Slide 7 of 12

GCP metrics - Grafana Alloy

How it works

Note: Unlike AWS and Azure, GCP requires deploying Grafana Alloy. There is no serverless “scrape job” option.

GCP metrics Alloy architecture: Alloy pulls from Cloud Monitoring across projects, pushes to Grafana Cloud Mimir

Complexity: Moderate | Infrastructure: GCE or GKE | Latency: Configurable

Authentication options

AuthenticationDescription
Service account (JSON key)Simple setup, requires key rotation
Workload identityNo keys to manage, more secure

Trade-offs

ProsCons
Multi-project from one agentDeploy and manage Alloy
Workload identity optionInfrastructure to maintain
Full processing pipeline
Converts to PromQL

Documentation

View the full documentation. Learning path coming soon!

GCP metrics

Script

Now for GCP, and here’s an important difference. Unlike AWS and Azure, GCP doesn’t have a serverless scrape option. You need to deploy Grafana Alloy to collect metrics from Cloud Monitoring.

Alloy uses an embedded Stackdriver exporter to pull metrics and send them to Grafana Cloud.

You have two authentication options. The simpler approach is a service account with a JSON key file. Download it from GCP, configure it in Alloy, and you’re collecting metrics.

But if you’re security-conscious, and you should be, there’s a better way: workload identity. Deploy Alloy in GKE or on a GCE instance, and it authenticates using the identity of the pod or VM. No JSON keys to leak, no rotation schedules. It just works.

Alloy also gives you a full processing pipeline. Filter out metrics you don’t need, relabel for consistency, aggregate high-cardinality data.

Yes, you’re running infrastructure, but for GCP, that’s the only path to getting metrics into Grafana Cloud.

/
Previous Next