From 87d5e94a62ecf8afdf474fccb55252a6fe083a6b Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 6 Jul 2026 19:18:42 +0545 Subject: [PATCH 1/3] docs(canary-checker): refresh check reference coverage Align the Canary Checker docs with the current checker registry before the next release. Add missing active check references for Dynatrace and OpenSearch, document removed legacy check fields, replace inline YAML examples with fixture imports where fixtures exist, and update cross-links from Mission Control. Update shared field components and the canary-checker submodule pointer so rendered reference tables and embedded source docs match the current API and runtime behavior. --- .../docs/comparisons/blackbox-exporter.md | 46 +++--- canary-checker/docs/concepts/_connections.md | 60 +------- .../concepts/expressions/health-evaluation.md | 14 +- .../docs/concepts/expressions/transforms.mdx | 5 +- .../docs/concepts/secret-management.md | 139 +++--------------- canary-checker/docs/examples/sftp.mdx | 25 +--- canary-checker/docs/examples/smb.mdx | 25 +--- canary-checker/docs/health-checks.canary.mdx | 13 +- canary-checker/docs/index.mdx | 25 ++-- .../docs/reference/1-alert-manager.mdx | 36 +++-- .../docs/reference/1-aws-config-rule.mdx | 54 +------ .../docs/reference/1-aws-config.mdx | 7 +- .../docs/reference/1-azure-devops.mdx | 20 +-- canary-checker/docs/reference/1-catalog.mdx | 32 +--- canary-checker/docs/reference/1-dns.mdx | 18 +-- canary-checker/docs/reference/1-dynatrace.mdx | 22 +++ .../docs/reference/1-elasticsearch.mdx | 19 +-- canary-checker/docs/reference/1-exec.mdx | 43 +++--- canary-checker/docs/reference/1-folder.mdx | 66 +++++---- canary-checker/docs/reference/1-http.mdx | 32 +++- canary-checker/docs/reference/1-icmp.mdx | 21 +-- canary-checker/docs/reference/1-junit.mdx | 14 +- .../docs/reference/1-kubernetes-resource.mdx | 30 ++-- .../docs/reference/1-kubernetes.mdx | 78 ++++------ canary-checker/docs/reference/1-ldap.mdx | 13 +- canary-checker/docs/reference/1-mongo.mdx | 9 +- .../docs/reference/1-opensearch.mdx | 22 +++ .../docs/reference/1-prometheus.mdx | 39 +++-- canary-checker/docs/reference/1-pubsub.mdx | 30 ++-- canary-checker/docs/reference/1-redis.mdx | 15 +- .../docs/reference/1-s3-protocol.mdx | 23 ++- canary-checker/docs/reference/1-sql.mdx | 62 +++----- canary-checker/docs/reference/1-tcp.mdx | 14 +- canary-checker/docs/reference/1-webhook.mdx | 13 +- .../docs/reference/3-gcs-database-backup.mdx | 15 +- canary-checker/docs/reference/3-restic.mdx | 31 ++-- .../docs/reference/4-removed-checks.mdx | 27 ++++ .../docs/reference/_canary-spec.mdx | 33 ++++- .../docs/reference/_connections.mdx | 61 +------- canary-checker/docs/reference/_dynatrace.mdx | 0 canary-checker/docs/reference/jmeter.mdx | 20 ++- canary-checker/docs/scripting/_functions.md | 136 ++++++++--------- common/src/components/Fields.jsx | 14 +- common/src/components/HealthCheck.jsx | 26 +++- .../docs/integrations/kubernetes/index.mdx | 2 +- mission-control/docs/integrations/ldap.mdx | 116 +-------------- .../docs/reference/canary-checker/index.mdx | 73 ++++----- modules/canary-checker | 2 +- styles/ignore/words-with-suggestions.txt | 11 ++ 49 files changed, 690 insertions(+), 961 deletions(-) create mode 100644 canary-checker/docs/reference/1-dynatrace.mdx create mode 100644 canary-checker/docs/reference/1-opensearch.mdx create mode 100644 canary-checker/docs/reference/4-removed-checks.mdx delete mode 100644 canary-checker/docs/reference/_dynatrace.mdx diff --git a/canary-checker/docs/comparisons/blackbox-exporter.md b/canary-checker/docs/comparisons/blackbox-exporter.md index 0ab6120b..076ba8a0 100644 --- a/canary-checker/docs/comparisons/blackbox-exporter.md +++ b/canary-checker/docs/comparisons/blackbox-exporter.md @@ -4,28 +4,28 @@ sidebar_custom_props: icon: prometheus --- -# Canary-Checker vs Prometheus blackbox exporter +# Canary Checker vs Prometheus Blackbox Exporter -[Prometheus Blackbox Exporter](https://github.com/prometheus/blackbox_exporter) is a prometheus exporter for probing HTTP, HTTPS, DNS, TCP, ICMP, and gRPC. +[Prometheus Blackbox Exporter](https://github.com/prometheus/blackbox_exporter) is a Prometheus exporter for probing HTTP, HTTPS, DNS, TCP, ICMP, and gRPC. -| | Blackbox Exporter | Canary Checker | -| ------------------- | ---------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -| Prometheus Exporter | Yes | Yes | -| Internal DB | No | Runs with an embedded postgres database, making it possible to monitor prometheus itself | -| Check types | HTTP, ICMP, DNS, TCP, gRPC | 30+ | -| Custom Metrics | No | Create custom metrics from HTTP / SQL / Elasticsearch / etc queries | -| Exports | Metrics and labels only | Metrics, labels and error messages | -| Run in CI/CD | No | Run as a CLI for rapid feedback loops and export JUnit results in CI pipelines | -| Cron | No | Stop running checks when environments are shut down, or after hours | -| Scripting | No | Evaluate the health of a response using CEL, Javascript, Go Templates | -| **Kubernetes** | | | -| CRDs | Via [Probe](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.Probe) | Yes | -| Conditions | No | Status conditions enable canaries to be used as health checks in Helm, Flux, and Argo | -| Events | No | Kubernetes events are fired on failure | -| Secrets | Via [Probe](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.Probe) | | -| **Check Types** | | | -| Synthetic | No | Builtin check types for any test exporting JUnit test results e.g. (k6, playwright, robot, postman, etc) | -| Infrastructure | No | Verify the ability to launch new pods, create new EC2 instances or push and pull from docker / helm / git repositories | -| Backup | No | Check backups via Restic, S3, SMB, SFTP, GCS | -| Compliance | No | AWS Config Rules, Flanksource Config DB | -| Alert Aggregation | No | Alert Manager, AWS Cloudwatch, Dynatrace | +| | Blackbox Exporter | Canary Checker | +| ------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | +| Prometheus Exporter | Yes | Yes | +| Internal DB | No | Runs with an embedded Postgres database, making it possible to monitor Prometheus itself | +| Check types | HTTP, ICMP, DNS, TCP, gRPC | 30+ | +| Custom Metrics | No | Create custom metrics from HTTP, SQL, Elasticsearch, and other query results | +| Exports | Metrics and labels only | Metrics, labels and error messages | +| Run in CI/CD | No | Run as a CLI for rapid feedback loops and export JUnit results in CI pipelines | +| Cron | No | Stop running checks when environments are shut down, or after hours | +| Scripting | No | Evaluate the health of a response using CEL, JavaScript, and Go templates | +| **Kubernetes** | | | +| CRDs | Via [Probe](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.Probe) | Yes | +| Conditions | No | Status conditions enable canaries to be used as health checks in Helm, Flux, and Argo | +| Events | No | Kubernetes events are fired on failure | +| Secrets | Via [Probe](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.Probe) | | +| **Check Types** | | | +| Synthetic | No | Built-in check types for tests that export JUnit test results, such as k6, Playwright, Robot Framework, and Postman | +| Infrastructure | No | Verify Kubernetes resources, object storage, databases, and cloud APIs | +| Backup | No | Check backups via Restic, S3, SMB, SFTP, GCS | +| Compliance | No | AWS Config Rules, Flanksource Config DB | +| Alert Aggregation | No | Alertmanager, AWS CloudWatch, and Dynatrace | diff --git a/canary-checker/docs/concepts/_connections.md b/canary-checker/docs/concepts/_connections.md index bd46860c..3361a7d4 100644 --- a/canary-checker/docs/concepts/_connections.md +++ b/canary-checker/docs/concepts/_connections.md @@ -14,20 +14,8 @@ Whenever a field uses the `EnvVar` object type you have the option of specifying Using a HTTP health check as an example for static values: -```yaml title="http-basic-auth-static.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth -spec: - http: - - endpoint: https://httpbin.org/basic-auth/hello/world - responseCodes: [200] - authentication: - username: - value: hello - password: - value: world +```yaml title="http-basic-auth-static.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_static_pass.yaml + ``` ### Kubernetes Configmaps @@ -38,26 +26,8 @@ Create a configmap: kubectl create configmap basic-auth --from-literal=user=hello --from-literal=pass=world -n default ``` -```yaml title="http-basic-auth-configmap.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth-configmap -spec: - http: - - endpoint: https://httpbin.org/basic-auth/hello/world - responseCodes: [200] - authentication: - username: - valueFrom: - configMapKeyRef: - name: basic-auth - key: user - password: - valueFrom: - configMapKeyRef: - name: basic-auth - key: pass +```yaml title="http-basic-auth-configmap.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_config_map.yaml + ``` ### Kubernetes Secrets @@ -68,24 +38,6 @@ Create secret: kubectl create secret generic basic-auth --from-literal=user=hello --from-literal=pass=world -n default ``` -```yaml title="http-basic-auth-secret.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth-configmap -spec: - http: - - endpoint: https://httpbin.org/basic-auth/hello/world - responseCodes: [200] - authentication: - username: - valueFrom: - secretKeyRef: - name: basic-auth - key: user - password: - valueFrom: - secretKeyRef: - name: basic-auth - key: pass +```yaml title="http-basic-auth-secret.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_secret.yaml + ``` diff --git a/canary-checker/docs/concepts/expressions/health-evaluation.md b/canary-checker/docs/concepts/expressions/health-evaluation.md index a0333622..07948f87 100644 --- a/canary-checker/docs/concepts/expressions/health-evaluation.md +++ b/canary-checker/docs/concepts/expressions/health-evaluation.md @@ -2,11 +2,11 @@ title: Health Evaluation --- -All checks expose a health stats of passing (Green) or failing (Red). -For example the HTTP check fails if the status is `200 >= code < 299` -these default behaviors can be changed using the `test` field: +All checks expose a health status of passing or failing. +HTTP checks pass for `200 <= code < 300` by default, and fail otherwise. +You can change default behavior using the `test` field: -In the example below the http check fails if the HTTP response header contains an 'Authorization' field. +In the following example, the HTTP check fails if the HTTP response header contains an `Authorization` field. ```yaml title=http-check-expr.yaml file=/modules/canary-checker/fixtures/minimal/http_no_auth_pass.yaml @@ -16,10 +16,10 @@ In the example below the http check fails if the HTTP response header contains a `test` expressions must return a bool or boolean type string (`'true'` or `'false`') ::: -See Cel Expressions for a function reference +See CEL expressions for a function reference. -:::note Javascript and Go Templating -While `test` fields do support Javascript and Go Templates, they are not recommended for health evaluations due to their verbosity and performance. +:::note JavaScript and Go templates +While `test` fields support JavaScript and Go templates, they are not recommended for health evaluations because of their verbosity and performance. ::: ## Variables diff --git a/canary-checker/docs/concepts/expressions/transforms.mdx b/canary-checker/docs/concepts/expressions/transforms.mdx index 94ed6f1f..5dac0416 100644 --- a/canary-checker/docs/concepts/expressions/transforms.mdx +++ b/canary-checker/docs/concepts/expressions/transforms.mdx @@ -6,10 +6,10 @@ import TransformFields from './_transform_fields.mdx' The `transform` can be used to convert one check into multiple checks programmatically. -```yaml title="alertmanager-check.yaml" file=/modules/canary-checker/fixtures/datasources/alertmanager.yaml +```yaml title="alertmanager-check.yaml" file=/modules/canary-checker/fixtures/datasources/alertmanager_mix.yaml ``` -In the above example, the check returns multiple alerts from alertmanager. By default, all those alerts are grouped in a single check. +In the above example, the check returns multiple alerts from Alertmanager. By default, all those alerts are grouped in a single check. But if we want to display each alert as its own check in the UI, we can use the `transform` function for this. The transform function takes a `Template` as input and the output from the template expected are the checks in JSON format. @@ -30,4 +30,3 @@ To create a new check, return a JSON string of `[]TransformResult` containing th - diff --git a/canary-checker/docs/concepts/secret-management.md b/canary-checker/docs/concepts/secret-management.md index 58e2d409..29381f4c 100644 --- a/canary-checker/docs/concepts/secret-management.md +++ b/canary-checker/docs/concepts/secret-management.md @@ -29,20 +29,8 @@ Avoid in-lining secrets, use `valueFrom` and Env Using a HTTP health check as an example for static values: -```yaml title="http-basic-auth-static.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth -spec: - http: - - url: https://httpbin.org/basic-auth/hello/world - responseCodes: [200] - authentication: - username: - value: hello - password: - value: world +```yaml title="http-basic-auth-static.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_static_pass.yaml + ``` ## Kubernetes Config Maps @@ -53,26 +41,8 @@ To use a configmap, we first need to create the configmap: kubectl create configmap basic-auth --from-literal=user=hello --from-literal=pass=world -n default ``` -```yaml title="http-basic-auth-configmap.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth-configmap -spec: - http: - - url: https://httpbin.org/basic-auth/hello/world - responseCodes: [200] - authentication: - username: - valueFrom: - configMapKeyRef: - name: basic-auth - key: user - password: - valueFrom: - configMapKeyRef: - name: basic-auth - key: pass +```yaml title="http-basic-auth-configmap.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_config_map.yaml + ``` ## Kubernetes Secrets @@ -83,24 +53,8 @@ To use a secret, first we create the secret: kubectl create secret generic basic-auth --from-literal=user=hello --from-literal=pass=world -n default ``` -```yaml title="http-basic-auth-secret.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth-configmap -spec: - http: - - url: https://httpbin.demo.aws.flanksource.com/basic-auth/hello/world - username: - valueFrom: - secretKeyRef: - name: basic-auth - key: user - password: - valueFrom: - secretKeyRef: - name: basic-auth - key: pass +```yaml title="http-basic-auth-secret.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_secret.yaml + ``` ## Helm Values @@ -111,82 +65,29 @@ To use a secret, first we deploy a helm chart helm install podinfo podinfo/podinfo -n podinfo --set ingress.enabled=true ``` -```yaml title="http-from-helm.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-from-helm -spec: - http: - - env: - - name: url - valueFrom: - helmRef: - name: podinfo - key: .ingress.hosts[0].host - - url: $(url) +```yaml title="http-from-helm.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_helm_ref.yaml + ``` ## Kubernetes Service Accounts Checks can use service accounts for authentication with external services that have existing trust established -```yaml title="http-service-accounts.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: http-basic-auth-configmap -spec: - http: - interval: 30 - http: - - name: vault-example-sre - description: 'HashiCorp Vault functionality check.' - url: https://vault.example/v1/auth/kubernetes/login - env: - - name: TOKEN - valueFrom: - serviceAccount: default-account - templateBody: true - body: | - { - "jwt": "$(TOKEN)", - "role": "example-role" - } +```yaml title="http-service-accounts.yaml" file=/modules/canary-checker/fixtures/minimal/http_auth_from_service_account.yaml + ``` :::note -For service account token issuing the canary-checker service account `canary-checker-sa` needs to be granted permissions to issue tokens using: - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: canary-checker-sa-issuing-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: canary-checker-sa-issuing -subjects: - - kind: ServiceAccount - name: canary-checker-sa - namespace: canary-checker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: canary-checker-sa-issuing -rules: - -- apiGroups: [""] - resources: - - "serviceaccounts/token" - - "serviceaccounts" - verbs: - - "create" - - "get +To issue service account tokens, grant the `canary-checker-sa` service account access to `serviceaccounts/token`: + +```bash +kubectl create clusterrole canary-checker-sa-issuing \ + --verb=create,get \ + --resource=serviceaccounts,serviceaccounts/token + +kubectl create clusterrolebinding canary-checker-sa-issuing-rolebinding \ + --clusterrole=canary-checker-sa-issuing \ + --serviceaccount=canary-checker:canary-checker-sa ``` ::: diff --git a/canary-checker/docs/examples/sftp.mdx b/canary-checker/docs/examples/sftp.mdx index a3a02af5..09b26cfa 100644 --- a/canary-checker/docs/examples/sftp.mdx +++ b/canary-checker/docs/examples/sftp.mdx @@ -10,30 +10,7 @@ Checks the contents of a folder over SFTP for size, age, and count. See [Folder](../reference/folder) for a full description. -```yaml title="sftp-folder-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: sftp-check -spec: - interval: 30 - folder: - - path: /tmp - name: sample sftp check - maxCount: 10 - sftpConnection: - host: 192.168.1.5 - auth: - username: - valueFrom: - secretKeyRef: - name: sftp-credentials - key: USERNAME - password: - valueFrom: - secretKeyRef: - name: sftp-credentials - key: PASSWORD +```yaml title="sftp-folder-check.yaml" file=/modules/canary-checker/fixtures/datasources/SFTP/sftp_pass.yaml ``` | Field | Description | Scheme | Required | diff --git a/canary-checker/docs/examples/smb.mdx b/canary-checker/docs/examples/smb.mdx index 39cca6d5..af227b8a 100644 --- a/canary-checker/docs/examples/smb.mdx +++ b/canary-checker/docs/examples/smb.mdx @@ -10,34 +10,13 @@ Checks the contents of a Windows / CIFS file share for size, age, and count. See [Folder](../reference/folder) for a full description. -```yaml -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: smb-check -spec: - interval: 30 - folder: - - path: smb:\\192.168.1.9\Some Public Folder\somedir - name: sample smb check - smbConnection: - username: - valueFrom: - secretKeyRef: - name: smb-credentials - key: USERNAME - password: - valueFrom: - secretKeyRef: - name: smb-credentials - key: PASSWORD - minAge: 10h +```yaml title="smb-folder-check.yaml" file=/modules/canary-checker/fixtures/quarantine/smb_pass.yaml ``` | Field | Description | Scheme | Required | | --------------- | ---------------------------------------------------------- | -------------------------------- | -------- | | **`name`** | Name of the check | _string_ | Yes | -| **`path`** | A path to a shared windows folder e.g. `smb://host/folder` | string | Yes | +| **`path`** | A path to a shared Windows folder, such as `smb://host/folder` or a UNC path | string | Yes | | `smbConnection` | SMB connection details | [SMB](#smb) | | | `*` | All other fields available in the folder check | [_Folder_](../reference/folder) | | diff --git a/canary-checker/docs/health-checks.canary.mdx b/canary-checker/docs/health-checks.canary.mdx index 56e05f72..cf4b0a3d 100644 --- a/canary-checker/docs/health-checks.canary.mdx +++ b/canary-checker/docs/health-checks.canary.mdx @@ -10,24 +10,24 @@ sidebar_custom_props: -Canary Checker is a Kubernetes native health check platform that periodically runs various types of tests: +Canary Checker is a Kubernetes-native health check platform that periodically runs several types of tests: 1. Synthetic - Synthetic checks periodically run to directly test services and applications by generating requests using HTTP, SQL, Mongo, Redis, LDAP, etc. + Synthetic checks test services and applications by generating requests using HTTP, SQL, MongoDB, Redis, LDAP, and other protocols. 1. Passive - Passive checks consolidate alerts from monitoring systems like Prometheus, Datadog, Dynatrace, CloudWatch, and ElasticSearch. + Passive checks consolidate alerts from monitoring systems like Prometheus, Datadog, Dynatrace, CloudWatch, and Elasticsearch. 1. Infrastructure - Active infrastructure checks provision infrastructure (e.g., EC2 Instances, Kubernetes Pods) and then run synthetic checks against them to verify the ability to provision infrastructure. This process detects issues in infrastructure provisioning. + Infrastructure checks verify Kubernetes resources, object storage, databases, and cloud APIs. Use Kubernetes Resource checks to create Kubernetes manifests and run checks against the created resources. 