gke/Service Account Monitoring Permission Configuration

Verifies that service accounts in GKE node pools have monitoring permissions.

Product: Google Kubernetes Engine
Step Type: AUTOMATED STEP

Description

Checks that the service accounts used by nodes in the GKE cluster have the essential “roles/monitoring.metricWriter” IAM permission. This permission is required to send metric data to Google Cloud Monitoring.

Failure Reason

The monitoring health check failed because the service account lacks necessary permissions to write metrics.

Failure Remediation

Grant the service account the ‘roles/monitoring.metricWriter’ role or equivalent permissions. See instructions: https://cloud.google.com/kubernetes-engine/docs/troubleshooting/dashboards#write_permissions

Success Reason

The service account has necessary permissions to write metrics.