This documentation is for the current version of GKE on AWS, released in November 2021. See the Release notes for more information.

Set up managed data collection with Managed Service for Prometheus

This page explains how you can set up managed data collection with Google Cloud Managed Service for Prometheus for GKE on AWS. This feature is available on AWS clusters running Kubernetes version 1.25 or later. It is also supported on Kubernetes clusters at version 1.24 for customers who had earlier signed up for a preview of this feature on that version.

With this feature, you can use a PodMonitoring resource to choose the metrics that you want to ingest into Cloud Monitoring. You can then view these metrics in the Google Cloud console.

Limitations

This feature is not available on Kubernetes clusters earlier than version 1.24.

This feature requires a Linux workload.

Set up managed data collection

To set up managed data collection with Managed Service for Prometheus, complete the following steps:

Authorize the gmp-system/collector and gmp-system/rule-evaluator service accounts to write your metrics:

  gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
      --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/collector]" \
      --role=roles/monitoring.metricWriter
  gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
      --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/rule-evaluator]" \
      --role=roles/monitoring.viewer
  gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
      --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gmp-system/rule-evaluator]" \
      --role=roles/monitoring.metricWriter

Replace GOOGLE_PROJECT_ID with your Google Cloud project ID.

Adding this IAM binding fails unless at least one cluster has been created in your Google Cloud project. This is because the workload identity pool it refers to (GOOGLE_PROJECT_ID.svc.id.goog) isn't provisioned until cluster creation.

Create a cluster with the standard gcloud Create your cluster command, but include the optional --enable-managed-prometheus flag. For example:
```
 gcloud container aws clusters create \
     ...
     --enable-managed-prometheus
```
To configure which workload metrics you want to ingest, set up a PodMonitoring resource. For an example, see Configure a PodMonitoring resource in the managed data collection with Managed Service for Prometheus documentation.

After you enable managed data collection with Managed Service for Prometheus, GKE on AWS creates the gmp-system namespace. Don't modify or deploy anything in this namespace. GKE on AWS also creates the gmp-public namespace. Managed Service for Prometheus uses the gmp-public namespace to deploy the OperatorConfig resource.

Update your Prometheus configuration

To disable or re-enable Prometheus data collection, use the standard gcloud Update your cluster command, but add a --disable-managed-prometheus or --enable-managed-prometheus optional parameter. For example:

  gcloud container aws clusters update \
    ...
    --disable-managed-prometheus
       OR
    --enable-managed-prometheus

What's next

Discover how to Configure a query user interface in the managed data collection with Managed Service for Prometheus documentation.
Learn about Managed rule evaluation and alerting in the Google Cloud Managed Service for Prometheus documentation.