New Policy Controller bundle finds Kubernetes policy violations

Kubernetes groups must do extra than simply run their essential workloads; in addition they have to make sure these workloads are dependable and cost-effective. Our current State of Kubernetes Price Optimization Report offers prescriptive finest practices for value optimization, and we’ve included a lot of them into the brand new Coverage Controller Price and Reliability coverage bundle, which routinely identifies potential workload enhancements, so you’ll be able to obtain higher reliability and price effectivity.

Google Kubernetes Engine (GKE) Coverage Controller enables you to implement absolutely programmable insurance policies in your clusters, the place a coverage bundle is a pre-built set of constraints that Google Cloud creates and maintains. Coverage bundles assist audit your cluster sources in opposition to Kubernetes requirements, business requirements, or Google Cloud-recommended finest practices. There are numerous coverage bundles out there, and new or current customers can use them simply with out writing a single line of code. It’s also possible to view the standing of coverage bundle protection and compliance in your fleet of clusters utilizing the Coverage Controller dashboard.

The brand new Price and Reliability coverage bundle

Whenever you evaluation violations with the brand new Price and Reliability coverage bundle, you as a Kubernetes administrator can view how effectively your functions align with value and reliability suggestions.

The Price and Reliability coverage bundle requires the next configuration:

1. A PodDisruptionBudget configuration
2. Setting cpu and reminiscence requests following finest practices
3. The next labels: setting, workforce, and app
4. Container picture repos should make the most of picture streaming
5. A terminationGracePeriodSeconds of 15s or much less on gke-spot

For extra info on the analysis and reasoning behind these finest practices, see the State of Kubernetes Price Optimization Report.

Utilizing the Price and Reliability coverage bundle

How do you view the violations recognized by the Price and Reliability coverage bundle? The insurance policies included are configured in “audit” mode by default, so they don’t impression any of your current or new workloads. You may apply the Price and Reliability coverage bundle utilizing a number of channels:

Set up by way of UI (Preview)

For purchasers with clusters on GKE Enterprise, at present in non-public preview, we’ve launched a brand new UI set up methodology for the Coverage Controller coverage bundles. In the event you’re an current Google Cloud buyer and want to attempt GKE Enterprise, discuss to your account workforce to enroll in entry. In any other case, contact a Google Cloud gross sales specialist.

To put in the Coverage Controller Price and Reliability coverage bundle with the UI, observe these steps:

1. Within the Google Cloud console, navigate to Coverage beneath Google Kubernetes Engine Enterprise.
2. If Coverage Controller (v1.16.1 or increased) is not already put in in your cluster, you’ll be able to set up it by clicking INSTALL POLICY CONTROLLER.
3. Beneath the SETTINGS tab (picture beneath) click on the pencil icon beneath Edit Configuration.
4. Click on the allow slider subsequent to Price and Reliability, and click on SAVE CHANGES.