GCP

Connecting Hawkeye to your Google Cloud Platform (GCP) environment allows us to collect telemetry data such as resource configurations, audit logs, and metrics from various services on your GCP account.

The scope of data accessible to Hawkeye depends on the permissions granted to the service account used for the connection.

Note

For each step, we’ve created a short demo walkthrough and a step-by-step guide. You can check out the demo for a visual guide to setting up your GCP connection!

Step 1: Create a Service Account in GCP

Fig.1 - A walkthrough of how to create a service account in GCP

Start by creating a service account that Hawkeye will use to access your GCP resources.

1. Access IAM & Admin: Navigate to the IAM & Admin section in the GCP Console.

   

   Fig.2 - Access IAM & Admin

2. Create a new service account: In the IAM & Admin dashboard, select Service Accounts > Create Service Account.

   

   Fig.3 - Create new service account

3. Configure the service account: Enter a Name for the service account and optionally a description. Click Create and Continue.

   

   Fig.4 - Configure service account

4. Assign roles to the service account: Assign the following roles to the service account:

   Tip

   Use an overall kubernetes cluster viewer role, and enabling workload identity to push those permissions down to each cluster. Here’s the relevant article:

   • Viewer: Needed for config, logs, and metrics dat.
   • Logs Viewer: To access logs.
   • Kubernetes Engine Cluster Viewer: Needed for kubernetes access to get config for cluster
   • BigQuery Data Viewer: Needed if they integrate with BigQuery

   Note

   Hawkeye requires BigQuery to be enabled to ensure accurate analysis.

   

   Fig.5 - Assign roles

5. Create a key for the service account: After assigning roles, choose to create a new key for the service account in JSON format. This key will be downloaded to your machine and used to authenticate the service account in Hawkeye.

   

   Fig.6 - Create a key for service account

6. Store the service account key: Safeguard this key, as it will be required when connecting your GCP account to Hawkeye.

Step 2: Add GCP Connection to Hawkeye

With your service account ready, follow these simple steps to add GCP connection to Hawkeye.

1. Navigate to the connections tab: On the Hawkeye dashboard, go to the Connections section and select New Connection.

   

   Fig.7 - Add GCP connection to Hawkeye

2. Select GCP connection: From the list of available connections, select Google Cloud Platform.

3. Enter credentials: Provide the following details:

   • Name: The name of the connection. This field is required.

   • Description: A brief description of the connection. This is optional.

   • Select Telemetry Sources: Choose which telemetry categories projects can use from this connection. Changes apply after saving. This field is required.

     Note

     • To Add a Telemetry: Click on the ”+” icon of the telemetry.

     • To Remove a Telemetry: Click on the “x” icon of the telemetry.

   • Service Account Key: Paste the JSON key file you generated in Step 1. This is also a required field.

     

     Fig.8 - Enter credentials

4. Verify connection: Click Save and verify that the connection is successful. If so, you’ll see the connection appear as active in the Hawkeye dashboard.