The latest articles on Forem by Samson Tanimawo (@samson_tanimawo). https://forem.com/samson_tanimawo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3830227%2F02ea1ab7-513f-4426-b63d-9120142bc431.png https://forem.com/samson_tanimawo en Samson Tanimawo Thu, 16 Apr 2026 08:12:08 +0000 https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-6ii https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-6ii <h2> Four Metrics to Rule Them All </h2> <p>Google's SRE book introduced the four golden signals: Latency, Traffic, Errors, and Saturation. Simple concept, but I've seen teams struggle with implementation.</p> <p>Here's a practical guide from someone who's implemented them across 50+ services.</p> <h2> Signal 1: Latency </h2> <p>Not all latency is equal. You need to track successful requests and error requests separately.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad: Average latency </span><span class="n">latency</span> <span class="o">=</span> <span class="n">total_request_time</span> <span class="o">/</span> <span class="n">total_requests</span> <span class="c1"># Useless </span> <span class="c1"># Good: Percentile latency, separated by status </span><span class="kn">from</span> <span class="n">prometheus_client</span> <span class="kn">import</span> <span class="n">Histogram</span> <span class="n">REQUEST_LATENCY</span> <span class="o">=</span> <span class="nc">Histogram</span><span class="p">(</span> <span class="sh">'</span><span class="s">http_request_duration_seconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Request latency</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="sh">'</span><span class="s">method</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">endpoint</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">status_class</span><span class="sh">'</span><span class="p">],</span> <span class="n">buckets</span><span class="o">=</span><span class="p">[.</span><span class="mi">005</span><span class="p">,</span> <span class="p">.</span><span class="mi">01</span><span class="p">,</span> <span class="p">.</span><span class="mi">025</span><span class="p">,</span> <span class="p">.</span><span class="mi">05</span><span class="p">,</span> <span class="p">.</span><span class="mi">1</span><span class="p">,</span> <span class="p">.</span><span class="mi">25</span><span class="p">,</span> <span class="p">.</span><span class="mi">5</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mf">2.5</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">10</span><span class="p">]</span> <span class="p">)</span> <span class="nd">@app.middleware</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">track_latency</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="n">start</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">duration</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start</span> <span class="n">status_class</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">//</span> <span class="mi">100</span><span class="si">}</span><span class="s">xx</span><span class="sh">"</span> <span class="n">REQUEST_LATENCY</span><span class="p">.</span><span class="nf">labels</span><span class="p">(</span> <span class="n">method</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="n">endpoint</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="n">status_class</span><span class="o">=</span><span class="n">status_class</span> <span class="p">).</span><span class="nf">observe</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p>Alert on p99, not p50. Your happiest users don't need help.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">HighLatencyP99</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) &gt; </span><span class="m">0.5</span> <span class="na">for</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> </code></pre> </div> <h2> Signal 2: Traffic </h2> <p>Traffic tells you "is this normal?" It's the context for every other signal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Current request rate rate(http_requests_total[5m]) # Compare to same time last week rate(http_requests_total[5m]) / rate(http_requests_total[5m] offset 7d) # Alert on sudden drops (possible outage nobody noticed) - alert: TrafficDrop expr: &gt; rate(http_requests_total[5m]) &lt; (rate(http_requests_total[5m] offset 1h) * 0.5) for: 10m annotations: summary: "Traffic dropped &gt;50% compared to 1 hour ago" </code></pre> </div> <p>Traffic drops are often more concerning than traffic spikes.</p> <h2> Signal 3: Errors </h2> <p>Track error rate as a percentage, not absolute count:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Error rate percentage ( sum(rate(http_requests_total{status=~"5.."}[5m])) / sum(rate(http_requests_total[5m])) ) * 100 </code></pre> </div> <p>But also track error types separately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">error_categories</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">5xx</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Server</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(our</span><span class="nv"> </span><span class="s">fault)"</span> <span class="pi">-</span> <span class="na">4xx_excluding_404</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Client</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(possible</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">issue)"</span> <span class="pi">-</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Request</span><span class="nv"> </span><span class="s">timeouts"</span> <span class="pi">-</span> <span class="na">circuit_breaker</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Dependency</span><span class="nv"> </span><span class="s">failures"</span> </code></pre> </div> <h2> Signal 4: Saturation </h2> <p>The most underrated signal. Saturation answers: "how close are we to full?"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># CPU saturation process_cpu_seconds_total / container_spec_cpu_quota # Memory saturation container_memory_working_set_bytes / container_spec_memory_limit_bytes # Connection pool saturation active_connections / max_connections # Queue saturation (the one everyone forgets) message_queue_depth / message_queue_capacity </code></pre> </div> <p>Alert before you hit 100%. I use 80% as the threshold for warning and 95% for critical.</p> <h2> Putting It All Together </h2> <p>Every service gets a standard dashboard with four rows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Row 1: Latency [p50] [p90] [p99] [error latency] Row 2: Traffic [rate] [vs last week] [by endpoint] Row 3: Errors [rate %] [by type] [by endpoint] Row 4: Saturation [CPU] [Memory] [Connections] [Queue] </code></pre> </div> <p>This fits on one screen. No scrolling. Any engineer can assess service health in 10 seconds.</p> <h2> The Anti-Pattern </h2> <p>Don't build a golden signals dashboard per service manually. Template it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dashboard"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Golden Signals: {{ service_name }}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"templating"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"list"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"query"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"environment"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"custom"</span><span class="p">,</span><span class="w"> </span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"prod"</span><span class="p">,</span><span class="w"> </span><span class="s2">"staging"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>One template, 50 dashboards. Update once, apply everywhere.</p> <p>If you want golden signal monitoring that sets itself up automatically, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre monitoring observability devops Samson Tanimawo Thu, 16 Apr 2026 07:30:02 +0000 https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-1ope https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-1ope <h2> Four Metrics to Rule Them All </h2> <p>Google's SRE book introduced the four golden signals: Latency, Traffic, Errors, and Saturation. Simple concept, but I've seen teams struggle with implementation.</p> <p>Here's a practical guide from someone who's implemented them across 50+ services.</p> <h2> Signal 1: Latency </h2> <p>Not all latency is equal. You need to track successful requests and error requests separately.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad: Average latency </span><span class="n">latency</span> <span class="o">=</span> <span class="n">total_request_time</span> <span class="o">/</span> <span class="n">total_requests</span> <span class="c1"># Useless </span> <span class="c1"># Good: Percentile latency, separated by status </span><span class="kn">from</span> <span class="n">prometheus_client</span> <span class="kn">import</span> <span class="n">Histogram</span> <span class="n">REQUEST_LATENCY</span> <span class="o">=</span> <span class="nc">Histogram</span><span class="p">(</span> <span class="sh">'</span><span class="s">http_request_duration_seconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Request latency</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="sh">'</span><span class="s">method</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">endpoint</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">status_class</span><span class="sh">'</span><span class="p">],</span> <span class="n">buckets</span><span class="o">=</span><span class="p">[.</span><span class="mi">005</span><span class="p">,</span> <span class="p">.</span><span class="mi">01</span><span class="p">,</span> <span class="p">.</span><span class="mi">025</span><span class="p">,</span> <span class="p">.</span><span class="mi">05</span><span class="p">,</span> <span class="p">.</span><span class="mi">1</span><span class="p">,</span> <span class="p">.</span><span class="mi">25</span><span class="p">,</span> <span class="p">.</span><span class="mi">5</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mf">2.5</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">10</span><span class="p">]</span> <span class="p">)</span> <span class="nd">@app.middleware</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">track_latency</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="n">start</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">duration</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start</span> <span class="n">status_class</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">//</span> <span class="mi">100</span><span class="si">}</span><span class="s">xx</span><span class="sh">"</span> <span class="n">REQUEST_LATENCY</span><span class="p">.</span><span class="nf">labels</span><span class="p">(</span> <span class="n">method</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="n">endpoint</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="n">status_class</span><span class="o">=</span><span class="n">status_class</span> <span class="p">).</span><span class="nf">observe</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p>Alert on p99, not p50. Your happiest users don't need help.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">HighLatencyP99</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) &gt; </span><span class="m">0.5</span> <span class="na">for</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> </code></pre> </div> <h2> Signal 2: Traffic </h2> <p>Traffic tells you "is this normal?" It's the context for every other signal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Current request rate rate(http_requests_total[5m]) # Compare to same time last week rate(http_requests_total[5m]) / rate(http_requests_total[5m] offset 7d) # Alert on sudden drops (possible outage nobody noticed) - alert: TrafficDrop expr: &gt; rate(http_requests_total[5m]) &lt; (rate(http_requests_total[5m] offset 1h) * 0.5) for: 10m annotations: summary: "Traffic dropped &gt;50% compared to 1 hour ago" </code></pre> </div> <p>Traffic drops are often more concerning than traffic spikes.</p> <h2> Signal 3: Errors </h2> <p>Track error rate as a percentage, not absolute count:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Error rate percentage ( sum(rate(http_requests_total{status=~"5.."}[5m])) / sum(rate(http_requests_total[5m])) ) * 100 </code></pre> </div> <p>But also track error types separately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">error_categories</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">5xx</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Server</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(our</span><span class="nv"> </span><span class="s">fault)"</span> <span class="pi">-</span> <span class="na">4xx_excluding_404</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Client</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(possible</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">issue)"</span> <span class="pi">-</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Request</span><span class="nv"> </span><span class="s">timeouts"</span> <span class="pi">-</span> <span class="na">circuit_breaker</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Dependency</span><span class="nv"> </span><span class="s">failures"</span> </code></pre> </div> <h2> Signal 4: Saturation </h2> <p>The most underrated signal. Saturation answers: "how close are we to full?"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># CPU saturation process_cpu_seconds_total / container_spec_cpu_quota # Memory saturation container_memory_working_set_bytes / container_spec_memory_limit_bytes # Connection pool saturation active_connections / max_connections # Queue saturation (the one everyone forgets) message_queue_depth / message_queue_capacity </code></pre> </div> <p>Alert before you hit 100%. I use 80% as the threshold for warning and 95% for critical.</p> <h2> Putting It All Together </h2> <p>Every service gets a standard dashboard with four rows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Row 1: Latency [p50] [p90] [p99] [error latency] Row 2: Traffic [rate] [vs last week] [by endpoint] Row 3: Errors [rate %] [by type] [by endpoint] Row 4: Saturation [CPU] [Memory] [Connections] [Queue] </code></pre> </div> <p>This fits on one screen. No scrolling. Any engineer can assess service health in 10 seconds.</p> <h2> The Anti-Pattern </h2> <p>Don't build a golden signals dashboard per service manually. Template it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dashboard"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Golden Signals: {{ service_name }}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"templating"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"list"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"query"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"environment"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"custom"</span><span class="p">,</span><span class="w"> </span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"prod"</span><span class="p">,</span><span class="w"> </span><span class="s2">"staging"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>One template, 50 dashboards. Update once, apply everywhere.</p> <p>If you want golden signal monitoring that sets itself up automatically, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre monitoring observability devops Samson Tanimawo Thu, 16 Apr 2026 07:11:12 +0000 https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-3jk2 https://forem.com/samson_tanimawo/the-golden-signals-a-practical-implementation-guide-3jk2 <h2> Four Metrics to Rule Them All </h2> <p>Google's SRE book introduced the four golden signals: Latency, Traffic, Errors, and Saturation. Simple concept, but I've seen teams struggle with implementation.</p> <p>Here's a practical guide from someone who's implemented them across 50+ services.</p> <h2> Signal 1: Latency </h2> <p>Not all latency is equal. You need to track successful requests and error requests separately.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad: Average latency </span><span class="n">latency</span> <span class="o">=</span> <span class="n">total_request_time</span> <span class="o">/</span> <span class="n">total_requests</span> <span class="c1"># Useless </span> <span class="c1"># Good: Percentile latency, separated by status </span><span class="kn">from</span> <span class="n">prometheus_client</span> <span class="kn">import</span> <span class="n">Histogram</span> <span class="n">REQUEST_LATENCY</span> <span class="o">=</span> <span class="nc">Histogram</span><span class="p">(</span> <span class="sh">'</span><span class="s">http_request_duration_seconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Request latency</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="sh">'</span><span class="s">method</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">endpoint</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">status_class</span><span class="sh">'</span><span class="p">],</span> <span class="n">buckets</span><span class="o">=</span><span class="p">[.</span><span class="mi">005</span><span class="p">,</span> <span class="p">.</span><span class="mi">01</span><span class="p">,</span> <span class="p">.</span><span class="mi">025</span><span class="p">,</span> <span class="p">.</span><span class="mi">05</span><span class="p">,</span> <span class="p">.</span><span class="mi">1</span><span class="p">,</span> <span class="p">.</span><span class="mi">25</span><span class="p">,</span> <span class="p">.</span><span class="mi">5</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mf">2.5</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">10</span><span class="p">]</span> <span class="p">)</span> <span class="nd">@app.middleware</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">track_latency</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="n">start</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">duration</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start</span> <span class="n">status_class</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">//</span> <span class="mi">100</span><span class="si">}</span><span class="s">xx</span><span class="sh">"</span> <span class="n">REQUEST_LATENCY</span><span class="p">.</span><span class="nf">labels</span><span class="p">(</span> <span class="n">method</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="n">endpoint</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="n">status_class</span><span class="o">=</span><span class="n">status_class</span> <span class="p">).</span><span class="nf">observe</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p>Alert on p99, not p50. Your happiest users don't need help.