1. Integration - Integration checks run automated test suites using tools like Playwright, JUnit, Newman, and K6 to validate end-to-end functionality across services and infrastructure. + Integration checks run automated test suites using tools like Playwright, JUnit, Newman, and k6 to validate end-to-end functionality across services and infrastructure. ### Metrics Exporter @@ -53,5 +53,4 @@ The health checks page provides a high-level view of the overall health of all s ## Synthetic -Synthetic checks periodically run to directly test services and applications by generating requests using HTTP, SQL, Mongo, Redis, LDAP, etc. - +Synthetic checks test services and applications by generating requests using HTTP, SQL, MongoDB, Redis, LDAP, and other protocols. diff --git a/canary-checker/docs/index.mdx b/canary-checker/docs/index.mdx index 288ffe7d..51ab409c 100644 --- a/canary-checker/docs/index.mdx +++ b/canary-checker/docs/index.mdx @@ -13,12 +13,12 @@ sidebar_custom_props: -Mission control provides the ability to define and run periodic health checks against services, infrastructure, and applications. +Canary Checker defines and runs periodic health checks against services, infrastructure, and applications. -1. **Synthetic** - checks run periodically to directly test services/applications by generating requests using http, sql, mongo, redis, ldap, etc. -1. **Passive** checks consolidate alerts from monitoring systems like Prometheus, Datadog, Dynatrace, CloudWatch and ElasticSearch -1. **Infrastructure** checks provision infrastructure (e.g. EC2 Instances, Kubernetes Pods) and then run synthetic checks against them to verify the ability to provision infrastructure. This allows detecting issues in infrastructure provisioning processes. -1. **Integration** checks run automated test suites using tools like Playwright, JUnit, Newman and K6 to validate end-to-end functionality across services and infrastructure. +1. **Synthetic** checks test services and applications by generating requests using HTTP, SQL, MongoDB, Redis, LDAP, and other protocols. +1. **Passive** checks consolidate alerts from monitoring systems like Prometheus, Datadog, Dynatrace, CloudWatch, and Elasticsearch. +1. **Infrastructure** checks verify Kubernetes resources, object storage, databases, and cloud APIs. +1. **Integration** checks run automated test suites using tools like Playwright, JUnit, Newman, and k6 to validate end-to-end functionality across services and infrastructure. :::info Under the hood health checks are implemented using the open-source [flanksource/canary-checker](https://github.com/flanksource/canary-checker) project @@ -26,27 +26,26 @@ Under the hood health checks are implemented using the open-source [flanksource/ ### Metrics Exporter -In addition to returning a pass/fail status, health checks can export metrics to Prometheus, replacing the need for many custom prometheus exporters. +In addition to returning a pass/fail status, health checks can export metrics to Prometheus, replacing the need for many custom Prometheus exporters. ### Scripting -Evaluate the health of checks using scripts in CEL, Javascript or Go Templating. Scripts can also be used to filter and transform alerts from external systems. +Evaluate the health of checks using scripts in CEL, JavaScript, or Go templates. Scripts can also filter and transform alerts from external systems. - ### Dashboard -The health checks page provides a high level view of the overall health of all services, infrastructure, and applications. It surfaces recent failures and provides a high level latency and reliability metrics. +### Dashboard + +The health checks page provides a high-level view of the overall health of all services, infrastructure, and applications. It surfaces recent failures and provides high-level latency and reliability metrics. ![](./images/canary-dashboard.png) ### Prometheus -[Prometheus](/docs/guide/canary-checker/concepts/metrics) metrics are exposed from health checks to provide high level visibility into latency, error rates and other metrics. This allows monitoring the health of services and applications using existing Prometheus alerts and Grafana dashboards. +[Prometheus](/docs/guide/canary-checker/concepts/metrics) metrics are exposed from health checks to provide high-level visibility into latency, error rates, and other metrics. This lets you monitor the health of services and applications using existing Prometheus alerts and Grafana dashboards. ### Synthetic -Synthetic checks are periodically run by canary checker to directly test services/applications by generating requests using http, sql, mongo, redis, ldap, etc. - - +Synthetic checks test services and applications by generating requests using HTTP, SQL, MongoDB, Redis, LDAP, and other protocols. diff --git a/canary-checker/docs/reference/1-alert-manager.mdx b/canary-checker/docs/reference/1-alert-manager.mdx index ac6d5a99..5a79a87f 100644 --- a/canary-checker/docs/reference/1-alert-manager.mdx +++ b/canary-checker/docs/reference/1-alert-manager.mdx @@ -15,38 +15,37 @@ sidebar_custom_props: -Checks [Prometheus AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) for any firing alerts. +Fetches alerts from the Prometheus Alertmanager `/api/v2/alerts` endpoint and stores the alerts in `results.alerts`. -The following example [transforms](../concepts/expressions/transforms) the list of alerts so that each alert becomes a single check result. Without the transform the health check fails if any alerts are firing. +The following example [transforms](../concepts/expressions/transforms) `results.alerts` so that each alert becomes a single check result. To fail when Alertmanager returns alerts, add a `test` expression in an imported fixture, such as `results.alerts.size() == 0`. ```yaml title="alert-manager-check.yaml" file=/modules/canary-checker/fixtures/datasources/alertmanager_mix.yaml ``` - @@ -57,13 +56,13 @@ The following example [transforms](../concepts/expressions/transforms) the list /modules/canary-checker/fixtures/datasources/alertmanager_mix.yaml {20} ``` -The above alertmanager canary can reside on any namespace and the check it generates are assigned the correct namespace derived from the alerts. - +The Alertmanager canary can reside in any namespace. The transformed checks use the namespace derived from the alerts. diff --git a/canary-checker/docs/reference/1-aws-config-rule.mdx b/canary-checker/docs/reference/1-aws-config-rule.mdx index b0c35f53..e6b985ea 100644 --- a/canary-checker/docs/reference/1-aws-config-rule.mdx +++ b/canary-checker/docs/reference/1-aws-config-rule.mdx @@ -8,9 +8,9 @@ sidebar_custom_props: -Check if any AWS resources are failing AWS config rule checks. +The AWS Config Rule check fetches AWS Config rule compliance and fails when matching rules are non-compliant. It skips `INSUFFICIENT_DATA` and `NOT_APPLICABLE` results. -```yaml title="aws-config-rule.yaml" file=/modules/canary-checker/fixtures/aws/aws_config_rule_pass.yaml +```yaml title="aws-config-rule.yaml" file=/modules/canary-checker/fixtures/aws/aws_config_rule_pass.yaml ``` - - - -### Connecting to AWS - -There are 3 options when connecting to AWS: - -1. An AWS [instance