Skip to content

feat(base-cluster/monitoring): non-critical alerts aren't routed to on-call#1533

Merged
cwrau merged 1 commit intomainfrom
feat/base-cluster/adjust-alerts
Jun 16, 2025
Merged

feat(base-cluster/monitoring): non-critical alerts aren't routed to on-call#1533
cwrau merged 1 commit intomainfrom
feat/base-cluster/adjust-alerts

Conversation

@cwrau
Copy link
Copy Markdown
Member

@cwrau cwrau commented Jun 12, 2025
edited by coderabbitai Bot
Loading

Period WorkingHours prevents this from waking someone up, but it will
still be sent out during the day.

Summary by CodeRabbit

  • New Features
    • Updated several monitoring alerts to use a higher severity level ("critical" instead of "warning") for improved visibility.
    • Added a new "period: WorkingHours" label to multiple alerts to indicate active monitoring during business hours.

@cwrau
feat(base-cluster/monitoring): non-critical alerts aren't routed to o…
2553aab 
…n-call

Period WorkingHours prevents this from waking someone up, but it will
still be sent out during the day.
Copilot AI review requested due to automatic review settings June 12, 2025 14:02
@cwrau cwrau enabled auto-merge June 12, 2025 14:02
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 12, 2025
edited
Loading

Walkthrough

Alert rules across multiple PrometheusRule templates were updated to change the severity label from "warning" to "critical" where applicable, and to add a new label "period: WorkingHours" to all affected alerts. No modifications were made to alert expressions, durations, or other metadata.

Changes

File(s) Change Summary
charts/base-cluster/templates/backup/velero.yaml Changed Velero backup failure alert severity from "warning" to "critical"; added "period: WorkingHours" label.
charts/base-cluster/templates/cert-manager/rules/certificate-expiration.yaml Changed certificate expiration alerts' severity to "critical"; added "period: WorkingHours" label to both.
charts/base-cluster/templates/flux/rules/flux-status.yaml Changed "ResourcesFailing" alert severity to "critical"; added "period: WorkingHours" label to both alerts.
charts/base-cluster/templates/monitoring/kdave/rules/releases-with-deprecation.yaml Changed deprecation alert severity to "critical"; added "period: WorkingHours" label to both alerts.
charts/base-cluster/templates/nfs-server-provisioner/rules/storage-size.yaml Changed NFS over-provisioned alert severity to "critical"; added "period: WorkingHours" label.

Suggested labels

base-cluster

Suggested reviewers

  • marvinWolff
  • tasches
  • teutonet-bot

Poem

🐇
Alerts now shout, not softly warn,
"Critical!" they cry from dusk to dawn.
With "WorkingHours" they wear a tag,
Ensuring no alert will lag.
The cluster’s safe, the rabbits cheer—
For warnings loud, we all can hear!

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8b3f80 and 2553aab.

📒 Files selected for processing (5)
  • charts/base-cluster/templates/backup/velero.yaml (1 hunks)
  • charts/base-cluster/templates/cert-manager/rules/certificate-expiration.yaml (2 hunks)
  • charts/base-cluster/templates/flux/rules/flux-status.yaml (2 hunks)
  • charts/base-cluster/templates/monitoring/kdave/rules/releases-with-deprecation.yaml (2 hunks)
  • charts/base-cluster/templates/nfs-server-provisioner/rules/storage-size.yaml (1 hunks)
🔇 Additional comments (8)
charts/base-cluster/templates/backup/velero.yaml (1)

105-106: Elevate VeleroBackupFailures to critical and limit routing to working hours.
Severity label updated to "critical" and "period: WorkingHours" ensures this alert only routes during defined working hours.

charts/base-cluster/templates/nfs-server-provisioner/rules/storage-size.yaml (1)

28-29: Promote NFSOverProvisioned alert to critical during working hours.
Changing severity to "critical" and adding the "period" label correctly restricts notification to working hours.

charts/base-cluster/templates/flux/rules/flux-status.yaml (2)

27-28: Promote ResourcesFailing to critical and restrict to working hours.
Updating severity and adding the working-hours label aligns this alert with on-call schedules.

38-38: Constrain MetricsMissing alert notifications to working hours.
Adding "period: WorkingHours" ensures this critical alert only fires during the intended window.

charts/base-cluster/templates/monitoring/kdave/rules/releases-with-deprecation.yaml (2)

27-28: Escalate ReleasesHaveDeprecatedAPIs and apply working-hours constraint.
Converting severity to "critical" and adding the period label correctly scopes this alert.

