Skip to content

Deploying a GCP Sensor

This guide outlines the steps required to install and configure a GCP sensor deployment for collecting metrics from Google Cloud Platform services.

Pre-Requisites

Follow the guide for Common Pre-requisites to complete the necessary preparations for deploying a sensor.

How it Works

The GCP sensor gathers data from specified GCP services using the provided service account credentials. It operates on a cron-style schedule, automatically triggering data collection at configured intervals.

Configuring GCP for Sensor Deployment

To allow the GCP sensor to access the necessary resources and metrics, you need to set up proper permissions within your Google Cloud Platform environment. This involves creating a custom IAM Role and a Service Account, and then assigning the role to the Service Account.

Step 1: Create a Custom IAM Role

Create a custom IAM Role with the minimum required permissions to access the resources that the sensor will monitor. Add the following permissions to the role:

cloudbuild.builds.list
compute.forwardingRules.list
run.jobs.list
run.services.list
storage.buckets.list

To create a custom role, navigate to the IAM & Admin section of your Google Cloud Console, choose 'Roles', and then 'Create Role'. Add the above permissions and save the role.

Step 2: Create a Service Account

Create a Service Account to be used by the sensor:

  1. Go to the IAM & Admin page in your Google Cloud Console.
  2. Select 'Service Accounts' and then click 'Create Service Account'.
  3. Enter a name and description for the Service Account.
  4. Click 'Create'.

Step 3: Assign Role to Service Account

Once the Service Account is created, you need to assign the custom role you created to this account:

  1. In the 'Service Accounts' list, click on the newly created Service Account.
  2. Go to the 'Permissions' tab, click 'Add Role', and select the custom role you created.
  3. Save the changes.

Step 4: Create and Download a JSON Key

After assigning the role, create a key for the Service Account:

  1. Still within the details of your Service Account, go to the 'Keys' tab.
  2. Click 'Add Key', then 'Create new key'.
  3. Choose 'JSON' as the key type, and click 'Create'.
  4. The JSON key file will be downloaded automatically. Securely store this file, as it will not be downloadable again.

Step 5: Encode the JSON Key and Use in the Secret

Encode the JSON key file in base64 format to be used in the Kubernetes secret:

cat path_to_your_downloaded_key_file.json | base64

Use the output of the above command as the value for key in the Kubernetes secret defined for deploying the sensor:

kind: Secret
apiVersion: v1
metadata:
  name: <secret-name>
  namespace: <sample_tenant>
data:
  key: <base64-encoded-service-account-json>

Apply this secret configuration in your Kubernetes cluster using kubectl apply -f on the file containing the above secret definition.

With these configurations, your GCP sensor will have the necessary permissions to access and collect metrics from specified GCP services securely.

Configuration

Locations

The Locations array specifies the various Google Cloud regions from which the GCP sensor collects data. It is essential to configure this accurately to target the specific GCP services operating within these regions.

data:
  locations:
    - "us-central1"
    - "europe-west1"
    - "asia-east1"

Triggers

The Triggers array defines specific events or conditions that trigger data collection. This could include various GCP resources or operational metrics that are crucial for monitoring and analysis.

data:
  triggers:
    - "buckets"
    - "cloudbuild"
    - "cloudrun"
    - "loadbalancers"

Template

Prepare the yaml configuration for deploying your GCP sensor by editing the following template:

kind: FitnessSensor
apiVersion: fitness.orcasio.com/v1alpha3
metadata:
  ## TODO: name of the sensor
  name: <sensor-name>
  namespace: <tenant_ID>
spec:
  sensor: sensor://fitness.orcasio.net/gcp
  source: gcp
  enabled: true
  secret: <secrets_name>
  trigger:
    name: cron
    cron:
      ## TODO - specify the schedule, e.g., every 10 minutes
      schedule: "*/10 * * * *"
  data:
    ## TODO - specify location and triggers
    locations:
      - "us-central1"
      - "europe-west1"
    triggers:
      - "buckets"
      - "cloudbuild"

Deploy Custom Sensor Specification

To deploy the GCP sensor, finalize the configuration file by replacing the TODOs and apply it to your Kubernetes cluster:

kubectl -n <tenant-id> apply -f <filename.yaml>