up
This commit is contained in:
StellaOps Bot
24
ops/devops/attestation/ALERTS.md
Normal file
24
ops/devops/attestation/ALERTS.md
Normal file
@@ -0,0 +1,24 @@
|
||||
# Attestation Alerts & Dashboards (DEVOPS-ATTEST-75-001)
|
||||
|
||||
## Prometheus alert rules
|
||||
File: `ops/devops/attestation/attestation-alerts.yaml`
|
||||
- `AttestorSignLatencyP95High`: p95 signing latency > 2s for 5m.
|
||||
- `AttestorVerifyLatencyP95High`: p95 verification latency > 2s for 5m.
|
||||
- `AttestorVerifyFailureRate`: verification failures / requests > 2% over 5m.
|
||||
- `AttestorKeyRotationStale`: key not rotated in 30d.
|
||||
|
||||
Metrics expected:
|
||||
- `attestor_sign_duration_seconds_bucket`
|
||||
- `attestor_verify_duration_seconds_bucket`
|
||||
- `attestor_verify_failures_total`
|
||||
- `attestor_verify_requests_total`
|
||||
- `attestor_key_last_rotated_seconds` (gauge of Unix epoch seconds of last rotation)
|
||||
|
||||
## Grafana
|
||||
File: `ops/devops/attestation/grafana/attestation-latency.json`
|
||||
- Panels: signing p50/p95, verification p50/p95, failure rate, key-age gauge, last 24h error counts.
|
||||
|
||||
## Runbook
|
||||
- Verify exporters scrape `attestor-*` metrics from Attestor service.
|
||||
- Ensure alertmanager routes `team=devops` to on-call.
|
||||
- Key rotation alert: rotate via standard KMS workflow; acknowledge alert after new metric value observed.
|
||||
Reference in New Issue
Block a user