Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Managing alerts

Monitoring stack for Red Hat OpenShift 4.19

Manage alerts, silences, and alerting rules for OpenShift Container Platform.

Red Hat OpenShift Documentation Team

Abstract

This document explains how to manage alerts, silences, and alerting rules in OpenShift Container Platform. It provides separate instructions for administrators, who can customize core platform alerts, and developers, who can manage alerts for their own projects.

Chapter 1. Managing alerts as an Administrator
Copy link

In OpenShift Container Platform, the Alerting UI enables you to manage alerts, silences, and alerting rules.

Important

Starting with OpenShift Container Platform 4.19, the perspectives in the web console have unified. The Developer perspective is no longer enabled by default.

All users can interact with all OpenShift Container Platform web console features. However, if you are not the cluster owner, you might need to request permission to certain features from the cluster owner.

You can still enable the Developer perspective. On the Getting Started pane in the web console, you can take a tour of the console, find information on setting up your cluster, view a quick start for enabling the Developer perspective, and follow links to explore new features and capabilities.

Note

The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to. For example, if you are logged in as an administrator, you can access all alerts, silences, and alerting rules.

1.1. Accessing the Alerting UI
Copy link

Access the Alerting UI to manage alerts, silences, and alerting rules through the web console.

Procedure

  • In the OpenShift Container Platform web console, go to ObserveAlerting. The three main pages in the Alerting UI in this perspective are the Alerts, Silences, and Alerting rules pages.

Use the web console interface to get detailed information about alerts, silences, and alerting rules to manage your alerting configuration effectively and troubleshoot monitoring issues.

Prerequisites

  • You have access to the cluster as a user with view permissions for the project that you are viewing alerts for.

Procedure

  • To obtain information about alerts:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingAlerts page.
    2. Optional: Search for alerts by name by using the Name field in the search list.
    3. Optional: Filter alerts by state, severity, and source by selecting filters in the Filter list.
    4. Optional: Sort the alerts by clicking one or more of the Name, Severity, State, and Source column headers.

    5. Click the name of an alert to view its Alert details page. The page includes a graph that illustrates alert time series data. It also provides the following information about the alert:

      • A description of the alert
      • Messages associated with the alert
      • A link to the runbook page on GitHub for the alert, if the page exists
      • Labels attached to the alert
      • A link to its governing alerting rule
      • Silences for the alert, if any exist

  • To obtain information about silences:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingSilences page.
    2. Optional: Filter the silences by name using the Search by name field.
    3. Optional: Filter silences by state by selecting filters in the Filter list. By default, Active and Pending filters are applied.
    4. Optional: Sort the silences by clicking one or more of the Name, Firing alerts, State, and Creator column headers.

    5. Select the name of a silence to view its Silence details page. The page includes the following details:

      • Alert specification
      • Start time
      • End time
      • Silence state
      • Number and list of firing alerts

  • To obtain information about alerting rules:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingAlerting rules page.
    2. Optional: Filter alerting rules by state, severity, and source by selecting filters in the Filter list.
    3. Optional: Sort the alerting rules by clicking one or more of the Name, Severity, Alert state, and Source column headers.

    4. Select the name of an alerting rule to view its Alerting rule details page. The page provides the following details about the alerting rule:

      • Alerting rule name, severity, and description.
      • The expression that defines the condition for firing the alert.
      • The time for which the condition should be true for an alert to fire.
      • A graph for each alert governed by the alerting rule, showing the value with which the alert is firing.
      • A table of all alerts governed by the alerting rule.

1.3. Managing silences
Copy link

Create a silence for an alert in the OpenShift Container Platform web console. After you create a silence, you do not receive notifications about an alert when the alert fires.

Creating silences is useful in scenarios where you have received an initial alert notification, and you do not want to receive further notifications during the time in which you resolve the underlying issue causing the alert to fire.

When creating a silence, you must specify whether it becomes active immediately or at a later time. You must also set a duration period after which the silence expires.

