Skip to main content

Restrictions

Available through: CLI, Python SDK, Rust SDK, API

This document details how to use restrictions with Seaplane Global Managed Compute (MGC). It aims to explain the high-level concepts around restrictions. For specific implementation examples have a look at the API specification.

Restriction Types

Managed Global Compute supports three types of restrictions. In the sections below we will go into more detail for each specific restriction type.

  • Region restrictions
  • Provider restrictions
  • Architecture restrictions

There are three restriction modifiers available for each restriction type.

  1. Require - Seaplane is required to deploy your workload here. For example, require: region/xu ensures your workload is always deployed in the UK.
  2. Allow - Seaplane is allowed to deploy your workload here. For example, allow: region/xu allows but does not guarantee a workload is deployed in the UK.
  3. Deny - Seaplane is not allowed to deploy your workload here. For example, deny: region/xu excludes the UK from the possible deployment locations.
caution

Setting too strict restrictions can impact the performance of your application.

Region Restrictions

Region restrictions affect the regions or countries in which workloads are allowed, denied or required to run. Seaplane uses Alpha-2 codes to identify regions. For more information about Seaplane regions have a look at the regions documentation..

Managed Global Compute supports the following regions:

2-letter codeFull Name
AEUnited Arab Emirates
AUAustralia
BEBelgium
BHBahrain
BRBrazil
CACanada
CHSwitzerland
CLChile
DEGermany
ESSpain
FIFinland
FRFrance
GBUnited Kingdom of Great Britain and Northern Ireland
HKHong Kong
IDIndonesia
IERepublic of Ireland
INIndia
ITItaly
JPJapan
KRKorea, Republic of
NLNetherlands
PLPoland
RORomania
SESweden
SGSingapore
TWTaiwan
USUnited States of America
ZASouth Africa
In addtion to countries the following grouped geo-regions are available
XAAsia
XCPeople's Republic of China
XEEurope
XFAfrica
XNNorth America
XOOceania
XQAntartica
XSSouth America
XUThe UK

Provider Restrictions

Provider restrictions affect the providers that MGC is allowed, denied or required to use. Managed Global Compute supports the following providers:

Full NameAlias
Amazon Web Servicesaws
Microsoft Azureazure
Digtial Oceandigitalocean
Equinixequinix
Google Cloud Platformgcp

Architecture Restrictions

Architecture restrictions affect the architectures a deployment on MGC can use. Currently we support X86 and ARM workloads.

Order of evaluation

Restrictions are evaluated from negative to positive (deny, allow, require). The default state i.e when no restrictions are in place is allow everything. Below are two real-world examples to help you better understand the order of evaluation.

example 1

Suppose you want to restrict a workload to run anywhere in Europe but not in Germany. You can achieve this by setting up the following two restrictions.

  • Deny country/de (Germany)
  • Allow region/xe (Europe)

In the order of evaluation Seaplane first looks for deny. There is one that denies the workload to run in Germany. Step two Seaplane looks at the allow restrictions. There is one that allows the workload to run in the European Union. In the third and final step Seaplane looks at the require restrictions. There are none.

The API request to launch a formation with these restrictions would look something like this. For more specific use cases and the full API reference have a look at the MGC documentation

curl "https://compute.cplane.cloud/v1/formations/<FORMATION-NAME>" \
--header "Authorization: Bearer ${TOKEN}" \
--data '{ "flights": [
{
"name": "<FLIGHT-NAME>",
"image": "<IMAGE-URL>",
"architecture": [
"amd64"
],
"regions_denied" : [
"country/de"
],
"regions_allowed" : [
"region/xe"
],
"api_permission": false
}]}' \
--request POST

example 2

Suppose you have a workload that needs to run in North-America, is allowed to run in Europe but not allowed to run in the UK. You can achieve this by setting up three restrictions.

  • Deny region/xu (UK)
  • Allow region/xe (Europe)
  • Require region/xn (North-America)

In the order of evaluation Seaplane first looks for deny. There is one that denies the workload to run in the UK. Step two Seaplane looks at the allow restrictions. There is one that allows the workload to run in Europe. Finally, Seaplane looks at the require restrictions. There is one that requires the workload to run in North-America.

The API request to launch a formation with these restrictions would look something like this. For more specific use cases and the full API reference have a look at the MGC documentation

curl "https://compute.cplane.cloud/v1/formations/<FORMATION-NAME>" \
--header "Authorization: Bearer ${TOKEN}" \
--data '{ "flights": [
{
"name": "<FLIGHT-NAME>",
"image": "<IMAGE-URL>",
"architecture": [
"amd64"
],
"regions_denied" : [
"country/xu"
],
"regions_allowed" : [
"region/xe"
],
"regions_required" : [
"region/xn"
],
"api_permission": false
}]}' \
--request POST

If you have specific questions about how to set up restrictions don't hesitate to contact our support.