an available stack.
We do have a proposal out for implementation of placement pools [1] that addresses this use case.
It's still a few months out before we start work on that though.
-Dieu
CF Runtime PM
Reply all
Reply to author
Forward
0 new messages