After you create silences, you can view, edit, and expire them.

Note

When you create silences, they are replicated across Alertmanager pods. However, if you do not configure persistent storage for Alertmanager, silences might be lost. This can happen, for example, if all Alertmanager pods restart at the same time.

1.3.1. Silencing alerts
Copy link

Silence a specific alert or silence alerts that match a specification that you define to prevent notification fatigue during maintenance or known issues.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  • To silence a specific alert:

    1. In the OpenShift Container Platform web console, go to ObserveAlertingAlerts.
    2. For the alert that you want to silence, click kebab and select Silence alert to open the Silence alert page with a default configuration for the chosen alert.

    3. Optional: Change the default configuration details for the silence.

      Note

      You must add a comment before saving a silence.

    4. To save the silence, click Silence.

  • To silence a set of alerts:

    1. In the OpenShift Container Platform web console, go to ObserveAlertingSilences.
    2. Click Create silence.

    3. On the Create silence page, set the schedule, duration, and label details for an alert.

      Note

      You must add a comment before saving a silence.

    4. To create silences for alerts that match the labels that you entered, click Silence.

1.3.2. Editing silences
Copy link

Edit a silence to customize it for your requirements. Editing the silence expires the existing silence and creates a new one with the changed configuration.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  1. In the OpenShift Container Platform web console, go to ObserveAlertingSilences.

  2. For the silence you want to modify, click kebab and select Edit silence.

    Alternatively, you can click Actions and select Edit silence on the Silence details page for a silence.

  3. On the Edit silence page, make changes and click Silence. Doing so expires the existing silence and creates one with the updated configuration.

1.3.3. Expiring silences
Copy link

Expire a single silence or multiple silences to restore alert notifications. Expiring a silence deactivates it permanently.

Note

You cannot delete expired, silenced alerts. Expired silences older than 120 hours are garbage collected.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  1. Go to ObserveAlertingSilences.
  2. For the silence or silences you want to expire, select the checkbox in the corresponding row.

  3. Click Expire 1 silence to expire a single selected silence or Expire <n> silences to expire multiple selected silences, where <n> is the number of silences you selected.

    Alternatively, to expire a single silence you can click Actions and select Expire silence on the Silence details page for a silence.

As a cluster administrator, customize default alerting rules for platform metrics to meet your specific monitoring needs and organizational requirements.

The monitoring stack includes a large set of default platform alerting rules. You can customize this set of rules in two ways:

  • Modify the settings for existing platform alerting rules by adjusting thresholds or by adding and modifying labels. For example, you can change the severity label for an alert from warning to critical to help you route and triage issues flagged by an alert.
  • Define and add new custom alerting rules by constructing a query expression based on core platform metrics in the openshift-monitoring project.

1.4.1. Creating new alerting rules
Copy link

As a cluster administrator, create custom alerting rules based on platform metrics to monitor specific conditions important to your environment, ensuring you receive notifications about issues that default alerts do not cover.

Note
  • If you create a customized AlertingRule resource based on an existing platform alerting rule, silence the original alert to avoid receiving conflicting alerts.
  • To help users understand the impact and cause of the alert, ensure that your alerting rule contains an alert message and severity value.

Prerequisites

  • You have access to the cluster as a user that has the cluster-admin cluster role.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a new YAML configuration file named example-alerting-rule.yaml.

  2. Add an AlertingRule resource to the YAML file. The following example creates a new alerting rule named example, similar to the default Watchdog alert: 

    apiVersion: monitoring.openshift.io/v1
kind: AlertingRule
metadata:
  name: example
  namespace: openshift-monitoring
spec:
  groups:
  - name: example-rules
    rules:
    - alert: ExampleAlert
      for: 1m
      expr: vector(1)
      labels:
        severity: warning
      annotations:
        message: This is an example alert.

    where:

    namespace
    Specifies the project. Ensure that the namespace is openshift-monitoring.
    alert
    Specifies the name of the alerting rule you want to create.
    for
    Specifies the duration for which the condition should be true before an alert is fired.
    expr
    Specifies the PromQL query expression that defines the new rule.
    labels.severity
    Specifies the severity that alerting rule assigns to the alert.
    annotations.message
    Specifies the message associated with the alert.
    Important

    You must create the AlertingRule object in the openshift-monitoring namespace. Otherwise, the alerting rule is not accepted.