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">HighLatencyP99</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) &gt; </span><span class="m">0.5</span> <span class="na">for</span><span class="pi">:</span> <span class="s">5m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> </code></pre> </div> <h2> Signal 2: Traffic </h2> <p>Traffic tells you "is this normal?" It's the context for every other signal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Current request rate rate(http_requests_total[5m]) # Compare to same time last week rate(http_requests_total[5m]) / rate(http_requests_total[5m] offset 7d) # Alert on sudden drops (possible outage nobody noticed) - alert: TrafficDrop expr: &gt; rate(http_requests_total[5m]) &lt; (rate(http_requests_total[5m] offset 1h) * 0.5) for: 10m annotations: summary: "Traffic dropped &gt;50% compared to 1 hour ago" </code></pre> </div> <p>Traffic drops are often more concerning than traffic spikes.</p> <h2> Signal 3: Errors </h2> <p>Track error rate as a percentage, not absolute count:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Error rate percentage ( sum(rate(http_requests_total{status=~"5.."}[5m])) / sum(rate(http_requests_total[5m])) ) * 100 </code></pre> </div> <p>But also track error types separately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">error_categories</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">5xx</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Server</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(our</span><span class="nv"> </span><span class="s">fault)"</span> <span class="pi">-</span> <span class="na">4xx_excluding_404</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Client</span><span class="nv"> </span><span class="s">errors</span><span class="nv"> </span><span class="s">(possible</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">issue)"</span> <span class="pi">-</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Request</span><span class="nv"> </span><span class="s">timeouts"</span> <span class="pi">-</span> <span class="na">circuit_breaker</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Dependency</span><span class="nv"> </span><span class="s">failures"</span> </code></pre> </div> <h2> Signal 4: Saturation </h2> <p>The most underrated signal. Saturation answers: "how close are we to full?"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># CPU saturation process_cpu_seconds_total / container_spec_cpu_quota # Memory saturation container_memory_working_set_bytes / container_spec_memory_limit_bytes # Connection pool saturation active_connections / max_connections # Queue saturation (the one everyone forgets) message_queue_depth / message_queue_capacity </code></pre> </div> <p>Alert before you hit 100%. I use 80% as the threshold for warning and 95% for critical.</p> <h2> Putting It All Together </h2> <p>Every service gets a standard dashboard with four rows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Row 1: Latency [p50] [p90] [p99] [error latency] Row 2: Traffic [rate] [vs last week] [by endpoint] Row 3: Errors [rate %] [by type] [by endpoint] Row 4: Saturation [CPU] [Memory] [Connections] [Queue] </code></pre> </div> <p>This fits on one screen. No scrolling. Any engineer can assess service health in 10 seconds.</p> <h2> The Anti-Pattern </h2> <p>Don't build a golden signals dashboard per service manually. Template it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dashboard"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Golden Signals: {{ service_name }}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"templating"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"list"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"query"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"environment"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"custom"</span><span class="p">,</span><span class="w"> </span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"prod"</span><span class="p">,</span><span class="w"> </span><span class="s2">"staging"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>One template, 50 dashboards. Update once, apply everywhere.</p> <p>If you want golden signal monitoring that sets itself up automatically, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre monitoring observability devops Samson Tanimawo Thu, 16 Apr 2026 00:19:43 +0000 https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-1lbo https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-1lbo <h2> The Kubernetes Monitoring Maze </h2> <p>Kubernetes gives you a thousand metrics out of the box. Most teams monitor all of them and understand none of them.</p> <p>After running K8s in production for four years, here's what actually matters.</p> <h2> The Three Layers </h2> <p>Kubernetes observability has three distinct layers, and you need different strategies for each:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1: Cluster Health (infrastructure) Layer 2: Workload Health (your apps) Layer 3: Application Performance (user experience) </code></pre> </div> <h2> Layer 1: Cluster Health </h2> <p>These are your "is the platform working?" metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_cluster_metrics</span><span class="pi">:</span> <span class="na">nodes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node_ready_status</span> <span class="c1"># Are all nodes healthy?</span> <span class="pi">-</span> <span class="s">node_cpu_utilization</span> <span class="c1"># Alert at 85%</span> <span class="pi">-</span> <span class="s">node_memory_utilization</span> <span class="c1"># Alert at 90%</span> <span class="pi">-</span> <span class="s">node_disk_pressure</span> <span class="c1"># Boolean alert</span> <span class="pi">-</span> <span class="s">node_pid_pressure</span> <span class="c1"># Rarely fires, always critical</span> <span class="na">control_plane</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">apiserver_request_latency_p99</span> <span class="c1"># Alert &gt; 1s</span> <span class="pi">-</span> <span class="s">etcd_disk_wal_fsync_duration</span> <span class="c1"># Alert &gt; 100ms</span> <span class="pi">-</span> <span class="s">scheduler_pending_pods</span> <span class="c1"># Alert if &gt; 0 for 5min</span> <span class="pi">-</span> <span class="s">controller_manager_queue_depth</span> <span class="c1"># Alert if growing</span> </code></pre> </div> <p><strong>Pro tip:</strong> Don't alert on individual node CPU. Alert on cluster-level capacity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Alert when cluster is 80% utilized ( sum(node_cpu_seconds_total{mode!="idle"}) / sum(node_cpu_seconds_total) ) &gt; 0.80 </code></pre> </div> <h2> Layer 2: Workload Health </h2> <p>This is where most teams get it wrong. They monitor pods instead of workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_workload_metrics</span><span class="pi">:</span> <span class="na">deployments</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">available_replicas &lt; desired_replicas</span> <span class="c1"># For &gt; 5min</span> <span class="pi">-</span> <span class="s">deployment_generation != observed_generation</span> <span class="c1"># Stuck rollout</span> <span class="na">pods</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">restart_count increasing</span> <span class="c1"># CrashLoopBackOff detection</span> <span class="pi">-</span> <span class="s">container_oom_killed</span> <span class="c1"># Memory limits too low</span> <span class="pi">-</span> <span class="s">pod_pending_duration &gt; 2min</span> <span class="c1"># Scheduling issues</span> <span class="na">hpa</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">current_replicas == max_replicas</span> <span class="c1"># Scale ceiling hit</span> <span class="pi">-</span> <span class="s">cpu_utilization_vs_target</span> <span class="c1"># Consistently above target</span> </code></pre> </div> <p>The most valuable alert I ever wrote:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Detect pods stuck in CrashLoopBackOff</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">PodCrashLooping</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">rate(kube_pod_container_status_restarts_total[15m]) &gt; </span><span class="m">0</span> <span class="na">for</span><span class="pi">:</span> <span class="s">15m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Pod</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">crash-looping"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.namespace</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">restarted</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$value</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">times</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">15</span><span class="nv"> </span><span class="s">minutes"</span> </code></pre> </div> <h2> Layer 3: Application Performance </h2> <p>This is what your users actually care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">application_metrics</span><span class="pi">:</span> <span class="na">red_method</span><span class="pi">:</span> <span class="c1"># Rate, Errors, Duration</span> <span class="pi">-</span> <span class="s">request_rate_per_second</span> <span class="pi">-</span> <span class="s">error_rate_percentage</span> <span class="c1"># Alert &gt; 1%</span> <span class="pi">-</span> <span class="s">request_duration_p99</span> <span class="c1"># Alert &gt; 500ms</span> <span class="na">use_method</span><span class="pi">:</span> <span class="c1"># Utilization, Saturation, Errors</span> <span class="pi">-</span> <span class="s">cpu_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">memory_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">network_receive_bytes_rate</span> </code></pre> </div> <h2> The Dashboard That Saves Us </h2> <p>We built a single "K8s Health" dashboard with four panels:</p> <ol> <li> <strong>Cluster capacity</strong> — CPU/Memory/Disk utilization per node pool</li> <li> <strong>Workload status</strong> — Table of all deployments with health status</li> <li> <strong>Error rates</strong> — All services, sorted by error rate</li> <li> <strong>Recent events</strong> — K8s events filtered to warnings and errors</li> </ol> <p>This one dashboard answers 90% of "is something wrong?" questions.