bugfix: refactor alerts to accomodate for non-HA clusters (#1010)

rexagod · skl · web-flow · commit ab4cb2bed510 · 2025-07-24T13:19:41.000+01:00
* bugfix: refactor alerts to accomodate for single-node clusters For the sake of brevity, let: Q: kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"} (allocable), and, QQ: namespace_cpu:kube_pod_container_resource_requests:sum{} (requested), thus, both quota alerts relevant here exist in the form: sum(QQ) by (cluster) - (sum(Q) by (cluster) - max(Q) by (cluster)) > 0 and (sum(Q) by (cluster) - max(Q) by (cluster)) > 0, which, in case of a single-node cluster (sum(Q) by (cluster) = max(Q) by (cluster)), is reduced to, sum(QQ) by (cluster) > 0, i.e., the alert will fire if *any* request limits exist. To address this, drop the "max(Q) by (cluster)" buffer assumed in non-SNO clusters from SNO, reducing the expression to: sum(QQ) by (cluster) - sum(Q) by (cluster) > 0 (total requeted - total allocable > 0 to trigger alert), since there is only a single node, so a buffer of the same sort does not make sense. Signed-off-by: Pranshu Srivastava <rexagod@gmail.com> * fixup! bugfix: refactor alerts to accomodate for single-node clusters * test: Add tests for KubeCPUOvercommit and KubeMemoryOvercommit * `s/kube_node_info/kube_node_role` Use kube_node_role{role="control-plane"} (see [1] and [2]) to estimate if the cluster is HA or not. * [1]: https://github.com/search?q=repo%3Akubernetes%2Fkube-state-metrics%20kube_node_role&type=code * [2]: https://kubernetes.io/docs/reference/labels-annotations-taints/#node-role-kubernetes-io-control-plane Also drop any thresholds as they would lead to false positives. * follow-up: add test cases for non-HA (two-node) Signed-off-by: Pranshu Srivastava <rexagod@gmail.com> --------- Signed-off-by: Pranshu Srivastava <rexagod@gmail.com> Co-authored-by: Stephen Lang <stephen.lang@grafana.com>
diff --git a/alerts/resource_alerts.libsonnet b/alerts/resource_alerts.libsonnet
@@ -36,18 +36,34 @@ local utils = import '../lib/utils.libsonnet';
           } +
           if $._config.showMultiCluster then {
             expr: |||
-              sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) - (sum(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s) - max(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s)) > 0
+              (sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) -
+              sum(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s) > 0
               and
-              (sum(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s) - max(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s)) > 0
+              count by (%(clusterLabel)s) (max by (%(clusterLabel)s, node) (kube_node_role{%(kubeStateMetricsSelector)s, role="control-plane"})) < 3)
+              or
+              (sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) -
+              (sum(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s) -
+              max(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s)) > 0
+              and
+              (sum(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s) -
+              max(kube_node_status_allocatable{%(kubeStateMetricsSelector)s,resource="cpu"}) by (%(clusterLabel)s)) > 0)
             ||| % $._config,
             annotations+: {
               description: 'Cluster {{ $labels.%(clusterLabel)s }} has overcommitted CPU resource requests for Pods by {{ printf "%%.2f" $value }} CPU shares and cannot tolerate node failure.' % $._config,
             },
           } else {
             expr: |||
-              sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) - (sum(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s}) - max(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s})) > 0
+              (sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) -
+              sum(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s}) > 0
+              and
+              count(max by (node) (kube_node_role{%(kubeStateMetricsSelector)s, role="control-plane"})) < 3)
+              or
+              (sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) -
+              (sum(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s}) -
+              max(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s})) > 0
               and
-              (sum(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s}) - max(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s})) > 0
+              (sum(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s}) -
+              max(kube_node_status_allocatable{resource="cpu", %(kubeStateMetricsSelector)s})) > 0)
             ||| % $._config,
             annotations+: {
               description: 'Cluster has overcommitted CPU resource requests for Pods by {{ $value }} CPU shares and cannot tolerate node failure.' % $._config,
@@ -65,24 +81,39 @@ local utils = import '../lib/utils.libsonnet';
           } +
           if $._config.showMultiCluster then {
             expr: |||
-              sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) - (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s) - max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s)) > 0
+              (sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) -