  3. Apply the configuration file to the cluster: 

    $ oc apply -f example-alerting-rule.yaml

1.4.2. Modifying core platform alerting rules
Copy link

As a cluster administrator, modify core platform alerts before Alertmanager routes them to a receiver to customize alerting behavior for your environment. For example, you can change the severity label of an alert, add a custom label, or exclude an alert from being sent to Alertmanager.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin cluster role.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a new YAML configuration file named example-modified-alerting-rule.yaml.

  2. Add an AlertRelabelConfig resource to the YAML file. The following example modifies the severity setting to critical for the default platform watchdog alerting rule: 

    apiVersion: monitoring.openshift.io/v1
kind: AlertRelabelConfig
metadata:
  name: watchdog
  namespace: openshift-monitoring
spec:
  configs:
  - sourceLabels: [alertname,severity]
    regex: "Watchdog;none"
    targetLabel: severity
    replacement: critical
    action: Replace

    where:

    namespace
    Must be set to openshift-monitoring.
    sourceLabels
    Defines the source labels for the values you want to modify.
    regex
    Defines the regular expression against which the value of sourceLabels is matched.
    targetLabel
    Defines the target label of the value you want to modify.
    replacement
    Defines the new value to replace the target label.
    action
    Defines the relabel action that replaces the old value based on regex matching. The default action is Replace. Other possible values are Keep, Drop, HashMod, LabelMap, LabelDrop, and LabelKeep.
    Important

    You must create the AlertRelabelConfig object in the openshift-monitoring namespace. Otherwise, the alert label will not change.

  3. Apply the configuration file to the cluster: 

    $ oc apply -f example-modified-alerting-rule.yaml

Create, view, edit, and remove alerting rules for user-defined projects to create custom alerting that meets your application-specific conditions. Those alerting rules trigger alerts based on the values of the chosen metrics.

Create alerting rules for user-defined projects to monitor your custom applications and receive notifications when specific conditions or thresholds are met to improve incident response times.

Note

To help users understand the impact and cause of the alert, ensure that your alerting rule contains an alert message and severity value.

Prerequisites

  • You have enabled monitoring for user-defined projects.
  • You are logged in as a cluster administrator or as a user that has the monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a YAML file for alerting rules. In this example, it is called example-app-alerting-rule.yaml.

  2. Add an alerting rule configuration to the YAML file. The following example creates a new alerting rule named example-alert. The alerting rule fires an alert when the version metric exposed by the sample service becomes 0: 

    apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: example-alert
  namespace: ns1
spec:
  groups:
  - name: example
    rules:
    - alert: VersionAlert
      for: 1m
      expr: version{job="prometheus-example-app"} == 0
      labels:
        severity: warning
      annotations:
        message: This is an example alert.

    where:

    alert
    Specifies the name of the alerting rule you want to create.
    for
    Specifies the duration for which the condition should be true before an alert is fired.
    expr
    Specifies the PromQL query expression that defines the new rule.
    labels.severity
    Specifies the severity that alerting rule assigns to the alert.
    annotations.message
    Specifies the message associated with the alert.

  3. Apply the configuration file to the cluster: 

    $ oc apply -f example-app-alerting-rule.yaml

Reduce alerting rule duplication by creating alerting rules that apply across multiple user-defined projects instead of maintaining separate rules in each project.

Create alerting rules that are not bound to their project of origin by configuring a project in the user-workload-monitoring-config config map. The PrometheusRule objects created in these projects are applicable to all projects.

