What a subnet controls
A subnet is the governance boundary for workload placement decisions and connected capacity.| User path | How the subnet is used |
|---|---|
| Build | Choose the subnet that should manage and govern the workload. |
| Operate | Manage the subnet, runtime policy, and admission rules. |
| Provide | Connect nodes that can provide capacity. |
Slugs and names
Every subnet has a slug. Commands can use a subnet slug to identify the subnet. A subnet name is a human-readable alias that can point to a subnet slug. Names are useful when people should refer to a subnet by a stable label instead of a numeric slug.Regions
Create a subnet in a region:idyl region list to see available regions. Use idyl region enable <region> when the account should allow new workload creation in approved subnets whose control plane is domiciled in that region.
Admission
Subnet admission controls two kinds of participation:| Admission type | Controls |
|---|---|
developer | Which accounts may submit workloads to the subnet. |
provider | Which fleets or nodes may join as capacity. |
open, approval, and invite. Admission grants can target developer accounts, provider fleets, or provider nodes.
Runtime policy
Subnet runtime policy controls which workload isolation classes a subnet accepts. For example, a subnet can allow onlymicrovm workloads, require
workloads to state their isolation class explicitly, or provide a default
isolation class for workloads that omit one.
Runtime policy is separate from admission. A provider node can be admitted to a
subnet but still be incompatible with a workload’s requested isolation class.
For the builder, operator, and provider model, see
Workload isolation.