master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
32 lines
1.4 KiB
YAML
32 lines
1.4 KiB
YAML
groups:
|
|
- name: zastava-runtime
|
|
interval: 30s
|
|
rules:
|
|
- alert: ZastavaRuntimeEventsSilent
|
|
expr: sum(rate(zastava_runtime_events_total[10m])) == 0
|
|
for: 15m
|
|
labels:
|
|
severity: warning
|
|
service: zastava-runtime
|
|
annotations:
|
|
summary: "Observer events stalled"
|
|
description: "No runtime events emitted in the last 15 minutes. Check observer DaemonSet health and container runtime mounts."
|
|
- alert: ZastavaRuntimeBackendLatencyHigh
|
|
expr: histogram_quantile(0.95, sum by (le) (rate(zastava_runtime_backend_latency_ms_bucket[5m]))) > 0.75
|
|
for: 10m
|
|
labels:
|
|
severity: critical
|
|
service: zastava-runtime
|
|
annotations:
|
|
summary: "Runtime backend latency p95 above 750 ms"
|
|
description: "Latency to Scanner runtime APIs is elevated. Inspect Scanner.WebService readiness, Authority OpTok issuance, and cluster network."
|
|
- alert: ZastavaAdmissionDenySpike
|
|
expr: sum(rate(zastava_admission_decisions_total{decision="deny"}[5m])) > 20
|
|
for: 5m
|
|
labels:
|
|
severity: warning
|
|
service: zastava-runtime
|
|
annotations:
|
|
summary: "Admission webhook denies exceeding threshold"
|
|
description: "Webhook is denying more than 20 pod admissions per minute. Confirm policy verdicts and consider fail-open exception for impacted namespaces."
|