Skip to main content

Quick Start

The recommended method for installing Canary Checker is using helm

  1. Install canary-checker helm chart

    apiVersion: v1
    kind: Namespace
    metadata:
    name: canary-checker
    ---
    apiVersion: source.toolkit.fluxcd.io/v1
    kind: HelmRepository
    metadata:
    name: flanksource
    namespace: canary-checker
    spec:
    interval: 5m0s
    url: https://flanksource.github.io/charts
    ---
    apiVersion: helm.toolkit.fluxcd.io/v2
    kind: HelmRelease
    metadata:
    name: canary-checker
    namespace: canary-checker
    spec:
    chart:
    spec:
    chart: canary-checker
    sourceRef:
    kind: HelmRepository
    name: flanksource
    namespace: canary-checker
    interval: 1m
    values:
    global.ui.host: canary-checker.127.0.0.1.nip.io
    values.yaml
    • affinity: io.k8s.api.core.v1.Affinity
    • allowPrivilegeEscalation: (default: "false")
    • canaryLabelSelector: - Only canaries matching these labels will run. Label values support match expression
    • canaryNamespace: - restrict canary-checker to monitor single namespace for canaries. Leave blank to monitor all namespaces
    • canaryNamespaceSelector: - Only canaries matching these namespaces will run. A list of namespaces can be provided with comma separation. Supports match expression
    • canarySelector: - Only canaries matching these names will run. A list of names can be provided with comma separation. Supports match expression
    • containerdSocket: (default: "false")
    • db:
      • embedded:
        • persist: boolean - persist the embedded DB with a PVC
        • storage: (default: "20Gi")
        • storageClass:
      • external:
        • conf:
          • create: boolean - Setting create to true will create a postgres stateful set for config-db to connect to. If create=true, the secretKeyRef will be created by helm with the specified name and key Optionally populate a secret named 'postgres-connection' before install with `POSTGRES_USER` and `POSTGRES_PASSWORD` to set the created username and password, otherwise a random password will be created for a 'postgres' user If false and an existing connection must be specified under secretKeyRef If create=false, a prexisting secret containing the URI to an existing postgres database must be provided The URI must be in the format `postgresql://$user:$password@$host/$database`
          • enabled: boolean - Setting to true will disable the embedded DB
          • image: (default: "supabase/postgres")
          • resources:
          • secretKeyRef:
            • key: (default: "DB_URL") - - secret key name containing a postgres connection string
            • name: (default: "canary-checker-postgres") - name of secret containing external db credentials
          • shmVolume: (default: "256Mi")
          • storage: string (default: "20Gi")
          • storageClass: string
          • version: (default: "14.1.0.89")
        • runMigrations: (default: "true")
      • debug: (default: "false") - Turn on pprof /debug endpoint
      • disableChecks[]:

        List of check types to disable

        - List of check types to disable
      • disablePostgrest: (default: "false") - Disable the embedded postgrest service
      • dockerSocket: (default: "false")
      • extra:
        • extraArgs:
        • flanksource-ui: flanksource-ui
        • global:
        • grafanaDashboards: (default: "false")
        • image:
          • name: string (default: "{{.Values.global.imagePrefix}}/canary-checker")
          • pullPolicy: string (default: "IfNotPresent")
          • tag: string (default: "latest") - Overrides the image tag whose default is the chart appVersion.
          • type: (enum: full, minimal, slim) (default: "minimal") - full image is larger and requires more permissions to run, but is required to execute 3rd party checks (jmeter, restic, k6 etc), minimal includes PowerShell and aws,azure,gcp CLIs # (enum: full, minimal, slim)
        • ingress:
          • annotations:
          • className:
          • enabled: (default: "false") - Expose the canary-checker service on an ingress, normally not needed as the service is exposed through `flanksource-ui.ingress`
          • host: (default: "canary-checker")
          • tls:
        • jsonLogs: (default: "true")
        • labelsAllowList[]:

          List of additional check label keys that should be included in the check metrics

          - List of additional check label keys that should be included in the check metrics
        • livenessProbe: io.k8s.api.core.v1.Probe
        • logLevel:
        • nameOverride:
        • nodeSelector:

          node's labels for the pod to be scheduled on that node. See Node Selector

            - node's labels for the pod to be scheduled on that node. See Node Selector
          • otel:
          • pingMode: (enum: privileged, unprivileged, none) (default: "unprivileged") - set the mechanism for pings - either privileged, unprivileged or none (enum: privileged, unprivileged, none)
          • podAnnotations:
          • prometheusURL: - Default Prometheus URL to use in prometheus checks
          • properties: - A map of properties to update on startup
          • readinessProbe: io.k8s.api.core.v1.Probe
          • replicas: (default: 1)
          • resources: io.k8s.api.core.v1.ResourceRequirements
          • serviceAccount:
          • serviceMonitor: (default: "false") - Set to true to enable prometheus service monitor
          • serviceMonitorLabels:
          • tolerations[]: io.k8s.api.core.v1.Toleration
          • upstream:
          • volumeMounts[]: io.k8s.api.core.v1.VolumeMount
          • volumes[]: io.k8s.api.core.v1.Volume
          info

          Note the default installation of canary-checker uses an embedded postgres database and does not persist history, see: Database

        • Create a canary

          cat <<EOF | kubectl apply -f -
          apiVersion: canaries.flanksource.com/v1
          kind: Canary
          metadata:
          name: http-check
          spec:
          interval: 30
          http:
          - name: http pass response 200 status code
          url: https://httpbin.demo.aws.flanksource.com/status/200
          EOF

        • Check the results via the CLI

        kubectl get canary
        NAME INTERVAL STATUS LAST CHECK UPTIME 1H LATENCY 1H LAST TRANSITIONED
        http-check 30 Passed 13s 18/18 (100.0%) 480ms 13s
        1. Access the dashboard

          You can access the web dashboard by forwarding the port:

          kubectl -n canary-checker port-forward svc/canary-checker-ui 8080:80
           
          Canary Checker Dashboard
          tip

          To deploy an ingress for the dashboard, update the values.yaml:

          flanksource-ui:
          enabled: true
          ingress:
          annotations:
          kubernetes.io/tls-acme: 'true'
          host: <DOMAIN>
          tls:
          - hosts:
          - <DOMAIN>
          secretName: ingress-tls