This document describes how you can use Cluster Services for OpenShift to automate cluster configuration validation for self-managed OpenShift clusters that run on Cloud de Confiance.
Continuous validation of cluster configuration is critical for ensuring that your OpenShift clusters adhere to best practices and don't drift from operational standards over time. You can address this requirement by using the automatic configuration validation tooling feature of this service.
This document is intended for cloud architects and IT admins who help you manage enterprise-grade applications on your OpenShift clusters that run on Cloud de Confiance.
How it works
Automatic configuration validation tooling of Cluster Services for OpenShift uses the following components to evaluate your OpenShift clusters that run on Cloud de Confiance:
- The Cluster Services for OpenShift Telemetry operator.
- The Workload Manager evaluation service.
The following steps describe how this tooling works and helps you validate the configuration of your OpenShift cluster:
You set up the telemetry operator on the target cluster.
Every 30 minutes, this operator collects information about your OpenShift cluster as metrics, and sends them to Workload Manager. This periodic and continuous metrics collection lets Workload Manager monitor for any changes.
For information about this operator, see About Cluster Services for OpenShift Telemetry operator.
You create and run an evaluation in Workload Manager.
While creating an evaluation, you must select the best practices against which Workload Manager must evaluate your OpenShift cluster. You can also set the frequency for running this evaluation.
For information about Workload Manager evaluations, see About Workload Manager evaluation.
Workload Manager evaluates your OpenShift cluster against the selected best practices.
Workload Manager detects deviations and assigns them a severity level that indicates how far your cluster resource is out of compliance.
You review the evaluation report, which includes information about deviation-specific remediation, and then you perform necessary actions.
Pricing
For information about Workload Manager evaluation pricing, see Workload Manager pricing.
Supported validations
For information about the best practices that Workload Manager supports for evaluating OpenShift clusters running on Cloud de Confiance, see Workload Manager best practices for OpenShift.
About Cluster Services for OpenShift Telemetry operator
To scan your self-managed OpenShift cluster that runs on Cloud de Confiance, you must set up the Cluster Services for OpenShift Telemetry operator in that cluster.
This is a certified operator available on the OperatorHub on the Red Hat OpenShift Container Platform. This operator manages the Agent for Compute Workloads, which collects information from your OpenShift cluster as metrics and sends them to Workload Manager. For information about the metrics that the operator collects, see Metrics collected by the telemetry operator.
To help you satisfy security requirements, you can view the source code of the Agent for Compute Workloads in the following read-only GitHub repository: GoogleCloudPlatform/workloadagent.
Metrics collected by the telemetry operator
For information about the metrics that the operator collects from your OpenShift
cluster, see the
GoogleCloudPlatform/workloadagent
GitHub repository.