Add: could customize Runbook

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

Author: nlamirault

alerts/absent.libsonnet

@@ -0,0 +1,22 @@
+{
+  prometheusAlerts+:: {
+    groups+: [{
+      name: 'cert-manager',
+      rules: [
+        {
+          alert: 'CertManagerAbsent',
+          expr: 'absent(up{job="%(certManagerJobLabel)s"})' % $._config,
+          'for': '10m',
+          labels: {
+            severity: 'critical',
+          },
+          annotations: {
+            summary: 'Cert Manager has dissapeared from Prometheus service discovery.',
+            description: "New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.",
+            // runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerabsent',
+          },
+        },
+      ],
+    }],
+  },
+}

alerts/add-runbook-links.libsonnet

@@ -0,0 +1,23 @@
+local utils = import '../lib/utils.libsonnet';
+
+local lower(x) =
+  local cp(c) = std.codepoint(c);
+  local lowerLetter(c) =
+    if cp(c) >= 65 && cp(c) < 91
+    then std.char(cp(c) + 32)
+    else c;
+  std.join('', std.map(lowerLetter, std.stringChars(x)));
+
+{
+  _config+:: {
+    runbookURLPattern: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#%s',
+  },
+
+  prometheusAlerts+::
+    local addRunbookURL(rule) = rule {
+      [if 'alert' in rule && !('runbook_url' in rule.annotations) then 'annotations']+: {
+        runbook_url: $._config.runbookURLPattern % lower(rule.alert),
+      },
+    };
+    utils.mapRuleGroups(addRunbookURL),
+}

alerts/alerts.libsonnet

@@ -1,90 +1,3 @@
-{
-  prometheusAlerts+:: {
-    groups+: [{
-      name: 'cert-manager',
-      rules: [
-        {
-          alert: 'CertManagerAbsent',
-          expr: 'absent(up{job="%(certManagerJobLabel)s"})' % $._config,
-          'for': '10m',
-          labels: {
-            severity: 'critical',
-          },
-          annotations: {
-            summary: 'Cert Manager has dissapeared from Prometheus service discovery.',
-            description: "New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.",
-            runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerabsent',
-          },
-        },
-        {
-          alert: 'CertManagerCertExpirySoon',
-          expr: |||
-            avg by (exported_namespace, namespace, name) (
-              certmanager_certificate_expiration_timestamp_seconds - time()
-            ) < (%s * 24 * 3600) # 21 days in seconds
-          ||| % $._config.certManagerCertExpiryDays,
-          'for': '1h',
-          labels: {
-            severity: 'warning',
-          },
-          annotations: {
-            summary: 'The cert `{{ $labels.name }}` is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago.',
-            description: 'The domain that this cert covers will be unavailable after {{ $value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration }}.',
-            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
-            runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertExpirySoon',
-          },
-        },
-        {
-          alert: 'CertManagerCertNotReady',
-          expr: |||
-            max by (name, exported_namespace, namespace, condition) (
-              certmanager_certificate_ready_status{condition!="True"} == 1
-            )
-          |||,
-          'for': '10m',
-          labels: {
-            severity: 'critical',
-          },
-          annotations: {
-            summary: 'The cert `{{ $labels.name }}` is not ready to serve traffic.',
-            description: 'This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert, the ingress controller _may_ be able to serve that instead.',
-            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
-            runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertNotReady',
-          },
-        },
-        {
-          alert: 'CertManagerCertExpiryMetricMissing',
-          expr: 'absent(certmanager_certificate_expiration_timestamp_seconds)',
-          'for': '10m',
-          labels: {
-            severity: 'info',
-          },
-          annotations: {
-            summary: 'The metric used to observe cert-manager cert expiry is missing.',
-            description: 'We are blind as to whether or not we can alert on certificates expiring. It could also be the case that there have not had any Certificate CRDs created.',
-            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
-            runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertExpiryMetricMissing',
-          },
-        },
-        {
-          alert: 'CertManagerHittingRateLimits',
-          expr: |||
-            sum by (host) (
-              rate(certmanager_http_acme_client_request_count{status="429"}[5m])
-            ) > 0
-          |||,
-          'for': '5m',
-          labels: {
-            severity: 'critical',
-          },
-          annotations: {
-            summary: 'Cert manager hitting LetsEncrypt rate limits.',
-            description: 'Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week.',
-            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
-            runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerHittingRateLimits',
-          },
-        },
-      ],
-    }],
-  },
-}
+(import 'absent.libsonnet') +
+(import 'certificates.libsonnet') +
+(import 'add-runbook-links.libsonnet')

alerts/certificates.libsonnet

@@ -0,0 +1,73 @@
+{
+  prometheusAlerts+:: {
+    groups+: [{
+      name: 'certificates',
+      rules: [
+        {
+          alert: 'CertManagerCertExpirySoon',
+          expr: |||
+            avg by (exported_namespace, namespace, name) (
+              certmanager_certificate_expiration_timestamp_seconds - time()
+            ) < (%s * 24 * 3600) # 21 days in seconds
+          ||| % $._config.certManagerCertExpiryDays,
+          'for': '1h',
+          labels: {
+            severity: 'warning',
+          },
+          annotations: {
+            summary: 'The cert `{{ $labels.name }}` is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago.',
+            description: 'The domain that this cert covers will be unavailable after {{ $value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration }}.',
+            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
+          },
+        },
+        {
+          alert: 'CertManagerCertNotReady',
+          expr: |||
+            max by (name, exported_namespace, namespace, condition) (
+              certmanager_certificate_ready_status{condition!="True"} == 1
+            )
+          |||,
+          'for': '10m',
+          labels: {
+            severity: 'critical',
+          },
+          annotations: {
+            summary: 'The cert `{{ $labels.name }}` is not ready to serve traffic.',
+            description: 'This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert, the ingress controller _may_ be able to serve that instead.',
+            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
+          },
+        },
+        {
+          alert: 'CertManagerCertExpiryMetricMissing',
+          expr: 'absent(certmanager_certificate_expiration_timestamp_seconds)',
+          'for': '10m',
+          labels: {
+            severity: 'info',
+          },
+          annotations: {
+            summary: 'The metric used to observe cert-manager cert expiry is missing.',
+            description: 'We are blind as to whether or not we can alert on certificates expiring. It could also be the case that there have not had any Certificate CRDs created.',
+            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
+          },
+        },
+        {
+          alert: 'CertManagerHittingRateLimits',
+          expr: |||
+            sum by (host) (
+              rate(certmanager_http_acme_client_request_count{status="429"}[5m])
+            ) > 0
+          |||,
+          'for': '5m',
+          labels: {
+            severity: 'critical',
+          },
+          annotations: {
+            summary: 'Cert manager hitting LetsEncrypt rate limits.',
+            description: 'Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week.',
+            dashboard_url: $._config.grafanaExternalUrl + '/d/TvuRo2iMk/cert-manager',
+          },
+        },
+      ],
+    }],
+  },
+}

lib/utils.libsonnet

@@ -0,0 +1,13 @@
+{
+  mapRuleGroups(f): {
+    groups: [
+      group {
+        rules: [
+          f(rule)
+          for rule in super.rules
+        ],
+      }
+      for group in super.groups
+    ],
+  },
+}

tests.yaml

@@ -29,7 +29,7 @@ tests:
         summary: The metric used to observe cert-manager cert expiry is missing.
         description: 'We are blind as to whether or not we can alert on certificates expiring. It could also be the case that there have not had any Certificate CRDs created.'
         dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertExpiryMetricMissing'
+        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertexpirymetricmissing'
 
 # Cert expiry
 - interval: 1m
@@ -51,7 +51,7 @@ tests:
         summary: The cert `expired-ingress-cert` is 20d 22h 59m 0s from expiry, it should have renewed over a week ago.
         description: 'The domain that this cert covers will be unavailable after 20d 22h 59m 0s. Clients using endpoints that this cert protects will start to fail in 20d 22h 59m 0s.'
         dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertExpirySoon'
+        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertexpirysoon'
 
 # Cert not ready
 - interval: 1m
@@ -77,7 +77,7 @@ tests:
         description: 'This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert,
           the ingress controller _may_ be able to serve that instead.'
         dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertNotReady'
+        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertnotready'
     - exp_labels:
         severity: critical
         exported_namespace: test
@@ -89,7 +89,7 @@ tests:
         description: 'This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert,
           the ingress controller _may_ be able to serve that instead.'
         dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerCertNotReady'
+        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertnotready'
 
 # cert-manager rate limits
 - interval: 1m
@@ -110,5 +110,5 @@ tests:
       exp_annotations:
         summary: 'Cert manager hitting LetsEncrypt rate limits.'
         description: 'Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week.'
-        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#CertManagerHittingRateLimits'
+        runbook_url: 'https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerhittingratelimits'
         dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager