Alerting
Installing kube-prometheus-stack in the same Kubernetes cluster that hosts the Seldon Enterprise Platform.
The Seldon Enterprise Platform, along with any deployed models, automatically exposes metrics to Prometheus. By default, certain alerting rules are pre-configured, and an alertmanager instance is included.
You can configure Alertmanager to send alerts through email or Slack. It can also be integrated into an incident response tool. To receive alerts when using Seldon Enterprise Platform you need to:
Prerequisites
Install Seldon Enterprise Platform.
Install Ingress Controller.
Install kube-prometheus
Configuring alerts in Seldon Enterprise Manager
To configure default alerting rules, copy the installation resource files from the
seldon-deploy-install/reference-configuration/metrics/
directory to the current directory. To configure custom alerts, see the custom alerts section.cp seldon-deploy-install/reference-configuration/metrics/user-alerts.yaml user-alerts.yaml cp seldon-deploy-install/reference-configuration/metrics/infra-alerts.yaml infra-alerts.yaml cp seldon-deploy-install/reference-configuration/metrics/drift-alerts.yaml drift-alerts.yaml
Apply the configurations to the Kubernetes cluster that is running the Seldon Enterprise Platform.
kubectl apply -n seldon-monitoring -f infra-alerts.yaml kubectl apply -n seldon-monitoring -f user-alerts.yaml kubectl apply -n seldon-monitoring -f drift-alerts.yaml
When the configuration is complete, you should see this:
prometheusrule.monitoring.coreos.com/deploy-infra-alerts created prometheusrule.monitoring.coreos.com/deploy-user-alerts created prometheusrule.monitoring.coreos.com/seldon-drift-alerts created
Create a YAML file to specify the initial configuration. For example, create the
alertmanager.yaml
file. Use your preferred text editor to create and save the file with the following content:kind: Secret apiVersion: v1 metadata: name: alertmanager-seldon-monitoring-alertmanager stringData: alertmanager.yaml: | receivers: - name: default-receiver - name: deploy-webhook webhook_configs: - url: "http://seldon-deploy.seldon-system:80/seldon-deploy/api/v1alpha1/webhooks/firing-alert" route: group_wait: 10s group_by: ['alertname'] group_interval: 5m receiver: default-receiver repeat_interval: 3h routes: - receiver: deploy-webhook matchers: - severity =~ "warning|critical" - type =~ "user|infra"
For more information about configuring alerts during authetication, see Authentication alerts section.
Apply the Altermanager configurations in the Kubernetes cluster that is running Seldon Enterprise Platform:
kubectl delete secret -n seldon-monitoring alertmanager-seldon-monitoring-alertmanager || echo "Does not yet exist" kubectl apply -f alertmanager.yaml -n seldon-monitoring
When the configurations are applied, you should see this:
secret "alertmanager-seldon-monitoring-alertmanager" deleted secret/alertmanager-seldon-monitoring-alertmanager created
You can access Alertmanager from outside the cluster by running the following commands:
echo "Alertmanager URL: http://127.0.0.1:9093/" kubectl port-forward --namespace seldon-monitoring svc/seldon-monitoring-alertmanager 9093:9093
Access Seldon Enterprise Platform.
Get the Pod that is running Seldon Enterprise Platform in the cluster and save it as
$POD_NAME.
export POD_NAME=$(kubectl get pods --namespace seldon-system -l "app.kubernetes.io/name=seldon-deploy,app.kubernetes.io/instance=seldon-enterprise" -o jsonpath="{.items[0].metadata.name}")
You can use port-forwarding to access your application locally.
kubectl port-forward $POD_NAME 8000:8000 --namespace seldon-system
Open your browser and navigate to
http://127.0.0.1:8000/seldon-deploy/
to access Seldon Enterprise Platform.
Custom alerts
You can also define your own custom alerting rules in Prometheus.
Create a file called
custom-alert.yaml
that contains your new rules. You can find some examples in the fileuser-alerts.yaml
file located in theseldon-deploy-install/reference-configuration/metrics/
folder.Apply the alerts using:
kubectl create -f custom-alert.yaml
Authentication alerts
If you are using App Level Authentication you need to add
http_config
in thewebhook_configs
section ofalertmanager.yaml
. This needs a client that has been configured to access the Seldon Enterprise Platform API. The token_url value may vary, depending on your OIDC provider.webhook_configs: - url: "http://seldon-deploy.seldon-system:80/seldon-deploy/api/v1alpha1/webhooks/firing-alert" http_config: oauth2: client_id: "${OIDC_CLIENT_ID}" client_secret: "${OIDC_CLIENT_SECRET}" scopes: [openid] token_url: "${OIDC_HOST}/auth/realms/${OIDC_REALM}/protocol/openid-connect/token" # Note: only needed if using a self-signed certificate on your OIDC provider tls_config: insecure_skip_verify: true
If you are using a self-signed certificate on your OIDC provider then you need to set
insecure_skip_verify
in thetls_config
of theoauth2
block. Alternatively, you can mount your CA certificate onto the Alertmanager instance to validate the server certificate usingca_file
. For more information see, the Prometheus documentation.
Integrating into an incident response tool
You can integrate the alerts that you configured in Seldon Enterprise Platform with various alert notification tools such as PagerDuty or Opsgenie.
Next
You may now be able to check the alerts that you configured in Alertmanager:
Open your browser and navigate to
http://127.0.0.1:9093/
to access Alertmanager UI from outside the cluster.Go to Alerts and check if any alert rules that are listed in Prometheus are tiggered.
If any of the alert rules are triggered then those alerts are displayed.
Additional Resources
Last updated
Was this helpful?