可觀測監控 Prometheus 版警示規則包括ARMS警示規則、K8s警示規則、MongoDB警示規則、MySQL警示規則、Nginx警示規則、Redis警示規則。
ARMS警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
PodCpu75 | 100 * (sum(rate(container_cpu_usage_seconds_total[1m])) by (pod_name) / sum(label_replace(kube_pod_container_resource_limits_cpu_cores, "pod_name", "$1", "pod", "(.*)")) by (pod_name))>75 | 7 | Pod的CPU使用率大於75%。 |
PodMemory75 | 100 * (sum(container_memory_working_set_bytes) by (pod_name) / sum(label_replace(kube_pod_container_resource_limits_memory_bytes, "pod_name", "$1", "pod", "(.*)")) by (pod_name))>75 | 5 | Pod的記憶體使用量率大於75%。 |
pod_status_no_running | sum (kube_pod_status_phase{phase!="Running"}) by (pod,phase) | 5 | Pod的狀態為未運行。 |
PodMem4GbRestart | (sum (container_memory_working_set_bytes{id!="/"})by (pod_name,container_name) /1024/1024/1024)>4 | 5 | Pod的記憶體大於4GB。 |
PodRestart | sum (increase (kube_pod_container_status_restarts_total{}[2m])) by (namespace,pod) >0 | 5 | Pod重啟。 |
K8s警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
KubeStateMetricsListErrors | (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) / sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) > 0.01 | 15 | Metric List出錯。 |
KubeStateMetricsWatchErrors | (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) / sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) > 0.01 | 15 | Metric Watch出錯。 |
NodeFilesystemAlmostOutOfSpace | ( node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) | 60 | Node檔案系統即將無空間。 |
NodeFilesystemSpaceFillingUp | ( node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 and predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) | 60 | Node檔案系統空間即將佔滿。 |
NodeFilesystemFilesFillingUp | ( node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 and predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) | 60 | Node檔案系統檔案即將佔滿。 |
NodeFilesystemAlmostOutOfFiles | ( node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) | 60 | Node檔案系統幾乎無檔案。 |
NodeNetworkReceiveErrs | increase(node_network_receive_errs_total[2m]) > 10 | 60 | Node網路接收錯誤。 |
NodeNetworkTransmitErrs | increase(node_network_transmit_errs_total[2m]) > 10 | 60 | Node網路傳輸錯誤。 |
NodeHighNumberConntrackEntriesUsed | (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 | 無 | 使用大量Conntrack條目。 |
NodeClockSkewDetected | ( node_timex_offset_seconds > 0.05 and deriv(node_timex_offset_seconds[5m]) >= 0 ) or ( node_timex_offset_seconds < -0.05 and deriv(node_timex_offset_seconds[5m]) <= 0 ) | 10 | 出現時間偏差。 |
NodeClockNotSynchronising | min_over_time(node_timex_sync_status[5m]) == 0 | 10 | 出現時間不同步。 |
KubePodCrashLooping | rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[15m]) * 60 * 5 > 0 | 15 | 出現迴圈崩潰。 |
KubePodNotReady | sum by (namespace, pod) (max by(namespace, pod) (kube_pod_status_phase{job="kube-state-metrics", phase=~"Pending|Unknown"}) * on(namespace, pod) group_left(owner_kind) max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"})) > 0 | 15 | Pod未準備好。 |
KubeDeploymentGenerationMismatch | kube_deployment_status_observed_generation{job="kube-state-metrics"} != kube_deployment_metadata_generation{job="kube-state-metrics"} | 15 | 出現部署版本不匹配。 |
KubeDeploymentReplicasMismatch | ( kube_deployment_spec_replicas{job="kube-state-metrics"} != kube_deployment_status_replicas_available{job="kube-state-metrics"} ) and ( changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) == 0 ) | 15 | 出現部署副本不匹配。 |
KubeStatefulSetReplicasMismatch | ( kube_statefulset_status_replicas_ready{job="kube-state-metrics"} != kube_statefulset_status_replicas{job="kube-state-metrics"} ) and ( changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) == 0 ) | 15 | 狀態集副本不匹配。 |
KubeStatefulSetGenerationMismatch | kube_statefulset_status_observed_generation{job="kube-state-metrics"} != kube_statefulset_metadata_generation{job="kube-state-metrics"} | 15 | 狀態集版本不匹配。 |