</p> <h2> Common Mistakes </h2> <ol> <li> <strong>Monitoring pods instead of services</strong> — Pods are ephemeral, services are what matter</li> <li> <strong>Not setting resource requests</strong> — Without requests, your metrics are meaningless</li> <li> <strong>Alerting on resource usage instead of SLOs</strong> — High CPU isn't a problem if latency is fine</li> <li> <strong>Ignoring the control plane</strong> — An unhealthy API server affects everything</li> </ol> <p>If you want unified Kubernetes observability without the complexity, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> kubernetes observability monitoring sre Samson Tanimawo Wed, 15 Apr 2026 23:29:48 +0000 https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-8ek https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-8ek <h2> The Kubernetes Monitoring Maze </h2> <p>Kubernetes gives you a thousand metrics out of the box. Most teams monitor all of them and understand none of them.</p> <p>After running K8s in production for four years, here's what actually matters.</p> <h2> The Three Layers </h2> <p>Kubernetes observability has three distinct layers, and you need different strategies for each:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1: Cluster Health (infrastructure) Layer 2: Workload Health (your apps) Layer 3: Application Performance (user experience) </code></pre> </div> <h2> Layer 1: Cluster Health </h2> <p>These are your "is the platform working?" metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_cluster_metrics</span><span class="pi">:</span> <span class="na">nodes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node_ready_status</span> <span class="c1"># Are all nodes healthy?</span> <span class="pi">-</span> <span class="s">node_cpu_utilization</span> <span class="c1"># Alert at 85%</span> <span class="pi">-</span> <span class="s">node_memory_utilization</span> <span class="c1"># Alert at 90%</span> <span class="pi">-</span> <span class="s">node_disk_pressure</span> <span class="c1"># Boolean alert</span> <span class="pi">-</span> <span class="s">node_pid_pressure</span> <span class="c1"># Rarely fires, always critical</span> <span class="na">control_plane</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">apiserver_request_latency_p99</span> <span class="c1"># Alert &gt; 1s</span> <span class="pi">-</span> <span class="s">etcd_disk_wal_fsync_duration</span> <span class="c1"># Alert &gt; 100ms</span> <span class="pi">-</span> <span class="s">scheduler_pending_pods</span> <span class="c1"># Alert if &gt; 0 for 5min</span> <span class="pi">-</span> <span class="s">controller_manager_queue_depth</span> <span class="c1"># Alert if growing</span> </code></pre> </div> <p><strong>Pro tip:</strong> Don't alert on individual node CPU. Alert on cluster-level capacity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Alert when cluster is 80% utilized ( sum(node_cpu_seconds_total{mode!="idle"}) / sum(node_cpu_seconds_total) ) &gt; 0.80 </code></pre> </div> <h2> Layer 2: Workload Health </h2> <p>This is where most teams get it wrong. They monitor pods instead of workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_workload_metrics</span><span class="pi">:</span> <span class="na">deployments</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">available_replicas &lt; desired_replicas</span> <span class="c1"># For &gt; 5min</span> <span class="pi">-</span> <span class="s">deployment_generation != observed_generation</span> <span class="c1"># Stuck rollout</span> <span class="na">pods</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">restart_count increasing</span> <span class="c1"># CrashLoopBackOff detection</span> <span class="pi">-</span> <span class="s">container_oom_killed</span> <span class="c1"># Memory limits too low</span> <span class="pi">-</span> <span class="s">pod_pending_duration &gt; 2min</span> <span class="c1"># Scheduling issues</span> <span class="na">hpa</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">current_replicas == max_replicas</span> <span class="c1"># Scale ceiling hit</span> <span class="pi">-</span> <span class="s">cpu_utilization_vs_target</span> <span class="c1"># Consistently above target</span> </code></pre> </div> <p>The most valuable alert I ever wrote:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Detect pods stuck in CrashLoopBackOff</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">PodCrashLooping</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">rate(kube_pod_container_status_restarts_total[15m]) &gt; </span><span class="m">0</span> <span class="na">for</span><span class="pi">:</span> <span class="s">15m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Pod</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">crash-looping"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.namespace</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">restarted</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$value</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">times</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">15</span><span class="nv"> </span><span class="s">minutes"</span> </code></pre> </div> <h2> Layer 3: Application Performance </h2> <p>This is what your users actually care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">application_metrics</span><span class="pi">:</span> <span class="na">red_method</span><span class="pi">:</span> <span class="c1"># Rate, Errors, Duration</span> <span class="pi">-</span> <span class="s">request_rate_per_second</span> <span class="pi">-</span> <span class="s">error_rate_percentage</span> <span class="c1"># Alert &gt; 1%</span> <span class="pi">-</span> <span class="s">request_duration_p99</span> <span class="c1"># Alert &gt; 500ms</span> <span class="na">use_method</span><span class="pi">:</span> <span class="c1"># Utilization, Saturation, Errors</span> <span class="pi">-</span> <span class="s">cpu_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">memory_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">network_receive_bytes_rate</span> </code></pre> </div> <h2> The Dashboard That Saves Us </h2> <p>We built a single "K8s Health" dashboard with four panels:</p> <ol> <li> <strong>Cluster capacity</strong> — CPU/Memory/Disk utilization per node pool</li> <li> <strong>Workload status</strong> — Table of all deployments with health status</li> <li> <strong>Error rates</strong> — All services, sorted by error rate</li> <li> <strong>Recent events</strong> — K8s events filtered to warnings and errors</li> </ol> <p>This one dashboard answers 90% of "is something wrong?" questions.</p> <h2> Common Mistakes </h2> <ol> <li> <strong>Monitoring pods instead of services</strong> — Pods are ephemeral, services are what matter</li> <li> <strong>Not setting resource requests</strong> — Without requests, your metrics are meaningless</li> <li> <strong>Alerting on resource usage instead of SLOs</strong> — High CPU isn't a problem if latency is fine</li> <li> <strong>Ignoring the control plane</strong> — An unhealthy API server affects everything</li> </ol> <p>If you want unified Kubernetes observability without the complexity, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> kubernetes observability monitoring sre Samson Tanimawo Wed, 15 Apr 2026 23:18:54 +0000 https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-mif https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-mif <h2> The Kubernetes Monitoring Maze </h2> <p>Kubernetes gives you a thousand metrics out of the box. Most teams monitor all of them and understand none of them.</p> <p>After running K8s in production for four years, here's what actually matters.</p> <h2> The Three Layers </h2> <p>Kubernetes observability has three distinct layers, and you need different strategies for each:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1: Cluster Health (infrastructure) Layer 2: Workload Health (your apps) Layer 3: Application Performance (user experience) </code></pre> </div> <h2> Layer 1: Cluster Health </h2> <p>These are your "is the platform working?" metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_cluster_metrics</span><span class="pi">:</span> <span class="na">nodes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node_ready_status</span> <span class="c1"># Are all nodes healthy?