Restrictions
Available through: CLI, Python SDK, Rust SDK, API
This document details how to use restrictions with Seaplane Global Managed Compute (MGC). It aims to explain the high-level concepts around restrictions. For specific implementation examples have a look at the API specification.
Restriction Types​
Managed Global Compute supports three types of restrictions. In the sections below we will go into more detail for each specific restriction type.
- Region restrictions
- Provider restrictions
- Architecture restrictions
There are three restriction modifiers available for each restriction type.
- Require - Seaplane is required to deploy your workload here. For example,
require: region/xuensures your workload is always deployed in the UK. - Allow - Seaplane is allowed to deploy your workload here. For example,
allow: region/xuallows but does not guarantee a workload is deployed in the UK. - Deny - Seaplane is not allowed to deploy your workload here. For example,
deny: region/xuexcludes the UK from the possible deployment locations.
Setting too strict restrictions can impact the performance of your application.
Region Restrictions​
Region restrictions affect the regions or countries in which workloads are allowed, denied or required to run. Seaplane uses Alpha-2 codes to identify regions. For more information about Seaplane regions have a look at the regions documentation..
Managed Global Compute supports the following regions:
| 2-letter code | Full Name |
|---|---|
| AE | United Arab Emirates |
| AU | Australia |
| BE | Belgium |
| BH | Bahrain |
| BR | Brazil |
| CA | Canada |
| CH | Switzerland |
| CL | Chile |
| DE | Germany |
| ES | Spain |
| FI | Finland |
| FR | France |
| GB | United Kingdom of Great Britain and Northern Ireland |
| HK | Hong Kong |
| ID | Indonesia |
| IE | Republic of Ireland |
| IN | India |
| IT | Italy |
| JP | Japan |
| KR | Korea, Republic of |
| NL | Netherlands |
| PL | Poland |
| RO | Romania |
| SE | Sweden |
| SG | Singapore |
| TW | Taiwan |
| US | United States of America |
| ZA | South Africa |
| In addtion to countries the following grouped geo-regions are available | |
| XA | Asia |
| XC | People's Republic of China |
| XE | Europe |
| XF | Africa |
| XN | North America |
| XO | Oceania |
| XQ | Antartica |
| XS | South America |
| XU | The UK |
Provider Restrictions​
Provider restrictions affect the providers that MGC is allowed, denied or required to use. Managed Global Compute supports the following providers:
| Full Name | Alias |
|---|---|
| Amazon Web Services | aws |
| Microsoft Azure | azure |
| Digtial Ocean | digitalocean |
| Equinix | equinix |
| Google Cloud Platform | gcp |
Architecture Restrictions​
Architecture restrictions affect the architectures a deployment on MGC can
use. Currently we support X86 and ARM workloads.
Order of evaluation​
Restrictions are evaluated from negative to positive (deny, allow, require). The default state i.e when no restrictions are in place is allow everything. Below are two real-world examples to help you better understand the order of evaluation.
example 1​
Suppose you want to restrict a workload to run anywhere in Europe but not in Germany. You can achieve this by setting up the following two restrictions.
- Deny
country/de(Germany) - Allow
region/xe(Europe)
In the order of evaluation Seaplane first looks for deny. There is one that denies the workload to run in Germany. Step two Seaplane looks at the allow restrictions. There is one that allows the workload to run in the European Union. In the third and final step Seaplane looks at the require restrictions. There are none.
The API request to launch a formation with these restrictions would look something like this. For more specific use cases and the full API reference have a look at the MGC documentation
curl "https://compute.cplane.cloud/v1/formations/<FORMATION-NAME>" \
--header "Authorization: Bearer ${TOKEN}" \
--data '{ "flights": [
{
"name": "<FLIGHT-NAME>",
"image": "<IMAGE-URL>",
"architecture": [
"amd64"
],
"regions_denied" : [
"country/de"
],
"regions_allowed" : [
"region/xe"
],
"api_permission": false
}]}' \
--request POST
example 2​
Suppose you have a workload that needs to run in North-America, is allowed to run in Europe but not allowed to run in the UK. You can achieve this by setting up three restrictions.
- Deny
region/xu(UK) - Allow
region/xe(Europe) - Require
region/xn(North-America)
In the order of evaluation Seaplane first looks for deny. There is one that denies the workload to run in the UK. Step two Seaplane looks at the allow restrictions. There is one that allows the workload to run in Europe. Finally, Seaplane looks at the require restrictions. There is one that requires the workload to run in North-America.
The API request to launch a formation with these restrictions would look something like this. For more specific use cases and the full API reference have a look at the MGC documentation
curl "https://compute.cplane.cloud/v1/formations/<FORMATION-NAME>" \
--header "Authorization: Bearer ${TOKEN}" \
--data '{ "flights": [
{
"name": "<FLIGHT-NAME>",
"image": "<IMAGE-URL>",
"architecture": [
"amd64"
],
"regions_denied" : [
"country/xu"
],
"regions_allowed" : [
"region/xe"
],
"regions_required" : [
"region/xn"
],
"api_permission": false
}]}' \
--request POST
If you have specific questions about how to set up restrictions don't hesitate to contact our support.