KubeStatefulSetUpdateNotRolledOut | max without (revision) ( kube_statefulset_status_current_revision{job="kube-state-metrics"} unless kube_statefulset_status_update_revision{job="kube-state-metrics"} ) * ( kube_statefulset_replicas{job="kube-state-metrics"} != kube_statefulset_status_replicas_updated{job="kube-state-metrics"} ) | 15 | 狀態集更新未退出。 |
KubeDaemonSetRolloutStuck | kube_daemonset_status_number_ready{job="kube-state-metrics"} / kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} < 1.00 | 15 | DaemonSet退出回退。 |
KubeContainerWaiting | sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 | 60 | 容器等待。 |
KubeDaemonSetNotScheduled | kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} > 0 | 10 | DaemonSet無計劃。 |
KubeDaemonSetMisScheduled | kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 | 15 | Daemon缺失計劃。 |
KubeCronJobRunning | time() - kube_cronjob_next_schedule_time{job="kube-state-metrics"} > 3600 | 60 | 若Cron任務完成時間大於1小時。 |
KubeJobCompletion | kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 | 60 | 任務完成。 |
KubeJobFailed | kube_job_failed{job="kube-state-metrics"} > 0 | 15 | 任務失敗。 |
KubeHpaReplicasMismatch | (kube_hpa_status_desired_replicas{job="kube-state-metrics"} != kube_hpa_status_current_replicas{job="kube-state-metrics"}) and changes(kube_hpa_status_current_replicas[15m]) == 0 | 15 | HPA副本不匹配。 |
KubeHpaMaxedOut | kube_hpa_status_current_replicas{job="kube-state-metrics"} == kube_hpa_spec_max_replicas{job="kube-state-metrics"} | 15 | HPA副本超過最大值。 |
KubeCPUOvercommit | sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) / sum(kube_node_status_allocatable_cpu_cores) > (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) | 5 | CPU過載。 |
KubeMemoryOvercommit | sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) / sum(kube_node_status_allocatable_memory_bytes) > (count(kube_node_status_allocatable_memory_bytes)-1) / count(kube_node_status_allocatable_memory_bytes) | 5 | 儲存過載。 |
KubeCPUQuotaOvercommit | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) / sum(kube_node_status_allocatable_cpu_cores) > 1.5 | 5 | CPU額度過載。 |
KubeMemoryQuotaOvercommit | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) / sum(kube_node_status_allocatable_memory_bytes{job="node-exporter"}) > 1.5 | 5 | 儲存額度過載。 |
KubeQuotaExceeded | kube_resourcequota{job="kube-state-metrics", type="used"} / ignoring(instance, job, type) (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) > 0.90 | 15 | 若配額超過限制。 |
CPUThrottlingHigh | sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) / sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) > ( 25 / 100 ) | 15 | CPU過熱。 |
KubePersistentVolumeFillingUp | kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} / kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} < 0.03 | 1 | 儲存卷容量即將不足。 |
KubePersistentVolumeErrors | kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 | 5 | 儲存卷容量出錯。 |
KubeVersionMismatch | count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*.[0-9]*).*"))) > 1 | 15 | 版本不匹配。 |
KubeClientErrors | (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) / sum(rate(rest_client_requests_total[5m])) by (instance, job)) > 0.01 | 15 | 用戶端出錯。 |
KubeAPIErrorBudgetBurn | sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) and sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) | 2 | API錯誤過多。 |
KubeAPILatencyHigh | ( cluster:apiserver_request_duration_seconds:mean5m{job="apiserver"} > on (verb) group_left() ( avg by (verb) (cluster:apiserver_request_duration_seconds:mean5m{job="apiserver"} >= 0) + 2*stddev by (verb) (cluster:apiserver_request_duration_seconds:mean5m{job="apiserver"} >= 0) ) ) > on (verb) group_left() 1.2 * avg by (verb) (cluster:apiserver_request_duration_seconds:mean5m{job="apiserver"} >= 0) and on (verb,resource) cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{job="apiserver",quantile="0.99"} > 1 | 5 | API延遲過高。 |
