How runtime policy works
IDYL keeps three concepts separate:| Concept | Example | Controlled by |
|---|---|---|
| Subnet runtime policy | allowedIsolationClasses: ["microvm"], allowedVMMBackends: ["firecracker"] | Subnet operator |
| Workload isolation intent | --isolation-class microvm | Workload author |
| Node runtime preset | --runtime-profile containerd-kata-qemu | Provider node operator |
| Isolation class | Meaning |
|---|---|
container | Standard container isolation. Docker Engine and containerd/runc nodes can satisfy this class. |
microvm | MicroVM-backed workload runtime. The supported provider path is containerd with Kata Containers and an explicit Kata backend profile. |
microvm policy, a subnet can also restrict compatible Kata VMM backends:
| VMM backend | Matching node profiles |
|---|---|
qemu | containerd-kata-qemu |
firecracker | containerd-kata-firecracker |
microvm is not a cryptographic attestation claim. It means IDYL schedules the
workload for a node that reports a compatible microVM runtime path. It does not
prove confidential-computing execution.
Choose a policy
| Policy | Use it when |
|---|---|
| No runtime policy | The subnet should not apply a subnet-level isolation rule. |
microvm with a default | Most workloads in the subnet should run as microvm, and workload authors may omit --isolation-class. |
Strict microvm | Every workload author must explicitly request --isolation-class microvm. |
microvm with a VMM backend | The subnet should accept only explicit Kata backend capacity, such as QEMU or Firecracker. |
container and microvm | The subnet accepts both classes, and each workload should state the intended isolation class. |
Create a subnet with runtime policy
Create a subnet with no runtime policy:microvm subnet with defaulting. Workloads that omit
--isolation-class inherit microvm:
microvm subnet. Workloads must explicitly request
--isolation-class microvm:
microvm subnet that accepts only Kata + Firecracker nodes:
microvm subnet that accepts either Kata + QEMU or Kata +
Firecracker nodes:
container and microvm workloads:
Update an existing subnet
Set or replace runtime policy:microvm subnet to a specific Kata backend:
--allowed-isolation-class is required.
--default-isolation-class is optional, but when present it must be one of the
allowed isolation classes. --allowed-vmm-backend is optional and only applies
when microvm is an allowed isolation class.
Verify the policy
Inspect the subnet:runtimePolicy object.
Workload admission behavior
When a workload is created in a subnet with runtime policy, IDYL resolves the effective isolation class in this order:- If the workload sets
--isolation-class, IDYL uses that explicit value. - Otherwise, if the subnet sets
defaultIsolationClass, IDYL uses the subnet default. - Otherwise, if the subnet has runtime policy but no default, IDYL rejects the workload because an isolation class is required.
allowedIsolationClasses.
This workload is accepted by a microvm subnet:
defaultIsolationClass: microvm:
microvm-only subnet:
--isolation-class is rejected with a message that includes:
Coordinate compatible capacity
Runtime policy does not install runtimes or approve provider capacity. Provider nodes must still be admitted to the subnet, and each node must report runtime metadata that can satisfy the policy.--runtime-profile selects a named preset. The preset writes the provider,
runtime type, and default local runtime settings. Use --runtime-provider only
when you are not using a preset and need to provide raw runtime settings.
| Runtime profile | Isolation class it can satisfy |
|---|---|
docker | container |
containerd-runc | container |
containerd-kata-qemu | microvm |
containerd-kata-firecracker | microvm |
containerd-kata-* as shorthand for the family of explicit Kata backend
profiles. It is not a runtime profile value accepted by the CLI.
Join a Kata-capable node to a subnet:
microvm policy.
Inspect connected nodes:
Scheduling behavior
After a workload passes admission, the scheduler uses the effective isolation class and node runtime metadata. Formicrovm, the node must report a compatible microVM runtime path. Docker
and containerd/runc are not compatible with microvm, and IDYL does not
downgrade microvm workloads to container. Backend selection is controlled
by node configuration and subnet runtime policy, not by a workload-level
runtime-profile flag.
If no compatible node is available, the workload remains unplaced until
compatible capacity is available. Runtime compatibility errors include the
requested isolation class, for example:
Troubleshooting
| Symptom | What to check |
|---|---|
Workload is rejected with isolation.class is required by subnet runtimePolicy | The subnet has runtime policy but no default. Add --isolation-class to the workload or set --default-isolation-class on the subnet. |
Workload is rejected with isolation.class "container" is not allowed | The workload requested an isolation class that is not in allowedIsolationClasses. |
| Node is admitted but workloads do not schedule there | Confirm the node profile matches the workload isolation class and that the node is reporting healthy runtime metadata. |
microvm workloads do not place | Confirm the subnet has admitted at least one healthy containerd-kata-qemu or containerd-kata-firecracker node with available capacity. |
container workloads do not place | Confirm the subnet has admitted healthy Docker or containerd/runc capacity. |