Troubleshooting your GKE dashboard

If you don't have the Kubernetes Engine NEW option in the Resource menu, you might have any GKE clusters using Cloud Operations for GKE. Similarly, if Kubernetes Engine isn't listed, then you might not any GKE clusters using Legacy Logging and Monitoring.

If you don't see any Kubernetes resources in your Cloud Operations for GKE dashboard, then check the following:

Is the correct Google Cloud project selected at the top of the page?

If not, use the drop-down list in the menu bar to select a project. You must select the project whose data you want to see.

Does your project have any activity?

If you just created your cluster, wait a few minutes for it to populate with data. See Installing monitoring and logging support for details.

Is the time range too narrow?

You can use the Time menu in the dashboard toolbar to select other time ranges or define a Custom range.

Do you have the proper permissions to view the dashboard?

If you see either of the following permission-denied error messages when viewing a service's deployment details or a Google Cloud project's metrics, you need to update your Identity and Access Management role to include roles/monitoring.viewer or roles/viewer:

  • You do not have sufficient permissions to view this page
  • You don't have permissions to perform the action on the selected resources

For more details, go to Predefined roles.

Does your cluster's service account have permission to write data into Monitoring and Logging?

If you see high error rates on your API dashboard, then your service account might be missing the following roles:

  • roles/logging.logWriter: In the Google Cloud Console, this role is named Logs Writer. For more information on Logging roles, see the Logging access control guide.

  • roles/monitoring.metricWriter: In the Google Cloud Console, this role is named Monitoring Metric Writer. This role permits a service account to write metric data to a Workspace. For more information on Monitoring roles, see the Monitoring access control guide.

  • roles/stackdriver.resourceMetadata.writer: In the Google Cloud Console, this role is named Stackdriver Resource Metadata Writer. This role permits write-only access to resource metadata, and it provides exactly the permissions needed by agents to send metadata. For more information on Monitoring roles, see the Monitoring access control guide.