</span> <span class="pi">-</span> <span class="s">node_cpu_utilization</span> <span class="c1"># Alert at 85%</span> <span class="pi">-</span> <span class="s">node_memory_utilization</span> <span class="c1"># Alert at 90%</span> <span class="pi">-</span> <span class="s">node_disk_pressure</span> <span class="c1"># Boolean alert</span> <span class="pi">-</span> <span class="s">node_pid_pressure</span> <span class="c1"># Rarely fires, always critical</span> <span class="na">control_plane</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">apiserver_request_latency_p99</span> <span class="c1"># Alert &gt; 1s</span> <span class="pi">-</span> <span class="s">etcd_disk_wal_fsync_duration</span> <span class="c1"># Alert &gt; 100ms</span> <span class="pi">-</span> <span class="s">scheduler_pending_pods</span> <span class="c1"># Alert if &gt; 0 for 5min</span> <span class="pi">-</span> <span class="s">controller_manager_queue_depth</span> <span class="c1"># Alert if growing</span> </code></pre> </div> <p><strong>Pro tip:</strong> Don't alert on individual node CPU. Alert on cluster-level capacity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Alert when cluster is 80% utilized ( sum(node_cpu_seconds_total{mode!="idle"}) / sum(node_cpu_seconds_total) ) &gt; 0.80 </code></pre> </div> <h2> Layer 2: Workload Health </h2> <p>This is where most teams get it wrong. They monitor pods instead of workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_workload_metrics</span><span class="pi">:</span> <span class="na">deployments</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">available_replicas &lt; desired_replicas</span> <span class="c1"># For &gt; 5min</span> <span class="pi">-</span> <span class="s">deployment_generation != observed_generation</span> <span class="c1"># Stuck rollout</span> <span class="na">pods</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">restart_count increasing</span> <span class="c1"># CrashLoopBackOff detection</span> <span class="pi">-</span> <span class="s">container_oom_killed</span> <span class="c1"># Memory limits too low</span> <span class="pi">-</span> <span class="s">pod_pending_duration &gt; 2min</span> <span class="c1"># Scheduling issues</span> <span class="na">hpa</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">current_replicas == max_replicas</span> <span class="c1"># Scale ceiling hit</span> <span class="pi">-</span> <span class="s">cpu_utilization_vs_target</span> <span class="c1"># Consistently above target</span> </code></pre> </div> <p>The most valuable alert I ever wrote:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Detect pods stuck in CrashLoopBackOff</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">PodCrashLooping</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">rate(kube_pod_container_status_restarts_total[15m]) &gt; </span><span class="m">0</span> <span class="na">for</span><span class="pi">:</span> <span class="s">15m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Pod</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">crash-looping"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.namespace</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">restarted</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$value</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">times</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">15</span><span class="nv"> </span><span class="s">minutes"</span> </code></pre> </div> <h2> Layer 3: Application Performance </h2> <p>This is what your users actually care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">application_metrics</span><span class="pi">:</span> <span class="na">red_method</span><span class="pi">:</span> <span class="c1"># Rate, Errors, Duration</span> <span class="pi">-</span> <span class="s">request_rate_per_second</span> <span class="pi">-</span> <span class="s">error_rate_percentage</span> <span class="c1"># Alert &gt; 1%</span> <span class="pi">-</span> <span class="s">request_duration_p99</span> <span class="c1"># Alert &gt; 500ms</span> <span class="na">use_method</span><span class="pi">:</span> <span class="c1"># Utilization, Saturation, Errors</span> <span class="pi">-</span> <span class="s">cpu_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">memory_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">network_receive_bytes_rate</span> </code></pre> </div> <h2> The Dashboard That Saves Us </h2> <p>We built a single "K8s Health" dashboard with four panels:</p> <ol> <li> <strong>Cluster capacity</strong> — CPU/Memory/Disk utilization per node pool</li> <li> <strong>Workload status</strong> — Table of all deployments with health status</li> <li> <strong>Error rates</strong> — All services, sorted by error rate</li> <li> <strong>Recent events</strong> — K8s events filtered to warnings and errors</li> </ol> <p>This one dashboard answers 90% of "is something wrong?" questions.</p> <h2> Common Mistakes </h2> <ol> <li> <strong>Monitoring pods instead of services</strong> — Pods are ephemeral, services are what matter</li> <li> <strong>Not setting resource requests</strong> — Without requests, your metrics are meaningless</li> <li> <strong>Alerting on resource usage instead of SLOs</strong> — High CPU isn't a problem if latency is fine</li> <li> <strong>Ignoring the control plane</strong> — An unhealthy API server affects everything</li> </ol> <p>If you want unified Kubernetes observability without the complexity, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> kubernetes observability monitoring sre Samson Tanimawo Wed, 15 Apr 2026 23:08:21 +0000 https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-47n2 https://forem.com/samson_tanimawo/kubernetes-observability-what-to-monitor-and-why-47n2 <h2> The Kubernetes Monitoring Maze </h2> <p>Kubernetes gives you a thousand metrics out of the box. Most teams monitor all of them and understand none of them.</p> <p>After running K8s in production for four years, here's what actually matters.</p> <h2> The Three Layers </h2> <p>Kubernetes observability has three distinct layers, and you need different strategies for each:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1: Cluster Health (infrastructure) Layer 2: Workload Health (your apps) Layer 3: Application Performance (user experience) </code></pre> </div> <h2> Layer 1: Cluster Health </h2> <p>These are your "is the platform working?" metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_cluster_metrics</span><span class="pi">:</span> <span class="na">nodes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node_ready_status</span> <span class="c1"># Are all nodes healthy?</span> <span class="pi">-</span> <span class="s">node_cpu_utilization</span> <span class="c1"># Alert at 85%</span> <span class="pi">-</span> <span class="s">node_memory_utilization</span> <span class="c1"># Alert at 90%</span> <span class="pi">-</span> <span class="s">node_disk_pressure</span> <span class="c1"># Boolean alert</span> <span class="pi">-</span> <span class="s">node_pid_pressure</span> <span class="c1"># Rarely fires, always critical</span> <span class="na">control_plane</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">apiserver_request_latency_p99</span> <span class="c1"># Alert &gt; 1s</span> <span class="pi">-</span> <span class="s">etcd_disk_wal_fsync_duration</span> <span class="c1"># Alert &gt; 100ms</span> <span class="pi">-</span> <span class="s">scheduler_pending_pods</span> <span class="c1"># Alert if &gt; 0 for 5min</span> <span class="pi">-</span> <span class="s">controller_manager_queue_depth</span> <span class="c1"># Alert if growing</span> </code></pre> </div> <p><strong>Pro tip:</strong> Don't alert on individual node CPU. Alert on cluster-level capacity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Alert when cluster is 80% utilized ( sum(node_cpu_seconds_total{mode!="idle"}) / sum(node_cpu_seconds_total) ) &gt; 0.80 </code></pre> </div> <h2> Layer 2: Workload Health </h2> <p>This is where most teams get it wrong. They monitor pods instead of workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">critical_workload_metrics</span><span class="pi">:</span> <span class="na">deployments</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">available_replicas &lt; desired_replicas</span> <span class="c1"># For &gt; 5min</span> <span class="pi">-</span> <span class="s">deployment_generation != observed_generation</span> <span class="c1"># Stuck rollout</span> <span class="na">pods</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">restart_count increasing</span> <span class="c1"># CrashLoopBackOff detection</span> <span class="pi">-</span> <span class="s">container_oom_killed</span> <span class="c1"># Memory limits too low</span> <span class="pi">-</span> <span class="s">pod_pending_duration &gt; 2min</span> <span class="c1"># Scheduling issues</span> <span class="na">hpa</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">current_replicas == max_replicas</span> <span class="c1"># Scale ceiling hit</span> <span class="pi">-</span> <span class="s">cpu_utilization_vs_target</span> <span class="c1"># Consistently above target</span> </code></pre> </div> <p>The most valuable alert I ever wrote:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Detect pods stuck in CrashLoopBackOff</span> <span class="na">alert</span><span