Organizations / Sub-Organizations

Organizations are a hierarchical categorization resource enabling management of resources in a variety of ways including an organizational model of the company. A Sub-Organizations is an organization that is contained by a parent organization.


Workspaces are a resource for organizing actual working deployments. These can be used to group deployments around projects, applications, etc.

Workspaces are a resource for organizing actual working deployments. To create a workspace, navigate to the parent organization you would like to add the workspace and click one the Workspace icon in the left nav bar (suitcase). This will switch the main view to show workspaces. Click into a workspace to make that workspace your current context. To create a workspace click on the "create" button on the right side in the title bar.


Environments facilitate organizing resources within a workspace or project to facilitate software lifecycle requirements.

Environments allow a workspace to organize the lifecycle of deployments. Environments are where you will create containers and lambdas as well as other features. This allows you to control and move deployments between development, test, and production environments. To create an environment navigate to the parent workspace you would like to add the environment and click the action menu icon (vertical elipses), and select the "Create Environment" action.

There are 3 types of environments - Test, Development, and Production - which may be used as filters for provider usage (see Providers sectoin below).

The environment screen contains tabs for displaying contained lambdas, APIs, containers, policies, integrations, providers, and entitlements.


Providers manage interaction with external services. Creating providers strategically within workspaces and environments provide a natural way to simplify service access across a large number of applications, containers, and lambdas.

Providers are resources in Gestalt which manage access to defined services. Currently providers exist for CaaS and API Gateways. To create a provider, go to the desired workspace or environment, and click on the "Providers" tab. The list of providers defined in this workspace or environment is displayed, and a "Create Provider" action is in the top right of the list.

Field Description
Provider Type Specifies the type of provider
Description Describes the purpose of the provider
Provider URL URL to connect to the provider (ie. http://marathon.mesos:8080)
Security Scheme (ie. Basic)
Username Username to Marathon service
Password Password to Marathon service
Networks JSON array of available networks
Extra Configuration JSON with additional Marathon configuration
Field Description
Provider Type Specifies the type of provider
Description Describes the purpose of the provider
Provider URL URL to connect to the provider (ie. http://marathon.mesos:8080)
Security Scheme (ie. Basic)
Username Username to Marathon service
Password Password to Marathon service
Extra Configuration JSON with additional Kong configuration


Gestalt supports event-based and limit policies leveraging lambdas to govern and customize access and behavior in intelligent ways.

The Gestalt policy engine can currently be used for two different use cases. The first is constraining what a user can do with infrastructure. We call this Limit Policies.

Policies can contain multiple rules of type event or limit.

Limit Policy Rules

Some examples of things you can do with a limit policy:

  • Restrict which user a container runs as.
  • Restrict the number of instances in a workspace or environment.
  • Restrict the cpu/mem/disk consumption in an environment.

Event Policy Rules

The second major use case for the Policy engine is around integration. We give you hooks for the deployment of resources and let you run lambdas against them. For example, let's say every time you launch a container you might need to update your ITSM solution, or maybe you don't like how we do container migrations and want to do you own. They great thing is that you can bend gestalt to do whatever you need in your programming language of choice. You don't have to modify gestalt, you just configure the behavior and point it at a lambda.


Entitlements are provided to control access and management of your deployments.

Entitlements allow access to features and functionality in Gestalt.


These are your container deployments, surfacing the control from underlying CaaS providers.

To deploy a container, click on the "Deploy Container" action on the right side of the header. Select the provider to determine the CaaS provider and desired cluster. Provide the name, description, network fields. The image field determines the image of the container to deploy in standard Docker image format. The instances, CPU, and Memory fields determine scaling. Command indicates the command to execute, and "Force pull image on every launch" does what you expect.

Field descriptions:

Field name Description
Provider CaaS Provider used to deploy container.
Name Name of container in Gestalt
Description Description of container
Network Select Network in Provider
Image Container Image to pull
Instances Number of instances to start
CPU CPU resources to allocate from provider
Memory Memory resources to allocate from provider
Command Command to execute at start
Force Pull Force pull of image on start

Field descriptions:

Field name Description
Port Mappings Port mappings for container
Volumes Volumes attached to container
Variables Environment variables
Labels Labels to set on container(s)
Healthchecks Healthchecks
Optional Additional settings


Gestalt provides a lambda execution engine support a wide array of executors for language specific and custom deployment.

You will need to provide an entry point. This is the name of the function that should be called in code. For now that is "hello.hello"

Make sure you check the Public flag. This ensures your lambda is publicly available. (eg, Gestalt Security will not protect it)

Click the next button. It will take you to a screen where you can enter environment variables for your lambda. As you have no environment variables, click next again. You should see a screen that looks like this:

  1. Give the lambda a name (eg "hello)
  2. Select the method, "Get" in this case,
  3. Give it an endpoint, endpoints must start with a slash. (eg "/sayhello")
  4. Click the (+) button
  5. After a few seconds a URL should pop up. Click the URL run the lambda.


API Endpoints

Access to lambdas are through API Endpoints defined in an environment. Theses endpoints configure endpoints in the API Gateway.

APIs contain endpoints.

Users & Groups

Gestalt manages authentication and authorization of your enterprise deployments and resources across users and groups, which can also be integrated with Active Directory and LDAP.

Users may be added to Gestalt by navigating to the organization and selecting the Users icon in the side navigation bar.

This will produce a list of users to which users can be added by clicking on the "Create User" button.

The user form will display and allow user information to be entered. Gestalt Home allows selection of the organization with the directory where the user will be found.


Gestalt Licensing controls access to functionality that is commercially available from Galactic Fog. Currently these include Active Directory / LDAP authentication, Policies, and Lambda Security.

Licenses are a string key that can be sent to you from Galactic Fog and may be updated via the Gestalt Web User Interface. To update to a new license copy the license and click on the Gestalt icon in the menu bar (next to the user icon).

This will bring up a view displaying the current license information, including which features are active. To update paste the text license into the "Update License" field and press "Update"

CaaS Federation

Gestalt providers enable managing multiple clusters of containers across DC/OS and Kubernetes.

A common use case in enterprise is the need to federate DCOS clusters. Gestalt provides first class support for this using meta service. Meta has the ability to emulate the Marathon APIs and to combine them into a single view using our federation capabilities. This lets you use the dcos command line utility as you normally would but you can see your workspaces resource across all dcos clusters.

The way this works is by pointing the dcos cli at meta for its Marathon communications. We provide a simple command line tool that makes this easy to use. It's called meta-dcos and you can find it at: