I’m unfamiliar with JMX but familiar with GCP including Cloud Run.
I’ve implemented something similar(ish) using Prometheus (and Cloud Endpoints for app security), multiplexing the app and metrics on 8080.
IIUC the monitoring agent (based on collectd):
- collects metrics uses a predefined port
- ships these to Cloud Monitoring (formerly Stackdriver)
As you know, Cloud Run is container-based and only permits a single port (
I suspect it would be messy (and likely not supported by Google) to try to bundle the agent in the app’s container but that the agent would be able to call home (Cloud Monitoring) though still, though perhaps with some IAM tweaking.
It would be great if Cloud Run permitted multiple containers per service
Potentially, you can multiplex JMX and your app traffic over 8080.
It would be great if Cloud Run permitted multiple ports per service
Then, your regular users could access the app and the monitoring agent (running elsewhere) could ping the JMX metrics on the same service port and ship these to Cloud Monitoring.
You’d need to be more mindful of security. You can craft JWTs to authenticate to Cloud Run though these are more “prickly” with Cloud Run because each service requires a specific JWT using the service’s endpoint to form its audience.
You’d likely want to prohibit authenticated app users from capturing your JMX metrics too.
I’m assuming there’s no restriction on routing JMX traffic through Google’s frontend to Cloud Run services.
CLICK HERE to find out more related problems solutions.