在 GCP Deployment Manager 配置中使用 Stackdriver 资源组的 ID
Use a Stackdriver resource group's ID in a GCP Deployment Manager configuration
我正在尝试创建一个 Stackdriver alert policy with a Deployment Manager configuration. The same configuration first creates a resource group and a notification channel,然后是基于这些的策略:
resources:
- name: test-group
type: gcp-types/monitoring-v3:projects.groups
properties:
displayName: A test group
filter: >-
resource.metadata.cloud_account="aproject-id" AND
resource.type="gce_instance" AND
resource.metadata.tag."managed"="yes"
- name: test-email-notification
type: gcp-types/monitoring-v3:projects.notificationChannels
properties:
displayName: A test email channel
type: email
labels:
email_address: incidents@example.com
- name: test-alert-policy
type: gcp-types/monitoring-v3:projects.alertPolicies
properties:
enabled: true
displayName: A test alert policy
documentation:
mimeType: text/markdown
content: "Test incident"
notificationChannels:
- $(ref.test-email-notification.name)
combiner: OR
conditions:
- conditionAbsent:
aggregations:
- alignmentPeriod: 60s
perSeriesAligner: ALIGN_RATE
duration: 300s
filter: metric.type="compute.googleapis.com/instance/uptime" group.id="$(ref.test-group.id)"
trigger:
count: 1
displayName: The instance is down
该策略的唯一条件有一个基于资源组的过滤器,即只有该组的成员可以触发此警报。
我正在尝试使用对群组 ID 的引用,但它不起作用 - "The reference 'id' is invalid, reason: The field 'id' does not exists on the reference schema.
另外,当我尝试使用 $(ref.test-group.selfLink) 时,我得到 The reference 'selfLink' is invalid, reason: The field 'selfLink' does not exists on the reference schema.
我可以获得群组名称(例如 "projects/aproject-id/groups/3691870619975147604")但是 filters only accept group IDs(例如只有“3691870619975147604”部分):
'{"ResourceType":"gcp-types/monitoring-v3:projects.alertPolicies","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Field
alert_policy.conditions[0].condition_absent.filter had an invalid value of \"metric.type=\"compute.googleapis.com/instance/uptime\"
group.id=\"projects/aproject-id/groups/3691870619975147604\"\":
must specify a restriction on \"resource.type\" in the filter; see \"https://cloud.google.com/monitoring/api/resources\"
for a list of available resource types.","status":"INVALID_ARGUMENT","statusMessage":"Bad
Request","requestPath":"https://monitoring.googleapis.com/v3/projects/aproject-id/alertPolicies","httpMethod":"POST"}}'
尝试用以下内容替换您的警报策略:
- name: test-alert-policy
type: gcp-types/monitoring-v3:projects.alertPolicies
properties:
enabled: true
displayName: A test alert policy
documentation:
mimeType: text/markdown
content: "Test incident"
notificationChannels:
- $(ref.test-email-notification.name)
combiner: OR
conditions:
- conditionAbsent:
aggregations:
- alignmentPeriod: 60s
perSeriesAligner: ALIGN_RATE
duration: 300s
filter: metric.type="compute.googleapis.com/instance/uptime" $(ref.test-group.filter)
trigger:
count: 1
displayName: The instance is down
metadata:
dependsOn:
- test-group
这会添加 1) 使用 dependsOn 子句对 test-group 的显式依赖,以及 2) 对指标过滤器添加 $(ref.test-group.filter),以便它虽然没有严格链接到 test-group,最终包含与 test-group.
相同的所有资源
由于 Deployment Manager 资源是 运行 并行的,因此有必要使用 dependsOn 来确保在尝试创建 test-alert-policy 之前实例化 test-group;显然 Deployment Manager 不够聪明,无法仅通过引用来推断这一点。
我正在尝试创建一个 Stackdriver alert policy with a Deployment Manager configuration. The same configuration first creates a resource group and a notification channel,然后是基于这些的策略:
resources:
- name: test-group
type: gcp-types/monitoring-v3:projects.groups
properties:
displayName: A test group
filter: >-
resource.metadata.cloud_account="aproject-id" AND
resource.type="gce_instance" AND
resource.metadata.tag."managed"="yes"
- name: test-email-notification
type: gcp-types/monitoring-v3:projects.notificationChannels
properties:
displayName: A test email channel
type: email
labels:
email_address: incidents@example.com
- name: test-alert-policy
type: gcp-types/monitoring-v3:projects.alertPolicies
properties:
enabled: true
displayName: A test alert policy
documentation:
mimeType: text/markdown
content: "Test incident"
notificationChannels:
- $(ref.test-email-notification.name)
combiner: OR
conditions:
- conditionAbsent:
aggregations:
- alignmentPeriod: 60s
perSeriesAligner: ALIGN_RATE
duration: 300s
filter: metric.type="compute.googleapis.com/instance/uptime" group.id="$(ref.test-group.id)"
trigger:
count: 1
displayName: The instance is down
该策略的唯一条件有一个基于资源组的过滤器,即只有该组的成员可以触发此警报。
我正在尝试使用对群组 ID 的引用,但它不起作用 - "The reference 'id' is invalid, reason: The field 'id' does not exists on the reference schema.
另外,当我尝试使用 $(ref.test-group.selfLink) 时,我得到 The reference 'selfLink' is invalid, reason: The field 'selfLink' does not exists on the reference schema.
我可以获得群组名称(例如 "projects/aproject-id/groups/3691870619975147604")但是 filters only accept group IDs(例如只有“3691870619975147604”部分):
'{"ResourceType":"gcp-types/monitoring-v3:projects.alertPolicies","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Field
alert_policy.conditions[0].condition_absent.filter had an invalid value of \"metric.type=\"compute.googleapis.com/instance/uptime\"
group.id=\"projects/aproject-id/groups/3691870619975147604\"\":
must specify a restriction on \"resource.type\" in the filter; see \"https://cloud.google.com/monitoring/api/resources\"
for a list of available resource types.","status":"INVALID_ARGUMENT","statusMessage":"Bad
Request","requestPath":"https://monitoring.googleapis.com/v3/projects/aproject-id/alertPolicies","httpMethod":"POST"}}'
尝试用以下内容替换您的警报策略:
- name: test-alert-policy
type: gcp-types/monitoring-v3:projects.alertPolicies
properties:
enabled: true
displayName: A test alert policy
documentation:
mimeType: text/markdown
content: "Test incident"
notificationChannels:
- $(ref.test-email-notification.name)
combiner: OR
conditions:
- conditionAbsent:
aggregations:
- alignmentPeriod: 60s
perSeriesAligner: ALIGN_RATE
duration: 300s
filter: metric.type="compute.googleapis.com/instance/uptime" $(ref.test-group.filter)
trigger:
count: 1
displayName: The instance is down
metadata:
dependsOn:
- test-group
这会添加 1) 使用 dependsOn 子句对 test-group 的显式依赖,以及 2) 对指标过滤器添加 $(ref.test-group.filter),以便它虽然没有严格链接到 test-group,最终包含与 test-group.
由于 Deployment Manager 资源是 运行 并行的,因此有必要使用 dependsOn 来确保在尝试创建 test-alert-policy 之前实例化 test-group;显然 Deployment Manager 不够聪明,无法仅通过引用来推断这一点。