Remove certmanager alerts (#288)

Signed-off-by: ArthurSens <[email protected]>

Signed-off-by: ArthurSens <[email protected]>

Author: ArthurSens

lib/alert-filter.libsonnet

@@ -16,6 +16,12 @@ local unwatedAlerts = [
 
   // From kube-prometheus
   'Watchdog',
+
+  // From certmanager
+  'CertManagerAbsent',
+  'CertManagerCertExpirySoon',
+  'CertManagerCertNotReady',
+  'CertManagerHittingRateLimits',
 ];
 
 {

monitoring-satellite/manifests/kube-prometheus-rules/rules.yaml

@@ -2200,54 +2200,6 @@ spec:
       labels:
         severity: warning
   - name: cert-manager
-    rules:
-    - alert: CertManagerAbsent
-      annotations:
-        description: New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.
-        runbook_url: https://github.com/gitpod-io/runbooks/blob/main/runbooks/CertManagerAbsent.md
-        summary: Cert Manager has dissapeared from Prometheus service discovery.
-      expr: absent(up{job="certmanager"})
-      for: 10m
-      labels:
-        severity: critical
+    rules: []
   - name: certificates
-    rules:
-    - alert: CertManagerCertExpirySoon
-      annotations:
-        dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        description: The domain that this cert covers will be unavailable after {{ $value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration }}.
-        runbook_url: https://github.com/gitpod-io/runbooks/blob/main/runbooks/CertManagerCertExpirySoon.md
-        summary: The cert `{{ $labels.name }}` is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago.
-      expr: |
-        avg by (exported_namespace, namespace, name) (
-          certmanager_certificate_expiration_timestamp_seconds - time()
-        ) < (7 * 24 * 3600) # 21 days in seconds
-      for: 1h
-      labels:
-        severity: warning
-    - alert: CertManagerCertNotReady
-      annotations:
-        dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        description: This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert, the ingress controller _may_ be able to serve that instead.
-        runbook_url: https://github.com/gitpod-io/runbooks/blob/main/runbooks/CertManagerCertNotReady.md
-        summary: The cert `{{ $labels.name }}` is not ready to serve traffic.
-      expr: |
-        max by (name, exported_namespace, namespace, condition) (
-          certmanager_certificate_ready_status{condition!="True"} == 1
-        )
-      for: 10m
-      labels:
-        severity: critical
-    - alert: CertManagerHittingRateLimits
-      annotations:
-        dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        description: Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week.
-        runbook_url: https://github.com/gitpod-io/runbooks/blob/main/runbooks/CertManagerHittingRateLimits.md
-        summary: Cert manager hitting LetsEncrypt rate limits.
-      expr: |
-        sum by (host) (
-          rate(certmanager_http_acme_client_request_count{status="429"}[5m])
-        ) > 0
-      for: 5m
-      labels:
-        severity: critical
+    rules: []

monitoring-satellite/manifests/rules.jsonnet

@@ -22,7 +22,7 @@ local rules = {
               monitoringSatellite.prometheusOperator.prometheusRule.spec.groups +
               monitoringSatellite.certmanager.prometheusRule.spec.groups,
     },
-  },
+  } + (import '../lib/alert-severity-mapper.libsonnet') + (import '../lib/alert-filter.libsonnet') + (import '../lib/alert-duration-mapper.libsonnet'),
 };
 
 { 'kube-prometheus-rules/rules': rules.prometheusRule }