For example, you can create a custom rule to ensure that VMs in your deployment don't use the Compute Engine default service account. Once you create the rule, create and run an evaluation in Workload Manager to validate your workloads against the rule. You can then review the evaluation results and take remediation steps for any violation of these rules. This helps improve the quality, reliability, and performance of your deployments.
How it works
To evaluate workloads using custom rules, do the following:
- Identify the best practices relevant to your deployments from Google Cloud Architecture Framework.
- Create custom rules using Rego.
- Create and schedule evaluations for your workloads.
- Optional: Export evaluation results to BigQuery and set up notifications.
The following figure summarizes the process of using custom rules in Workload Manager:
Limitations
- In Preview, we recommend that you limit the number of rules to 100 rules per evaluation in Workload Manager.
- Workload Manager does not support exporting evaluation results to multi-regional BigQuery datasets. You can export evaluation results to regional BigQuery datasets.
Supported data sources
Workload Manager uses data from the following services to scan the resources that you specified for evaluation:
- Cloud Asset Inventory: For a complete list of supported resource types in Cloud Asset Inventory, see Supported asset types
- Cloud Monitoring metrics. See Supported metrics for Compute Engine.
Supported metrics for Compute Engine
The following table lists the metrics supported for Compute Engine. For more information about these metrics, see Cloud Monitoring metrics.
The "Metric type" strings in this table must be prefixed with compute.googleapis.com.
That prefix has been omitted from the entries in the table.
Display name(Metric type) |
Description Labels |
ASSET_TYPE (rule metadata) |
|---|---|---|
CPU utilization
instance/cpu/utilization
|
Fractional utilization of allocated CPU on a VM instance.
instance_name: The name of the VM instance. |
Instance_CPUUtil_Last1H
Instance_CPUUtil_Last6H
Instance_CPUUtil_Last12H
Instance_CPUUtil_Last1D |
Disk average latency
instance/disk/average_io_latency
|
Disk's average io latency in the last 60s.
device_name: The name of the disk device.
storage_type: Storage type, one of [pd-standard, pd-balanced, pd-ssd, pd-extreme, hyperdisk-extreme, hyperdisk-throughput]. |
Instance_DiskIO_Last1H
Instance_DiskIO_Last6H
Instance_DiskIO_Last12H
Instance_DiskIO_Last1D |
VM Memory Used
instance/memory/balloon/ram_used
|
Memory currently used in the VM.
instance_name: The name of the VM instance. |
Instance_MemoryUtil_Last1H
Instance_MemoryUtil_Last6H
Instance_MemoryUtil_Last12H
Instance_MemoryUtil_Last1D |
Pricing
The custom rules in Workload Manager is offered at no charge in the Preview stage.