How to enable Stackdriver Monitoring and Stackdriver trace on existing GKE cluster?

Question

Have a cluster setup with the following permissions.

I tried creating a node pool with new permissions, which seems to be able to enable some things. I didn't find the scope required for stackdriver trace permissions in the documentation located here.

Further, trying to enable monitoring via creating a node pool, and deleting the old one didn't seem to successfully flip the switch.

gcloud container node-pools create pool-2 \
  --cluster=cluster-1 \
  --scopes=compute-rw,storage-rw,taskqueue,logging-write,monitoring-write,datastore,service-control,service-management

I'm not sure what the correct answer here was, I ended up passing keys to each service via env variables. Imagine the answer may have changed since this point as well. — jimmiebtlr, Jun 16 '18 at 21:22

Alex · Answer 1 · 2017-01-24T23:08:01.883

To add to the previous response, it is possible to enable Stackdriver Monitoring by running the previously referenced gcloud alpha container clusters update --monitoring-service=monitoring.googleapis.com command as instructed in the Container Engine metrics troubleshooting steps. More information on this command can be found on its Cloud SDK Reference page.

However, it is currently not possible to modify the Stackdriver Trace permission for an existing Container Engine instance due to the URI scope being configured at the moment of the cluster’s creation. See the Google Container Engine for Node.js Stackdriver Trace module documentation for more details.

Alternatively, if you can port your application on a new Google Container instance, you can always recreate a new cluster and enable the desired Stackdriver services/permissions on its configuration page.

score 1 · Answer 2 · answered Jan 24 '17 at 16:11

1

try to enable it this way:

gcloud alpha container clusters update --monitoring-service=monitoring.googleapis.com cluster-1

answered Jan 24 '17 at 16:11

Evaldas

11
1

score 0 · Answer 3 · answered Jun 15 '18 at 15:17

0

At least for Google Compute, you can use the gcloud alpha compute which offers the trace-append scope.

I suppose using the alpha for Container also allow this. Try gcloud alpha container clusters create --help to see allowed scopes

answered Jun 15 '18 at 15:17

Alex F

819
1
10
17

Georgi Stoyanov · Answer 4 · 2018-05-25T07:59:01.297

-1

A bit late, but the solution is to just stop the VMs, go to each one of them, click edit, go to the bottom and change the permissions :)

PS My solution is for Dataproc cluster but think that it will be similar for kubernetes

edited May 25 '18 at 07:59

answered May 17 '18 at 06:55

Georgi Stoyanov

101
2

How to enable Stackdriver Monitoring and Stackdriver trace on existing GKE cluster?

4 Answers4