profile](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) or [pod identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html) (the default if no `connection` or `accessKey` is specified) - -2. `connection`, this is the recommended method, connections are reusable and secure - - ```yaml title="aws-connection.yaml" {9} - apiVersion: canaries.flanksource.com/v1 - kind: Canary - metadata: - name: aws-config-rule - spec: - interval: 30 - awsConfigRule: - - name: AWS Config Rule Checker - connection: connection://aws/internal - rules: - - 's3-bucket-public-read-prohibited' - ``` - -3. `accessKey` and `secretKey` _EnvVar_ with the credentials stored in a secret. - - ```yaml title="aws.yaml" {9-19} - apiVersion: canaries.flanksource.com/v1 - kind: Canary - metadata: - name: aws-config-rule - spec: - interval: 30 - awsConfigRule: - - name: AWS Config Rule Checker - accessKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_ACCESS_KEY_ID - secretKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - rules: - - 's3-bucket-public-read-prohibited' - ``` diff --git a/canary-checker/docs/reference/1-aws-config.mdx b/canary-checker/docs/reference/1-aws-config.mdx index d9bfb82b..6a4d776c 100644 --- a/canary-checker/docs/reference/1-aws-config.mdx +++ b/canary-checker/docs/reference/1-aws-config.mdx @@ -8,10 +8,10 @@ sidebar_custom_props: -AWS Config checks +The AWS Config check runs a SQL query against AWS Config resources. -```yaml title="aws-config-rule.yaml" file=/modules/canary-checker/fixtures/aws/aws_config_pass.yaml +```yaml title="aws-config.yaml" file=/modules/canary-checker/fixtures/aws/aws_config_pass.yaml ``` @@ -20,7 +20,7 @@ AWS Config checks { field: "query", required: true, - description: "Specify one or more Config rule names to filter the results by rule", + description: "SQL query to run against AWS Config resources", scheme: 'string' }, { @@ -30,4 +30,3 @@ AWS Config checks } ]}/> - diff --git a/canary-checker/docs/reference/1-azure-devops.mdx b/canary-checker/docs/reference/1-azure-devops.mdx index ce0238c7..7a5998f5 100644 --- a/canary-checker/docs/reference/1-azure-devops.mdx +++ b/canary-checker/docs/reference/1-azure-devops.mdx @@ -4,11 +4,11 @@ sidebar_custom_props: icon: azure-devops --- -# Azure Devops +# Azure DevOps -Azure Devops checks for healthy pipeline runs. +The Azure DevOps check verifies that the latest completed matching pipeline run succeeded. ```yaml title="azure-devops.yaml" file=/modules/canary-checker/fixtures/azure/devops.yaml @@ -17,41 +17,41 @@ Azure Devops checks for healthy pipeline runs. -Runs a [config-db](https://github.com/flanksource/config-db) query. +The Catalog check runs a [Config DB](https://github.com/flanksource/config-db) resource selector query. ```yaml title="catalog.yaml" file=/modules/canary-checker/fixtures/external/catalog.yaml ``` @@ -19,7 +19,7 @@ Runs a [config-db](https://github.com/flanksource/config-db) query. @@ -28,28 +28,8 @@ Runs a [config-db](https://github.com/flanksource/config-db) query. -### Examples - -```yaml title="catalog-pod-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: k8s-checks -spec: - schedule: '@every 30s' - catalog: - - name: pod-catalog-check - selector: - - labelSelector: 'kubernetes.io/app=notification-listener' - types: - - Kubernetes::Pod - test: - expr: "size(results) > 0" - - # Only namespace starting with kube should be kube-system, kube-public and kube-node-lease - - name: namespace-search-check - selector: - - search: 'kube-* type=Kubernetes::Namespace' - test: - expr: "size(results) == 3" +### Example + +```yaml title="catalog.yaml" file=/modules/canary-checker/fixtures/external/catalog.yaml + ``` diff --git a/canary-checker/docs/reference/1-dns.mdx b/canary-checker/docs/reference/1-dns.mdx index 5c59dc08..6e104b86 100644 --- a/canary-checker/docs/reference/1-dns.mdx +++ b/canary-checker/docs/reference/1-dns.mdx @@ -8,10 +8,10 @@ sidebar_custom_props: -Performs queries to a DNS server, typical use cases include: +The DNS check queries DNS records and measures DNS response latency. Use this check to: -* Checking the latency of the DNS server in a Kubernetes cluster -* Verifying that there are serving records for a DNS based load balancer. +* Check the latency of the DNS server in a Kubernetes cluster. +* Verify that a DNS-based load balancer has serving records. ```yaml title="dns.yaml" file=/modules/canary-checker/fixtures/minimal/dns_pass.yaml ``` @@ -20,9 +20,8 @@ Performs queries to a DNS server, typical use cases include: Dynatrace + + + +The Dynatrace check connects to the Dynatrace API and imports Dynatrace problems as check results. + +```yaml title="dynatrace.yaml" file=/modules/canary-checker/fixtures/external/dynatrace.yaml + +``` + + diff --git a/canary-checker/docs/reference/1-elasticsearch.mdx b/canary-checker/docs/reference/1-elasticsearch.mdx index 08be22d4..4cf3212e 100644 --- a/canary-checker/docs/reference/1-elasticsearch.mdx +++ b/canary-checker/docs/reference/1-elasticsearch.mdx @@ -4,14 +4,14 @@ sidebar_custom_props: icon: elasticsearch --- -# ElasticSearch +# Elasticsearch -This check connects to a specified ElasticSearch database, run a query against it and verify the results. +The Elasticsearch check connects to an Elasticsearch database, runs a query, and verifies the result count. -:::info Opensearch -To connect to Opensearch use `opensearch` field instead of `elasticsearch` +:::info OpenSearch +To connect to OpenSearch, use the `opensearch` field instead of `elasticsearch`. ::: @@ -23,24 +23,19 @@ To connect to Opensearch use `opensearch` field instead of `elasticsearch` { field: "url", - description: "Elasticsearch URL", - required: true + description: "Elasticsearch URL. Required unless connection supplies the URL", }, { field: "index", - description: "Index against which query should be ran", - required: true, + description: "Index to query", }, { field: "query", description: "Query that needs to be executed on the server", scheme: 'JSON', - required: true, - }, { field: "results", - description: "Number of expected hits", + description: "Expected hit count. Defaults to `0`. The check fails unless the hit count equals this value.", scheme: 'int', } ]}/> - diff --git a/canary-checker/docs/reference/1-exec.mdx b/canary-checker/docs/reference/1-exec.mdx index e4ab1a4a..bee58f8f 100644 --- a/canary-checker/docs/reference/1-exec.mdx +++ b/canary-checker/docs/reference/1-exec.mdx @@ -8,7 +8,7 @@ sidebar_custom_props: -Executes a bash (Linux) or powershell (Windows) script. The check is considered passing if the script exits with `0` +Executes a Bash (Linux) or PowerShell (Windows) script. The check passes when the script exits with `0`. :::tip Docker Image variants See Image Variants for a list of installed applications @@ -42,23 +42,15 @@ See Image Variants for a list of in }, { field: "connections", - description: "Setup connections for the script (e.g.: aws credentials)", - scheme: "[`ExecConnection`](#exec-connection)", + description: "Set up connections for the script", + scheme: "[`ExecConnections`](#exec-connections)", } ]}/> ## Shell Language -Use a shebang (`#!