Want to create StackDriver dashboard from template - google-cloud-platform

Is it possible to create StackDriver dashboards programmatically from a declarative template (similar to how Google Cloud Deployment allows you to create and manage cloud resources)?
We use a different GCP project for each of our environments (master, staging, prod) and want to have StackDriver dashboards with the same metrics in each project.
I checked the StackDriver Monitoring API docs as well as the Cloud Deployment supported resources and did not find any evidence of support for this use case.

I'm a Product Manager with Stackdriver. There's not currently a public available dashboard API. Until that's available, one solution many of our customers use is to create a canonical dashboard template and then copy this each time a new one is needed, modifying the input data.

Related

It is possible to make GCP web interface compatible with iframe HTML tag?

I'm currently working on a project where I want to have access to log data and other stuff
like graph from GCP on a web application.
For security reasons (I guess), it's not possible to integrate a GCP adress in an tag. Do you know any way to make it work or do you have any idea for something that would make the data accessible ?
You might refer to Cloud Logging for logs, and Cloud Monitoring for metrics and visualization that are the part of Cloud Operation Suite. I believe almost all of the visualizations you see on Google Cloud Console (Web UI) are from Cloud Monitoring. Both of them have API and SDK that can be accessed using popular languages like Python, Java, or JavaScript. Cloud Monitoring itself supports creating visualization in Widgets and combining them all on Dashboards.
For the embedding with IFrame part, I haven't seen a direct way to do that, as it will need to do authentication to view Cloud Monitoring dashboards. According to this answer, you can export the visualization from Grafana instead. But I haven't tried that approach yet.
About the GCP address in a tag. Can you elaborate more about that in the comment below? I can suggest that all the resources in GCP have their own resource name that you can filter from the Metric Explore in Cloud Monitoring. Custom tags are supported, you can put any valid name you like.

Limit access to specific dashboard in Google Monitoring

is it possible to create a GCP IAM user which has access only to a specific Google Monitoring dashboard? I figured it should be possible via conditional role bindings, but monitoring dashboards are not a supported resource.
Are there other ways to achieve this?
As mentioned by #Kamelia Y, at this time such feature is not available yet and there is a Feature Request in the public tracker: https://issuetracker.google.com/147039227
There is not an available workaround for real-time separation of metrics.
However, a project owner can achieve this separation via exporting their metrics manually and sending the appropriate information to the appropriate user. Here are two examples of exporting Stackdriver Monitoring metrics using App Engine/PubSub [1] or using Colab/Monitoring API [2]. Both use BigQuery to query the data and Cloud Scheduler to automate exporting the information.
[1] https://cloud.google.com/solutions/stackdriver-monitoring-metric-export
[2] https://medium.com/google-cloud/downsampling-and-exporting-stackdriver-monitoring-data-c3483e88a352

Monitoring Performance metrics more than one GCP environment

My requirement is to monitor performance metrics of GCP Environments. We have to monitor more than one GCP environment (Service Account). Now Problem is how can I set the all service Accounts JSON files in Environment variable "GOOGLE_APPLICATION_CREDENTIALS".
creating MetricServiceClient like below after setting JSON file in an environment variable
MetricServiceClient client = MetricServiceClient.create()
Is there another way to create MetricServiceClient using credentials.
I suggest you use the StackDriver Workspace and add all the GCP Project you want to monitor to that workspace. Here is the detailed guide https://cloud.google.com/monitoring/workspaces/guide.
By using a single Workspace for all GCP Project, you will have all the Metrics/Logging data in a single place and then you can use one set of credentials to access all GCP Project Monitoring data.
If the Single workspace is not a feasible option, then you can create a single GCP Service account and add StackDriver related permission from all the projects. Then you can use this service account to interact with Stackdriver metrics.
Note: Always try to use the principle of least privilege
Hope this helps.

How to create StackDriver Workspace in GCP using API or Terraform Template

I would like to create a Stackdriver Workpace programmatically by Using Scripts, Terraform template or API as I need to avoid manual steps to create Stackdriver workspace for each projects manually. It should be a part of terraform or API to create it automatically for the projects required Stackdriver monitoring
Can any one provide a solution or suggestions for the same.
Thank you.
Ashok
This feature is not available yet. more info here

Can I monitor multiple projects in one place using Google Cloud Platform?

I have multiple projects in GCP and I am trying to read all my projects' logs in one place.
Any suggestions?
Unlike monitoring, Stackdriver logging UI does not provide a multi-project view of logs.
It is possible to query the logs from multiple projects using the API. See the resourceNames (or projectIds) field https://cloud.google.com/logging/docs/reference/v2/rest/v2/entries/list
It's also possible to export logs from multiple projects to one place: https://cloud.google.com/logging/docs/export/
You can check our documentation about Monitoring multiple projects using a single Stackdriver account that can contain up to 100 GCP projects for more details.
A project organizes all your Google Cloud Platform resources. A project consists of a set of users; a set of APIs; and billing, authentication, and monitoring settings for those APIs. So, for example, all of your Cloud Storage buckets and objects, along with user permissions for accessing them, reside in a project. You can have one project, or you can create multiple projects and use them to organize your Google Cloud Platform resources, including your Cloud Storage data, into logical groups.
Users can only view and list projects they have access to via IAM roles. The Organization Admin can view and list all projects in the organization.
For logging you have to pass the project id:
projects/[PROJECT_ID]/logs/
Reference: https://cloud.google.com/logging/docs/