Filter which projects are included or excluded from the alerting rule by using PromQL queries in the PrometheusRule object.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin cluster role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The user-workload-monitoring-config-edit role in the openshift-user-workload-monitoring project to edit the user-workload-monitoring-config config map.
    • The monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • A cluster administrator has enabled monitoring for user-defined projects.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the user-workload-monitoring-config config map in the openshift-user-workload-monitoring project: 

    $ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config

  2. Configure projects in which you want to create alerting rules that are not bound to a specific project: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    namespacesWithoutLabelEnforcement: [ <namespace1>, <namespace2> ]
    # ...

    where:

    namespacesWithoutLabelEnforcement
    Specifies one or more projects in which you want to create cross-project alerting rules. Prometheus and Thanos Ruler for user-defined monitoring do not enforce the namespace label in PrometheusRule objects created in these projects, making the PrometheusRule objects applicable to all projects.
  3. Create a YAML file for alerting rules. In this example, it is called example-cross-project-alerting-rule.yaml.

  4. Add an alerting rule configuration to the YAML file. The following example creates a new cross-project alerting rule called example-security. The alerting rule fires when a user project does not enforce the restricted pod security policy: 

    apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: example-security
  namespace: ns1
spec:
  groups:
    - name: pod-security-policy
      rules:
        - alert: "ProjectNotEnforcingRestrictedPolicy"
          for: 5m
          expr: kube_namespace_labels{namespace!~"(openshift|kube).*|default",label_pod_security_kubernetes_io_enforce!="restricted"}
          annotations:
            message: "Restricted policy not enforced. Project {{ $labels.namespace }} does not enforce the restricted pod security policy."
          labels:
            severity: warning

    where:

    namespace
    Specifies the project. Ensure that you specify the project that you defined in the namespacesWithoutLabelEnforcement field.
    alert
    Specifies the name of the alerting rule you want to create.
    for
    Specifies the duration for which the condition should be true before an alert is fired.
    expr
    Specifies the PromQL query expression that defines the new rule. You can use label matchers on the namespace label to filter which projects are included or excluded from the alerting rule.
    annotations.message
    Specifies the message associated with the alert.
    labels.severity
    Specifies the severity that alerting rule assigns to the alert.
    Important

    Ensure that you create a specific cross-project alerting rule in only one of the projects that you specified in the namespacesWithoutLabelEnforcement field. If you create the same cross-project alerting rule in multiple projects, it results in repeated alerts.

  5. Apply the configuration file to the cluster: 

    $ oc apply -f example-cross-project-alerting-rule.yaml

As a cluster administrator, list alerting rules for core platform and user-defined projects in a single view to get complete visibility into all cluster alerting rules.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. In the OpenShift Container Platform web console, go to ObserveAlertingAlerting rules.

  2. Select the Platform and User sources in the Filter drop-down menu.

    Note

    The Platform source is selected by default.

Remove alerting rules for user-defined projects to delete outdated alerts, reduce notification noise, or update your monitoring configuration.

Prerequisites

  • You have enabled monitoring for user-defined projects.
  • You are logged in as a cluster administrator or as a user that has the monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • You have installed the OpenShift CLI (oc).

Procedure

  • To remove rule <alerting_rule> in <namespace>, run the following: 

    $ oc -n <namespace> delete prometheusrule <alerting_rule>

Disable cross-project alerting rules for user-defined projects to prevent user workload monitoring from overloading the monitoring stack and to protect against buggy alerting rules affecting cluster performance without having to troubleshoot individual rules.

The creation of cross-project alerting rules for user-defined projects is enabled by default. Cluster administrators can disable the capability in the cluster-monitoring-config config map.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin cluster role.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the cluster-monitoring-config config map in the openshift-monitoring project: 

    $ oc -n openshift-monitoring edit configmap cluster-monitoring-config

  2. In the cluster-monitoring-config config map, disable the option to create cross-project alerting rules by setting the rulesWithoutLabelEnforcementAllowed value under data/config.yaml/userWorkload to false: 

    kind: ConfigMap
apiVersion: v1
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    userWorkload:
      rulesWithoutLabelEnforcementAllowed: false
    # ...
  3. Save the file to apply the changes.

