cloudflare/pint

Public

mirrored from https://github.com/cloudflare/pintAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
v0.55.0

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

docs/examples/config.hcl

139lines · modecode

1# Define "prod" Prometheus instance that will only be used for
2# rules defined in file matching "alerting/prod/.+" or "recording/prod/.+".
3prometheus "prod" {
4 uri = "https://prod.example.com"
5 failover = [ "https://prod-backup.example.com" ]
6 headers = {
7 "X-Auth": "secret",
8 "X-User": "bob"
9 }
10 timeout = "30s"
11 include = [
12 "alerting/prod/.+",
13 "recording/prod/.+",
14 ]
15 exclude = [
16 "alerting/prod/.+.txt",
17 ]
18}
19
20# Define "dev" Prometheus instance that will be use for all rule checks.
21prometheus "dev" {
22 uri = "https://dev.example.com"
23 timeout = "60s"
24}
25
26rule {
27 # Disallow spaces in label/annotation keys, they're only allowed in values.
28 reject ".* +.*" {
29 label_keys = true
30 annotation_keys = true
31 }
32
33 # Disallow URLs in labels, they should go to annotations.
34 reject "https?://.+" {
35 label_keys = true
36 label_values = true
37 }
38}
39
40rule {
41 # This block will apply to all alerting rules.
42 match {
43 kind = "alerting"
44 }
45
46 # Each alert must have a 'summary' annotation on every alert.
47 annotation "summary" {
48 severity = "bug"
49 required = true
50 }
51
52 # Each alert must have a 'dashboard' annotation that links to grafana.
53 annotation "dashboard" {
54 severity = "bug"
55 value = "https://grafana.example.com/(.+)"
56 }
57
58 # Each alert must have a 'severity' annotation that's either 'critical' or 'warning'.
59 label "severity" {
60 severity = "bug"
61 value = "(critical|warning)"
62 required = true
63 }
64
65 # Check how many times each alert would fire in the last 1d.
66 alerts {
67 range = "1d"
68 step = "1m"
69 resolve = "5m"
70 }
71
72 # Validate all links to ensure they point to pages that do exist.
73 link "https?://(.+)" {
74 severity = "warning"
75 timeout = "30s"
76 # Pass custom headers to all requests
77 headers = {
78 # Read X-Auth value from environment variable AUTH_KEY
79 X-Auth = "${ENV_AUTH_KEY}"
80 }
81 }
82}
83
84rule {
85 # This block will apply to all alerting rules with severity="critical" label set.
86 match {
87 kind = "alerting"
88
89 label "severity" {
90 value = "critical"
91 }
92 }
93
94 # All severity="critical" alerts must have a runbook link as annotation.
95 annotation "runbook" {
96 severity = "bug"
97 value = "https://runbook.example.com/.+"
98 required = true
99 }
100}
101
102rule {
103 # This block will apply to all recording rules.
104 match {
105 kind = "recording"
106 }
107
108 # Ensure that all aggregations are preserving "job" label.
109 aggregate ".+" {
110 severity = "bug"
111 keep = ["job"]
112 }
113
114 # Enable cost checks that will print the number of returned time series and try
115 # to estimate total memory usage.
116 cost {}
117}
118
119rule {
120 # This block will apply to all recording rules in "recording/federation" directory.
121 match {
122 kind = "recording"
123 path = "recording/federation/.+"
124 }
125
126 # All recording rules named "cluster:.+" must strip "instance" label when aggregating.
127 # Example rule that would raise a linter error:
128 # - record: cluster:http_requests:rate5m
129 # expr: sum(rate(http_requests_total[5m])) by (job, instance)
130 # Rules that would be allowed:
131 # - record: cluster:http_requests:rate5m
132 # expr: sum(rate(http_requests_total[5m])) by (job)
133 # - record: cluster:http_requests:rate5m
134 # expr: sum(rate(http_requests_total[5m]))
135 aggregate "cluster:.+" {
136 severity = "bug"
137 strip = ["instance"]
138 }
139}
140