Kubernetes Resource
The Kubernetes resource check creates kubernetes resources based on the provided manifests & perform checks on them. Some common use case of this check would be to see if a service is accessible via the ingress as shown in the example below.
ingress_test.yaml---
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: ingress-test
labels:
"Expected-Fail": "false"
spec:
schedule: "@every 5m"
kubernetesResource:
- name: ingress-accessibility-check
namespace: default
description: "deploy httpbin & check that it's accessible via ingress"
waitFor:
expr: "dyn(resources).all(r, k8s.isReady(r))"
interval: 2s
timeout: 5m
staticResources:
- apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin
namespace: default
spec:
rules:
- host: "httpbin.127.0.0.1.nip.io"
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: httpbin
port:
number: 80
resources:
- apiVersion: v1
kind: Pod
metadata:
name: httpbin
namespace: default
labels:
app: httpbin
spec:
containers:
- name: httpbin
image: "kennethreitz/httpbin:latest"
ports:
- containerPort: 80
- apiVersion: v1
kind: Service
metadata:
name: httpbin
namespace: default
spec:
selector:
app: httpbin
ports:
- port: 80
targetPort: 80
checks:
- http:
- name: Call httpbin via ingress
url: "http://ingress-nginx.ingress-nginx.svc"
headers:
- name: Host
value: "{{(index ((index .staticResources 0).Object.spec.rules) 0).host}}"
checkRetries:
delay: 3s
interval: 2s
timeout: 5m
Field | Description | Scheme |
---|---|---|
name* | Name of the check, must be unique within the canary | string |
resources* | Manifests that should be applied |
|
checkRetries | Retry configuration for the checks | |
checks | canary spec for the checks to be performed after the resources are created | CanarySpec |
clearResources | When set to true, resources from previous checks are deleted before every run.
Even though the resources are deleted at the end of a check, setting this to | bool |
staticResources | Static resources are like |
|
waitFor | Specify the desired state of the static/non-static resources before running the checks | |
description | Description for the check | string |
display | Expression to change the formatting of the display | |
icon | Icon for overwriting default icon on the dashboard | |
labels | Labels for check | map[string]string |
metrics | Metrics to export from | |
test | Evaluate whether a check is healthy | |
transform | Transform data from a check into multiple individual checks | |
kubeconfig | Path to a kubeconfig on disk, or a reference to an existing secret |
Check Retries
Field | Description | Scheme |
---|---|---|
delay | Initial delay before the checks are run | |
interval | Retry the checks, on failure, on this interval | |
timeout | Timeout for the check |
Wait For
Field | Description | Scheme |
---|---|---|
delete | When set to true, the check waits for the resources to be deleted | bool |
disable | Disable the default behavior of waiting for resources to be healthy. | |
expr | CEL expression that determines whether all the resources are in their desired state before running checks on them.
It receives a | |
interval | Interval to check if all static & non-static resources are ready. (Default: 5s) | |
timeout | Timeout to wait for all static & non-static resources to satisfy the expression. (Default: 10m) |
Remote clusters
A single canary-checker instance can connect to any number of remote clusters via custom kubeconfig. Either the kubeconfig itself or the path to the kubeconfig can be provided.
kubeconfig from kubernetes secret
remote-cluster.yaml---
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: pod-creation-test
spec:
schedule: "@every 5m"
kubernetesResource:
- name: pod creation on aws cluster
namespace: default
description: "deploy httpbin"
kubeconfig:
valueFrom:
secretKeyRef:
name: aws-kubeconfig
key: kubeconfig
resources:
- apiVersion: v1
kind: Pod
metadata:
name: httpbin
namespace: default
labels:
app: httpbin
spec:
containers:
- name: httpbin
image: "kennethreitz/httpbin:latest"
ports:
- containerPort: 80
Kubeconfig inline
remote-cluster.yaml---
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: pod-creation-test
spec:
schedule: "@every 5m"
kubernetesResource:
- name: pod creation on aws cluster
namespace: default
description: "deploy httpbin"
kubeconfig:
value: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxxx
server: https://xxxxx.sk1.eu-west-1.eks.amazonaws.com
name: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
contexts:
- context:
cluster: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
namespace: mission-control
user: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
name: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
current-context: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
kind: Config
preferences: {}
users:
- name: arn:aws:eks:eu-west-1:765618022540:cluster/aws-cluster
user:
exec:
....
resources:
- apiVersion: v1
kind: Pod
metadata:
name: httpbin
namespace: default
labels:
app: httpbin
spec:
containers:
- name: httpbin
image: "kennethreitz/httpbin:latest"
ports:
- containerPort: 80
Kubeconfig from local filesystem
remote-cluster.yaml---
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: pod-creation-test
spec:
schedule: "@every 5m"
kubernetesResource:
- name: pod creation on aws cluster
namespace: default
description: "deploy httpbin"
kubeconfig:
value: /root/.kube/aws-kubeconfig
resources:
- apiVersion: v1
kind: Pod
metadata:
name: httpbin
namespace: default
labels:
app: httpbin
spec:
containers:
- name: httpbin
image: "kennethreitz/httpbin:latest"
ports:
- containerPort: 80