Quick Start

The recommended method for installing Canary Checker is using helm

Install canary-checker helm chart
- Helm
- Flux
helm repo add flanksource https://flanksource.github.io/charts helm repo update helm install canary-checker flanksource/canary-checker \ --set global.ui.host=canary-checker.127.0.0.1.nip.io \ -n canary-checker --create-namespace \ --wait
apiVersion: v1 kind: Namespace metadata: name: canary-checker --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: flanksource namespace: canary-checker spec: interval: 5m0s url: https://flanksource.github.io/charts --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: canary-checker namespace: canary-checker spec: chart: spec: chart: canary-checker sourceRef: kind: HelmRepository name: flanksource namespace: canary-checker interval: 1m values: global.ui.host: canary-checker.127.0.0.1.nip.io
values.yaml
affinity: io.k8s.api.core.v1.Affinity
allowPrivilegeEscalation: (default: "false")
canaryLabelSelector: - Only canaries matching these labels will run. Label values support match expression
canaryNamespace: - restrict canary-checker to monitor single namespace for canaries. Leave blank to monitor all namespaces
canaryNamespaceSelector: - Only canaries matching these namespaces will run. A list of namespaces can be provided with comma separation. Supports match expression
canarySelector: - Only canaries matching these names will run. A list of names can be provided with comma separation. Supports match expression
containerdSocket: (default: "false")
db:
embedded:
persist: boolean - persist the embedded DB with a PVC
storage: (default: "20Gi")
storageClass:
external:
conf:
create: boolean - Setting create to true will create a postgres stateful set for config-db to connect to. If create=true, the secretKeyRef will be created by helm with the specified name and key Optionally populate a secret named 'postgres-connection' before install with `POSTGRES_USER` and `POSTGRES_PASSWORD` to set the created username and password, otherwise a random password will be created for a 'postgres' user If false and an existing connection must be specified under secretKeyRef If create=false, a prexisting secret containing the URI to an existing postgres database must be provided The URI must be in the format `postgresql://$user:$password@$host/$database`
enabled: boolean - Setting to true will disable the embedded DB
image: (default: "supabase/postgres")
resources:
secretKeyRef:
key: (default: "DB_URL") - - secret key name containing a postgres connection string
name: (default: "canary-checker-postgres") - name of secret containing external db credentials
shmVolume: (default: "256Mi")
storage: string (default: "20Gi")
storageClass: string
version: (default: "14.1.0.89")
runMigrations: (default: "true")
debug: (default: "false") - Turn on pprof /debug endpoint
disableChecks[]:
List of check types to disable

- List of check types to disable
disablePostgrest: (default: "false") - Disable the embedded postgrest service
dockerSocket: (default: "false")
extra:
extraArgs:
flanksource-ui: flanksource-ui
global:
grafanaDashboards: (default: "false")
image:
name: string (default: "{{.Values.global.imagePrefix}}/canary-checker")
pullPolicy: string (default: "IfNotPresent")
tag: string (default: "latest") - Overrides the image tag whose default is the chart appVersion.
type: (enum: full, minimal, slim) (default: "minimal") - full image is larger and requires more permissions to run, but is required to execute 3rd party checks (jmeter, restic, k6 etc), minimal includes PowerShell and aws,azure,gcp CLIs # (enum: full, minimal, slim)
ingress:
annotations:
className:
enabled: (default: "false") - Expose the canary-checker service on an ingress, normally not needed as the service is exposed through `flanksource-ui.ingress`
host: (default: "canary-checker")
tls:
jsonLogs: (default: "true")
labelsAllowList[]:
List of additional check label keys that should be included in the check metrics

- List of additional check label keys that should be included in the check metrics
livenessProbe: io.k8s.api.core.v1.Probe
logLevel:
nameOverride:
nodeSelector:
node's labels for the pod to be scheduled on that node. See Node Selector
- node's labels for the pod to be scheduled on that node. See Node Selector
otel:
pingMode: (enum: privileged, unprivileged, none) (default: "unprivileged") - set the mechanism for pings - either privileged, unprivileged or none (enum: privileged, unprivileged, none)
podAnnotations:
prometheusURL: - Default Prometheus URL to use in prometheus checks
properties: - A map of properties to update on startup
readinessProbe: io.k8s.api.core.v1.Probe
replicas: (default: 1)
resources: io.k8s.api.core.v1.ResourceRequirements
serviceAccount:
serviceMonitor: (default: "false") - Set to true to enable prometheus service monitor
serviceMonitorLabels:
tolerations[]: io.k8s.api.core.v1.Toleration
upstream:
volumeMounts[]: io.k8s.api.core.v1.VolumeMount
volumes[]: io.k8s.api.core.v1.Volume
info
Note the default installation of canary-checker uses an embedded postgres database and does not persist history, see: Database

Create a canary

cat <<EOF | kubectl apply -f -
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: http-check
spec:
  interval: 30
  http:
    - name: http pass response 200 status code
      url: https://httpbin.demo.aws.flanksource.com/status/200
EOF

Check the results via the CLI

❯ kubectl get canary
NAME       INTERVAL     STATUS   LAST CHECK   UPTIME 1H       LATENCY 1H   LAST TRANSITIONED
http-check   30         Passed   13s          18/18 (100.0%)   480ms        13s

Access the dashboard

You can access the web dashboard by forwarding the port:

❯ kubectl  -n canary-checker port-forward  svc/canary-checker-ui 8080:80
 

Canary Checker Dashboard

tip

To deploy an ingress for the dashboard, update the values.yaml:

flanksource-ui:
  enabled: true
  ingress:
    annotations:
      kubernetes.io/tls-acme: 'true'
    host: <DOMAIN>
    tls:
      - hosts:
          - <DOMAIN>
        secretName: ingress-tls