KubeAPIErrorsHigh | sum(rate(apiserver_request_total{job="apiserver",code=~"5.."}[5m])) by (resource,subresource,verb) / sum(rate(apiserver_request_total{job="apiserver"}[5m])) by (resource,subresource,verb) > 0.05 | 10 | API錯誤過多。 |
KubeClientCertificateExpiration | apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 | 無 | 用戶端認證到期。 |
AggregatedAPIErrors | sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 | 無 | 彙總API出錯。 |
AggregatedAPIDown | sum by(name, namespace)(sum_over_time(aggregator_unavailable_apiservice[5m])) > 0 | 5 | 彙總API下線。 |
KubeAPIDown | absent(up{job="apiserver"} == 1) | 15 | API下線。 |
KubeNodeNotReady | kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 | 15 | Node未準備好。 |
KubeNodeUnreachable | kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} == 1 | 2 | Node無法擷取。 |
KubeletTooManyPods | max(max(kubelet_running_pod_count{job="kubelet", metrics_path="/metrics"}) by(instance) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) by(node) / max(kube_node_status_capacity_pods{job="kube-state-metrics"} != 1) by(node) > 0.95 | 15 | Pod過多。 |
KubeNodeReadinessFlapping | sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 | 15 | 準備狀態變更次數過多。 |
KubeletPlegDurationHigh | node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 | 5 | PLEG期間過長。 |
KubeletPodStartUpLatencyHigh | histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 | 15 | Pod啟動延遲過高。 |
KubeletDown | absent(up{job="kubelet", metrics_path="/metrics"} == 1) | 15 | Kubelet下線。 |
KubeSchedulerDown | absent(up{job="kube-scheduler"} == 1) | 15 | Kubelet議程下線。 |
KubeControllerManagerDown | absent(up{job="kube-controller-manager"} == 1) | 15 | Controller Manager下線。 |
TargetDown | 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 | 10 | 目標下線。 |
NodeNetworkInterfaceFlapping | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 | 2 | 網路介面狀態變更過頻繁。 |
MongoDB警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
MongodbReplicationLag | avg(mongodb_replset_member_optime_date{state="PRIMARY"}) - avg(mongodb_replset_member_optime_date{state="SECONDARY"}) > 10 | 5 | 複寫延遲過長。 |
MongodbReplicationHeadroom | (avg(mongodb_replset_oplog_tail_timestamp - mongodb_replset_oplog_head_timestamp) - (avg(mongodb_replset_member_optime_date{state="PRIMARY"}) - avg(mongodb_replset_member_optime_date{state="SECONDARY"}))) <= 0 | 5 | 複製餘量不足。 |
MongodbReplicationStatus3 | mongodb_replset_member_state == 3 | 5 | 複製狀態為3。 |
MongodbReplicationStatus6 | mongodb_replset_member_state == 6 | 5 | 複製狀態為6。 |
MongodbReplicationStatus8 | mongodb_replset_member_state == 8 | 5 | 複製狀態為8。 |
MongodbReplicationStatus10 | mongodb_replset_member_state == 10 | 5 | 複製狀態為10。 |
MongodbNumberCursorsOpen | mongodb_metrics_cursor_open{state="total_open"} > 10000 | 5 | 開啟數字游標數量過多。 |
MongodbCursorsTimeouts | sum (increase increase(mongodb_metrics_cursor_timed_out_total[10m]) > 100 | 5 | 若游標逾時。 |
MongodbTooManyConnections | mongodb_connections{state="current"} > 500 | 5 | 串連過多。 |
MongodbVirtualMemoryUsage | (sum(mongodb_memory{type="virtual"}) BY (ip) / sum(mongodb_memory{type="mapped"}) BY (ip)) > 3 | 5 | 虛擬記憶體使用率過高。 |
MySQL警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
MySQL is down | mysql_up == 0 | 1 | MySQL下線。 |
open files high | mysql_global_status_innodb_num_open_files > (mysql_global_variables_open_files_limit) * 0.75 | 1 | 開啟檔案數量偏高。 |
Read buffer size is bigger than max. allowed packet size | mysql_global_variables_read_buffer_size > mysql_global_variables_slave_max_allowed_packet | 1 | 讀取緩衝區超過資料包最大限制。 |
Sort buffer possibly missconfigured | mysql_global_variables_innodb_sort_buffer_size <256*1024 or mysql_global_variables_read_buffer_size > 4*1024*1024 | 1 | 排序緩衝區可能存在配置錯誤。 |
