Skip to main content

Chapter 17: Managing the Bill - Cost Management and FinOps

In the cloud, cost is not just a line item for finance; it is an engineering metric. A poorly architected system isn’t just slow or insecure—it is expensive. In Google Cloud, managing costs requires a deep understanding of the billing hierarchy, the discount models, and the automation tools available to enforce “FinOps” (Financial Operations) principles.

1. The GCP Billing Hierarchy

To manage costs at scale, you must first understand how they are attributed.
  • Cloud Billing Account: The top-level resource linked to a payment method.
  • Projects: All resources live in projects, and each project is linked to one billing account.
  • Labels: These are key-value pairs (e.g., team:search, env:prod) attached to resources. Labels are the single most important tool for cost allocation. They are exported into your billing data, allowing you to see exactly how much each team is spending.

2. Discount Models: CUDs and SUDs

GCP offers several ways to reduce your “list price” spend.

Sustained Use Discounts (SUDs)

SUDs are automatic. If you run a Compute Engine instance for more than 25% of a month, Google automatically starts applying a discount. For a full month, the discount can reach up to 30%.

Committed Use Discounts (CUDs)

CUDs require a commitment (1 or 3 years) in exchange for deep discounts (up to 70%).
  • Resource-based CUDs: You commit to a specific amount of vCPU and RAM in a specific region. Best for predictable, steady-state workloads.
  • Flexible (Spend-based) CUDs: You commit to a specific hourly spend (e.g., “$10/hour”). This applies across multiple regions and even multiple products (Compute Engine, Cloud Run, Spanner). Best for dynamic organizations that change machine types or regions frequently.

3. Cost Optimization Strategies

The Recommender API

Google uses ML to analyze your resource usage and provides “Recommendations.”
  • Rightsizing: It might suggest moving a VM from n2-standard-4 to n2-standard-2 if the CPU usage is consistently below 10%.
  • Idle Resources: It identifies unattached Persistent Disks, idle IP addresses, and unused Load Balancers that are costing you money every hour.

Spot VMs (formerly Preemptible)

Spot VMs offer a 60-91% discount compared to on-demand prices.
  • The Catch: Google can take them back at any time with a 30-second notice.
  • Best Use: Batch processing, CI/CD runners, and fault-tolerant GKE node pools.

4. Advanced Visibility: Billing Export to BigQuery

The standard billing console is fine for small projects, but for enterprises, you must enable the Billing Export to BigQuery.
  • Granularity: You get per-hour, per-resource cost data.
  • Custom Dashboards: Point Looker Studio at your BigQuery billing dataset to build custom dashboards for every team lead.
  • Anomaly Detection: You can write SQL queries to detect “Cost Spikes” (e.g., “Alert me if any project spends 20% more today than it did yesterday”).

5. GKE Cost Optimization

Kubernetes is a major cost driver. GKE offers specialized tools to keep it under control:
  • GKE Autopilot: You pay only for the Pods you run. Google handles the “bin-packing” (fitting as many pods onto a node as possible), eliminating the cost of idle node capacity.
  • Cost Allocation: GKE can attribute costs down to the Namespace or even the Label level within a cluster. This is essential for chargebacks in a shared cluster environment.

6. Budgets and Programmatic Alerts

A “Budget” in GCP does not stop your services; it only sends alerts.
  • Thresholds: Set alerts at 50%, 90%, and 100% of your expected spend.
  • Pub/Sub Integration: You can send a budget alert to a Pub/Sub topic. This can trigger a Cloud Function that automatically shuts down non-production environments if they exceed their monthly limit.

6. Advanced FinOps: Egress and Orphans

6.1 Identifying “Orphaned” Resources

A common source of waste is “orphaned” resources—disks or IPs left behind after a VM is deleted.
  • BigQuery SQL: Use the billing export to find resources with cost > 0 but usage = 0 or no associated labels.
  • Automation: Use the Recommender API to automatically identify and delete these orphans in non-production projects.

6.2 Network Egress Analysis

Egress is often the most misunderstood cost.
  • Internet Egress: Sending data to the public internet (Expensive).
  • Cross-Region Egress: Sending data between GCP regions (Moderate).
  • Zonal Egress: Sending data between zones in the same region (Small, but adds up).
  • Tip: Use VPC Flow Logs joined with BigQuery billing to identify which specific service is driving high egress costs.

7. Interview Preparation

1. Q: What are “Committed Use Discounts” (CUDs) and how do they differ from “Sustained Use Discounts” (SUDs)? A: SUDs are automatic; you get them just by running a VM for more than 25% of a month. CUDs require a commitment (1 or 3 years) but offer much deeper discounts (up to 70%). CUDs can be Resource-based (fixed vCPU/RAM in one region) or Flexible (spend-based, applying across multiple regions and products like Cloud Run and Spanner). 2. Q: Why is “Billing Export to BigQuery” considered a mandatory FinOps practice? A: The standard Cloud Console only provides high-level views. Billing Export provides granular, per-resource, hourly cost data. By exporting to BigQuery, you can:
  • Join costs with Labels to create accurate department-level chargebacks.
  • Build custom dashboards in Looker Studio.
  • Write SQL queries to detect “Cost Spikes” or “Zombie Resources” (idle disks/IPs) programmatically.
3. Q: How does GKE Autopilot change the cost-management responsibility for an SRE? A: In GKE Standard, the SRE is responsible for Bin-packing (fitting pods into nodes to avoid idle CPU/RAM). If nodes are 20% utilized, you still pay for 100%. In Autopilot, Google handles the bin-packing. You are billed only for the Pod Requests. The SRE’s responsibility shifts from managing “Node Waste” to managing “Pod Request Right-sizing” (ensuring developers don’t request 4GB of RAM for a 512MB app). 4. Q: What is the “Recommender API” and how does it help with cost optimization? A: The Recommender uses machine learning to analyze your historical usage. It provides actionable recommendations like:
  • VM Rightsizing: Suggesting a smaller machine type if CPU is low.
  • Idle Resources: Identifying unattached Persistent Disks or unassigned Static IPs.
  • CUD Recommendations: Identifying where a commitment would save money based on steady-state usage.
5. Q: How do you implement “Budget Automation” to prevent massive cloud bills? A: You set a Budget Alert in the Billing console. Instead of just sending an email, you connect the alert to a Pub/Sub topic. When a threshold (e.g., 100%) is hit, the Pub/Sub message triggers a Cloud Function. That function can then use the GCP APIs to:
  • Disable Billing for the project (shuts down all resources).
  • Scale down GKE deployments to zero.
  • Remove external IP addresses.

Implementation: The “FinOps Master” Lab

Analyzing Costs with SQL in BigQuery

Once your billing export is enabled, you can run powerful queries like this: 
-- Find the top 10 most expensive labels (teams) in the last 30 days
SELECT
  labels.value as team,
  SUM(cost) as total_cost
FROM
  `my_project.billing_dataset.gcp_billing_export_v1`,
  UNNEST(labels) as labels
WHERE
  labels.key = "team"
  AND usage_start_time > TIMESTAMP_SUB(CURRENT_TIMESTAMP(), INTERVAL 30 DAY)
GROUP BY 1
ORDER BY 2 DESC
LIMIT 10

Pro-Tip: Committed Use Discount Sharing

If you have multiple projects under one billing account, enable CUD Sharing. This allows a discount purchased in “Project A” to be applied to a matching VM running in “Project B” if Project A isn’t using its full commitment. This prevents “wasted” discounts.