38-38: Add working-hours period to ReleasesHaveRemovedAPIs alert.
This label ensures the existing critical alert only routes to on-call during working hours.

charts/base-cluster/templates/cert-manager/rules/certificate-expiration.yaml (2)

27-28: Elevate CertificateExpiringSoon (<14d) to critical in working hours.
Updating severity and adding "period: WorkingHours" aligns with standard alert routing practices.

38-38: Restrict CertificateExpiringSoon (<7d) notifications to working hours.
Adding the period label scopes this existing critical alert to the appropriate window.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copilot AI reviewed Jun 12, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates several alert rules to ensure non-critical notifications are only sent during defined working hours and treats them as critical alerts.

  • Changed severity from warning to critical in multiple PrometheusRule templates
  • Added a period: WorkingHours label to relevant alert definitions
  • Applied updates across NFS provisioner, Kubernetes deprecation, Flux, cert-manager, and Velero charts

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
charts/base-cluster/templates/nfs-server-provisioner/rules/storage-size.yaml Bumped severity and added working-hours period
charts/base-cluster/templates/monitoring/kdave/rules/releases-with-deprecation.yaml Updated severity and period for deprecation alerts
charts/base-cluster/templates/flux/rules/flux-status.yaml Adjusted severity and added working-hours period
charts/base-cluster/templates/cert-manager/rules/certificate-expiration.yaml Changed severity and added period to expiration rule
charts/base-cluster/templates/backup/velero.yaml Updated Velero backup alert labels
Comments suppressed due to low confidence (2)

charts/base-cluster/templates/nfs-server-provisioner/rules/storage-size.yaml:29

  • [nitpick] These severity and period label blocks are duplicated across multiple rule files. Consider extracting them into a Helm partial (e.g., _working_hours_labels) to reduce repetition and simplify future updates.
period: WorkingHours

@teutonet-bot
Copy link
Copy Markdown
Contributor

teutonet-bot commented Jun 12, 2025

🤖 I have diffed this beep boop

"/$namespace/$kind/$name.yaml" for normal resources
"/$namespace/HelmRelease/$name/$namespace/$kind/$name.yaml" for HelmReleases <- this is recursive
'null' means it's either cluster-scoped or it's in the default namespace for the HelmRelease

charts/base-cluster/ci/monitoring-ingress-unauthenticated-values.yaml

charts/base-cluster/ci/rbac-values.yaml

charts/base-cluster/ci/pagerduty-values.yaml

charts/base-cluster/ci/velero-backupStorageLocations-gen-values.yaml

charts/base-cluster/ci/flux-gitrepositories-gen-values.yaml

charts/base-cluster/ci/traefik-ingress-values.yaml

charts/base-cluster/ci/imagepullsecrets-values.yaml

charts/base-cluster/values.yaml

charts/base-cluster/ci/artifacthub-values.yaml

charts/base-cluster/ci/disabled-ingress-values.yaml

charts/base-cluster/ci/priorityclasses-values.yaml

[charts/base-cluster/ci/deadmansswitch-values.yaml](

<title> Error </title> <script src="https://unpkg.com/htmx.org@2.0.2" integrity="sha384-Y7hw+L/jvKeWIRRkqWYfPcvVxHzVzn5REgzbawhxAuQGwX1XWe70vji+VSeHOThJ" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script> <script defer src="https://media.ethicalads.io/media/client/ethicalads.min.js"></script> <script> function key(event, letter) { return (event.charCode == letter.charCodeAt() || event.charCode == letter.charCodeAt() + 32) } </script> <script> 
    </script>
    <style></style>
    
    
</head>

<body hx-on:keydown="var path=window.location.pathname; if ((event.key=='n' || event.key=='N') && path && path !== '/' && !path.includes('/duplicate/') && !path.includes('/dashboard/') && !path.includes('/accounts/') && !path.includes('/properties/')) { window.location.href = '/'; }">
    <div id="container">
        
        <div class="topbuttons">
            
                <a href="/accounts/login/"
                   title="Personal dashboard, preferences, API token"
                   class="button"><b>Sign in</b></a>
            
            <a href="/" title="Create a new paste (shortcut: 'N')" class=" button">New</a>
            <a href="/api/v2/"
               title="Paste creation API, with code samples"
               class=" activebutton  button">API</a>
            <a href="/help/"
               title="Usage tips, shortcuts"
               class="  button">Help</a>
            <a href="/about/"
               title="Updates, stats, backstory"
               class=" button">About</a>
        </div>
        
<div class="error">
    <h3>Sorry!</h3>
    Sorry, maximum content size is 1,000,000 bytes. Your submission is 2537976 bytes. Your IP will be blocked if you exceed this limit again in the next 60 seconds.
    <hr>
    <p>
        Something unexpected? Please create a <a href="https://dpaste.freshdesk.com/support/tickets/new">support ticket</a>.
    </p>
</div>
<p>
    <a class="button" href="{$ url 'create' %}" onclick="history.back();return false;">Go back</a>
</p>

    </div>
    
    
    <script>
        window.fwSettings={'widget_id':22000000180 };
        !function(){if("function"!=typeof window.FreshworksWidget){var n=function(){n.q.push(arguments)};n.q=[],window.FreshworksWidget=n}}();
    </script>
    <script defer src='https://widget.freshworks.com/widgets/22000000180.js'></script>
</body>
)

charts/base-cluster/ci/monitoring-oidc-values.yaml

charts/base-cluster/ci/basic-values.yaml

charts/base-cluster/ci/monitoring-oidc-ingress-disabled-values.yaml

charts/base-cluster/ci/limitrange-resourcequota-values.yaml

@cwrau cwrau added this pull request to the merge queue Jun 16, 2025
Merged via the queue into main with commit 0d080f4 Jun 16, 2025
32 of 42 checks passed
@cwrau cwrau deleted the feat/base-cluster/adjust-alerts branch June 16, 2025 13:13
@teutonet-bot teutonet-bot mentioned this pull request Jun 13, 2025
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Jul 22, 2025
@teutonet-bot @github-actions
chore(main): [bot] release base-cluster:8.2.0 (#1530)
7b29989 
🤖 I have created a release *beep* *boop*
---


##
[8.2.0](base-cluster-v8.1.0...base-cluster-v8.2.0)
(2025-07-21)


### Features

* **base-cluster/flux:** add alert about suspended resources
([#1540](#1540))
([bb1555e](bb1555e))
* **base-cluster/monitoring:** lower cpu request for prometheus
([#1578](#1578))
([4a83bf6](4a83bf6))
* **base-cluster/monitoring:** non-critical alerts aren't routed to
on-call
([#1533](#1533))
([0d080f4](0d080f4))
* **base-cluster/rbac:** adjust rbac stuff for OIDC accounts
([#1538](#1538))
([3f9aa69](3f9aa69))


### Bug Fixes

* **base-cluster/docs:** there is no 9.0.0 release for now...
([#1563](#1563))
([8e417fb](8e417fb))


### Miscellaneous Chores

* **base-cluster/dependencies:** update common docker tag to v1.5.0
([#1520](#1520))
([cb4a522](cb4a522))
* **base-cluster/dependencies:** update docker.io/bitnami/kubectl docker
tag to v1.33.3-debian-12-r1
([#1521](#1521))
([4ed2a77](4ed2a77))
* **base-cluster/dependencies:** update docker.io/curlimages/curl docker
tag to v8.13.0
([#1523](#1523))
([e451428](e451428))
* **base-cluster/dependencies:** update docker.io/curlimages/curl docker
tag to v8.14.1
([#1544](#1544))
([02ba163](02ba163))
* **base-cluster/dependencies:** update docker.io/curlimages/curl docker
tag to v8.15.0
([#1585](#1585))
([a672a67](a672a67))
* **base-cluster/dependencies:** update docker.io/fluxcd/flux-cli docker
tag to v2.6.1
([#1524](#1524))
([956ad7e](956ad7e))
* **base-cluster/dependencies:** update docker.io/fluxcd/flux-cli docker
tag to v2.6.4
([#1536](#1536))
([32a69cc](32a69cc))
* **base-cluster/dependencies:** update docker.io/vladgh/gpg docker tag
to v1.3.6
([#1509](#1509))
([e521e61](e521e61))
* **base-cluster/dependencies:** update external-dns docker tag to
v8.8.4
([#1510](#1510))
([b8b3f80](b8b3f80))
* **base-cluster/dependencies:** update external-dns docker tag to
v8.9.1
([#1559](#1559))
([f9c5642](f9c5642))
* **base-cluster/dependencies:** update external-dns docker tag to
v8.9.2
([#1575](#1575))
([88b2630](88b2630))
* **base-cluster/dependencies:** update grafana-tempo docker tag to v4
([#1570](#1570))
([63c2593](63c2593))
* **base-cluster/dependencies:** update grafana-tempo docker tag to
v4.0.13
([#1580](#1580))
([5b9df00](5b9df00))
* **base-cluster/dependencies:** update helm release alloy to v1
([#1573](#1573))
([013a670](013a670))
* **base-cluster/dependencies:** update helm release alloy to v1.2.0
([#1596](#1596))
([aec70ba](aec70ba))
* **base-cluster/dependencies:** update helm release descheduler to
v0.33.0
([#1525](#1525))
([36d8eca](36d8eca))
* **base-cluster/dependencies:** update helm release ingress-nginx to
v4.12.3
([#1511](#1511))
([3dd2aa7](3dd2aa7))
* **base-cluster/dependencies:** update helm release
kube-prometheus-stack to v75.12.0
([#1598](#1598))
([eec214f](eec214f))
* **base-cluster/dependencies:** update helm release kyverno to v3.4.4
([#1512](#1512))
([bc20fb9](bc20fb9))
* **base-cluster/dependencies:** update helm release kyverno-policies to
v3.4.4
([#1513](#1513))
([f79dce1](f79dce1))
* **base-cluster/dependencies:** update helm release loki to v6.30.1
([#1526](#1526))
([4bf6daa](4bf6daa))
* **base-cluster/dependencies:** update helm release loki to v6.31.0
([#1566](#1566))
([b188c09](b188c09))
* **base-cluster/dependencies:** update helm release loki to v6.32.0
([#1586](#1586))
([57c7d86](57c7d86))
* **base-cluster/dependencies:** update helm release reflector to v9
([#1590](#1590))
([e679195](e679195))
* **base-cluster/dependencies:** update helm release tetragon to v1.4.1
([#1581](#1581))
([ff4f27d](ff4f27d))
* **base-cluster/dependencies:** update helm release traefik to v35.4.0
([#1527](#1527))
([9d30e5e](9d30e5e))
* **base-cluster/dependencies:** update helm release traefik to v36
([#1592](#1592))
([8c9cafa](8c9cafa))
* **base-cluster/dependencies:** update helm release trivy-operator to
v0.29.2
([#1528](#1528))
([a815190](a815190))
* **base-cluster/dependencies:** update helm release trivy-operator to
v0.29.3
([#1582](#1582))
([b078902](b078902))
* **base-cluster/dependencies:** update helm release velero to v7.2.2
([#1172](#1172))
([a33e9cb](a33e9cb))
* **base-cluster/dependencies:** update metrics-server docker tag to
v7.4.10
([#1576](#1576))
([c29757a](c29757a))
* **base-cluster/dependencies:** update metrics-server docker tag to
v7.4.6
([#1514](#1514))
([c897fbd](c897fbd))
* **base-cluster/dependencies:** update metrics-server docker tag to
v7.4.9
([#1541](#1541))
([134e3c1](134e3c1))
* **base-cluster/dependencies:** update oauth2-proxy docker tag to
v6.2.13
([#1515](#1515))
([0c04e1c](0c04e1c))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Added an alert for suspended resources in the flux component.
  * Reduced CPU requests for Prometheus in the monitoring component.
* Updated routing to exclude non-critical alerts from on-call
notifications.
  * Improved RBAC configurations for better OIDC account support.

* **Bug Fixes**
  * Clarified that there is no 9.0.0 release currently.

* **Chores**
  * Updated multiple dependencies and docker image tags.
  * Bumped chart version to 8.2.0.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
@teutonet-bot teutonet-bot mentioned this pull request Jul 22, 2025
Merged
This was referenced Nov 28, 2025
Merged
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Feb 13, 2026
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Mar 13, 2026
Merged
@teutonet-bot teutonet-bot mentioned this pull request Mar 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@marvinWolff marvinWolff marvinWolff approved these changes

@tasches tasches Awaiting requested review from tasches tasches is a code owner

@teutonet-bot teutonet-bot Awaiting requested review from teutonet-bot teutonet-bot is a code owner

Assignees

@cwrau cwrau

Labels

base-cluster

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cwrau @teutonet-bot @marvinWolff