New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port coredns errors alert #184
Port coredns errors alert #184
Conversation
Signed-off-by: Ben Ye <yb532204897@gmail.com>
/lgtm |
severity: critical | ||
annotations: | ||
message: "CoreDNS is returning SERVFAIL for {{ $value | humanizePercentage }} of requests." | ||
- alert: CoreDNSErrorsHigh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think having only one CoreDNSErrorsHigh
alert would be best, in order to remove duplicate alerts and thus minimize "alert fatigue". As far as which value to use (.03 vs .01), I don't have any strong opinions on which one to use. Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to keep the 0.01
one since I don't think it is really necessary to add a critical level alert here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RiRa12621 Hello, would you mind taking a look at this? Which alert should we use? The critical one or the warning one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for warning from me
/cc @jewzaam
Signed-off-by: Ben Ye <yb532204897@gmail.com>
(sum(rate(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"}[5m])) | ||
/ | ||
sum(rate(coredns_dns_response_rcode_count_total[5m]))) | ||
> 0.01 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trying to grok what this expr is attempting to do. It's a % of SERFAIL rate change sums over 5 minute increments and alerts if it's over 1%?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yeya24 not really clear what this is trying to do with the sum mixed in. Can this be written with it and simplify the query? If we're trying to say "if the rate of failures increases by more than 1% of total responses over a 5 minute period of time" that would be:
expr: |
sum(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"})
/
sum(coredns_dns_response_rcode_count_total)
> 0.01
for: 5m
The difference is we're not looking at the change in failures over time. I think this is better unless we assume there's some high chance of 1% of responses failing in a 5 min period. The original query is looking at the changes in rates over time. You could exclude sum given the alert is "for: 5m". So if your rate of errors goes up slow enough relative to the rate of total responses you can have an ever increasing number of failures as long as the change over time isn't more than 1% in a 5 minute block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's some misunderstanding of what the sum
function does here. From my understanding, the sum
function is just combining the rates for each separate server/zone, to arrive at a single aggregated rate measurement.
So I don't think we would want to exclude sum
here. @yeya24 does that sound right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, I left sum
in and removed rate
. I see risk with sum of rates over time in that subtle cumulative increases in failure rates over time will not trip the alert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late.
expr: |
sum(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"})
/
sum(coredns_dns_response_rcode_count_total)
> 0.01
for: 5m
This query calculates the failure ratio over all the responses, which is not what I want.
rate
restricts the samples in 5min and IMO this makes sense in this context.
/lgtm |
Thanks @yeya24 ! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RiRa12621, sgreene570, yeya24 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This pr updates the existing
CoreDNSPanicking
metric and add alerts forCoreDNSErrorsHigh
. For more context, please check https://coreos.slack.com/archives/CCH60A77E/p1595256269123600