Hello, I’m 
id:ne-sachirou, an application engineer on the Mackerel development team.
This article is intended for users who monitor GKE (Google Kubernetes Engine) with mackerel-container-agent.
In clusters newly created on GKE 1.32 and later, the kubelet read-only port is disabled by default.
Since mackerel-container-agent is configured to use the kubelet read-only port by default, it will not be able to collect metrics in this state.
To use mackerel-container-agent on GKE 1.32 and later, you need to configure it to use the kubelet default port by setting both of the following:
- Set the
MACKEREL_KUBERNETES_KUBELET_READ_ONLY_PORTenvironment variable to0 - Configure the ClusterRole appropriately
For more details, please refer to the help documentation.
For Autopilot Clusters
In GKE Autopilot clusters, the nodes/proxy permission required by mackerel-container-agent (as of February 26, 2025, version v0.11.2) cannot be set.
Therefore, the kubelet default port cannot be used through the usual configuration.
To use mackerel-container-agent on an Autopilot cluster, you need to enable the read-only port by configuring the cluster with the --autoprovisioning-enable-insecure-kubelet-readonly-port option.
As described above, if you are using mackerel-container-agent on GKE 1.32 or later, please review your settings accordingly.
Thank you for your continued support of Mackerel.