class="pi">:</span> <span class="s">PodCrashLooping</span> <span class="na">expr</span><span class="pi">:</span> <span class="s">rate(kube_pod_container_status_restarts_total[15m]) &gt; </span><span class="m">0</span> <span class="na">for</span><span class="pi">:</span> <span class="s">15m</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">severity</span><span class="pi">:</span> <span class="s">warning</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Pod</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">crash-looping"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.pod</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$labels.namespace</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">restarted</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">$value</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">times</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">15</span><span class="nv"> </span><span class="s">minutes"</span> </code></pre> </div> <h2> Layer 3: Application Performance </h2> <p>This is what your users actually care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">application_metrics</span><span class="pi">:</span> <span class="na">red_method</span><span class="pi">:</span> <span class="c1"># Rate, Errors, Duration</span> <span class="pi">-</span> <span class="s">request_rate_per_second</span> <span class="pi">-</span> <span class="s">error_rate_percentage</span> <span class="c1"># Alert &gt; 1%</span> <span class="pi">-</span> <span class="s">request_duration_p99</span> <span class="c1"># Alert &gt; 500ms</span> <span class="na">use_method</span><span class="pi">:</span> <span class="c1"># Utilization, Saturation, Errors</span> <span class="pi">-</span> <span class="s">cpu_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">memory_request_vs_limit_ratio</span> <span class="pi">-</span> <span class="s">network_receive_bytes_rate</span> </code></pre> </div> <h2> The Dashboard That Saves Us </h2> <p>We built a single "K8s Health" dashboard with four panels:</p> <ol> <li> <strong>Cluster capacity</strong> — CPU/Memory/Disk utilization per node pool</li> <li> <strong>Workload status</strong> — Table of all deployments with health status</li> <li> <strong>Error rates</strong> — All services, sorted by error rate</li> <li> <strong>Recent events</strong> — K8s events filtered to warnings and errors</li> </ol> <p>This one dashboard answers 90% of "is something wrong?" questions.</p> <h2> Common Mistakes </h2> <ol> <li> <strong>Monitoring pods instead of services</strong> — Pods are ephemeral, services are what matter</li> <li> <strong>Not setting resource requests</strong> — Without requests, your metrics are meaningless</li> <li> <strong>Alerting on resource usage instead of SLOs</strong> — High CPU isn't a problem if latency is fine</li> <li> <strong>Ignoring the control plane</strong> — An unhealthy API server affects everything</li> </ol> <p>If you want unified Kubernetes observability without the complexity, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> kubernetes observability monitoring sre Samson Tanimawo Wed, 15 Apr 2026 15:21:46 +0000 https://forem.com/samson_tanimawo/on-call-wellness-protecting-your-engineers-from-burnout-1fii https://forem.com/samson_tanimawo/on-call-wellness-protecting-your-engineers-from-burnout-1fii <h2> The On-Call Burnout Epidemic </h2> <p>I watched three senior SREs leave our team in six months. Exit interviews all said the same thing: on-call was unsustainable.</p> <p>We were spending $500K+ recruiting replacements for a problem that could have been fixed with $0 and better practices.</p> <h2> The Warning Signs </h2> <p>Before someone quits, they show these signals:</p> <ol> <li> <strong>Cynicism in post-mortems</strong> — "This will never get fixed"</li> <li> <strong>Alert numbness</strong> — Slow to respond, missed pages</li> <li> <strong>Vacation avoidance</strong> — "I can't take time off, who would cover?"</li> <li> <strong>Scope creep rejection</strong> — "That's not my problem"</li> <li> <strong>Meeting silence</strong> — Previously engaged, now checked out</li> </ol> <p>If you see three or more of these in someone on your team, they're already halfway out the door.</p> <h2> What We Changed </h2> <h3> 1. Hard Cap on Pages </h3> <p>We set a maximum of 2 pages per 8-hour on-call shift. If someone gets paged more than that, the secondary automatically takes over and the incident is escalated as a process failure.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">on_call_policy</span><span class="pi">:</span> <span class="na">max_pages_per_shift</span><span class="pi">:</span> <span class="m">2</span> <span class="na">shift_duration_hours</span><span class="pi">:</span> <span class="m">8</span> <span class="na">overflow_action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">escalate_to_secondary"</span> <span class="na">overflow_review</span><span class="pi">:</span> <span class="s2">"</span><span class="s">weekly_ops_review"</span> </code></pre> </div> <h3> 2. Follow-the-Sun Rotation </h3> <p>We stopped asking people to be on-call at 3am. With team members across US timezones, we created overlapping business-hours shifts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Shift A (Eastern): 6am - 2pm ET Shift B (Central): 11am - 7pm CT Shift C (Pacific): 2pm - 10pm PT Overnight: Managed by alert automation + escalation </code></pre> </div> <p>Nobody gets paged between 10pm and 6am unless it's a true P1.</p> <h3> 3. On-Call Compensation </h3> <p>We implemented:</p> <ul> <li>$500 flat fee per on-call week</li> <li>$200 per off-hours page</li> <li>Comp day after any overnight incident &gt; 30 minutes</li> <li>On-call swaps require zero management approval</li> </ul> <h3> 4. The "Toil Budget" </h3> <p>Each engineer gets a toil budget: maximum 30% of their time on operational work. If toil exceeds 30%, they're pulled from on-call until the team automates the excess.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Weekly toil tracking: Alert response: 4 hours Manual deployments: 2 hours Config updates: 1 hour Ad-hoc debugging: 3 hours ───────────────────────── Total: 10 hours (25% of 40hr week) ✓ </code></pre> </div> <h3> 5. Quarterly On-Call Reviews </h3> <p>Every quarter, we review:</p> <ul> <li>Pages per person</li> <li>Off-hours disruptions</li> <li>Toil percentages</li> <li>Team sentiment survey</li> <li>Attrition risk signals</li> </ul> <h2> The Results </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Before</th> <th>After (6 months)</th> </tr> </thead> <tbody> <tr> <td>Attrition rate</td> <td>40%/year</td> <td>8%/year</td> </tr> <tr> <td>Pages per shift</td> <td>4.7</td> <td>1.2</td> </tr> <tr> <td>Off-hours pages</td> <td>12/week</td> <td>2/week</td> </tr> <tr> <td>Team NPS</td> <td>-15</td> <td>+45</td> </tr> <tr> <td>Recruitment cost saved</td> <td>-</td> <td>~$400K/year</td> </tr> </tbody> </table></div> <h2> The Key Insight </h2> <p>On-call wellness isn't a perk. It's a business decision. Replacing a senior SRE costs $150-200K in recruiting, onboarding, and lost productivity. Preventing burnout costs almost nothing.</p> <p>If you're looking to reduce on-call toil and protect your team from burnout, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre oncall burnout culture Samson Tanimawo Wed, 15 Apr 2026 15:06:15 +0000 https://forem.com/samson_tanimawo/on-call-wellness-protecting-your-engineers-from-burnout-39fc https://forem.com/samson_tanimawo/on-call-wellness-protecting-your-engineers-from-burnout-39fc <h2> The On-Call Burnout Epidemic </h2> <p>I watched three senior SREs leave our team in six months. Exit interviews all said the same thing: on-call was unsustainable.</p> <p>We were spending $500K+ recruiting replacements for a problem that could have been fixed with $0 and better practices.</p> <h2> The Warning Signs </h2> <p>Before someone quits, they show these signals:</p> <ol> <li> <strong>Cynicism in post-mortems</strong> — "This will never get fixed"</li> <li> <strong>Alert numbness</strong> — Slow to respond, missed pages</li> <li> <strong>Vacation avoidance</strong> — "I can't take time off, who would cover?"</li> <li> <strong>Scope creep rejection</strong> — "That's not my problem"</li> <li> <strong>Meeting silence</strong> — Previously engaged, now checked out</li> </ol> <p>If you see three or more of these in someone on your team, they're already halfway out the door.</p> <h2> What We Changed </h2> <h3> 1. Hard Cap on Pages </h3> <p>We set a maximum of 2 pages per 8-hour on-call shift. If someone gets paged more than that, the secondary automatically takes over and the incident is escalated as a process failure.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">on_call_policy</span><span class="pi">:</span> <span class="na">max_pages_per_shift</span><span class="pi">:</span> <span class="m">2</span> <span class="na">shift_duration_hours</span><span class="pi">:</span> <span class="m">8</span> <span class="na">overflow_action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">escalate_to_secondary"</span> <span class="na">overflow_review</span><span class="pi">:</span> <span class="s2">"</span><span class="s">weekly_ops_review"</span> </code></pre> </div> <h3> 2. Follow-the-Sun Rotation </h3> <p>We stopped asking people to be on-call at 3am. With team members across US timezones, we created overlapping business-hours shifts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Shift A (Eastern): 6am - 2pm ET Shift B (Central): 11am - 7pm CT Shift C (Pacific): 2pm - 10pm PT Overnight: Managed by alert automation + escalation </code></pre> </div> <p>Nobody gets paged between 10pm and 6am unless it's a true P1.