About custom rules in Workload Manager

Workload Manager supports using customized rules that help you validate your workloads against best practices recommended by your organization.

For example, to ensure that the virtual machines (VMs) in your deployment don't use the Compute Engine default service account, you can create a custom rule. After you create the rule, create and run an evaluation in Workload Manager to validate your workloads against the rule. You can then review the evaluation results and take remediation steps for any violation of these rules. This helps improve the quality, reliability, and performance of your deployments.

How it works

To evaluate workloads using custom rules, do the following:

  1. Identify the best practices relevant to your deployments from Google Cloud Architecture Framework.
  2. Create custom rules using Rego.
  3. Create and schedule evaluations for your workloads.
  4. Optional: Export evaluation results to BigQuery and set up notifications.

The following figure summarizes the process of using custom rules in Workload Manager:

How custom rules work in Workload Manager

Limitations

The following limitations apply to custom rules in Workload Manager:

  • You can include a maximum of 300 rules per evaluation in Workload Manager. More number of rules can slow down the evaluation process. We recommend that you split your rules across multiple evaluations.
  • Workload Manager does not support exporting evaluation results to multi-regional BigQuery datasets. You can export evaluation results to regional BigQuery datasets.

Supported data sources

Workload Manager uses data from the following services to scan the resources that you specified for evaluation:

Supported metrics for Compute Engine

The following table lists the metrics supported for Compute Engine. For more information about these metrics, see Cloud Monitoring metrics.

The "Metric type" strings in this table must be prefixed with compute.googleapis.com. That prefix has been omitted from the entries in the table.

Display name
(Metric type)
Description
Labels
ASSET_TYPE
(rule metadata)
CPU utilization
instance/cpu/utilization
Fractional utilization of allocated CPU on a VM instance.
instance_name: The name of the VM instance.
Instance_CPUUtil_Last1H
Instance_CPUUtil_Last6H
Instance_CPUUtil_Last12H
Instance_CPUUtil_Last1D
Disk average latency
instance/disk/average_io_latency
Disk's average io latency in the last 60s.
device_name: The name of the disk device.
storage_type: Storage type, one of [pd-standard, pd-balanced, pd-ssd, pd-extreme, hyperdisk-extreme, hyperdisk-throughput].
Instance_DiskIO_Last1H
Instance_DiskIO_Last6H
Instance_DiskIO_Last12H
Instance_DiskIO_Last1D
VM Memory Used
instance/memory/balloon/ram_used
Memory currently used in the VM.
instance_name: The name of the VM instance.
Instance_MemoryUtil_Last1H
Instance_MemoryUtil_Last6H
Instance_MemoryUtil_Last12H
Instance_MemoryUtil_Last1D

Pricing

For pricing information, see Workload Manager Pricing.

What's next