Skip to content

Infrastructure Change Detection

Current Document Location

This document is the second step in the detection rule configuration process. After completing the configuration, please return to the main document to continue with the third step: Event Notification.

Data Scope: Object (O). By continuously monitoring Kubernetes resource configuration changes (such as YAML file modifications), combined with version tracking and intelligent analysis, it achieves effects like compliance checking, root cause fault localization, and resource usage optimization, ultimately ensuring cluster security, stability, and resource efficiency.

Detection Configuration

Detection Frequency

Set the time period for executing detections.

  • Preset Options: 30 seconds, 1 minute, 5 minutes, 10 minutes, 15 minutes, 30 minutes, 1 hour

  • Crontab Mode: Click "Switch to Crontab Mode" to configure a custom schedule, supporting scheduled task execution based on seconds, minutes, hours, days, months, weeks, etc.

Detection Metrics

Monitor metric data for various infrastructure types.

Configuration Item Description
Infrastructure Type Select the K8s resource type to monitor: Deployments, DaemonSets, Services, Cron Jobs, StatefulSets
Detection Object Select the detection scope:

  • All: Detect whether the last reported update time of all objects of this type in the workspace triggers the threshold
  • Custom: Use Wildcard for fuzzy matching of object names, e.g., nginx-*
    		•

    Trigger Conditions

    Configure trigger conditions for each alert level (Fatal, Critical, Important, Warning).

    For more details, refer to Event Level Description.

    Immediately generate an event when the status of the detection object undergoes any change.

    Immediately generate an event when the change condition satisfies the regex match.

    Example: Define the regular expression as:

    (?=.*CPU)(?=.*\berror\b)

    This means if an entry related to CPU and containing the word 'error' is generated in the detection object, an event will be immediately generated.

    Subsequent Configuration

    After completing the above detection configuration, please continue to configure:

    1. Event Notification: Define event title, content, notification members, data gap handling, and associated incidents;
    2. Alert Configuration: Select alert strategies, set notification targets, and mute periods;
    3. Association: Associate with dashboards for quick jump and data viewing;
    4. Permissions: Set operation permissions to control who can edit/delete this monitor.

    Event Viewing

    Events triggered based on infrastructure change detection can be viewed in Incident > Change Events.

    Feedback

    Is this page helpful? ×