Set up managed data collection with Managed Service for Prometheus
Stay organized with collections
Save and categorize content based on your preferences.
This page explains how you can set up managed data collection with
Google Cloud Managed Service for Prometheus for
GKE on AWS. This feature is available on AWS clusters
running Kubernetes version 1.25 or later. It is also supported on Kubernetes
clusters at version 1.24 for customers who had earlier signed up for a
preview of this feature on that version.
With this feature, you can use a PodMonitoring resource to choose the metrics
that you want to ingest into Cloud Monitoring. You can then view these
metrics in the Google Cloud console.
Limitations
This feature is not available on Kubernetes clusters earlier than version 1.24.
This feature requires a Linux workload.
Set up managed data collection
To set up managed data collection with Managed Service for Prometheus, complete the following steps:
Authorize the gmp-system/collector and gmp-system/rule-evaluator service
accounts to write your metrics:
Replace GOOGLE_PROJECT_ID with your Google Cloud
project ID.
Adding this IAM binding fails unless at least one
cluster has been created in your Google Cloud project. This is because the
workload identity pool it refers to
(GOOGLE_PROJECT_ID.svc.id.goog) isn't provisioned until
cluster creation.
Create a cluster with the standard gcloudCreate your cluster
command, but include the optional --enable-managed-prometheus flag. For
example:
To configure which workload metrics you want to ingest, set up a
PodMonitoring
resource. For an example, see
Configure a PodMonitoring resource
in the managed data collection with Managed Service for Prometheus documentation.
After you enable managed data collection with Managed Service for Prometheus, GKE on AWS creates the
gmp-system namespace. Don't modify or deploy anything in this namespace.
GKE on AWS also creates the gmp-public namespace. Managed Service
for Prometheus uses the gmp-public namespace to deploy the
OperatorConfig
resource.
Update your Prometheus configuration
To disable or re-enable Prometheus data collection, use the standard
gcloudUpdate your cluster
command, but add a --disable-managed-prometheus or --enable-managed-prometheus
optional parameter. For example:
gcloudcontainerawsclustersupdate\...
--disable-managed-prometheus
OR
--enable-managed-prometheus
What's next
Discover how to Configure a query user interface
in the managed data collection with Managed Service for Prometheus documentation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Set up managed data collection with Managed Service for Prometheus\n\nThis page explains how you can set up managed data collection with\n[Google Cloud Managed Service for Prometheus](/stackdriver/docs/managed-prometheus) for\nGKE on AWS. This feature is available on AWS clusters\nrunning Kubernetes version 1.25 or later. It is also supported on Kubernetes\nclusters at version 1.24 for customers who had earlier signed up for a\npreview of this feature on that version.\n\nWith this feature, you can use a PodMonitoring resource to choose the metrics\nthat you want to ingest into Cloud Monitoring. You can then view these\nmetrics in the Google Cloud console.\n\nLimitations\n-----------\n\n- This feature is not available on Kubernetes clusters earlier than version 1.24.\n\n\u003c!-- --\u003e\n\n- This feature requires a Linux workload.\n\nSet up managed data collection\n------------------------------\n\nTo set up managed data collection with Managed Service for Prometheus, complete the following steps:\n| **Note:** Starting with GKE Enterprise version 1.28, manual policy binding to authorize service accounts for data collection is no longer necessary. The required permissions are now automatically granted to this service account. You can therefore disregard step 1 in this section.\n\n1. Authorize the `gmp-system/collector` and `gmp-system/rule-evaluator` service\n accounts to write your metrics:\n\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e \\\n --member=\"serviceAccount:\u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e.svc.id.goog[gmp-system/collector]\" \\\n --role=roles/monitoring.metricWriter\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e \\\n --member=\"serviceAccount:\u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e.svc.id.goog[gmp-system/rule-evaluator]\" \\\n --role=roles/monitoring.viewer\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e \\\n --member=\"serviceAccount:\u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e.svc.id.goog[gmp-system/rule-evaluator]\" \\\n --role=roles/monitoring.metricWriter\n\n Replace \u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e with your Google Cloud\n project ID.\n\n Adding this IAM binding fails unless at least one\n cluster has been created in your Google Cloud project. This is because the\n workload identity pool it refers to\n (\u003cvar translate=\"no\"\u003eGOOGLE_PROJECT_ID\u003c/var\u003e`.svc.id.goog`) isn't provisioned until\n cluster creation.\n2. Create a cluster with the standard `gcloud`\n [Create your cluster](/kubernetes-engine/multi-cloud/docs/aws/how-to/create-cluster#create_your_cluster)\n command, but include the optional `--enable-managed-prometheus` flag. For\n example:\n\n gcloud container aws clusters create \\\n ...\n --enable-managed-prometheus\n\n3. To configure which workload metrics you want to ingest, set up a\n [PodMonitoring](https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.4.3-gke.0/doc/api.md#podmonitoring)\n resource. For an example, see\n [Configure a PodMonitoring resource](/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring)\n in the managed data collection with Managed Service for Prometheus documentation.\n\nAfter you enable managed data collection with Managed Service for Prometheus, GKE on AWS creates the\n`gmp-system` namespace. Don't modify or deploy anything in this namespace.\nGKE on AWS also creates the `gmp-public` namespace. Managed Service\nfor Prometheus uses the `gmp-public` namespace to deploy the\n[OperatorConfig](https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.4.3-gke.0/doc/api.md#operatorconfig)\nresource.\n\nUpdate your Prometheus configuration\n------------------------------------\n\nTo disable or re-enable Prometheus data collection, use the standard `gcloud` [Update your cluster](/kubernetes-engine/multi-cloud/docs/aws/how-to/update-cluster#update_your_cluster) command, but add a --disable-managed-prometheus or --enable-managed-prometheus optional parameter. For example:\n\n\u003cbr /\u003e\n\n gcloud container aws clusters update \\\n ...\n --disable-managed-prometheus\n OR\n --enable-managed-prometheus\n\nWhat's next\n-----------\n\n- Discover how to [Configure a query user interface](/stackdriver/docs/managed-prometheus/query) in the managed data collection with Managed Service for Prometheus documentation.\n- Learn about [Managed rule evaluation and alerting](/stackdriver/docs/managed-prometheus/rules-managed) in the Google Cloud Managed Service for Prometheus documentation."]]
