Reputation: 867
Google stackdriver monitoring agent behind firewall
I have a Google compute engine vm ubuntu host with stackdriver monitoring agent installed.
The vm host has a VPC firewall rule to deny all communication apart from a proxy server (to get system updates) and it has only an internal IP. I have configured the stack driver agent according to doc's at https://cloud.google.com/monitoring/agent/install-agent.
The monitoring agent is unable to send monitor data to stackdriver unless i turn off the firewall rule. What changes should i make to the VPC firewall rule in order for the agent to able to send data to stackdriver?
Upvotes: 1
Views: 911
Answers (1)
Reputation: 81444
Stackdriver uses HTTPS to communicate with the Google API endpoints.
However, if your VM only has private IP addresses, you must also configure Private Google Access. I cover the requirements in this article:
https://www.jhanley.com/google-compute-stackdriver-logging-installation-setup-debugging/
These endpoints must be reachable for Stackdriver logging and monitoring to function:
- oauth2.googleapis.com
- monitoring.googleapis.com
- stackdriver.googleapis.com
Upvotes: 3
Related Questions
- GCP/Stackdriver: Uptime Checks for an authenticated API
- GCP incident wont resolve
- GCP Stackdriver alert on metric not absent
- GCP stackdriver-agent installed on VM send strange logs every minute
- remove and reinstall/update stackdriver-agent
- Stackdriver Monitoring with full access scope not authorized
- Installing Monitoring Agent on multiple VMs at the same time
- Google stackdriver default port blocked by firewall rule
- Stackdriver Monitoring automation
- Google Cloud Platform: "Update Google Stackdriver monitoring agent"