Proposal of Private Stacks ( Stacks for limited users ) (Re: Private Stacks ( Stacks for limited users ))


Takahito SEYAMA
 

Hi Nick,

Thanks for you reply.

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

We agree that Isolation Segments seems to be able to address similar use
cases. However, as described above, Isolation Segment can not hide
existence of the stack. We think there are cases that users (especially
using stacks that contains proprietary resources, referred in Design
Document[1]) want to hide even existence of their stacks from public.
Private Stack can address such cases.

In addition, Private Stacks allows different stacks to coexist on the same
Cell. For example, cflinuxfs2 and centos can be delivered on in one Cell,
while Private Stacks can provide centos stack for the limited users. This
will contribute reducing both resource cost and management cost because
Isolation Segments requires different cells for each different stack.

[1]
https://docs.google.com/document/d/1_540iCJlMWQw7q4-JZHKYY_Pk3fmhcJk-vurAM4DcZQ/edit#heading=h.v0o3dngekgnu

Regards,
t.seyama

2016-11-01 1:42 GMT+09:00 Nicholas Calugar <ncalugar(a)pivotal.io>:

Hi,

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

Does this cover your use case?


Thanks,

Nick

--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.

On October 31, 2016 at 8:55:39 AM, 瀬山貴仁 (t.seyama20(a)gmail.com) wrote:

Hi all,

We want "Stacks" for limited number of users. Stacks are Cloud Foundry
structure, which provides base runtime environment of applications. In the
current implementation of Cloud Foundry, all Stacks are public and shared
by all users.
However, there should be situations to use (or provide) Stack for limited
number of users. It is possible to provide a special Stack which require
additional supports, to use proprietary resource and so on.

We named these "Private Stacks". Private Stacks's Design Document is here(
https://docs.google.com/document/d/1_540iCJlMWQw7q4-
JZHKYY_Pk3fmhcJk-vurAM4DcZQ/edit?usp=sharing ). In addition, We have
already made Minimal Viable Feature and sent Pull Request(
https://github.com/cloudfoundry/cloud_controller_ng/pull/707 ).
* This Pull Request is not for merge but for discussion.

Please comment for feature to Design Document and for implementation to
Pull Request if you have any.

Regards,
t.seyama


Nicholas Calugar
 

Hi,

Without more evidence of other operators needing this feature, I’m hesitant
to introduce a new API resource. I’ll add this to our someday / maybe list
for now.


Thanks,

Nick

--
Nicholas Calugar

On November 29, 2016 at 8:51:46 AM, Takahito SEYAMA (t.seyama20(a)gmail.com)
wrote:

Hi Nick,

Thanks for you reply.

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

We agree that Isolation Segments seems to be able to address similar use
cases. However, as described above, Isolation Segment can not hide
existence of the stack. We think there are cases that users (especially
using stacks that contains proprietary resources, referred in Design
Document[1]) want to hide even existence of their stacks from public.
Private Stack can address such cases.

In addition, Private Stacks allows different stacks to coexist on the same
Cell. For example, cflinuxfs2 and centos can be delivered on in one Cell,
while Private Stacks can provide centos stack for the limited users. This
will contribute reducing both resource cost and management cost because
Isolation Segments requires different cells for each different stack.

[1]
https://docs.google.com/document/d/1_540iCJlMWQw7q4-JZHKYY_Pk3fmhcJk-vurAM4DcZQ/edit#heading=h.v0o3dngekgnu

Regards,
t.seyama

2016-11-01 1:42 GMT+09:00 Nicholas Calugar <ncalugar(a)pivotal.io>:

Hi,

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

Does this cover your use case?


Thanks,

Nick

--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.

On October 31, 2016 at 8:55:39 AM, 瀬山貴仁 (t.seyama20(a)gmail.com) wrote:

Hi all,

We want "Stacks" for limited number of users. Stacks are Cloud Foundry
structure, which provides base runtime environment of applications. In the
current implementation of Cloud Foundry, all Stacks are public and shared
by all users.
However, there should be situations to use (or provide) Stack for limited
number of users. It is possible to provide a special Stack which require
additional supports, to use proprietary resource and so on.