Chapter 2. Managing alerts as a Developer
Copy link

In OpenShift Container Platform, the Alerting UI enables you to manage alerts, silences, and alerting rules.

Important

Starting with OpenShift Container Platform 4.19, the perspectives in the web console have unified. The Developer perspective is no longer enabled by default.

All users can interact with all OpenShift Container Platform web console features. However, if you are not the cluster owner, you might need to request permission to certain features from the cluster owner.

You can still enable the Developer perspective. On the Getting Started pane in the web console, you can take a tour of the console, find information on setting up your cluster, view a quick start for enabling the Developer perspective, and follow links to explore new features and capabilities.

Note

The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to.

2.1. Accessing the Alerting UI
Copy link

Access the Alerting UI to manage alerts, silences, and alerting rules through the web console.

Procedure

  • In the OpenShift Container Platform web console, go to ObserveAlerting. The three main pages in the Alerting UI in this perspective are the Alerts, Silences, and Alerting rules pages.

Use the web console interface to get detailed information about alerts, silences, and alerting rules to manage your alerting configuration effectively and troubleshoot monitoring issues.

Prerequisites

  • You have access to the cluster as a user with view permissions for the project that you are viewing alerts for.

Procedure

  • To obtain information about alerts:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingAlerts page.
    2. Optional: Search for alerts by name by using the Name field in the search list.
    3. Optional: Filter alerts by state, severity, and source by selecting filters in the Filter list.
    4. Optional: Sort the alerts by clicking one or more of the Name, Severity, State, and Source column headers.

    5. Click the name of an alert to view its Alert details page. The page includes a graph that illustrates alert time series data. It also provides the following information about the alert:

      • A description of the alert
      • Messages associated with the alert
      • A link to the runbook page on GitHub for the alert, if the page exists
      • Labels attached to the alert
      • A link to its governing alerting rule
      • Silences for the alert, if any exist

  • To obtain information about silences:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingSilences page.
    2. Optional: Filter the silences by name using the Search by name field.
    3. Optional: Filter silences by state by selecting filters in the Filter list. By default, Active and Pending filters are applied.
    4. Optional: Sort the silences by clicking one or more of the Name, Firing alerts, State, and Creator column headers.

    5. Select the name of a silence to view its Silence details page. The page includes the following details:

      • Alert specification
      • Start time
      • End time
      • Silence state
      • Number and list of firing alerts

  • To obtain information about alerting rules:

    1. In the OpenShift Container Platform web console, go to the ObserveAlertingAlerting rules page.
    2. Optional: Filter alerting rules by state, severity, and source by selecting filters in the Filter list.
    3. Optional: Sort the alerting rules by clicking one or more of the Name, Severity, Alert state, and Source column headers.

    4. Select the name of an alerting rule to view its Alerting rule details page. The page provides the following details about the alerting rule:

      • Alerting rule name, severity, and description.
      • The expression that defines the condition for firing the alert.
      • The time for which the condition should be true for an alert to fire.
      • A graph for each alert governed by the alerting rule, showing the value with which the alert is firing.
      • A table of all alerts governed by the alerting rule.

2.3. Managing silences
Copy link

Create a silence for an alert in the OpenShift Container Platform web console. After you create a silence, you do not receive notifications about an alert when the alert fires.

Creating silences is useful in scenarios where you have received an initial alert notification, and you do not want to receive further notifications during the time in which you resolve the underlying issue causing the alert to fire.

When creating a silence, you must specify whether it becomes active immediately or at a later time. You must also set a duration period after which the silence expires.

After you create silences, you can view, edit, and expire them.

Note

When you create silences, they are replicated across Alertmanager pods. However, if you do not configure persistent storage for Alertmanager, silences might be lost. This can happen, for example, if all Alertmanager pods restart at the same time.

