Skip to main content

Using Google Managed Service for Prometheus

Google Managed Service for Prometheus (GMP) is Google Cloud's fully managed, horizontally scalable, Prometheus-compatible monitoring service. With GMP, you do not need to deploy or manage a Prometheus server. Metrics are sent directly to Google's managed backend.

Note

This observability tool is available only for Striim Cloud services running on Google Cloud Platform (GCP).

Unlike standard Prometheus deployments, GMP does not expose a Remote Write endpoint or provide an API token. Integration requires GCP IAM-based authentication and permissions.

Prerequisites

Before configuring GMP as an observability tool in Striim Cloud, complete the following steps in your GCP environment.

  1. Enable the Cloud Monitoring API. Enable the API to allow the ingestion of metrics:

    gcloud services enable monitoring.googleapis.com --project PROJECT_ID

  2. Create a GCP service account. This service account is used by the OpenTelemetry Collector to write metrics to GMP:

    gcloud iam service-accounts create <service-account-name> \
  --display-name="OTel Collector for GMP" \
  --project PROJECT_ID

    For example:

    gcloud iam service-accounts create otel-collector-sa \
  --display-name="OTel Collector for GMP" \
  --project test-project

  3. Grant the Monitoring Metric Writer role. Assign the required role to allow the service account to push metrics to GMP:

    gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:<service-account-name>@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/monitoring.metricWriter"

    For example:

    gcloud projects add-iam-policy-binding test-project \
  --member="serviceAccount:otel-collector-sa@test-project.iam.gserviceaccount.com" \
  --role="roles/monitoring.metricWriter"

Configuring GMP in Striim Cloud

After completing the GCP prerequisites, configure the observability tool in Striim Cloud.

  1. Navigate to the Services page in the Striim Cloud Console.

  2. From the More menu of a service, select Deploy observability tool.

  3. Click Add to configure a new tool.

  4. Specify the following configuration:

    • Name: A descriptive name for your tool.

    • Select observability tool name: Choose Google Managed Service for Prometheus from the drop-down menu.

    • Service account name: The name of the GCP service account created in the prerequisites.

    • GCP project: The GCP project ID where the service account resides.

  5. Select the service and deploy the created tool.

Enabling Workload Identity

If your deployment uses Workload Identity on GKE, allow your Kubernetes Service Account (KSA) to impersonate the GCP Service Account (GSA). When you deploy the observability tool, the Striim Cloud UI displays the following command, which you must run in your GCP environment:

gcloud iam service-accounts add-iam-policy-binding \
  otel-collector-sa@PROJECT_B.iam.gserviceaccount.com \
  --member="serviceAccount:PROJECT_A.svc.id.goog[monitoring/otel-collector-sa]" \
  --role="roles/iam.workloadIdentityUser"