[ops] WebApp: More alerts to make rollouts safer

[geropl]

Description

This PR adds a list of alerts we'd so far do manually on deployments. All of these go to our team internal Slack channel for now, so we can fine-tune them before we promote them to on-call L1 (if at all).

• API error rate
• websocket connection rate
• critical services running:
  • messagebus
  • [ ] db-sync I don't know how to make it not alert in regions where this pod is not running 🤷
  • flag crashloopbackoff
• services RAM/CPU usage trends
• [ ] DB CPU usage stays within limits done in GCloud
• [ ] log error rate (replaces "GCloud Error Reporting") done in GCloud

Context:

• WebApp epic: Epic: Unattended Deployments #10722
• work in progress: https://www.notion.so/Increase-WebApp-Deployment-Cadence-Monitoring-and-Alerting-ee3cabd091634ffaa37ff218da6057bd
• Platform issue: https://github.com/gitpod-io/ops/issues/2873

Related Issue(s)

Context: #10722

How to test

Release Notes

NONE

Documentation

Werft options:

• /werft with-preview

[easyCZ]

Why 2 minutes? That's somewhat non-standard as normally metrics tend to use 1, 3, 5 or 10 minutes

[geropl]

Asking out of curiosity: What's the reason behind choosing 1, 3, 5, 10? 🤔

fwiw I took 2 after playing around with the numbers and choose the one where the graph looked "nice" (e.g., not too spiky, but responsive enough).

[easyCZ]

Metrics have the cluster label on them. See possible values here https://grafana.gitpod.io/explore?orgId=1&left=%7B%22datasource%22:%22P4169E866C3094E38%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22editorMode%22:%22code%22,%22expr%22:%22sum%28increase%28kube_pod_status_phase%5B1m%5D%29%29%20by%20%28cluster%29%22,%22legendFormat%22:%22__auto%22,%22range%22:true,%22instant%22:true%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D

Contains prod-meta-us02

[geropl]

Do you have a concrete query that solves the problem? Might just be lagging prometheus-foo, here. 🙃

[ArthurSens]

Unfortunately, they don't have the cluster label while evaluating alerts. Alerts are evaluated by Prometheus in the 'leaf' clusters, so they're not aware of their location :/

[easyCZ]

Normally, to detect if something is running, you'd use the up metric. That basically works on the basis that it can be scraped. For some reason, that's not available for db-sync. Will dig into ti more.

[geropl]

That basically works on the basis that it can be scraped. For some reason

💡 Ah, yes! db-sync has no metrics endpoint, yet.

[geropl]

BTW here is a good thread about this question.

[easyCZ]

What would the runbook contain? In a way, services would ideally run at 100% utilization all the time, that way there's nothing wasted.

I'm asking because this tends to be notoriously difficult to make actionable. One could argue that we should instead set CPU/Memory limits on pods to force them to crash and restart (and alert on the restarts) rather than alerting for high utilization.

[geropl]

I understand that there are better ways to setup alerts if you go by the book. But looking at past incidents I deem this a pretty good indicator that somthing is fishy. Especially after a recent deployment.

The runbook will never be substantial. This can serve as a first step, and if we find better measures, replace this error with something that make more sense. But for now we have something, at all. 🙃

[easyCZ]

Sounds good as the first step!

[easyCZ]

I'm happy with this as a first pass. We can tweak if it's too noisy.

/hold in case you want to make any other changes

[geropl]

/unhold

Let's move forward with this, and fine-tune as we go 👣