Adding custom Workload Manager GCP rules: Compare workloads to tailored best practices. Are you an IT administrator or cloud architect responsible for creating configuration validation reports and making sure deployments adhere to best practices? Adopting best practices might be difficult. And not just the first time: it’s famously hard to make sure that a configuration doesn’t stray from organization-wide best practices over time.
Workload Manager GCP is a rule-based validation solution to assess your Google Cloud workloads. To enhance system quality, dependability, and performance, Workload Manager GCP examines your workloads including SAP and Microsoft SQL Server for deviations from best practices, standards, and regulations.
Introducing custom rules in Workload Manager
Google Cloud is thrilled to introduce custom rules (GA), a detective-based tool that helps make sure your validations aren’t preventing any deployments but also makes it simple to identify compliance concerns across various architectural purposes, to Workload Manager GCP currently. To assist guarantee that your Google Cloud deployments across Projects, Folders, and Orgs are compliant, you can now flexibly and reliably test them against industry best practices and unique requirements.
In just a few minutes, learn how to begin using Workload Manager GCP custom rules.
Codify best practices and validate resources
Run or schedule assessment scans across your installations, identify best practices from the Google Cloud Architecture Framework that apply to your deployments, and codify them in Rego, a declarative policy language used to express policies and build rules over complicated data structures.
What is Rego?
Datalog, a well-known query language that has been around for decades, served as the model for Rego. Rego adds support for structured document types like JSON to Datalog.
Rego queries are statements about OPA data. Policies that list instances of data that deviate from the system’s anticipated state can be defined using these queries.
Why Use Rego ?
To create policies that are simple to understand and write, use Rego.
Rego focusses on making sure that searches are accurate and clear while offering strong support for referencing nested documents.
Because Rego is declarative, policy authors may concentrate on the results of queries rather than the execution of those queries. Compared to the equivalent in an imperative language, these enquiries are clearer and shorter.
OPA may optimise queries to increase performance, much like other programs that support declarative query languages.
Google Cloud Architecture Framework
To assist architects, developers, administrators, and other cloud practitioners in creating and managing a cloud topology that is safe, effective, robust, high-performing, and economical, the Google Cloud Architecture Framework offers guidelines. Google Cloud take on a well-architected framework is the Google Cloud Architecture Framework.
The Architecture Framework’s proposals are validated by a cross-functional group of Google specialists. The Architecture Framework is curated by the team to take into account community expertise, industry best practices, Google Cloud’s growing capabilities, and your input. See What’s new for an overview of the major updates to the Architecture Framework.
Applications developed for the cloud, Workload Manager GCP moved from on-premises to Google Cloud, hybrid cloud deployments, and multi-cloud environments are all impacted by the Architecture Framework.
Architecture Framework pillars and perspectives
The following diagram illustrates the five pillars that make up the Google Cloud Architecture Framework. Additionally, Google Cloud provide cross-pillar viewpoints that concentrate on suggestions for certain fields, sectors, and technological advancements like artificial intelligence (AI) and machine learning (ML).Depending on your preferences, you can make new Rego rules or ask your account team for assistance in creating new rules.
Export findings to BigQuery dataset and visualize them using Looker
You may create a new Looker dashboard, export findings to Google Sheets for remediation step planning, or set up your own BigQuery dataset to export each validation scan and effortlessly connect it with your current reporting systems.
Depending on various evaluation success criteria, you may also set up Pub/Sub-based alerts to send emails, Google Chat messages, or link with your third-party systems.
A flexible system to do more than typical config validation
You may create rules with intricate logic and validation requirements that span several domains by using custom rules. You may speed up the release of new policies and cut down on development time by assigning build and management to your subject matter experts.
Additionally, central BigQuery table export makes it simple to link with your reporting system and consolidate infraction results from several assessments to create a common compliance program.
