Gestalt contains a policy engine. Policies are functions that are triggered on an event in Gestalt. These policies are executed as "serverless" lambdas. Each policy has a trigger which starts execution of the specified lambda. Policies (currently) contain two types of rules: Event rules, and Limit rules. Additional types of rules will be supported in the future.
Event rules are a generic policy which simply executes on the specified trigger. The user controls what is run by creating and specifying a lambda. This is very suited to lambdas, as they run in the CaaS environment and provide access to any of the currently supported runtimes (Java, Scala, .NET, Ruby, Python, Go, Custom).
When should I use event policies? This will be largely driven by the available triggers. The following are a list of the triggers available for event policies: - container.create.post - container.delete.post - container.scale.post - container.migrate.pre - lambda.create.post - lambda.delete.post
Note: Obviously our current triggers are centric to containers and lambdas, but this is not an exhaustive list. If you desire that a trigger be added to Gestalt Policy, please contact us and we will look into adding it
In this example we will add an event policy to an existing environment.
Policy Fields: - rule name - description - lambda - additional eval logic - filter - triggers
Limit rules are functions which can be configured and triggered to limit certain activities. Our example uses of this is to create a policy to limit a certain user or team in the number of maximum running lambdas or containers they can run, etc. In this case the limits are specifically defined and triggered on actions in Gestalt Meta.
We will start by placing the policy on an environment this time. In this situation we would like to limit the number of lambdas using in development. So we will navigate into our DEV environment.
The limits you can choose are: - container.name - container.properties.cpus - container.properties.memory - container.properties.num_instances - container.properties.image - container.properties.accepted_resource_roles - container.properties.constraints - container.properties.user - container.properties.labels - container.properties.provider.id - container.properties.force_pull - container.properties.container_type - lambda.name - lambda.properties.timeout - lambda.properties.code_type - lambda.properties.package_url - lambda.properties.public - lambda.properties.runtime
The trigger determines when the policy will run and includes: - container.create - container.delete - container.scale - container.migrate - lambda.create - lambda.delete