us-east or ca-west. Workloads deployed to that subnet are managed by that regional control plane; their actual execution happens on admitted data-plane capacity, which may be outside the region depending on the subnet’s provider capacity and admission policy.
What is global
Global services manage the account and the resources that define how the account is used.| Global area | What it controls |
|---|---|
| Account | Ownership, account settings, and account-scoped resources. |
| Identity and access | Members, groups, service accounts, profiles, assignments, and tokens. |
| Organizations | Multi-account administration, invitations, and organizational units. |
| Namespaces | Account-scoped grouping for workload resources. |
| Subnet discovery and names | The catalog and aliases used to find subnets. |
idyl whoami to see the current account, profile, namespace, and subnet selected by the CLI.
What is regional
Regional resources define where subnet control-plane state and workload orchestration live. They do not guarantee where data-plane nodes physically run.| Regional area | What it controls |
|---|---|
| Region | The control-plane domicile for subnets and workload orchestration. |
| Subnet | The governed compute environment whose control plane lives in a region. |
| Workloads | Deployments, jobs, cron jobs, replica sets, and pods managed through a subnet. |
| Capacity | Nodes and fleets admitted to provide data-plane capacity for a subnet. |
Account deployment policy
Approving a subnet and enabling a region are separate account decisions.| Decision | Command |
|---|---|
| Allow new workloads in subnets whose control plane is domiciled in a region | idyl region enable <region> |
| Stop new workloads in subnets whose control plane is domiciled in a region | idyl region disable <region> |
| Approve a subnet as a deployment target | idyl subnet approve <subnet> |
| Remove subnet deploy approval | idyl subnet unapprove <subnet> |
- the subnet is approved for the account
- the subnet’s region is enabled for the account
Choosing a region
Choose the region that matches the subnet’s control-plane, governance, and operational needs.| Need | Region choice |
|---|---|
| Lower control-plane latency | Choose the region closest to the people and systems operating the subnet. |
| Control-plane residency | Choose a region that matches where subnet metadata and orchestration should live. |
| Operational separation | Use different regional subnets for workloads that should be governed apart. |
| Account-wide governance | Enable only the regions that the account is allowed to use. |