A few things to be sure cover:
- How to ensure that a volume is not shared with other frameworks. Previously, this meant running only 1 framework in the role and using ACLs to prevent other frameworks from running in the role. With hierarchical roles, this now also includes using ACLs to prevent any child roles from being created beneath the role (as these children would be able to obtain the reserved resources). We've been advising frameworks to generate a role (e.g. eng/kafka/<instance-id>) to ensure that they own their reservations (but the dynamic nature of this makes setting up ACLs difficult). Longer term, we may need a more explicit way to bind reservations or volumes to frameworks.