`) line to choose a different shell (`python`, `bash` and `pwsh` are included in the base image) - -```yaml -exec: - script: | - //highlight-next-line - #! pwsh - Get-Items | ConvertTo-JSON -``` +Use a shebang (`#!`) line as the first line of `script` to choose a different shell. The base image includes `python`, `bash`, and `pwsh`. @@ -71,15 +63,20 @@ exec: -### Exec Connection +### Exec Connections -Exec connections allow you to specify credentials for a list of CLI tools that are needed by your scripts. Eg: You can specify the AWS connection name and the credential files along with the necessary environment variables are setup on the host running the script. +Exec connections provide credentials and context for CLI tools used by your scripts. -| Field | Description | Type | Required | -| ------- | ---------------- | ------------------------------------------------------- | -------- | -| `aws` | AWS connection | [`AWSConnection`](/docs/reference/connections/aws) | | -| `gcp` | GCP connection | [`GCPConnection`](/docs/reference/connections/gcp) | | -| `azure` | Azure connection | [`AzureConnection`](/docs/reference/connections/azure) | | +| Field | Description | Type | Required | +| ----- | ----------- | ---- | -------- | +| `aws` | AWS connection | [`AWSConnection`](/docs/reference/connections/aws) | | +| `azure` | Azure connection | [`AzureConnection`](/docs/reference/connections/azure) | | +| `eksPodIdentity` | Use EKS Pod Identity credentials | `boolean` | | +| `fromConfigItem` | Load connection details from a config item | `string` | | +| `gcp` | GCP connection | [`GCPConnection`](/docs/reference/connections/gcp) | | +| `kubernetes` | Kubernetes connection | [`KubernetesConnection`](/docs/reference/connections/kubernetes) | | +| `opensearch` | OpenSearch connection | `OpensearchConnection` | | +| `serviceAccount` | Use the pod service account credentials | `boolean` | |
@@ -94,7 +91,7 @@ Exec connections allow you to specify credentials for a list of CLI tools that a | Field | Description | Type | Required | | ------ | ------------- | -------- | -------- | -| `path` | Path or glob. | `string` | `true` | +| `path` | Path, glob, `/dev/stdout`, or `/dev/stderr`. | `string` | `true` | See [artifacts](/docs/installation/artifacts) @@ -119,6 +116,8 @@ See [artifacts](/docs/installation/artifacts)
- diff --git a/canary-checker/docs/reference/1-folder.mdx b/canary-checker/docs/reference/1-folder.mdx index 2e906033..4f564017 100644 --- a/canary-checker/docs/reference/1-folder.mdx +++ b/canary-checker/docs/reference/1-folder.mdx @@ -8,14 +8,14 @@ sidebar_custom_props: -Checks the contents of a folder for size, age, and count. Folder based checks are useful in a number of scenarios: +The Folder check verifies folder contents by size, age, and count. Folder-based checks are useful for: - Verifying that backups have been uploaded and are the appropriate size - Checking that logs or other temporary files are being cleaned up - For batch processes: - - Checking if files are being processed (and/or produced) - - Checking the size of queue processing backlog - - Checking if any error (`.err` or `.log`) files have been produced. + - Checking whether files are being processed or produced + - Checking the size of a queue processing backlog + - Checking whether error files, such as `.err` or `.log`, have been produced ```yaml title="folder-check.yaml" file=/modules/canary-checker/fixtures/datasources/folder_single_pass.yaml ``` @@ -23,7 +23,7 @@ Checks the contents of a folder for size, age, and count. Folder based checks ar -In the example below it checks a local folder for files matching`pg-backups-.*.zip`, the check fails if: -- No files is created within the last `1d` -- The size of the matching files us smaller than `10mb` +The following example checks a local folder for files matching `pg-backups-.*.zip`. The check fails if no matching files were modified within the last `1d`, or if the matching files are smaller than `10mb`. ```yaml title="postgres-backup-check.yaml" file=/modules/canary-checker/fixtures/datasources/folder_with_filter.yaml @@ -86,19 +84,19 @@ In the example below it checks a local folder for files matching`pg-backups-.*.z ## Result Variables -The following fields are available in `test`, `display` and `transform` [expressions](../concepts/expressions) +The following fields are available in `test`, `display`, and `transform` [expressions](../concepts/expressions). -| Field | Scheme | -| --------------------------------------------------- | -------------------------------------------------- | -| `Oldest` | [os.FileInfo](https://pkg.go.dev/io/fs#FileInfo) | -| `Newest` | [os.FileInfo](https://pkg.go.dev/io/fs#FileInfo) | -| `MinSize` | [os.FileInfo](https://pkg.go.dev/io/fs#FileInfo) | -| `MaxSize` | [os.FileInfo](https://pkg.go.dev/io/fs#FileInfo) | -| `SupportsTotalSize` (Only true for SMB folders) | bool | -| `SupportsAvailableSize` (Only true for SMB folders) | bool | -| `TotalSize` | int64 | -| `AvailableSize` | int64 | -| `Files` | [[]os.FileInfo](https://pkg.go.dev/io/fs#FileInfo) | +| Field | Scheme | +| ----- | ------ | +| `oldest` | `File` | +| `newest` | `File` | +| `smallest` | `File` | +| `largest` | `File` | +| `size` | `int64` | +| `availableSize` | `int64` | +| `files` | `[]File` | + +`File` contains `name`, `size`, `mode`, `modified`, and `is_dir`. ## Connection Types @@ -116,7 +114,21 @@ The following fields are available in `test`, `display` and `transform` [express ### S3 - +
diff --git a/canary-checker/docs/reference/1-http.mdx b/canary-checker/docs/reference/1-http.mdx index a31a7abf..464bbf75 100644 --- a/canary-checker/docs/reference/1-http.mdx +++ b/canary-checker/docs/reference/1-http.mdx @@ -9,13 +9,13 @@ sidebar_custom_props: -This check performs queries on HTTP to monitor their activity. +The HTTP check sends HTTP requests and evaluates the response. ```yaml title=http-check.yaml file=/modules/canary-checker/fixtures/minimal/http_single_pass.yaml ``` Expected HTTP response codes
Equivalent to test.expr: code in [200, 201], scheme: "[]int"}, {field: "responseContent", description: <>Expected response body content
Equivalent to test.expr: content.contains("value"), scheme: "string"}, - {field: "responseJSONContent", description: "Deprecated: Use expr and jsonpath function", scheme: "JSONCheck", deprecated: true}, - {field: "thresholdMillis", description: "Maximum duration in milliseconds for the HTTP request. It will fail the check if it takes longer", default: 5000, scheme: "int"}, + {field: "responseJSONContent", description: "Deprecated and no-op. Use `test.expr` with `json` or `jsonpath` instead.", scheme: "JSONCheck", deprecated: true}, + {field: "thresholdMillis", description: "Maximum duration in milliseconds for the HTTP request. When unset, the HTTP client timeout is used.", scheme: "int"}, + {field: "maxRedirects", description: "Maximum number of redirects to follow", default: 10, scheme: "int"}, {field: "maxSSLExpiry", description: <>Maximum number of days until the SSL Certificate expires