2.3.1. Silencing alerts
Copy link

Silence a specific alert or silence alerts that match a specification that you define to prevent notification fatigue during maintenance or known issues.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  • To silence a specific alert:

    1. In the OpenShift Container Platform web console, go to ObserveAlertingAlerts.
    2. For the alert that you want to silence, click kebab and select Silence alert to open the Silence alert page with a default configuration for the chosen alert.

    3. Optional: Change the default configuration details for the silence.

      Note

      You must add a comment before saving a silence.

    4. To save the silence, click Silence.

  • To silence a set of alerts:

    1. In the OpenShift Container Platform web console, go to ObserveAlertingSilences.
    2. Click Create silence.

    3. On the Create silence page, set the schedule, duration, and label details for an alert.

      Note

      You must add a comment before saving a silence.

    4. To create silences for alerts that match the labels that you entered, click Silence.

2.3.2. Editing silences
Copy link

Edit a silence to customize it for your requirements. Editing the silence expires the existing silence and creates a new one with the changed configuration.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  1. In the OpenShift Container Platform web console, go to ObserveAlertingSilences.

  2. For the silence you want to modify, click kebab and select Edit silence.

    Alternatively, you can click Actions and select Edit silence on the Silence details page for a silence.

  3. On the Edit silence page, make changes and click Silence. Doing so expires the existing silence and creates one with the updated configuration.

2.3.3. Expiring silences
Copy link

Expire a single silence or multiple silences to restore alert notifications. Expiring a silence deactivates it permanently.

Note

You cannot delete expired, silenced alerts. Expired silences older than 120 hours are garbage collected.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The cluster-monitoring-view cluster role, which allows you to access Alertmanager.
    • The monitoring-alertmanager-edit role, which permits you to create and silence alerts.

Procedure

  1. Go to ObserveAlertingSilences.
  2. For the silence or silences you want to expire, select the checkbox in the corresponding row.

  3. Click Expire 1 silence to expire a single selected silence or Expire <n> silences to expire multiple selected silences, where <n> is the number of silences you selected.

    Alternatively, to expire a single silence you can click Actions and select Expire silence on the Silence details page for a silence.

Create, view, edit, and remove alerting rules for user-defined projects to create custom alerting that meets your application-specific conditions. Those alerting rules trigger alerts based on the values of the chosen metrics.

Create alerting rules for user-defined projects to monitor your custom applications and receive notifications when specific conditions or thresholds are met to improve incident response times.

Note

To help users understand the impact and cause of the alert, ensure that your alerting rule contains an alert message and severity value.

Prerequisites

  • You have enabled monitoring for user-defined projects.
  • You are logged in as a cluster administrator or as a user that has the monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a YAML file for alerting rules. In this example, it is called example-app-alerting-rule.yaml.

  2. Add an alerting rule configuration to the YAML file. The following example creates a new alerting rule named example-alert. The alerting rule fires an alert when the version metric exposed by the sample service becomes 0: 

    apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: example-alert
  namespace: ns1
spec:
  groups:
  - name: example
    rules:
    - alert: VersionAlert
      for: 1m
      expr: version{job="prometheus-example-app"} == 0
      labels:
        severity: warning
      annotations:
        message: This is an example alert.

    where:

    alert
    Specifies the name of the alerting rule you want to create.
    for
    Specifies the duration for which the condition should be true before an alert is fired.
    expr
    Specifies the PromQL query expression that defines the new rule.
    labels.severity
    Specifies the severity that alerting rule assigns to the alert.
    annotations.message
    Specifies the message associated with the alert.

  3. Apply the configuration file to the cluster: 

    $ oc apply -f example-app-alerting-rule.yaml

Reduce alerting rule duplication by creating alerting rules that apply across multiple user-defined projects instead of maintaining separate rules in each project.