+              sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s) > 0
               and
-              (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s) - max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s)) > 0
+              count by (%(clusterLabel)s) (max by (%(clusterLabel)s, node) (kube_node_role{%(kubeStateMetricsSelector)s, role="control-plane"})) < 3)
+              or
+              (sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) by (%(clusterLabel)s) -
+              (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s) -
+              max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s)) > 0
+              and
+              (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s) -
+              max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) by (%(clusterLabel)s)) > 0)
             ||| % $._config,
             annotations+: {
               description: 'Cluster {{ $labels.%(clusterLabel)s }} has overcommitted memory resource requests for Pods by {{ $value | humanize }} bytes and cannot tolerate node failure.' % $._config,
             },
-          } else
-            {
-              expr: |||
-                sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) - (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) - max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s})) > 0
-                and
-                (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) - max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s})) > 0
-              ||| % $._config,
-              annotations+: {
-                description: 'Cluster has overcommitted memory resource requests for Pods by {{ $value | humanize }} bytes and cannot tolerate node failure.',
-              },
+          } else {
+            expr: |||
+              (sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) -
+              sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) > 0
+              and
+              count(max by (node) (kube_node_role{%(kubeStateMetricsSelector)s, role="control-plane"})) < 3)
+              or
+              (sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) -
+              (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) -
+              max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s})) > 0
+              and
+              (sum(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s}) -
+              max(kube_node_status_allocatable{resource="memory", %(kubeStateMetricsSelector)s})) > 0)
+            ||| % $._config,
+            annotations+: {
+              description: 'Cluster has overcommitted memory resource requests for Pods by {{ $value | humanize }} bytes and cannot tolerate node failure.',
             },
+          },
           {
             alert: 'KubeCPUQuotaOvercommit',
             labels: {
diff --git a/tests/tests.yaml b/tests/tests.yaml
@@ -1424,3 +1424,170 @@ tests:
         runbook_url: "https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatefulsetreplicasmismatch"
         summary: "StatefulSet has not matched the expected number of replicas."
 
+- name: KubeCPUOvercommit alert (single-node)
+  interval: 1m
+  input_series:
+  - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+    values: '1x10'
+  - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+    values: '1x10'
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="cpu", job="kube-state-metrics"}'
+    values: '1.9x10' # This value was seen on a 2x vCPU node
+  - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  alert_rule_test:
+  - eval_time: 9m
+    alertname: KubeCPUOvercommit
+  - eval_time: 10m
+    alertname: KubeCPUOvercommit
+    exp_alerts:
+    - exp_labels:
+        severity: warning
+      exp_annotations:
+        description: Cluster has overcommitted CPU resource requests for Pods by 0.10000000000000009 CPU shares and cannot tolerate node failure.
+        runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecpuovercommit
+        summary: Cluster has overcommitted CPU resource requests.
+
+- name: KubeCPUOvercommit alert (multi-node; non-HA)
+  interval: 1m
+  input_series:
+  - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+    values: '2x10'
+  - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+    values: '2x10'
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="cpu", job="kube-state-metrics"}'
+    values: '1.9x10' # This value was seen on a 2x vCPU node
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n2", resource="cpu", job="kube-state-metrics"}'
+    values: '1.9x10'
+  - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  - series: 'kube_node_role{cluster="kubernetes", node="n2", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  alert_rule_test:
+  - eval_time: 9m
+    alertname: KubeCPUOvercommit
+  - eval_time: 10m
+    alertname: KubeCPUOvercommit
+    exp_alerts:
+    - exp_labels:
+        severity: warning
+      exp_annotations:
+        description: Cluster has overcommitted CPU resource requests for Pods by 0.20000000000000018 CPU shares and cannot tolerate node failure.
+        runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecpuovercommit
+        summary: Cluster has overcommitted CPU resource requests.