Equivalent to test.expr: sslAge < Age("7d"), scheme: "int"}, {field: "env", description: "Environment variables that are accessible while templating", scheme: "[]EnvVar"}, - {field: "ntlm", description: "When set to true will authenticate using NTLM v1 protocol", scheme: "bool"}, - {field: "ntlmv2", description: "When set to true will authenticate using NTLM v2 protocol", scheme: "bool"}, + {field: "ntlm", description: "When set to true, authenticates using NTLM v1 protocol", scheme: "bool"}, + {field: "ntlmv2", description: "When set to true, authenticates using NTLM v2 protocol", scheme: "bool"}, {field: "crawl", description: "Crawl configuration for following links", scheme: "[Crawl](#crawl-configuration)"}, {field: "endpoint", description: "Deprecated: Use url instead", scheme: "string", deprecated: true}, ]}/> @@ -62,10 +65,21 @@ This check performs queries on HTTP to monitor their activity. {field: "params", description: "Parameters for OAuth", scheme: "map[string]string"}, ]}/> +### AWS Signature Version 4 + +Use `awsSigV4` to sign requests with AWS Signature Version 4. + + + +```yaml title="http-aws-sigv4.yaml" file=/modules/canary-checker/fixtures/minimal/http_aws_sigv4_pass.yaml + +``` + ### Crawl Configuration +```yaml title="http-crawl.yaml" file=/modules/canary-checker/fixtures/minimal/http-crawl_pass.yaml + +``` + ### Result Variables Result variables can be used in `test`, `display` and `transform` [expressions](../concepts/expressions) diff --git a/canary-checker/docs/reference/1-icmp.mdx b/canary-checker/docs/reference/1-icmp.mdx index 51fd5bc8..9b2af21e 100644 --- a/canary-checker/docs/reference/1-icmp.mdx +++ b/canary-checker/docs/reference/1-icmp.mdx @@ -8,15 +8,18 @@ sidebar_custom_props: -Performs ICMP (ping) requests for information on ICMP packet loss, duration, and response. +The ICMP check sends ping requests and measures packet loss, duration, and response. :::info -Canary checker supports both `privileged` and `unprivileged` ping modes using the `PING_MODE` environment variable or `pingMode` helm value. +Canary Checker supports both `privileged` and `unprivileged` ping modes using the `PING_MODE` environment variable or `pingMode` Helm value. -When using `unprivileged` you need to run: -```shell +Run the following command to allow unprivileged ICMP sockets: + +```shell title="Enable unprivileged ping" sudo sysctl -w net.ipv4.ping_group_range="0 2147483647" ``` + +The command allows all groups to create ICMP sockets without elevated privileges. ::: @@ -26,14 +29,14 @@ sudo sysctl -w net.ipv4.ping_group_range="0 2147483647" ## Metrics -| **Metric** | | | -| ------------------------------------------------ | ----- | ------------------------------------ | -| canary_check_icmp_packetloss{'{'}endpoint = "", ip = ""{'}'} | Gauge | Packet loss percentage in ICMP check | +| Metric | Type | Description | +| ------ | ---- | ----------- | +| `canary_check_icmp_packetloss{endpoint="",ip=""}` | Gauge | Packet loss percentage in ICMP check | diff --git a/canary-checker/docs/reference/1-junit.mdx b/canary-checker/docs/reference/1-junit.mdx index 74032dcf..9c6311e2 100644 --- a/canary-checker/docs/reference/1-junit.mdx +++ b/canary-checker/docs/reference/1-junit.mdx @@ -8,7 +8,7 @@ sidebar_custom_props: -JUnit check performs a Unit test, parses the JUnit test reports in a container at a specified path as defined in `testResults`. +Use a JUnit check to run a Kubernetes pod and ingest JUnit XML reports from `testResults`. ```yaml title="junit.yaml" file=/modules/canary-checker/fixtures/k8s/junit_pass.yaml @@ -43,14 +43,14 @@ JUnit check performs a Unit test, parses the JUnit test reports in a container a | Name | Description | Scheme | | ---------- | ------------------------------------------------ | ------------------------------ | -| `suites` | | [`[]JunitSuite`](#junit-suite) | +| `suites` | | [`[]JunitTestSuite`](#junit-test-suite) | | `passed` | Number of passing tests | _int_ | | `failed` | Number of failed tests | _int_ | -| `skipped` | NUmber of tests that were skipped | _int_ | +| `skipped` | Number of skipped tests | _int_ | | `error` | Number of errors produced when running the tests | _int_ | | `duration` | Total time in seconds | _float64_ | -### Junit Suite +### JUnit Test Suite | Name | Description | Scheme | | ---------- | ------------------------------------------------ | ---------------------------- | @@ -58,11 +58,11 @@ JUnit check performs a Unit test, parses the JUnit test reports in a container a | `tests` | | [`[]JunitTest`](#junit-test) | | `passed` | Number of passing tests | _int_ | | `failed` | Number of failed tests | _int_ | -| `skipped` | NUmber of tests that were skipped | _int_ | +| `skipped` | Number of skipped tests | _int_ | | `error` | Number of errors produced when running the tests | _int_ | | `duration` | Total time in seconds | _float64_ | -### Junit Test +### JUnit Test | Name | Description | Scheme | | ------------ | ------------------------------------------------------- | ------------------- | @@ -70,7 +70,7 @@ JUnit check performs a Unit test, parses the JUnit test reports in a container a | `classname` | an additional descriptor for the hierarchy of the test. | _string_ | | `duration` | Time in seconds | _float64_ | | `status` | One of `passed`, `skipped`, `failed` or `error` | _string_ | -| `message` | Description optionally included with a skipped, | _string_ | +| `message` | Text included with a skipped, failed, or errored test case | _string_ | | `properties` | Additional info about the test | `map[string]string` | | `error` | Any errors encountered when running a test | _string_ | | `stdout` | Standard output produced during test | _string_ | diff --git a/canary-checker/docs/reference/1-kubernetes-resource.mdx b/canary-checker/docs/reference/1-kubernetes-resource.mdx index 9dc46901..a6661c92 100644 --- a/canary-checker/docs/reference/1-kubernetes-resource.mdx +++ b/canary-checker/docs/reference/1-kubernetes-resource.mdx @@ -9,15 +9,16 @@ sidebar_custom_props: -The Kubernetes resource check creates kubernetes resources based on the provided manifests & perform checks on them. Some common use case of this -check would be to see if a service is accessible via the ingress as shown in the example below. +The Kubernetes Resource check creates Kubernetes resources from the provided manifests and performs checks on them. Use this check to verify that Kubernetes can create resources and that the created resources work as expected. + +Configure this check with `spec.kubernetesResource`. Check results use the runtime type `kubernetes_resource`. ```yaml title="ingress_test.