Google Cloud Platform
Oodle integrates with Google Cloud Platform (GCP) to pull metrics from Cloud Monitoring. Oodle uses a service account with delegated access to query your GCP project, discover compute resources, and enrich metrics with resource labels and tags.
Prerequisites
- A GCP project with billing enabled
- Permission to enable APIs, create service accounts, and manage IAM bindings in the project
- An Oodle account (navigate to ap1, us1 to start setup)
Setup
- Open the GCP integration page in Oodle (ap1, us1), or click Settings in the left sidebar and select the Google Cloud Platform tile.
- Click Add project (
+button) to open the setup drawer.
The setup drawer guides you through each step. Follow the instructions in the drawer, or use the tabs below for detailed guidance:
- Browser
- Command-Line
1. Provide GCP Project ID
Enter the ID of the GCP project you want to monitor with Oodle. You can find your project ID in the GCP Console dashboard.
2. Enable Required APIs
Ensure the following APIs are enabled for your project. You can click each link in the setup drawer to check and enable the API if needed:
| API | Purpose |
|---|---|
| Cloud Monitoring API | Query Google Cloud metric data |
| Compute Engine API | Discover compute instance data |
| Cloud Asset API | Request Google Cloud resources and link relevant labels as tags |
| Cloud Resource Manager API | Append metrics with the correct resources and tags |
3. Create a Service Account
Create a service account that Oodle will use to access your GCP project. Assign the following roles to the service account:
| Role | Access |
|---|---|
| Browser | Read-only access to browse the hierarchy of a project |
| Compute Viewer | Read-only access to get and list Compute Engine resources |
| Monitoring Viewer | Read-only access to monitoring data in your Google Cloud environment |
| Cloud Asset Viewer | Read-only access to cloud assets metadata |
4. Provide GCP Service Account Email
Enter the email address of the service account you
created in the previous step (e.g.
oodle-monitoring@YOUR_PROJECT_ID.iam.gserviceaccount.com).
5. Add the Oodle Principal to Your Service Account
- Open the Principals with access tab of your service account in the IAM console.
- Click Grant access to open the access drawer.
- In the New principals field under Add principals, paste the Oodle principal:
- In the Role dropdown under Assign roles, select Service Account Token Creator.
- Click Save.
If you see an error like "one or more users named in
the policy do not belong to a permitted customer", your
organization has an iam.allowedPolicyMemberDomains
constraint. Add Oodle's Directory Customer ID
C03pmpa0m to your organization's allowed policy
member domains.
6. Save and Wait
Click Save in the Oodle drawer. Allow up to 5 minutes for setup to complete and metrics to start flowing.
1. Install gcloud CLI
Install the Google Cloud CLI if you don't have it already.
2. Enable Required APIs
gcloud services enable \
monitoring.googleapis.com \
compute.googleapis.com \
cloudasset.googleapis.com \
cloudresourcemanager.googleapis.com \
--project=YOUR_PROJECT_ID
3. Create a Service Account
Create a service account and grant the required roles:
gcloud iam service-accounts create oodle-monitoring \
--display-name="Oodle Monitoring" \
--project=YOUR_PROJECT_ID
for role in roles/browser roles/compute.viewer \
roles/monitoring.viewer roles/cloudasset.viewer; do
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
--member="serviceAccount:oodle-monitoring@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
--role="$role"
done
4. Grant Oodle Principal Access
Grant the Oodle service account the Service Account Token Creator role on your service account:
gcloud iam service-accounts add-iam-policy-binding \
oodle-monitoring@YOUR_PROJECT_ID.iam.gserviceaccount.com \
--member="serviceAccount:[email protected]" \
--role="roles/iam.serviceAccountTokenCreator" \
--project=YOUR_PROJECT_ID
5. Enter Service Account Email and Save
Back in the Oodle setup drawer, enter the service account email and click Save. Allow up to 5 minutes for setup to complete and metrics to start flowing.
If the add-iam-policy-binding command fails due to an
iam.allowedPolicyMemberDomains constraint, add
Oodle's Directory Customer ID C03pmpa0m to your
organization's allowed policy member domains.
Verification
Once setup is complete, verify the integration is working:
- Navigate to ap1, us1 and confirm the project status shows as connected.
- Go to ap1, us1 and search
for metrics prefixed with
gcp_to confirm data is flowing.
Troubleshooting
| Issue | Resolution |
|---|---|
| No metrics appearing after 5 minutes | Verify all four APIs are enabled in the GCP project |
| Permission denied errors | Check that the service account has all four required roles |
| Token creation failures | Ensure the Oodle principal has the Service Account Token Creator role on your service account |
| Organization policy blocks external principals | Add Directory Customer ID C03pmpa0m to iam.allowedPolicyMemberDomains |
Support
If you need assistance or have any questions, please reach out to us through:
- Email at [email protected]