Monitor cluster events, resource metrics, and component health with configurable CRD-based alert rules.
Billing
The alert feature uses data from Log Service SLS, Managed Service for Prometheus, and CloudMonitor. Notifications such as SMS and phone calls incur additional charges. Review the default alert rule template to identify alert sources and enable the required services.
|
Alert data source |
Configuration requirements |
Billing details |
|
Log Service SLS |
Enable event monitoring. Event monitoring is enabled by default when you enable the alert feature. |
|
|
Managed Service for Prometheus |
Configure Managed Service for Prometheus for your cluster. |
|
|
CloudMonitor |
Enable CloudMonitor for your ACK cluster. |
Enable alert management
Configure metric alerts for cluster resources and automatically receive notifications when anomalies occur, enabling more efficient cluster management and ensuring stable service operation. See Default alert rule template for resource alert details.
ACK managed clusters
Enable alert configuration for an existing cluster or when creating a new cluster.
Existing cluster
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click .
-
On the Alerts page, follow the on-screen instructions to install or upgrade the required components.
-
After installation or upgrade, go to the Alerts page to configure alerts.
Tab
Description
Alert Rules
-
Status: Enable or disable an alert rule set.
-
Edit Contact Group: Set the contact group for alert notifications.
Notifications are sent to contact groups only. Create contacts and groups first. To notify an individual, create a dedicated group for that contact.
Alert History
View up to 100 alert records from the last 24 hours.
-
Click a link in the Alert Rule column to view rule configurations in the corresponding monitoring system.
-
Click Details to navigate to the anomaly-related resource page.
-
Click Intelligent Analytics for AI-powered issue analysis and troubleshooting.
Alert Contacts
Create, edit, or delete contacts.
Contact methods:
-
Phone call/SMS: Set a mobile number for a contact to receive alerts by phone and SMS.
Only verified mobile numbers can receive phone call notifications. See Verify a mobile phone number.
-
Email: Set an email address for a contact to receive alert notifications.
-
Chatbots: DingTalk chatbots, WeCom chatbots, and Lark chatbots.
For DingTalk chatbots, add security keywords: alert, dispatch.
Verify email and chatbot notifications in the CloudMonitor console under before configuring them.
Alert Contact Groups
Create, edit, or delete contact groups.
If no contact group exists, the console creates a default group from your Alibaba Cloud account.
-
New cluster
When you create a cluster, on the Component Configurations page, select Alerts and then select Use Default Alert Rule Template. Choose an Alert Notification Contact Group. See Create an ACK managed cluster.

After alert configuration is enabled, default rules take effect and the default contact group receives notifications. You can modify the alert contacts or contact groups.
ACK dedicated clusters
For an ACK dedicated cluster, grant permissions to the Worker RAM role before enabling default alert rules.
Grant permissions to the worker RAM role
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click Cluster Information.
-
On the Cluster Information page, in the Cluster Resources section, copy the name next to Worker RAM Role and click the link to open the RAM console.
-
Create the following custom policy. See Create a custom policy.
{ "Action": [ "log:*", "arms:*", "cms:*", "cs:UpdateContactGroup" ], "Resource": [ "*" ], "Effect": "Allow" } -
On the Role page, find the Worker RAM role and attach the custom policy. See Manage permissions of a RAM role.
Note: This example uses broad permissions for simplicity. In production, follow the principle of least privilege.
-
-
Verify that alert permissions are configured.
-
In the left-side navigation pane of the cluster management page, choose .
-
Select
kube-systemfrom the Namespace drop-down list and click the name ofalicloud-monitor-controllerin the Name column. -
Click the Logs tab to view the pod logs that indicate successful authorization.
-
Enable default alert rules
-
In the left-side navigation pane of the cluster page, choose Operations > Alerts.
-
On the Alerts page, configure alert settings.
Tab
Description
Alert Rules
-
Status: Enable or disable an alert rule set.
-
Edit Contact Group: Set the contact group for alert notifications.
Notifications are sent to contact groups only. Create contacts and groups first. To notify an individual, create a dedicated group for that contact.
Alert History
View up to 100 alert records from the last 24 hours.
-
Click a link in the Alert Rule column to view rule configurations in the corresponding monitoring system.
-
Click Details to navigate to the anomaly-related resource page.
-
Click Intelligent Analytics for AI-powered issue analysis and troubleshooting.
Alert Contacts
Create, edit, or delete contacts.
Contact methods:
-
Phone call/SMS: Set a mobile number for a contact to receive alerts by phone and SMS.
Only verified mobile numbers can receive phone call notifications. See Verify a mobile phone number.
-
Email: Set an email address for a contact to receive alert notifications.
-
Chatbots: DingTalk chatbots, WeCom chatbots, and Lark chatbots.
For DingTalk chatbots, add security keywords: alert, dispatch.
Verify email and chatbot notifications in the CloudMonitor console under before configuring them.
Alert Contact Groups
Create, edit, or delete contact groups.
If no contact group exists, the console creates a default group from your Alibaba Cloud account.
-
Configure alert rules
Enabling the alerting configuration creates an AckAlertRule CRD resource named default in the kube-system namespace with a default alert rule template. Modify this CRD to customize alert rules.
Console
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click .
-
On the Alert Rules tab, click Configure Alert Rule in the upper-right corner. Then, in the Actions column of the target rule, click YAML to view the
AckAlertRuleCRD resource configuration. -
Modify the YAML file. See Default alert rule template for parameter details.
