How Kubernetes cluster accesses event notification alarm

The alarm configuration function provides the unified management of the container scenario alarm capability, including the container service exception event alarm, and the container scenario indicator alarm. The alarm function is enabled by default when creating a cluster. The alarm rules of the container service support configuration management by deploying CRDs within the cluster. This article describes how to access the alarm configuration function and grant access to the alarm function resources.

Function usage scenarios

The container service alarm configuration function integrates the monitoring and alarm capabilities of container scenarios and provides unified configuration management of alarms. There are several typical use scenarios as follows:

• Cluster operation and maintenance can understand the cluster control, storage, network, elastic expansion and contraction and other abnormal events at the first time through monitoring and alarm. For example, general exceptions of cluster nodes or container nodes can be sensed by configuring and viewing the cluster exception event alarm rule set; Perception of changes and exceptions in cluster storage by configuring and viewing the cluster storage exception event alarm rule set; Perceive changes and exceptions in the cluster network by configuring and viewing the cluster network exception event alarm rule set; The change and exception of cluster control can be perceived by configuring and viewing the cluster control operation and maintenance exception alarm rule set.

• Application development can know whether the abnormal events and indicators of the application running in the cluster are abnormal at the first time by monitoring the alarm. For example, the cluster container copy is abnormal or whether the CPU and memory water level indicators of the application deployment exceed the threshold. By opening the default alarm rule template in the alarm configuration function, you can quickly accept the exception event alarm notification of the application container copy in the cluster. For example, by configuring and subscribing to the cluster container replica exception alarm rule set, we can sense whether the Pod of the application is abnormal.

• Application management focuses on a series of issues running through the application life cycle, such as application health, capacity planning, cluster operation stability, exceptions and even error alarms. For example, all abnormal alarms such as Warning and Error in the cluster can be sensed by configuring and subscribing to the cluster important event alarm rule set; Pay attention to the cluster resource exception alarm rule set to sense the resource situation of the cluster, so as to make better capacity planning.

• Multi-cluster management When you have multiple clusters to manage, configuring alarm rules for the cluster is often a repetitive and difficult operation to synchronize. The container service alarm configuration function supports the management of alarm rules by deploying CRD configuration within the cluster. By maintaining the same configured CRD resources in multiple clusters, the synchronous configuration of alarm rules in multiple clusters can be realized conveniently and quickly.

prerequisite

• You need to create a registered cluster and connect the self-built Kubernetes cluster to the registered cluster. For details, see Creating an AliCloud registration cluster and accessing the self-built Kubernetes cluster.

Step 1: Configure RAM permissions of alarm components in the self-built cluster

Before installing components in the registration cluster, you need to set the permissions of AK to access cloud services in the access cluster. Before setting AK, you need to create RAM users and add permissions to access relevant cloud resources.

1. Create RAM user. For specific steps on how to create RAM users, see Creating RAM Users.

2. Create a permission policy. For specific steps to create a permission policy, see Creating a Custom Policy. Please authorize RAM permissions as follows:

3. Add permissions for RAM users. For specific steps on how to authorize RAM users, see Authorizing RAM Users.

4. Create AK for RAM users. For how to create an AK for a sub-account, see Getting AccessKey.

5. Use AK to create a secret resource named alibaba-addon-secret in the self-built Kubernetes cluster. In step 2, when installing the relevant components of the event center, this AK will be automatically referenced to access the corresponding cloud service resources.

kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=' --from-literal='access-key-secret='

You need to replace the above code and with the AK information you obtained.

Step 2: Component installation and upgrade

The console will automatically detect whether the alarm configuration environment meets the requirements, and will guide the activation or installation and upgrade of components.

1. Log in to the container service management console.

2. In the left navigation bar of the console, click Cluster.

3. On the cluster list page, click the target cluster name or the details under the operation column on the right of the target cluster.

4. In the left navigation bar of the cluster management page, select Operation and Maintenance Management>Alarm Configuration.

5. The console will automatically check the following conditions on the alarm configuration page. If the conditions are not met, please follow the prompts below to complete the operation.

• SLS log service cloud products have been opened. When you first use the log service, you need to log in to the log service console and activate the log service according to the prompts on the page.

• The Event Center is installed. For specific operations, see Event Monitoring.

• Upgrade the cluster managed component alicloud-monitor-controller to the latest version. For more information, see alicloud-monitor-controller

How to access the alarm configuration function

Step 1: Enable the default alarm rule

The corresponding alarm rules can be enabled in the registered cluster.

1. Select Operation and Maintenance Management>Alarm Configuration Configuration Management in the left navigation bar of the target cluster.

2. On the alarm rule management tab, open the start status to open the corresponding alarm rule set.

Step 2: Manually configure alarm rules

It can manage alarm rules, contacts and contact groups.

1. Log in to the container service management console.

2. In the left navigation bar of the console, click Cluster.

3. On the cluster list page, click the target cluster name or the details under the operation column on the right of the target cluster.

4. In the left navigation bar of the cluster management page, select Operation and Maintenance Management>Alarm Configuration.

How to configure alarm rules through CRD

When the alarm configuration function is enabled, a resource configuration of AckAlertRule type will be created under the kube-system Namespace by default, including the default alarm rule template. The container service alarm rule set can be configured in the cluster through this resource.

1. Log in to the container service management console.

2. In the left navigation bar of the console, click Cluster.

3. On the cluster list page, click the target cluster name or the details under the operation column on the right of the target cluster.

4. In the left navigation bar of the cluster management page, select Operation and Maintenance Management>Alarm Configuration.

5. In the alarm rule management tab, click the upper right corner to edit the alarm configuration to view the AckAlertRule resource configuration in the current cluster and modify it through YAML file.

Default alarm rule template

ACK will create corresponding alarm rules by default in the following cases:

• Enable the default alarm rule function.

• If the default alarm rule is not enabled, enter the alarm rule page for the first time.

The alarm rules created by default are shown in the following table.