You define deployment limit policies to control the amount of resources that deployments can consume when users deploy templates in Automation Assembler and request catalog items in Automation Service Broker. The use cases in this procedure are an introduction to configuring deployment limit policies.
Deployment limits are applied to individual deployments for cloud templates or catalog items. If you want to limit resources at the user, project, or organization level, see How do I configure Automation Service Broker resource quotas using policies.
As a cloud administrator, you can limit the total memory, CPU count, storage, and number of virtual machines that can be used per deployment. You can also limit memory, CPU count, and storage for specific resources in the deployment, for example, machines within a cloud template.
The limits apply to all deployments within the policy scope. You can use the policy criteria to narrow the scope to a specific deployment, in which case the policy applies to that deployment only.
How are deployment limit policies enforced
- When the policy is enforced, users can provision deployment resources within the specified limits.
- Multiple deployment limit policies can be enforceable. If there are multiple policies defined for a deployment, the lowest limit value is enforced for each resource.
- If there are resource quota policies and approval policies defined that affect the deployments within the policy scope, deployment limits are enforced before the other policy types.
- If a deployment requests no resources, such as a workflow deployment, the policy is not enforced on that deployment.
When are deployment limit policies applied
- A user requests a catalog item in Automation Service Broker or a cloud template in Automation Assembler.
- A user changes a deployment or its component resources.
Deployment limit policy constraints
Cloud Type | Boot disk capacity unavailable | Boot disk capacity available |
---|---|---|
Azure |
The default boot disk size is 8 GB. |
|
AWS | Instance store image disk sizes, including boot disk, are not counted. The default boot disk size is 8 GB. |
|
GCP | Public images | |
vSphere |
The default boot disk size is 8 GB. Image disks are not counted. |
|
Procedure
In this use case, there are three policy definitions that illustrate how you can construct deployment limit policies and the results when they are enforced.
- Select .
- Configure Deployment Limit Policy 1.
As a cloud administrator, you want to limit the amount of resources that deployments across the organization can use.
- Define when the policy is valid.
Setting Sample Value Scope Organization The policy is applied to all deployments in the organization.
Criteria None - Define the deployment limits.
Resource Sample Limit Value CPU 200 VM Count 3 Memory 100 GB Storage 240 GB
In this scenario, any deployment across the organization can use up to 200 CPUs, 3 virtual machines, 100GB of memory, and 240GB of storage in total.
- Define when the policy is valid.
- Configure Deployment Limit Policy 2.
As a project administrator, you want to apply granular control over resources that are provisioned at the deployment level in a project that you manage.
- Define when the policy is valid.
Setting Sample Value Scope Project = TestProj1 This policy is applied to all deployments in the specified project.
Criteria None - Define the deployment limits.
Resource Sample Limit Value CPU 15 Memory 10 GB
In this scenario, the resources that are available for deployments within the scoped project are evaluated and both Policy 1 and Policy 2 are applied. In this case, the CPU and memory values are lower in Policy 2, so Policy 2 is enforced.
- Define when the policy is valid.
- Configure Deployment Limit Policy 3.
As a cloud administrator, you want to control the amount of resources that are consumed when a specific cloud template is deployed by anyone in your organization. Additionally, you want to define limits for specific deployment resources within the cloud template.
- Define when the policy is valid.
Setting Sample Value Scope Organization Criteria Cloud template equals Proj1Templ1
This policy is applied to all deployments in the organization that are provisioned from the specified cloud template.
- Define the deployment limits.
Resource Sample Limit Value CPU 15 VM Count 10 Memory 20 GB - Define the deployment resource limits.
- Define a limit for all deployments provisioned by developers in the organization.
Setting Sample Value Name Depl Resource Limit 1 Criteria Tags has any Key equals env AND Value equals dev
Limits CPU = 5
Memory = 10 GB
Storage = 40 GB
- Define limits for a machine in the cloud template.
Setting Sample Value Name Depl Resource Limit 2 Criteria Resource Type equals Cloud.vSphere.Machine
Limits CPU = 4
Memory = 8 GB
- Define a limit for all deployments provisioned by developers in the organization.
In this scenario, you apply two levels of governance.- When a user in your organization deploys the Proj1Templ1 cloud template, the resources that are available for the whole deployment are evaluated and all three existing policies are applied. The lowest deployment limits between the three policies are enforced.
- The CPU limit value defined in Policy 3 is applied.
- The VM Count limit value defined in Policy 1 is applied.
- The Memory limit value defined in Policy 2 is applied.
- The requested deployment resources are evaluated against Depl Resource Limit 1 and Depl Resource Limit 2 and the deployment resource limits are applied. In this case, there are no other policies that limit these specific deployment resources.
- Define when the policy is valid.
What to do next
- For more examples of how other policies are processed and enforced, see How are Automation Service Broker policies processed.
- Configure policies that are relevant to your organizations and projects.
- Monitor provisioned resources on the My Resource Usage dashboard. See Learn more about the Automation Service Broker catalog items.