When you set up a Google Cloud Platform integration, you have to give the Wavefront service permissions to access the data you want to visualize and analyze.
Data flows from GCP to Tanzu Observability only if the account has the required access. You have several options, discussed in detail below
|Assign predefined roles||In most cases, it makes sense to give the Wavefront account a small set of predefined roles.|
|Create IAM policy to specify limited access||Explicitly specify the access settings in a custom IAM policy.|
Assign Predefined Roles
You can assign the following predefined roles, depending on which aspect of GCP you want to monitor:
|Billing||Compute Viewer, Storage Admin|
|To AutoDetect GKE clusters||GKEHub Viewer|
Giving Limited Access
Instead of using the roles above, you can predefine a custom role and assign the following permissions.
|To AutoDetect GKE clusters||