Evaluate your workloads using custom rules

This document describes how to use custom rules in Workload Manager to evaluate your workloads against best practices recommended for your organization.

For more information, see About custom rules in Workload Manager.

Before you begin

Create custom rules using Rego and upload rules to a Cloud Storage bucket.
Enable the following APIs in your Google Cloud project where you create and run the evaluation:
- Service Usage API
- Cloud Monitoring API

Required roles

For more information about the required IAM roles, see required permissions to create and run an evaluation.

Evaluate workloads using custom rules

To create a workload evaluation using custom rules, follow these steps:

In the Google Cloud console, go to the Workload Manager page.

Go to Workload Manager.
Select a Google Cloud project.
If prompted, to enable the required API for Workload Manager, click Enable.
Click New evaluation.
In the Evaluation details section, do the following:
1. For Evaluation name, enter a name for the workload evaluation.
2. For Workload type, select Custom.
3. Select the Cloud Storage bucket containing the custom rules.
  
  You can use the sample rules available in the GoogleCloudPlatform/workload-manager GitHub repository or build your own rules and upload them to the Cloud Storage bucket. For more information, see Write custom rules using Rego.
4. In the Location for evaluation data section, select the Regions where you want Workload Manager to store the evaluation data.
5. Optional: To export evaluation results to a BigQuery dataset, select Save evaluation results to BigQuery dataset, and then specify the name of the dataset.
  
  Note: Ensure that the BigQuery dataset is regional. Workload Manager doesn't support exporting data to multi-region datasets. You must also create and use a dataset in the same region as the one you selected for evaluation in the previous step. If your organization uses a Resource Location Restriction policy, then create a BigQuery dataset in one of the allowed regions and Workload Manager supported regions.
6. Optional: To create a separate table for each evaluation, click Create a new results table for this evaluation.
Click Continue.
In the Evaluation scope section, select the resources that you want to include in the evaluation.
1. Click Browse scopes and select the organizations, folders, or projects in which you want to run the evaluation.
2. Optional: In the Apply filters to resources section, use filters to only select specific resources.
Click Continue.
In the Evaluation rules section, select the custom rules you want to validate the selected resources against.
In the Scheduling section, select the frequency at which you want the evaluation to run.
Click Continue.
In the Notifications section, select the notification channel and select the events for which you want to receive notifications.
Click Continue.
Review the evaluation settings, and then click Create.

Run the evaluation

To run a workload evaluation, follow these steps:

In the Google Cloud console, go to the Workload Manager page.

Go to Workload Manager.
Click the Evaluation name.
On the Evaluation information page, click Run. A workload evaluation takes a few minutes to complete. There might be evaluations that aren't completely real-time due to the time it takes for an evaluation to complete.

What's next

Learn more about workload evaluations.