The following example shows the YAML configuration of an alert rule:
Use
rules.thresholdsto customize alert thresholds. For example, the preceding configuration triggers an alert when a node's CPU utilization exceeds 85% three consecutive times and more than 900 seconds have passed since the last alert.Parameter
Required
Description
Default
CMS_ESCALATIONS_CRITICAL_ThresholdYes
The threshold for the alert rule. If this parameter is omitted, rule synchronization fails and the rule is disabled.
-
unit: The unit of the threshold. Valid values: percent, count, and qps. -
value: The threshold value.
Varies based on the default alert rule template.
CMS_ESCALATIONS_CRITICAL_TimesOptional
The number of consecutive times the condition must be met before CloudMonitor triggers an alert. If this parameter is omitted, the default value is used.
3
CMS_RULE_SILENCE_SECOptional
The silence period in seconds after an initial alert is reported for a continuously triggering CloudMonitor rule. This prevents alert fatigue. If this parameter is omitted, the default value is used.
900
-
CLI
-
Edit the alert rule YAML file:
kubectl edit ackalertrules default -n kube-system -
Modify the YAML file, then save and exit. See Default alert rule template for parameter details.
Use
rules.thresholdsto customize alert thresholds. For example, the preceding configuration triggers an alert when a node's CPU utilization exceeds 85% three consecutive times and more than 900 seconds have passed since the last alert.Parameter
Required
Description
Default
CMS_ESCALATIONS_CRITICAL_ThresholdYes
The threshold for the alert rule. If this parameter is omitted, rule synchronization fails and the rule is disabled.
-
unit: The unit of the threshold. Valid values: percent, count, and qps. -
value: The threshold value.
Varies based on the default alert rule template.
CMS_ESCALATIONS_CRITICAL_TimesOptional
The number of consecutive times the condition must be met before CloudMonitor triggers an alert. If this parameter is omitted, the default value is used.
3
CMS_RULE_SILENCE_SECOptional
The silence period in seconds after an initial alert is reported for a continuously triggering CloudMonitor rule. This prevents alert fatigue. If this parameter is omitted, the default value is used.
900
-
Default alert rule template
The following alerts are synchronized from Log Service, Prometheus Service, and CloudMonitor. On the Alerts page, in the Alerts column, click Advanced Settings to view rule configurations.
Troubleshoot alerts
Pod eviction due to disk pressure
Alert message
(combined from similar events): Failed to garbage collect required amount of images. Attempted to free XXXX bytes, but only found 0 bytes eligible to free
Symptoms
The Pod status is Evicted. The node is experiencing disk pressure (The node had condition: [DiskPressure].).
Cause
When a node's disk usage reaches the eviction threshold (85% by default), kubelet initiates pressure-based eviction, running image garbage collection and potentially evicting Pods. Log on to the target node and run df -h to check disk usage.
Resolution
-
Log on to the target node (containerd runtime) and run the following command to remove unused images:
crictl rmi --prune -
Clean up logs or expand the node's disk capacity.
-
Create a snapshot of the node's disk, then delete unnecessary files. See Resolve full disk issues on Linux instances.
-
Expand a node's system disk or data disk online to increase storage capacity.
-
-
Adjust the relevant thresholds.
-
Adjust the kubelet's image garbage collection threshold to reduce Pod evictions. See Customize kubelet configurations for a node pool.
-
The default alert threshold is 85%. Modify the
node_disk_util_highalert rule by configuring alert rules.
-
Recommendations and prevention
-
If a node frequently triggers this alert, evaluate your application's storage requirements and plan node disk capacity accordingly.
-
Regularly monitor storage usage through the Node storage monitoring dashboard.
Pod OOMKilling
Alert message
pod was OOM killed. node:xxx pod:xxx namespace:xxx uuid:xxx
Symptoms
The Pod status is abnormal, and the event details contain PodOOMKilling.
Resolution
An out-of-memory (OOM) event can be triggered at either the node level or the container cgroup level.
-
Cause:
-
Container cgroup-level OOM: The Pod's memory usage exceeds its configured limits, causing Kubernetes to terminate it.
-
Node-level OOM: Typically occurs when too many Pods without resource limits run on the node, or non-Kubernetes processes consume excessive memory.
-
-
Diagnosis: Run
dmesg -T | grep -i "memory"on the target node. If the output containsout_of_memory, an OOM event occurred. If it also includesMemory cgroup, the OOM is at the container cgroup level; otherwise, it is at the node level. -
Recommended actions:
-
For container cgroup-level OOM:
-
Increase the Pod's memory limits. Keep actual usage below 80% of limits. See Manage Pods and Scale node resources.
-
Enable resource profiling for recommended container request and limit configurations.
-
-
For node-level OOM:
-
Increase node memory or distribute workloads across more nodes. See Scale node resources and Schedule applications to specific nodes.
-
Identify high-memory Pods on the node and set appropriate memory limits.
-
-
Pod in CrashLoopBackOff
When a process inside a Pod exits unexpectedly, ACK restarts it. If the Pod repeatedly fails to stabilize, it enters CrashLoopBackOff. Troubleshoot as follows:
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click .
-
Find the affected Pod and click Details in the Actions column.
-
On the Events tab, review the details of any abnormal events.
-
Check the Logs tab for the cause of the failure.
NoteIf the Pod has restarted, select Show the log of the last container exit.
The console shows only the 500 most recent entries. For older logs, configure log persistence.