Google Anthos Integration
Multi-cluster management metrics, policy enforcement, and service mesh health monitoring for Anthos. Monitor your hybrid and multi-cloud Kubernetes fleet from a single observability plane.
How It Works
Create a GCP Service Account
Create a service account with the Monitoring Viewer and GKE Hub Viewer roles. For on-premises and multi-cloud clusters, also bind the Connect Gateway reader permissions.
Enable Required APIs
Enable the Cloud Monitoring API, GKE Hub API, and Anthos API in your GCP project. TigerOps uses these to collect fleet membership metrics, policy violations, and service mesh telemetry.
Configure TigerOps Anthos Fleet
Add your GCP project credentials to TigerOps and specify the Anthos fleet to monitor. TigerOps auto-discovers all registered clusters — GKE, on-premises, AWS, and Azure — in your fleet.
Set Fleet and Policy Alerts
Configure policy violation alerts, cluster health thresholds, and service mesh SLO targets. TigerOps fires alerts when clusters go offline, policy violations are detected, or mesh SLOs are breached.
What You Get Out of the Box
Fleet Cluster Health Monitoring
Monitor the health status of all registered Anthos fleet clusters — GKE, on-premises, AWS EKS, and Azure AKS. TigerOps alerts when cluster connectivity to the fleet hub is lost or cluster health degrades.
Policy Enforcement Metrics
Track Anthos Policy Controller constraint violation counts, audit results, and enforcement mode status per cluster. TigerOps alerts on new policy violations and tracks remediation progress over time.
Service Mesh Health
Monitor Anthos Service Mesh (Cloud Service Mesh) request success rates, P99 latency, and mutual TLS status per service. TigerOps tracks mesh health SLOs across all clusters in your fleet.
Config Sync Status
Track Anthos Config Management sync status, last sync time, and sync error counts per cluster. TigerOps alerts when config sync falls behind or encounters errors, preventing fleet-wide drift from your desired state.
Multi-Cluster Ingress Metrics
Monitor Multi-Cluster Ingress backend health, request distribution across clusters, and failover events. TigerOps tracks which clusters are serving traffic and detects imbalanced request routing.
Workload Identity & Security
Monitor Workload Identity binding health across fleet clusters and track Binary Authorization attestation results. TigerOps surfaces unauthorized workload deployments that bypass policy controls.
Anthos Fleet Integration Setup
Configure TigerOps to monitor your Anthos fleet clusters, policy enforcement, and service mesh health.
# TigerOps Google Anthos Integration
# Required IAM roles:
# roles/monitoring.viewer
# roles/gkehub.viewer
# roles/anthos.viewer
integrations:
gcp_anthos:
project_id: "your-gcp-project-id"
credentials_file: "./tigerops-sa-key.json"
# Fleet hub project (may differ from workload project)
fleet_project_id: "your-fleet-project-id"
# Cluster types to monitor
cluster_types:
- gke
- on_prem
- aws
- azure
scrape_interval: 60s
metrics:
# Fleet cluster health
- gkehub.googleapis.com/fleet/cluster_count
# Service mesh
- istio.io/service/server/request_count
- istio.io/service/server/response_latencies
# Config Management
- configmanagement.googleapis.com/cluster/sync_duration_seconds
- configmanagement.googleapis.com/cluster/error_count
alerts:
cluster_offline: true
policy_violation_count: 1
config_sync_lag_seconds: 300
mesh_error_rate_percent: 1.0
mesh_latency_p99_ms: 1000Common Questions
Does TigerOps monitor Anthos clusters running on-premises and on other clouds?
Yes. TigerOps monitors all cluster types registered to an Anthos fleet — including GKE clusters on GCP, Anthos clusters on VMware (on-premises), Anthos clusters on AWS, and Anthos clusters on Azure. Metrics are collected via the GKE Hub API and Cloud Monitoring.
How does TigerOps monitor Anthos Service Mesh health?
TigerOps collects Anthos Service Mesh (Istio) metrics from the Cloud Monitoring API under the istio.io metric namespace. This includes request counts, error rates, latency percentiles, and mTLS handshake success rates per service and cluster.
Can TigerOps alert when an Anthos Config Management sync fails?
Yes. TigerOps monitors the config.kubernetes.io/last-sync-time and sync error metrics for each cluster in your fleet. If Config Management fails to sync within your configured window, TigerOps fires an alert with the cluster name, last successful sync time, and the error details.
How does TigerOps track Policy Controller violations across a large fleet?
TigerOps aggregates Policy Controller audit results across all fleet clusters and provides a fleet-wide violation dashboard. You can filter by cluster, namespace, constraint type, and severity. TigerOps also tracks violation trends over time to show whether your policy compliance posture is improving.
Does TigerOps support Anthos on bare metal clusters?
Yes. Anthos clusters on bare metal can be registered to the Anthos fleet and monitored via the GKE Hub API. System metrics from bare metal nodes are collected through the Cloud Monitoring API after installing the Anthos monitoring agents on the cluster.
Unified Observability Across Your Entire Anthos Fleet
Fleet cluster health, policy violation tracking, Config Sync monitoring, and service mesh SLOs — all in one place. Connect in minutes.