Create alerting rules that are not bound to their project of origin by configuring a project in the user-workload-monitoring-config config map. The PrometheusRule objects created in these projects are applicable to all projects.

Filter which projects are included or excluded from the alerting rule by using PromQL queries in the PrometheusRule object.

Prerequisites

  • If you are a cluster administrator, you have access to the cluster as a user with the cluster-admin cluster role.

  • If you are a non-administrator user, you have access to the cluster as a user with the following user roles:

    • The user-workload-monitoring-config-edit role in the openshift-user-workload-monitoring project to edit the user-workload-monitoring-config config map.
    • The monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • A cluster administrator has enabled monitoring for user-defined projects.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the user-workload-monitoring-config config map in the openshift-user-workload-monitoring project: 

    $ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config

  2. Configure projects in which you want to create alerting rules that are not bound to a specific project: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    namespacesWithoutLabelEnforcement: [ <namespace1>, <namespace2> ]
    # ...

    where:

    namespacesWithoutLabelEnforcement
    Specifies one or more projects in which you want to create cross-project alerting rules. Prometheus and Thanos Ruler for user-defined monitoring do not enforce the namespace label in PrometheusRule objects created in these projects, making the PrometheusRule objects applicable to all projects.
  3. Create a YAML file for alerting rules. In this example, it is called example-cross-project-alerting-rule.yaml.

  4. Add an alerting rule configuration to the YAML file. The following example creates a new cross-project alerting rule called example-security. The alerting rule fires when a user project does not enforce the restricted pod security policy: 

    apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: example-security
  namespace: ns1
spec:
  groups:
    - name: pod-security-policy
      rules:
        - alert: "ProjectNotEnforcingRestrictedPolicy"
          for: 5m
          expr: kube_namespace_labels{namespace!~"(openshift|kube).*|default",label_pod_security_kubernetes_io_enforce!="restricted"}
          annotations:
            message: "Restricted policy not enforced. Project {{ $labels.namespace }} does not enforce the restricted pod security policy."
          labels:
            severity: warning

    where:

    namespace
    Specifies the project. Ensure that you specify the project that you defined in the namespacesWithoutLabelEnforcement field.
    alert
    Specifies the name of the alerting rule you want to create.
    for
    Specifies the duration for which the condition should be true before an alert is fired.
    expr
    Specifies the PromQL query expression that defines the new rule. You can use label matchers on the namespace label to filter which projects are included or excluded from the alerting rule.
    annotations.message
    Specifies the message associated with the alert.
    labels.severity
    Specifies the severity that alerting rule assigns to the alert.
    Important

    Ensure that you create a specific cross-project alerting rule in only one of the projects that you specified in the namespacesWithoutLabelEnforcement field. If you create the same cross-project alerting rule in multiple projects, it results in repeated alerts.

  5. Apply the configuration file to the cluster: 

    $ oc apply -f example-cross-project-alerting-rule.yaml

Access alerting rules for user-defined projects to review current alert configurations and troubleshoot alerting issues. To list alerting rules for a user-defined project, you must be assigned the monitoring-rules-view cluster role for the project.

Prerequisites

  • You have enabled monitoring for user-defined projects.
  • You are logged in as a user that has the monitoring-rules-view cluster role for your project.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. To list alerting rules in <project>: 

    $ oc -n <project> get prometheusrule

  2. To list the configuration of an alerting rule, run the following: 

    $ oc -n <project> get prometheusrule <rule> -o yaml

Remove alerting rules for user-defined projects to delete outdated alerts, reduce notification noise, or update your monitoring configuration.

Prerequisites

  • You have enabled monitoring for user-defined projects.
  • You are logged in as a cluster administrator or as a user that has the monitoring-rules-edit cluster role for the project where you want to create an alerting rule.
  • You have installed the OpenShift CLI (oc).

Procedure

  • To remove rule <alerting_rule> in <namespace>, run the following: 

    $ oc -n <namespace> delete prometheusrule <alerting_rule>

Legal Notice
Copy link

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top