gke/ERR/2021_002

GKE nodes service account permissions for monitoring.

Product: Google Kubernetes Engine
Rule class: ERR - Something that is very likely to be wrong

Description

The service account used by GKE nodes should have the monitoring.metricWriter role, otherwise ingestion of metrics won’t work.

Remediation

Make sure that you have the following role binding in the IAM policy:

  • Principal: GKE node pool service account
  • Role: roles/monitoring.metricWriter

Further information