</p> <h3> 3. On-Call Compensation </h3> <p>We implemented:</p> <ul> <li>$500 flat fee per on-call week</li> <li>$200 per off-hours page</li> <li>Comp day after any overnight incident &gt; 30 minutes</li> <li>On-call swaps require zero management approval</li> </ul> <h3> 4. The "Toil Budget" </h3> <p>Each engineer gets a toil budget: maximum 30% of their time on operational work. If toil exceeds 30%, they're pulled from on-call until the team automates the excess.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Weekly toil tracking: Alert response: 4 hours Manual deployments: 2 hours Config updates: 1 hour Ad-hoc debugging: 3 hours ───────────────────────── Total: 10 hours (25% of 40hr week) ✓ </code></pre> </div> <h3> 5. Quarterly On-Call Reviews </h3> <p>Every quarter, we review:</p> <ul> <li>Pages per person</li> <li>Off-hours disruptions</li> <li>Toil percentages</li> <li>Team sentiment survey</li> <li>Attrition risk signals</li> </ul> <h2> The Results </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Before</th> <th>After (6 months)</th> </tr> </thead> <tbody> <tr> <td>Attrition rate</td> <td>40%/year</td> <td>8%/year</td> </tr> <tr> <td>Pages per shift</td> <td>4.7</td> <td>1.2</td> </tr> <tr> <td>Off-hours pages</td> <td>12/week</td> <td>2/week</td> </tr> <tr> <td>Team NPS</td> <td>-15</td> <td>+45</td> </tr> <tr> <td>Recruitment cost saved</td> <td>-</td> <td>~$400K/year</td> </tr> </tbody> </table></div> <h2> The Key Insight </h2> <p>On-call wellness isn't a perk. It's a business decision. Replacing a senior SRE costs $150-200K in recruiting, onboarding, and lost productivity. Preventing burnout costs almost nothing.</p> <p>If you're looking to reduce on-call toil and protect your team from burnout, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre oncall burnout culture Samson Tanimawo Wed, 15 Apr 2026 07:37:37 +0000 https://forem.com/samson_tanimawo/post-mortem-best-practices-that-actually-drive-change-3pin https://forem.com/samson_tanimawo/post-mortem-best-practices-that-actually-drive-change-3pin <h2> The Post-Mortem Nobody Learns From </h2> <p>I've sat through hundreds of post-mortems. Most follow the same pattern: something breaks, someone writes a Google Doc, we have a meeting, we list action items, nobody follows up, the same thing happens again in 3 months.</p> <p>Here's how to break the cycle.</p> <h2> The Blameless Culture Trap </h2> <p>"Blameless" doesn't mean "actionless." The biggest failure mode I see is teams that use blameless culture as an excuse to avoid accountability.</p> <p>Blameless means: we don't punish the person who pushed the bad deploy.<br> Blameless does NOT mean: nobody is responsible for fixing the systemic issue.</p> <h2> My Post-Mortem Template </h2> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Incident: [SERVICE] [SYMPTOM] on [DATE]</span> <span class="gu">## Impact</span> <span class="p">-</span> Duration: X minutes <span class="p">-</span> Users affected: N <span class="p">-</span> Revenue impact: $X <span class="p">-</span> SLO budget consumed: X% <span class="gu">## Timeline (UTC)</span> <span class="p">-</span> HH:MM - First alert fired <span class="p">-</span> HH:MM - On-call acknowledged <span class="p">-</span> HH:MM - Root cause identified <span class="p">-</span> HH:MM - Fix deployed <span class="p">-</span> HH:MM - Service recovered <span class="p">-</span> HH:MM - All-clear declared <span class="gu">## Root Cause</span> [2-3 sentences. Technical but readable.] <span class="gu">## Contributing Factors</span> <span class="p">1.</span> [Factor that made the incident possible] <span class="p">2.</span> [Factor that made detection slow] <span class="p">3.</span> [Factor that made resolution slow] <span class="gu">## What Went Well</span> <span class="p">-</span> [Something that worked] <span class="p">-</span> [Something that helped] <span class="gu">## What Went Wrong</span> <span class="p">-</span> [Process failure] <span class="p">-</span> [Technical gap] <span class="gu">## Action Items</span> | Action | Owner | Priority | Due Date | Status | |--------|-------|----------|----------|--------| | ... | ... | P1/P2/P3 | ... | Open | <span class="gu">## Lessons Learned</span> [1-2 paragraphs of genuine insight] </code></pre> </div> <h2> The Action Item Problem </h2> <p>Action items from post-mortems have a 30% completion rate industry-wide. That's terrible. Here's why:</p> <ol> <li>Too many items (I've seen post-mortems with 15 action items)</li> <li>No clear ownership</li> <li>No deadline</li> <li>No follow-up mechanism</li> <li>Competing with feature work</li> </ol> <h2> The Fix: Three Rules </h2> <p><strong>Rule 1: Maximum 3 action items per post-mortem.</strong></p> <p>If you can't narrow it to 3, you haven't identified the real problems.</p> <p><strong>Rule 2: Every action item gets a JIRA ticket linked to the next sprint.</strong></p> <p>Not "someday." Not "backlog." Next sprint. If it's not important enough for next sprint, it's not an action item.</p> <p><strong>Rule 3: Review completion in the next post-mortem.</strong></p> <p>Start every post-mortem meeting by reviewing open action items from previous incidents. This creates accountability without blame.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Post-mortem meeting agenda 1. Review open action items (10 min) - Incident #42: "Add circuit breaker" — DONE - Incident #43: "Add canary deploys" — IN PROGRESS (blocked on CI) - Incident #44: "Fix retry logic" — NOT STARTED (reassigning) 2. Current incident review (30 min) - Timeline walkthrough - Contributing factors - Action items (max 3) 3. Pattern analysis (10 min) - Any recurring themes? - Systemic issues to address? </code></pre> </div> <h2> The Metric That Matters </h2> <p>Track <strong>Repeat Incident Rate</strong>: what percentage of incidents have the same root cause as a previous incident?</p> <p>When we started tracking this, our repeat rate was 45%. After implementing the three rules above, it dropped to 12% over six months.</p> <p>That's the real measure of whether your post-mortems are working.</p> <p>If you're looking for better incident learning loops and pattern detection across your post-mortems, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre postmortem incidents devops Samson Tanimawo Wed, 15 Apr 2026 07:27:49 +0000 https://forem.com/samson_tanimawo/post-mortem-best-practices-that-actually-drive-change-5dgd https://forem.com/samson_tanimawo/post-mortem-best-practices-that-actually-drive-change-5dgd <h2> The Post-Mortem Nobody Learns From </h2> <p>I've sat through hundreds of post-mortems. Most follow the same pattern: something breaks, someone writes a Google Doc, we have a meeting, we list action items, nobody follows up, the same thing happens again in 3 months.</p> <p>Here's how to break the cycle.</p> <h2> The Blameless Culture Trap </h2> <p>"Blameless" doesn't mean "actionless." The biggest failure mode I see is teams that use blameless culture as an excuse to avoid accountability.</p> <p>Blameless means: we don't punish the person who pushed the bad deploy.<br> Blameless does NOT mean: nobody is responsible for fixing the systemic issue.</p> <h2> My Post-Mortem Template </h2> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Incident: [SERVICE] [SYMPTOM] on [DATE]</span> <span class="gu">## Impact</span> <span class="p">-</span> Duration: X minutes <span class="p">-</span> Users affected: N <span class="p">-</span> Revenue impact: $X <span class="p">-</span> SLO budget consumed: X% <span class="gu">## Timeline (UTC)</span> <span class="p">-</span> HH:MM - First alert fired <span class="p">-</span> HH:MM - On-call acknowledged <span class="p">-</span> HH:MM - Root cause identified <span class="p">-</span> HH:MM - Fix deployed <span class="p">-</span> HH:MM - Service recovered <span class="p">-</span> HH:MM - All-clear declared <span class="gu">## Root Cause</span> [2-3 sentences. Technical but readable.] <span class="gu">## Contributing Factors</span> <span class="p">1.</span> [Factor that made the incident possible] <span class="p">2.</span> [Factor that made detection slow] <span class="p">3.</span> [Factor that made resolution slow] <span class="gu">## What Went Well</span> <span class="p">-</span> [Something that worked] <span class="p">-</span> [Something that helped] <span class="gu">## What Went Wrong</span> <span class="p">-</span> [Process failure] <span class="p">-</span> [Technical gap] <span class="gu">## Action Items</span> | Action | Owner | Priority | Due Date | Status | |--------|-------|----------|----------|--------| | ... | ... | P1/P2/P3 | ... | Open | <span class="gu">## Lessons Learned</span> [1-2 paragraphs of genuine insight] </code></pre> </div> <h2> The Action Item Problem </h2> <p>Action items from post-mortems have a 30% completion rate industry-wide. That's terrible. Here's why:</p> <ol> <li>Too many items (I've seen post-mortems with 15 action items)</li> <li>No clear ownership</li> <li>No deadline</li> <li>No follow-up mechanism</li> <li>Competing with feature work</li> </ol> <h2> The Fix: Three Rules </h2> <p><strong>Rule 1: Maximum 3 action items per post-mortem.