+
+- name: KubeCPUOvercommit alert (multi-node; HA)
+  interval: 1m
+  input_series:
+    - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+      values: '2x10'
+    - series: 'namespace_cpu:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+      values: '2x10'
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="cpu", job="kube-state-metrics"}'
+      values: '1.9x10' # This value was seen on a 2x vCPU node
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n2", resource="cpu", job="kube-state-metrics"}'
+      values: '1.9x10'
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n3", resource="cpu", job="kube-state-metrics"}'
+      values: '1.9x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n2", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n3", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+  alert_rule_test:
+    - eval_time: 9m
+      alertname: KubeCPUOvercommit
+    - eval_time: 10m
+      alertname: KubeCPUOvercommit
+      exp_alerts:
+        - exp_labels:
+            severity: warning
+          exp_annotations:
+            description: Cluster has overcommitted CPU resource requests for Pods by 0.20000000000000062 CPU shares and cannot tolerate node failure.
+            runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecpuovercommit
+            summary: Cluster has overcommitted CPU resource requests.
+
+- name: KubeMemoryOvercommit alert (single-node)
+  interval: 1m
+  input_series:
+  - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+    values: '1000000000x10' # 1 GB
+  - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+    values: '1000000000x10'
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="memory", job="kube-state-metrics"}'
+    values: '1000000000x10'
+  - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  alert_rule_test:
+  - eval_time: 9m
+    alertname: KubeMemoryOvercommit
+  - eval_time: 10m
+    alertname: KubeMemoryOvercommit
+    exp_alerts:
+    - exp_labels:
+        severity: warning
+      exp_annotations:
+        description: Cluster has overcommitted memory resource requests for Pods by 1G bytes and cannot tolerate node failure.
+        runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubememoryovercommit
+        summary: Cluster has overcommitted memory resource requests.
+
+- name: KubeMemoryOvercommit alert (multi-node; non-HA)
+  interval: 1m
+  input_series:
+  - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+    values: '2000000000x10' # 2 GB
+  - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+    values: '2000000000x10'
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="memory", job="kube-state-metrics"}'
+    values: '1000000000x10'
+  - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n2", resource="memory", job="kube-state-metrics"}'
+    values: '1000000000x10'
+  - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  - series: 'kube_node_role{cluster="kubernetes", node="n2", role="control-plane", job="kube-state-metrics"}'
+    values: '1x10'
+  alert_rule_test:
+  - eval_time: 9m
+    alertname: KubeMemoryOvercommit
+  - eval_time: 10m
+    alertname: KubeMemoryOvercommit
+    exp_alerts:
+    - exp_labels:
+        severity: warning
+      exp_annotations:
+        description: Cluster has overcommitted memory resource requests for Pods by 2G bytes and cannot tolerate node failure.
+        runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubememoryovercommit
+        summary: Cluster has overcommitted memory resource requests.
+
+- name: KubeMemoryOvercommit alert (multi-node; HA)
+  interval: 1m
+  input_series:
+    - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="default"}'
+      values: '2000000000x10' # 2 GB
+    - series: 'namespace_memory:kube_pod_container_resource_requests:sum{cluster="kubernetes", namespace="kube-system"}'
+      values: '2000000000x10'
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n1", resource="memory", job="kube-state-metrics"}'
+      values: '1000000000x10'
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n2", resource="memory", job="kube-state-metrics"}'
+      values: '1000000000x10'
+    - series: 'kube_node_status_allocatable{cluster="kubernetes", node="n3", resource="memory", job="kube-state-metrics"}'
+      values: '1000000000x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n1", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n2", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+    - series: 'kube_node_role{cluster="kubernetes", node="n3", role="control-plane", job="kube-state-metrics"}'
+      values: '1x10'
+  alert_rule_test:
+    - eval_time: 9m
+      alertname: KubeMemoryOvercommit
+    - eval_time: 10m
+      alertname: KubeMemoryOvercommit
+      exp_alerts:
+        - exp_labels:
+            severity: warning
+          exp_annotations:
+            description: Cluster has overcommitted memory resource requests for Pods by 2G bytes and cannot tolerate node failure.
+            runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubememoryovercommit
+            summary: Cluster has overcommitted memory resource requests.
