I’m trying to set up alerting on our HA VPN gateways, so that if any of the tunnels are down we get an alert raised.
I can get it so that it is applied as a single alerting policy, for all gateways within a project, however ideally I want the policy to be configured per gateway, as each gateway can have a different number of VPN’s terminating on it, and I can then see which environments are affected by their failure.
Within the GCP console, you can select the gateway_name, to apply the filter to - this is what I need to achieve in terraform.
In my terraform, I can set a filter on the project easily enough using
filter = "metric.type=\"vpn.googleapis.com/tunnel_established\" resource.type=\"vpn_gateway\" resource.label.\"project_id\"=\"${local.project}\""
However, trying the same thing using the gateway_name resource fails
filter = "metric.type=\"vpn.googleapis.com/tunnel_established\" resource.type=\"vpn_gateway\" AND resource.label.\"gateway_name\"=\"${module.vpn_ha_gateway[0].ha-gateway-prod1-name}\""
Error creating AlertPolicy: googleapi: Error 400: The supplied filter does not specify a valid combination of metric and monitored resource descriptors. The query will not return any time series.
│
│ with module.ha_vpn_prod_alert_policy[0].google_monitoring_alert_policy.alert_policy,
│ on modules/terraform-gcp-alerting-policy/main.tf line 1, in resource "google_monitoring_alert_policy" "alert_policy":
│ 1: resource "google_monitoring_alert_policy" "alert_policy" {
│
How do I filter correctly to a single gateway_name? (Note that gateway_id which is the other filter option in the google console, isn’t exposed to terraform).
The working query, in MQL is
fetch vpn_gateway
| metric 'vpn.googleapis.com/tunnel_established'
| filter (metric.gateway_name == 'tbtst-prod1-ha-vpn-gateway-1')
| group_by 5m, [value_tunnel_established_mean: mean(value.tunnel_established)]
| every 5m
| condition val() < 3 '1'
As taken directly from the console, however this needs editing before it’s added to the terraform and this is where I’m failing.