Workload Manager supports using customized rules that help you validate your workloads against best practices recommended by your organization.
For example, to ensure that the virtual machines (VMs) in your deployment don't use the Compute Engine default service account, you can create a custom rule. After you create the rule, create and run an evaluation in Workload Manager to validate your workloads against the rule. You can then review the evaluation results and take remediation steps for any violation of these rules. This helps improve the quality, reliability, and performance of your deployments.
How it works
To evaluate workloads using custom rules, do the following:
- Identify the best practices relevant to your deployments from Google Cloud Architecture Framework.
- Create custom rules using Rego.
- Create and schedule evaluations for your workloads.
- Optional: Export evaluation results to BigQuery and set up notifications.
The following figure summarizes the process of using custom rules in Workload Manager:
Limitations
The following limitations apply to custom rules in Workload Manager:
- You can include a maximum of 300 rules per evaluation in Workload Manager. More number of rules can slow down the evaluation process. We recommend that you split your rules across multiple evaluations.
- Workload Manager does not support exporting evaluation results to multi-regional BigQuery datasets. You can export evaluation results to regional BigQuery datasets.
Supported data sources
Workload Manager uses data from the following services to scan the resources that you specified for evaluation:
- Cloud Asset Inventory: For a complete list of supported resource types in Cloud Asset Inventory, see Supported asset types
- Cloud Monitoring metrics. See Supported metrics for Compute Engine.
Supported metrics for Compute Engine
The following table lists the metrics supported for Compute Engine. For more information about these metrics, see Cloud Monitoring metrics.
The "Metric type" strings in this table must be prefixed with compute.googleapis.com.
That prefix has been omitted from the entries in the table.
Display name(Metric type) |
Description Labels |
ASSET_TYPE (rule metadata) |
|---|---|---|
CPU utilization
instance/cpu/utilization
|
Fractional utilization of allocated CPU on a VM instance.
instance_name: The name of the VM instance. |
Instance_CPUUtil_Last1H
Instance_CPUUtil_Last6H
Instance_CPUUtil_Last12H
Instance_CPUUtil_Last1D |
Disk average latency
instance/disk/average_io_latency
|
Disk's average io latency in the last 60s.
device_name: The name of the disk device.
storage_type: Storage type, one of [pd-standard, pd-balanced, pd-ssd, pd-extreme, hyperdisk-extreme, hyperdisk-throughput]. |
Instance_DiskIO_Last1H
Instance_DiskIO_Last6H
Instance_DiskIO_Last12H
Instance_DiskIO_Last1D |
VM Memory Used
instance/memory/balloon/ram_used
|
Memory currently used in the VM.
instance_name: The name of the VM instance. |
Instance_MemoryUtil_Last1H
Instance_MemoryUtil_Last6H
Instance_MemoryUtil_Last12H
Instance_MemoryUtil_Last1D |
Pricing
For pricing information, see Workload Manager Pricing.