We named these "Private Stacks". Private Stacks's Design Document is here(
https://docs.google.com/document/d/1_540iCJlMWQw7q4-
JZHKYY_Pk3fmhcJk-vurAM4DcZQ/edit?usp=sharing ). In addition, We have
already made Minimal Viable Feature and sent Pull Request(
https://github.com/cloudfoundry/cloud_controller_ng/pull/707 ).
* This Pull Request is not for merge but for discussion.

Please comment for feature to Design Document and for implementation to
Pull Request if you have any.

Regards,
t.seyama


Takahito SEYAMA
 

Hi Nick,

Thank you for reply.

Without more evidence of other operators needing this feature, I’m
hesitant to introduce a new API resource.
We understand your thought. So we will try to ask other operators to review
our proposal.


Dear All,

Please comment this thread if you know operators needing this feature.

Regards,
t.seyama


2016-11-30 1:54 GMT+09:00 Nicholas Calugar <ncalugar(a)pivotal.io>:

Hi,

Without more evidence of other operators needing this feature, I’m
hesitant to introduce a new API resource. I’ll add this to our someday /
maybe list for now.


Thanks,

Nick

--
Nicholas Calugar

On November 29, 2016 at 8:51:46 AM, Takahito SEYAMA (t.seyama20(a)gmail.com)
wrote:

Hi Nick,

Thanks for you reply.

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

We agree that Isolation Segments seems to be able to address similar use
cases. However, as described above, Isolation Segment can not hide
existence of the stack. We think there are cases that users (especially
using stacks that contains proprietary resources, referred in Design
Document[1]) want to hide even existence of their stacks from public.
Private Stack can address such cases.

In addition, Private Stacks allows different stacks to coexist on the same
Cell. For example, cflinuxfs2 and centos can be delivered on in one Cell,
while Private Stacks can provide centos stack for the limited users. This
will contribute reducing both resource cost and management cost because
Isolation Segments requires different cells for each different stack.

[1] https://docs.google.com/document/d/1_540iCJlMWQw7q4-
JZHKYY_Pk3fmhcJk-vurAM4DcZQ/edit#heading=h.v0o3dngekgnu

Regards,
t.seyama

2016-11-01 1:42 GMT+09:00 Nicholas Calugar <ncalugar(a)pivotal.io>:

Hi,

This capability seems to be covered by Isolation Segments. You will be
able to assign a space to have access to an Isolation Segment where the
“private” stack is available. Other spaces, while able to see the “private”
stack with `cf stacks`, won’t be able to deploy apps to that Isolation
Segment and will have to use the default stack.

Does this cover your use case?


Thanks,

Nick

--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.

On October 31, 2016 at 8:55:39 AM, 瀬山貴仁 (t.seyama20(a)gmail.com) wrote:

Hi all,

We want "Stacks" for limited number of users. Stacks are Cloud Foundry
structure, which provides base runtime environment of applications. In the
current implementation of Cloud Foundry, all Stacks are public and shared
by all users.
However, there should be situations to use (or provide) Stack for limited
number of users. It is possible to provide a special Stack which require
additional supports, to use proprietary resource and so on.

We named these "Private Stacks". Private Stacks's Design Document is
here( https://docs.google.com/document/d/1_540iCJlMWQw7q4-JZHKYY_
Pk3fmhcJk-vurAM4DcZQ/edit?usp=sharing ). In addition, We have already
made Minimal Viable Feature and sent Pull Request(
https://github.com/cloudfoundry/cloud_controller_ng/pull/707 ).
* This Pull Request is not for merge but for discussion.

Please comment for feature to Design Document and for implementation to
Pull Request if you have any.

Regards,
t.seyama