Log Service provides built-in alert monitoring rules. If you want to monitor a Kubernetes cluster in real time, you need only to add an alert instance. An alert instance allows Log Service to send alert notifications by using different methods such as DingTalk. This topic describes how to configure alerts.

Prerequisites

An event center is created in K8s Event Center, and Kubernetes cluster events are collected to the event center. For more information, see Create and use a Kubernetes event center.

Background information

K8s Event Center provides the following built-in resources: alert monitoring rules, ACK action policy, ACK user group, ACK-pod alert template, ACK alert template, ACK-node alert template, and ACK-object alert template. The built-in resources can meet the requirements of most alerting scenarios. Before you use the built-in resources, take note of the following items:
  • You can specify the ACK alert policy in an alert monitoring rule.
  • You can specify the ACK user group and an alert template in the ACK alert policy. The alert template can be the ACK-pod alert template, ACK alert template, ACK-node alert template, or ACK-object alert template.

    After an alert is triggered, Log Service sends an alert notification to the specified users based on the action policy.

Step 1: Create a user

  1. Log on to the Log Service console.
  2. In the Log Application section, click the Intelligent O&M tab and click K8s Event Center.
  3. In the left-side navigation pane, click the K8s Event Center-002 icon of the event center that you want to manage. Then, click Alert Configuration.
  4. On the Alert Center page, choose Alert Management > User Management.
  5. Create a user.
    For more information, see Create users.

Step 2: Add the user to the ACK user group

  1. On the Alert Center page, choose Alert Management > User Group Management.
  2. In the user group list, click Edit for sls.app.ack.builtin.
  3. In the Edit User Group dialog box, add the user that you create from the Available Members section to the Selected Members section. Then, click OK.

Step 3: Add an alert instance

Log Service provides dozens of built-in alert monitoring rules for K8s Event Center. You need only to add an alert instance based on your business requirements. In the following example, an alert instance is added to the alert monitoring rule Cluster Node Ready.

  1. On the Alert Rules/Incidents tab of the Alert Center page, click SLS K8s Event Center.
    K8s Event Center
  2. In the alert monitoring rule list, find Cluster Node Ready and click Settings in the Actions column.
  3. In the Parameter Settings dialog box, configure the following parameters and click Save and Enable.
    Parameter Description
    ACK Cluster ID Enter the ID or name of a Kubernetes cluster.

    The cluster is the one that you use when you deploy the eventer and node-problem-detector components. For more information, see Deploy eventer and node-problem-detector components.

    Action Policy Select an action policy for the alert monitoring rule. Log Service sends alert notifications to the specified users based on this action policy.

    Default value: sls.app.ack.builtin, which indicates the ACK action policy. You can also create a custom action policy. For more information, see Create an action policy.

    Repeat Interval Specify a period to prevent repeated notifications. In this period, Log Service does not notify you of repeated alerts. Examples: 1d, 2h, and 3m, which indicate 1 day, 2 hours, and 3 minutes.
    Severity Specify the severity of the alert message.
  4. Click Save and Enable.

What to do next

After you configure the alerts for an event center, you can perform the following operations.

Operation Description
Disable an alert instance If you disable an alert instance, the value in the Status column of the alert instance changes to Not Enabled, and alerts are no longer triggered based on the alert instance.

The configurations of the alert monitoring rule are not deleted. If you want to enable the alert instance again, you do not need to reconfigure the parameters of the alert monitoring rule.

Pause an alert instance If you pause an alert instance, alerts are not triggered based on the alert instance within a specified period of time.
Delete an alert instance If you delete an alert instance, the value in the Status column of the alert instance changes to Not Created.

The configurations of the alert monitoring rule are deleted. If you want to enable the alert instance again, you must reconfigure the parameters of the alert monitoring rule.

Reconfigure an alert instance You can reconfigure the parameters of an alert instance.
View You can view the general information and historical report of an alert.
Follow You can add an alert instance to the list that you follow.
Customize an alert monitoring rule If a built-in alert monitoring rule does not meet your business requirements, you can click Create Alert to create a custom alert monitoring rule. For more information, see Create an alert monitoring rule for logs.