GCP

Signals Provided

Infrastructure Entities - Complete infrastructure topology including compute, storage, and networking resources
Logs - Application and container logs for correlation with root causes
Metrics - Performance metrics from applications and infrastructure
Service Discovery - Automatic discovery of services, workloads, and infrastructure components
Symptoms - Automatic symptom detection from metrics, traces, and external monitoring systems

Overview

Causely provides comprehensive native integration with Google Cloud Platform (GCP) to help you identify and resolve infrastructure and managed service reliability issues before they impact your users.

Instead of only monitoring isolated metrics or alerts, Causely analyzes real-time signals from your GCP environment to infer the underlying causes of performance degradation and reliability risk across your cloud services.

By setting up the GCP integration, you will be able to:

Identify causes for reliability issues originating from your GCP infrastructure and services, including:

Service Congestion and Service Malfunction
Application Load Balancer Misconfiguration issues
Authentication and Network Policy misconfigurations
Memory Pressure and CPU Congested issues
Disk Pressure and I/O congestion

Observe GCP resources as first-class entities in the Causely Topology Graph, including their relationships to Kubernetes workloads, managed services, and downstream dependencies

Monitor performance and health metrics from GCP-native sources with automatic correlation to service impact and causal diagnoses

To set up this integration, you need a Service Account with Viewer-level access on the GCP projects you want to monitor.

Supported GCP Services

Causely integrates with the following GCP services to provide comprehensive observability and causal inference:

Cloud Bigtable
Cloud Load Balancing
Cloud Memorystore for Redis
Cloud Memorystore for Redis (Cluster mode)
Cloud Pub/Sub
Cloud Run
Cloud SQL (MySQL and PostgreSQL)
Compute Engine
Persistent Disks

Step 1: Create a Service Account (SA)

Use the following gcloud command to create an SA:

gcloud iam service-accounts create causely \
  --description="causely" \
  --display-name="causely"

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:causely@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/viewer"

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:causely@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/monitoring.viewer"

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:causely@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/bigtable.viewer"

Step 2: Provide GCP Credentials to the Mediator

Choose one of the following authentication options.

Option A: Service Account JSON

After creating the SA, save its credentials .json in a Kubernetes Secret.

kubectl create secret --namespace causely generic gcp-credentials \
  --from-file=service_account.json=path_to_service_account.json \
  --from-literal=project_id=PROJECT_ID

Option B: GKE Workload Identity Federation (Recommended)

Use Workload Identity to bind a Kubernetes Service Account (KSA) to a Google Service Account (GSA). See the GCP guide for details: Kubernetes Engine Workload Identity guide.

Grant the KSA permission to impersonate the GSA:

gcloud iam service-accounts add-iam-policy-binding <GSA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com \
  --role roles/iam.workloadIdentityUser \
  --member "serviceAccount:<PROJECT_ID>.svc.id.goog[<NAMESPACE>/<KSA_NAME>]"

Example:

gcloud iam service-accounts add-iam-policy-binding monitor@playground-377422.iam.gserviceaccount.com \
  --role roles/iam.workloadIdentityUser \
  --member "serviceAccount:playground-377422.svc.id.goog[causely/causely-mediator]" \
  --project=playground-377422

Annotate the mediator KSA in values.yaml to use the GSA:

mediator:
  serviceAccount:
    annotations:
      iam.gke.io/gcp-service-account: <GSA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com

Create a Kubernetes Secret to enable the GCP integration

kubectl create secret --namespace causely generic gcp-credentials

Step 3: Update Causely Configuration

Once the Secret is created, update the Causely configuration to enable scraping for the new project. Below is an example configuration:

scrapers:
  gcp:
    enabled: true
    projects:
      - secretName: gcp-credentials
        namespace: causely

Alternative: Enable Credentials Autodiscovery

Causely also supports credentials autodiscovery. This feature allows you to add new scraping targets without updating the Causely configuration. Simply label the Kubernetes Secret to enable autodiscovery for the corresponding scraper.

Example: Labeling Secrets for Autodiscovery

kubectl --namespace causely label secret gcp-credentials "causely.ai/scraper=GCP"

With these steps, you can seamlessly integrate Causely with the Google Cloud API and configure it to monitor your desired resources.

Configure individual Resources

You have to enable the resources you want causely to discover and monitor.

Overview​

Supported GCP Services​

Step 1: Create a Service Account (SA)​

Step 2: Provide GCP Credentials to the Mediator​

Option A: Service Account JSON​

Option B: GKE Workload Identity Federation (Recommended)​

Step 3: Update Causely Configuration​

Alternative: Enable Credentials Autodiscovery​

Example: Labeling Secrets for Autodiscovery​

Configure individual Resources​