github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml (about) 1 {{- /* 2 Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml 3 Do not change in-place! In order to change this file first read following link: 4 https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack 5 */ -}} 6 {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} 7 {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} 8 apiVersion: monitoring.coreos.com/v1 9 kind: PrometheusRule 10 metadata: 11 name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }} 12 namespace: {{ template "kube-prometheus-stack.namespace" . }} 13 labels: 14 app: {{ template "kube-prometheus-stack.name" . }} 15 {{ include "kube-prometheus-stack.labels" . | indent 4 }} 16 {{- if .Values.defaultRules.labels }} 17 {{ toYaml .Values.defaultRules.labels | indent 4 }} 18 {{- end }} 19 {{- if .Values.defaultRules.annotations }} 20 annotations: 21 {{ toYaml .Values.defaultRules.annotations | indent 4 }} 22 {{- end }} 23 spec: 24 groups: 25 - name: kubernetes-system-apiserver 26 rules: 27 {{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }} 28 - alert: KubeClientCertificateExpiration 29 annotations: 30 {{- if .Values.defaultRules.additionalRuleAnnotations }} 31 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 32 {{- end }} 33 description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 7.0 days. 34 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration 35 summary: Client certificate is about to expire. 36 expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on (job, verrazzano_cluster) histogram_quantile(0.01, sum by (job, le, verrazzano_cluster) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 37 for: 5m 38 labels: 39 severity: warning 40 {{- if .Values.defaultRules.additionalRuleLabels }} 41 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 42 {{- end }} 43 {{- end }} 44 {{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }} 45 - alert: KubeClientCertificateExpiration 46 annotations: 47 {{- if .Values.defaultRules.additionalRuleAnnotations }} 48 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 49 {{- end }} 50 description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 24.0 hours. 51 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration 52 summary: Client certificate is about to expire. 53 expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on (job, verrazzano_cluster) histogram_quantile(0.01, sum by (job, le, verrazzano_cluster) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 54 for: 5m 55 labels: 56 severity: critical 57 {{- if .Values.defaultRules.additionalRuleLabels }} 58 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 59 {{- end }} 60 {{- end }} 61 {{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIErrors | default false) }} 62 - alert: KubeAggregatedAPIErrors 63 annotations: 64 {{- if .Values.defaultRules.additionalRuleAnnotations }} 65 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 66 {{- end }} 67 description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m. 68 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapierrors 69 summary: Kubernetes aggregated API has reported errors. 70 expr: sum by (name, namespace, cluster, verrazzano_cluster)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 71 labels: 72 severity: warning 73 {{- if .Values.defaultRules.additionalRuleLabels }} 74 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 75 {{- end }} 76 {{- end }} 77 {{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIDown | default false) }} 78 - alert: KubeAggregatedAPIDown 79 annotations: 80 {{- if .Values.defaultRules.additionalRuleAnnotations }} 81 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 82 {{- end }} 83 description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. 84 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapidown 85 summary: Kubernetes aggregated API is down. 86 expr: (1 - max by (name, namespace, cluster, verrazzano_cluster)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 87 for: 5m 88 labels: 89 severity: warning 90 {{- if .Values.defaultRules.additionalRuleLabels }} 91 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 92 {{- end }} 93 {{- end }} 94 {{- if .Values.kubeApiServer.enabled }} 95 {{- if not (.Values.defaultRules.disabled.KubeAPIDown | default false) }} 96 - alert: KubeAPIDown 97 annotations: 98 {{- if .Values.defaultRules.additionalRuleAnnotations }} 99 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 100 {{- end }} 101 description: KubeAPI has disappeared from Prometheus target discovery. 102 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapidown 103 summary: Target disappeared from Prometheus target discovery. 104 expr: absent(up{job="apiserver"} == 1) 105 for: 15m 106 labels: 107 severity: critical 108 {{- if .Values.defaultRules.additionalRuleLabels }} 109 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 110 {{- end }} 111 {{- end }} 112 {{- end }} 113 {{- if not (.Values.defaultRules.disabled.KubeAPITerminatedRequests | default false) }} 114 - alert: KubeAPITerminatedRequests 115 annotations: 116 {{- if .Values.defaultRules.additionalRuleAnnotations }} 117 {{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} 118 {{- end }} 119 description: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. 120 runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapiterminatedrequests 121 summary: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. 122 expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 123 for: 5m 124 labels: 125 severity: warning 126 {{- if .Values.defaultRules.additionalRuleLabels }} 127 {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} 128 {{- end }} 129 {{- end }} 130 {{- end }}