</strong></p> <p>If you can't narrow it to 3, you haven't identified the real problems.</p> <p><strong>Rule 2: Every action item gets a JIRA ticket linked to the next sprint.</strong></p> <p>Not "someday." Not "backlog." Next sprint. If it's not important enough for next sprint, it's not an action item.</p> <p><strong>Rule 3: Review completion in the next post-mortem.</strong></p> <p>Start every post-mortem meeting by reviewing open action items from previous incidents. This creates accountability without blame.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Post-mortem meeting agenda</span> <span class="p"> 1.</span> Review open action items (10 min) <span class="p"> -</span> Incident #42: "Add circuit breaker" — DONE <span class="p"> -</span> Incident #43: "Add canary deploys" — IN PROGRESS (blocked on CI) <span class="p"> -</span> Incident #44: "Fix retry logic" — NOT STARTED (reassigning) <span class="p"> 2.</span> Current incident review (30 min) <span class="p"> -</span> Timeline walkthrough <span class="p"> -</span> Contributing factors <span class="p"> -</span> Action items (max 3) <span class="p"> 3.</span> Pattern analysis (10 min) <span class="p"> -</span> Any recurring themes? <span class="p"> -</span> Systemic issues to address? </code></pre> </div> <h2> The Metric That Matters </h2> <p>Track <strong>Repeat Incident Rate</strong>: what percentage of incidents have the same root cause as a previous incident?</p> <p>When we started tracking this, our repeat rate was 45%. After implementing the three rules above, it dropped to 12% over six months.</p> <p>That's the real measure of whether your post-mortems are working.</p> <p>If you're looking for better incident learning loops and pattern detection across your post-mortems, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre postmortem incidents devops Samson Tanimawo Wed, 15 Apr 2026 03:21:55 +0000 https://forem.com/samson_tanimawo/runbook-automation-from-45-minute-fixes-to-90-second-recoveries-2243 https://forem.com/samson_tanimawo/runbook-automation-from-45-minute-fixes-to-90-second-recoveries-2243 <h2> The Runbook Nobody Reads </h2> <p>We had runbooks. Beautiful, detailed, Google-Docs runbooks. 47 pages long. Nobody read them at 3am.</p> <p>The problem isn't the documentation. The problem is expecting a sleep-deprived human to follow a 47-step procedure correctly.</p> <h2> The Automation Ladder </h2> <p>I think about runbook automation as a ladder:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Level 0: No runbook (tribal knowledge) Level 1: Written runbook (Google Doc) Level 2: Structured runbook (checklist format) Level 3: Semi-automated (scripts for each step) Level 4: Fully automated (one-click remediation) Level 5: Self-healing (no human needed) </code></pre> </div> <p>Most teams are at Level 1-2. The goal is Level 4-5 for your top 10 incidents.</p> <h2> Identifying Automation Candidates </h2> <p>Not everything should be automated. Start with high-frequency, well-understood procedures:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Query your incident database</span> <span class="k">SELECT</span> <span class="n">root_cause_category</span><span class="p">,</span> <span class="k">COUNT</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">as</span> <span class="n">frequency</span><span class="p">,</span> <span class="k">AVG</span><span class="p">(</span><span class="n">resolution_time_minutes</span><span class="p">)</span> <span class="k">as</span> <span class="n">avg_mttr</span><span class="p">,</span> <span class="k">COUNT</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="o">*</span> <span class="k">AVG</span><span class="p">(</span><span class="n">resolution_time_minutes</span><span class="p">)</span> <span class="k">as</span> <span class="n">total_impact_minutes</span> <span class="k">FROM</span> <span class="n">incidents</span> <span class="k">WHERE</span> <span class="n">created_at</span> <span class="o">&gt;</span> <span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'6 months'</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">root_cause_category</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">total_impact_minutes</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">10</span><span class="p">;</span> </code></pre> </div> <p>For us, the top 5 were:</p> <ol> <li>Disk full on log volumes (2x/week)</li> <li>Memory leak requiring pod restart (1x/week)</li> <li>Certificate expiry (1x/month, but high impact)</li> <li>Database connection pool exhaustion (1x/week)</li> <li>Stuck deployment (2x/week)</li> </ol> <h2> Example: Disk Full Auto-Remediation </h2> <p>Before (Level 1 — runbook):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. SSH to the affected host 2. Run df -h to confirm 3. Check /var/log for large files 4. Run logrotate manually 5. If still full, find and remove old files 6. If still full, expand the volume 7. Verify service recovered </code></pre> </div> <p>After (Level 5 — self-healing):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># disk-remediation.sh — triggered by monitoring alert</span> <span class="nv">HOST</span><span class="o">=</span><span class="nv">$1</span> <span class="nv">THRESHOLD</span><span class="o">=</span>90 <span class="nv">USAGE</span><span class="o">=</span><span class="si">$(</span>ssh <span class="nv">$HOST</span> <span class="s2">"df /var/log --output=pcent | tail -1 | tr -dc '0-9'"</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$USAGE</span><span class="s2">"</span> <span class="nt">-gt</span> <span class="s2">"</span><span class="nv">$THRESHOLD</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"[Auto-Remediation] Disk at </span><span class="k">${</span><span class="nv">USAGE</span><span class="k">}</span><span class="s2">% on </span><span class="k">${</span><span class="nv">HOST</span><span class="k">}</span><span class="s2">"</span> <span class="c"># Step 1: Rotate logs</span> ssh <span class="nv">$HOST</span> <span class="s2">"sudo logrotate -f /etc/logrotate.conf"</span> <span class="c"># Step 2: Clean old logs (&gt;7 days)</span> ssh <span class="nv">$HOST</span> <span class="s2">"find /var/log -name '*.gz' -mtime +7 -delete"</span> <span class="c"># Step 3: Clean temp files</span> ssh <span class="nv">$HOST</span> <span class="s2">"find /tmp -mtime +3 -delete 2&gt;/dev/null"</span> <span class="c"># Verify</span> <span class="nv">NEW_USAGE</span><span class="o">=</span><span class="si">$(</span>ssh <span class="nv">$HOST</span> <span class="s2">"df /var/log --output=pcent | tail -1 | tr -dc '0-9'"</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$NEW_USAGE</span><span class="s2">"</span> <span class="nt">-lt</span> <span class="s2">"</span><span class="nv">$THRESHOLD</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"[Auto-Remediation] Resolved. </span><span class="k">${</span><span class="nv">USAGE</span><span class="k">}</span><span class="s2">% -&gt; </span><span class="k">${</span><span class="nv">NEW_USAGE</span><span class="k">}</span><span class="s2">%"</span> notify_slack <span class="s2">"Disk full on </span><span class="k">${</span><span class="nv">HOST</span><span class="k">}</span><span class="s2"> auto-resolved (</span><span class="k">${</span><span class="nv">USAGE</span><span class="k">}</span><span class="s2">% -&gt; </span><span class="k">${</span><span class="nv">NEW_USAGE</span><span class="k">}</span><span class="s2">%)"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"[Auto-Remediation] Still at </span><span class="k">${</span><span class="nv">NEW_USAGE</span><span class="k">}</span><span class="s2">%. Escalating."</span> page_oncall <span class="s2">"Disk full on </span><span class="k">${</span><span class="nv">HOST</span><span class="k">}</span><span class="s2"> - auto-remediation failed. Manual intervention needed."</span> <span class="k">fi fi</span> </code></pre> </div> <h2> The Results </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Incident Type</th> <th>Before (MTTR)</th> <th>After (MTTR)</th> <th>Automation Level</th> </tr> </thead> <tbody> <tr> <td>Disk full</td> <td>25 min</td> <td>90 sec</td> <td>Self-healing</td> </tr> <tr> <td>Memory leak</td> <td>15 min</td> <td>45 sec</td> <td>One-click</td> </tr> <tr> <td>Cert expiry</td> <td>45 min</td> <td>0 (prevented)</td> <td>Proactive</td> </tr> <tr> <td>DB conn pool</td> <td>20 min</td> <td>60 sec</td> <td>Self-healing</td> </tr> <tr> <td>Stuck deploy</td> <td>30 min</td> <td>2 min</td> <td>One-click</td> </tr> </tbody> </table></div> <p>Total monthly incident time: 14 hours → 45 minutes.</p> <h2> The Golden Rule </h2> <p>If you've fixed the same incident three times manually, it's time to automate. The third time pays for the automation effort. Everything after that is pure savings.</p> <p>If you're tired of repetitive incident response and want to automate your runbooks with AI, check out what we're building at <a href="https://novaaiops.com" rel="noopener noreferrer">Nova AI Ops</a>.</p> <p><strong>Written by Dr. Samson Tanimawo</strong><br> BSc · MSc · MBA · PhD<br> Founder &amp; CEO, Nova AI Ops. <a href="https://novaaiops.com" rel="noopener noreferrer">https://novaaiops.com</a></p> sre automation runbooks devops