Port coredns errors alert #184
Conversation
Signed-off-by: Ben Ye <yb532204897@gmail.com>
|
/lgtm |
| severity: critical | ||
| annotations: | ||
| message: "CoreDNS is returning SERVFAIL for {{ $value | humanizePercentage }} of requests." | ||
| - alert: CoreDNSErrorsHigh |
There was a problem hiding this comment.
I think having only one CoreDNSErrorsHigh alert would be best, in order to remove duplicate alerts and thus minimize "alert fatigue". As far as which value to use (.03 vs .01), I don't have any strong opinions on which one to use. Thoughts?
There was a problem hiding this comment.
I prefer to keep the 0.01 one since I don't think it is really necessary to add a critical level alert here.
There was a problem hiding this comment.
@RiRa12621 Hello, would you mind taking a look at this? Which alert should we use? The critical one or the warning one?
Signed-off-by: Ben Ye <yb532204897@gmail.com>
| (sum(rate(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"}[5m])) | ||
| / | ||
| sum(rate(coredns_dns_response_rcode_count_total[5m]))) | ||
| > 0.01 |
There was a problem hiding this comment.
Trying to grok what this expr is attempting to do. It's a % of SERFAIL rate change sums over 5 minute increments and alerts if it's over 1%?
There was a problem hiding this comment.
@yeya24 not really clear what this is trying to do with the sum mixed in. Can this be written with it and simplify the query? If we're trying to say "if the rate of failures increases by more than 1% of total responses over a 5 minute period of time" that would be:
expr: |
sum(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"})
/
sum(coredns_dns_response_rcode_count_total)
> 0.01
for: 5mThe difference is we're not looking at the change in failures over time. I think this is better unless we assume there's some high chance of 1% of responses failing in a 5 min period. The original query is looking at the changes in rates over time. You could exclude sum given the alert is "for: 5m". So if your rate of errors goes up slow enough relative to the rate of total responses you can have an ever increasing number of failures as long as the change over time isn't more than 1% in a 5 minute block.
There was a problem hiding this comment.
I think there's some misunderstanding of what the sum function does here. From my understanding, the sum function is just combining the rates for each separate server/zone, to arrive at a single aggregated rate measurement.
So I don't think we would want to exclude sum here. @yeya24 does that sound right?
There was a problem hiding this comment.
I agree, I left sum in and removed rate. I see risk with sum of rates over time in that subtle cumulative increases in failure rates over time will not trip the alert.
There was a problem hiding this comment.
Sorry for the late.
expr: |
sum(coredns_dns_response_rcode_count_total{rcode="SERVFAIL"})
/
sum(coredns_dns_response_rcode_count_total)
> 0.01
for: 5m
This query calculates the failure ratio over all the responses, which is not what I want.
rate restricts the samples in 5min and IMO this makes sense in this context.
|
/lgtm |
|
Thanks @yeya24 ! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RiRa12621, sgreene570, yeya24 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
This pr updates the existing
CoreDNSPanickingmetric and add alerts forCoreDNSErrorsHigh. For more context, please check https://coreos.slack.com/archives/CCH60A77E/p1595256269123600