Thread stack size is too small | mysql_global_variables_thread_stack <196608 | 1 | 線程堆棧太小。 |
Used more than 80% of max connections limited | mysql_global_status_max_used_connections > mysql_global_variables_max_connections * 0.8 | 1 | 使用超過80%串連限制。 |
InnoDB Force Recovery is enabled | mysql_global_variables_innodb_force_recovery != 0 | 1 | 啟用強制恢複。 |
InnoDB Log File size is too small | mysql_global_variables_innodb_log_file_size < 16777216 | 1 | 記錄檔過小。 |
InnoDB Flush Log at Transaction Commit | mysql_global_variables_innodb_flush_log_at_trx_commit != 1 | 1 | 在事務提交時重新整理日誌。 |
Table definition cache too small | mysql_global_status_open_table_definitions > mysql_global_variables_table_definition_cache | 1 | 表定義緩衝過小。 |
Table open cache too small | mysql_global_status_open_tables >mysql_global_variables_table_open_cache * 99/100 | 1 | 表開啟緩衝過小。 |
Thread stack size is possibly too small | mysql_global_variables_thread_stack < 262144 | 1 | 線程堆棧可能過小。 |
InnoDB Buffer Pool Instances is too small | mysql_global_variables_innodb_buffer_pool_instances == 1 | 1 | 緩衝池執行個體過小。 |
InnoDB Plugin is enabled | mysql_global_variables_ignore_builtin_innodb == 1 | 1 | 外掛程式啟用。 |
Binary Log is disabled | mysql_global_variables_log_bin != 1 | 1 | 二進位日誌禁用。 |
Binlog Cache size too small | mysql_global_variables_binlog_cache_size < 1048576 | 1 | 緩衝過小。 |
Binlog Statement Cache size too small | mysql_global_variables_binlog_stmt_cache_size <1048576 and mysql_global_variables_binlog_stmt_cache_size > 0 | 1 | 聲明緩衝過小。 |
Binlog Transaction Cache size too small | mysql_global_variables_binlog_cache_size <1048576 | 1 | 交易緩衝過小。 |
Sync Binlog is enabled | mysql_global_variables_sync_binlog == 1 | 1 | 二進位日誌啟用。 |
IO thread stopped | mysql_slave_status_slave_io_running != 1 | 1 | IO線程停止。 |
SQL thread stopped | mysql_slave_status_slave_sql_running == 0 | 1 | SQL線程停止。 |
Mysql_Too_Many_Connections | rate(mysql_global_status_threads_connected[5m])>200 | 5 | 串連過多。 |
Mysql_Too_Many_slow_queries | rate(mysql_global_status_slow_queries[5m])>3 | 5 | 慢查詢過多。 |
Slave lagging behind Master | rate(mysql_slave_status_seconds_behind_master[1m]) >30 | 1 | 從機表現落後於主機。 |
Slave is NOT read only(Please ignore this warning indicator.) | mysql_global_variables_read_only != 0 | 1 | 從機許可權不是唯讀。 |
Nginx警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
NginxHighHttp4xxErrorRate | sum(rate(nginx_http_requests_total{status=~"^4.."}[1m])) / sum(rate(nginx_http_requests_total[1m])) * 100 > 5 | 5 | HTTP 4xx錯誤率過高。 |
NginxHighHttp5xxErrorRate | sum(rate(nginx_http_requests_total{status=~"^5.."}[1m])) / sum(rate(nginx_http_requests_total[1m])) * 100 > 5 | 5 | HTTP 5xx錯誤率過高。 |
NginxLatencyHigh | histogram_quantile(0.99, sum(rate(nginx_http_request_duration_seconds_bucket[30m])) by (host, node)) > 10 | 5 | 延遲過高。 |
Redis警示規則
警示名稱 | 運算式 | 採集資料時間(分鐘) | 警示觸發條件 |
RedisDown | redis_up == 0 | 5 | Redis下線。 |
RedisMissingMaster | count(redis_instance_info{role="master"}) == 0 | 5 | Master缺失。 |
RedisTooManyMasters | count(redis_instance_info{role="master"}) > 1 | 5 | Master過多。 |
RedisDisconnectedSlaves | count without (instance, job) (redis_connected_slaves) - sum without (instance, job) (redis_connected_slaves) - 1 > 1 | 5 | Slave串連斷開。 |
RedisReplicationBroken | delta(redis_connected_slaves[1m]) < 0 | 5 | 複製中斷。 |
RedisClusterFlapping | changes(redis_connected_slaves[5m]) > 2 | 5 | 副本串連識別變更。 |
RedisMissingBackup | time() - redis_rdb_last_save_timestamp_seconds > 60 * 60 * 24 | 5 | 備份中斷。 |
RedisOutOfMemory | redis_memory_used_bytes / redis_total_system_memory_bytes * 100 > 90 | 5 | 記憶體不足。 |
RedisTooManyConnections | redis_connected_clients > 100 | 5 | 串連過多。 |
RedisNotEnoughConnections | redis_connected_clients < 5 | 5 | 串連不足。 |
RedisRejectedConnections | increase(redis_rejected_connections_total[1m]) > 0 | 5 | 串連被拒絕。 |