Quick Start
The recommended method for installing Canary Checker is using helm
-
Install canary-checker helm chart
- Helm
- Flux
helm repo add flanksource https://flanksource.github.io/charts
helm repo update
helm install canary-checker flanksource/canary-checker \
--set global.ui.host=canary-checker.127.0.0.1.nip.io \
-n canary-checker --create-namespace \
--waitapiVersion: v1
kind: Namespace
metadata:
name: canary-checker
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: flanksource
namespace: canary-checker
spec:
interval: 5m0s
url: https://flanksource.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: canary-checker
namespace: canary-checker
spec:
chart:
spec:
chart: canary-checker
sourceRef:
kind: HelmRepository
name: flanksource
namespace: canary-checker
interval: 1m
values:
global.ui.host: canary-checker.127.0.0.1.nip.iovalues.yaml
- affinity: io.k8s.api.core.v1.Affinity
- allowPrivilegeEscalation: (default: "false")
- canaryLabelSelector: - Only canaries matching these labels will run. Label values support match expression
- canaryNamespace: - restrict canary-checker to monitor single namespace for canaries. Leave blank to monitor all namespaces
- canaryNamespaceSelector: - Only canaries matching these namespaces will run. A list of namespaces can be provided with comma separation. Supports match expression
- canarySelector: - Only canaries matching these names will run. A list of names can be provided with comma separation. Supports match expression
- containerdSocket: (default: "false")
- db:
- embedded:
- persist: boolean - persist the embedded DB with a PVC
- storage: (default: "20Gi")
- storageClass:
- external:
- conf:
- create: boolean - Setting create to true will create a postgres stateful set for config-db to connect to. If create=true, the secretKeyRef will be created by helm with the specified name and key Optionally populate a secret named 'postgres-connection' before install with `POSTGRES_USER` and `POSTGRES_PASSWORD` to set the created username and password, otherwise a random password will be created for a 'postgres' user If false and an existing connection must be specified under secretKeyRef If create=false, a prexisting secret containing the URI to an existing postgres database must be provided The URI must be in the format `postgresql://$user:$password@$host/$database`
- enabled: boolean - Setting to true will disable the embedded DB
- image: (default: "supabase/postgres")
- resources:
- secretKeyRef:
- key: (default: "DB_URL") - - secret key name containing a postgres connection string
- name: (default: "canary-checker-postgres") - name of secret containing external db credentials
- shmVolume: (default: "256Mi")
- storage: string (default: "20Gi")
- storageClass: string
- version: (default: "14.1.0.89")
- conf:
- runMigrations: (default: "true")
- embedded:
- debug: (default: "false") - Turn on pprof /debug endpoint
- disableChecks[]: - List of check types to disable
List of check types to disable
- disablePostgrest: (default: "false") - Disable the embedded postgrest service
- dockerSocket: (default: "false")
- extra:
- extraArgs:
- flanksource-ui: flanksource-ui
- global:
- grafanaDashboards: (default: "false")
- image:
- name: string (default: "{{.Values.global.imagePrefix}}/canary-checker")
- pullPolicy: string (default: "IfNotPresent")
- tag: string (default: "latest") - Overrides the image tag whose default is the chart appVersion.
- type: (enum: full, minimal, slim) (default: "minimal") - full image is larger and requires more permissions to run, but is required to execute 3rd party checks (jmeter, restic, k6 etc), minimal includes PowerShell and aws,azure,gcp CLIs # (enum: full, minimal, slim)
- ingress:
- annotations:
- className:
- enabled: (default: "false") - Expose the canary-checker service on an ingress, normally not needed as the service is exposed through `flanksource-ui.ingress`
- host: (default: "canary-checker")
- tls:
- jsonLogs: (default: "true")
- labelsAllowList[]: - List of additional check label keys that should be included in the check metrics
List of additional check label keys that should be included in the check metrics
- livenessProbe: io.k8s.api.core.v1.Probe
- logLevel:
- nameOverride:
- nodeSelector: - node's labels for the pod to be scheduled on that node. See Node Selector
node's labels for the pod to be scheduled on that node. See Node Selector
- otel:
- pingMode: (enum: privileged, unprivileged, none) (default: "unprivileged") - set the mechanism for pings - either privileged, unprivileged or none (enum: privileged, unprivileged, none)
- podAnnotations:
- prometheusURL: - Default Prometheus URL to use in prometheus checks
- properties: - A map of properties to update on startup
- readinessProbe: io.k8s.api.core.v1.Probe
- replicas: (default: 1)
- resources: io.k8s.api.core.v1.ResourceRequirements
- serviceAccount:
- serviceMonitor: (default: "false") - Set to true to enable prometheus service monitor
- serviceMonitorLabels:
- tolerations[]: io.k8s.api.core.v1.Toleration
- upstream:
- volumeMounts[]: io.k8s.api.core.v1.VolumeMount
- volumes[]: io.k8s.api.core.v1.Volume
infoNote the default installation of canary-checker uses an embedded postgres database and does not persist history, see: Database
-
Create a canary
cat <<EOF | kubectl apply -f -
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: http-check
spec:
interval: 30
http:
- name: http pass response 200 status code
url: https://httpbin.demo.aws.flanksource.com/status/200
EOF -
Check the results via the CLI
❯ kubectl get canary
NAME INTERVAL STATUS LAST CHECK UPTIME 1H LATENCY 1H LAST TRANSITIONED
http-check 30 Passed 13s 18/18 (100.0%) 480ms 13s
NAME INTERVAL STATUS LAST CHECK UPTIME 1H LATENCY 1H LAST TRANSITIONED
http-check 30 Passed 13s 18/18 (100.0%) 480ms 13s
-
Access the dashboard
You can access the web dashboard by forwarding the port:
❯ kubectl -n canary-checker port-forward svc/canary-checker-ui 8080:80
Canary Checker Dashboard tipTo deploy an ingress for the dashboard, update the
values.yaml
:flanksource-ui:
enabled: true
ingress:
annotations:
kubernetes.io/tls-acme: 'true'
host: <DOMAIN>
tls:
- hosts:
- <DOMAIN>
secretName: ingress-tls