Gestalt Policy

Policies

Gestalt contains a policy engine. Policies are functions that are triggered on an event in Gestalt. These policies are executed as "serverless" lambdas. Each policy has a trigger which starts execution of the specified lambda. Policies (currently) contain two types of rules: Event rules, and Limit rules. Additional types of rules will be supported in the future.

Gestalt Policies

Event rules

Event rules are a generic policy which simply executes on the specified trigger. The user controls what is run by creating and specifying a lambda. This is very suited to lambdas, as they run in the CaaS environment and provide access to any of the currently supported runtimes (Java, Scala, .NET, Ruby, Python, Go, Custom).

When should I use event policies? This will be largely driven by the available triggers. The following are a list of the triggers available for event policies: - container.create.post - container.delete.post - container.scale.post - container.migrate.pre - lambda.create.post - lambda.delete.post

Note: Obviously our current triggers are centric to containers and lambdas, but this is not an exhaustive list. If you desire that a trigger be added to Gestalt Policy, please contact us and we will look into adding it

In this example we will add an event policy to an existing environment.

Policy Fields: - rule name - description - lambda - additional eval logic - filter - triggers

Limit Rules

Limit rules are functions which can be configured and triggered to limit certain activities. Our example uses of this is to create a policy to limit a certain user or team in the number of maximum running lambdas or containers they can run, etc. In this case the limits are specifically defined and triggered on actions in Gestalt Meta.

We will start by placing the policy on an environment this time. In this situation we would like to limit the number of lambdas using in development. So we will navigate into our DEV environment.

The limits you can choose are: - container.name - container.properties.cpus - container.properties.memory - container.properties.num_instances - container.properties.image - container.properties.accepted_resource_roles - container.properties.constraints - container.properties.user - container.properties.labels - container.properties.provider.id - container.properties.force_pull - container.properties.container_type - lambda.name - lambda.properties.timeout - lambda.properties.code_type - lambda.properties.package_url - lambda.properties.public - lambda.properties.runtime

The trigger determines when the policy will run and includes: - container.create - container.delete - container.scale - container.migrate - lambda.create - lambda.delete