Set up managed data collection with Managed Service for Prometheus

This page explains how you can set up managed data collection with Google Cloud Managed Service for Prometheus for GKE on Azure. This feature is available on Azure clusters running Kubernetes version 1.25 or later. It is also supported on Kubernetes clusters at version 1.24 for customers who had earlier signed up for a preview of this feature on that version.

With this feature, you can use a PodMonitoring resource to choose the metrics that you want to ingest into Cloud Monitoring. You can then view these metrics in the Google Cloud console.

Limitations

  • This feature is not available on Kubernetes clusters earlier than version 1.24.
  • This feature requires a Linux workload.

Set up managed data collection

To set up managed data collection with Managed Service for Prometheus, complete the following steps:

  1. Authorize the gmp-system/collector and gmp-system/rule-evaluator service accounts to write your metrics:

      gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
          --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/collector]" \
          --role=roles/monitoring.metricWriter
      gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
          --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/rule-evaluator]" \
          --role=roles/monitoring.viewer
      gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
          --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/rule-evaluator]" \
          --role=roles/monitoring.metricWriter
    

    Replace GOOGLE_PROJECT_ID with your Google Cloud project ID.

    Adding this IAM binding fails unless at least one cluster has been created in your Google Cloud project. This is because the Workload Identity Pool it refers to (GOOGLE_PROJECT_ID.svc.id.goog) isn't provisioned until cluster creation.

  2. Create a cluster with the standard gcloud Create your cluster command, but include the optional --enable-managed-prometheus flag. For example:

     gcloud container azure clusters create \
         ...
         --enable-managed-prometheus
    
  3. To configure which workload metrics you want to ingest, set up a PodMonitoring resource. For an example, see Configure a PodMonitoring resource in the managed data collection with Managed Service for Prometheus documentation.

After you enable managed data collection with Managed Service for Prometheus, GKE on Azure creates the gmp-system namespace. Don't modify or deploy anything in this namespace. GKE on Azure also creates the gmp-public namespace. Managed Service for Prometheus uses the gmp-public namespace to deploy the OperatorConfig resource.

Update your Prometheus configuration

To disable or re-enable Prometheus data collection, use the standard gcloud Update your cluster command, but add a --disable-managed-prometheus or --enable-managed-prometheus optional parameter. For example:

  gcloud container azure clusters update \
    ...
    --disable-managed-prometheus
       OR
    --enable-managed-prometheus

What's next