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes_resource_ingress_pass.yaml ``` +By default, a Kubernetes Resource check can create up to 10 total resources across `resources` and `staticResources`. You can change this limit with `checks.kubernetesResource.maxResources`. + ### Check Retries /modules/canary-checker/fixtures/k8s/kubernetes-resource-check-inline-kubeconfig.yaml {12-33} +```yaml title="remote-cluster.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes-resource-check-inline-kubeconfig.yaml {12-33} ``` #### Kubeconfig from local filesystem @@ -143,11 +146,10 @@ Either the kubeconfig itself or the path to the kubeconfig can be provided. ### Templating The `resources` and `staticResources` fields can be templated using Go Templates. -This is helpful in creating resources with random names. -Example: you can setup a resource to create a pod with random name on each check run. This way you don't have to wait for the pod to be deleted on every check. +Use templating to create resources with random names. For example, you can create a pod with a random name on each check run so the check does not wait for the previous pod to be deleted. :::info -Templating the **Group**, **Version**, **Kind** & **Namespace** however isn't allowed. +Templating the **Group**, **Version**, **Kind**, and **Namespace** is not allowed. :::
@@ -171,7 +173,7 @@ Templating the **Group**, **Version**, **Kind** & **Namespace** however isn't al :::warning Since static resources are deleted when the canary is deleted, extra care must be taken when providing their manifests. -When this canary is deleted, the **test** namespace is deleted and consequently all the other resources within it, even those not created by this check. +When this canary is deleted, the **test** namespace is deleted. This also deletes every resource in that namespace, including resources that this check did not create. :::
@@ -180,7 +182,7 @@ When this canary is deleted, the **test** namespace is deleted and consequently
-```yaml title="namespace_creation.yaml" file=/modules/canary-checker/fixtures/external/crossplane-kubernetes-resource.yaml +```yaml title="crossplane-kubernetes-resource.yaml" file=/modules/canary-checker/fixtures/external/crossplane-kubernetes-resource.yaml ``` diff --git a/canary-checker/docs/reference/1-kubernetes.mdx b/canary-checker/docs/reference/1-kubernetes.mdx index acf469d6..a020dfd7 100644 --- a/canary-checker/docs/reference/1-kubernetes.mdx +++ b/canary-checker/docs/reference/1-kubernetes.mdx @@ -4,14 +4,12 @@ sidebar_position: 0 sidebar_custom_props: icon: k8s --- -import ReactMarkdown from 'react-markdown'; -import ResourceSelector from '@site/docs/snippets/\_resource-selector.mdx'; # Kubernetes -The Kubernetes check performs requests on Kubernetes resources such as Pods to get the desired information. +The Kubernetes check queries Kubernetes resources such as Pods and evaluates their health or readiness. ```yaml title="kubernetes.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes-minimal_pass.yaml @@ -19,15 +17,10 @@ The Kubernetes check performs requests on Kubernetes resources such as Pods to g - Failing checks are placed in this namespace, useful if you have shared namespaces. - - **NOTE:** this does not change the namespace of the resources being queried - }, - {field: "ignore", description: "Ignore the specified resources from the fetched resources. Can be a glob pattern.", scheme: '[]glob'}, + {field: "ignore", description: "Exclude resources by name. Values are glob patterns.", scheme: '[]string'}, {field: "healthy", description: "Fail the check if any resources are unhealthy", scheme: 'bool'}, {field: "ready", description: "Fail the check if any resources are not ready", scheme: 'bool'}, @@ -36,61 +29,46 @@ The Kubernetes check performs requests on Kubernetes resources such as Pods to g ## Resource Selector - - -```yaml title="catalog-pod-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: k8s-checks -spec: - schedule: '@every 30s' - kubernetes: - - name: notification-pod-health-check - selector: - - labelSelector: 'kubernetes.io/app=notification-listener' - types: - - Kubernetes::Pod - test: - expr: dyn(results).all(x, k8s.isHealthy(x)) + + +The following example uses `namespaceSelector` and `resource` to select Kubernetes resources. + +```yaml title="kubernetes.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes_pass.yaml +``` + +## API Version + +Use `apiVersion` when the same Kubernetes kind exists in more than one API group. + +```yaml title="kubernetes-apiversion.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes_apiversion_pass.yaml + ``` ## Healthy -Using `healthy: true` is functionally equivalent to: +Using `healthy: true` is functionally equivalent to this CEL expression: -```yaml - test: - expr: dyn(results).all(x, k8s.isHealthy(x)) +```cel +dyn(results).all(x, k8s.isHealthy(x)) ``` -```yaml title="kubnetes-healthy.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: kube-system-checks -spec: - interval: 30 - kubernetes: - - namespace: kube-system - name: kube-system - kind: Pod - //highlight-next-line - healthy: true - resource: - labelSelector: k8s-app=kube-dns - namespaceSelector: - name: kube-system +The following example uses `healthy: true`. +```yaml title="kubernetes-healthy.yaml" file=/modules/canary-checker/fixtures/k8s/kubernetes-minimal_pass.yaml ``` See the CEL function k8s.isHealthy for more details ## Ready -Similar to the `healthy` flag, there's also a `ready` flag which is functionally equivalent to having the following test expression +Similar to the `healthy` flag, the `ready` flag is functionally equivalent to this CEL expression: -``` +```cel dyn(results).all(x, k8s.isReady(x)) ``` diff --git a/canary-checker/docs/reference/1-ldap.mdx b/canary-checker/docs/reference/1-ldap.mdx index 61934868..94c81e7e 100644 --- a/canary-checker/docs/reference/1-ldap.mdx +++ b/canary-checker/docs/reference/1-ldap.mdx @@ -10,15 +10,14 @@ sidebar_custom_props: The LDAP check: -* Binds using the provided username and password to the LDAP host. It supports LDAP/LDAPS protocols. -* Searches an object type in the provided `bindDN`. +* Binds to an LDAP or LDAPS server using the configured username and password. +* Searches from the configured base DN. -```yaml title="icmp.yaml" file=/modules/canary-checker/fixtures/ldap/ldap_pass.yaml +```yaml title="ldap.yaml" file=/modules/canary-checker/fixtures/ldap/ldap_pass.yaml ``` - - diff --git a/canary-checker/docs/reference/1-mongo.mdx b/canary-checker/docs/reference/1-mongo.mdx index b1ad0f2d..c5bd8928 100644 --- a/canary-checker/docs/reference/1-mongo.mdx +++ b/canary-checker/docs/reference/1-mongo.mdx @@ -8,12 +8,11 @@ sidebar_custom_props: -The Mongo check tries to connect to a specified Mongo Database to ensure connectivity. +The MongoDB check connects to MongoDB and pings the primary to verify availability. -```yaml title="icmp.yaml" file=/modules/canary-checker/fixtures/datasources/mongo_pass.yaml +```yaml title="mongodb.yaml" file=/modules/canary-checker/fixtures/datasources/mongo_pass.yaml ``` - - diff --git a/canary-checker/docs/reference/1-opensearch.mdx b/canary-checker/docs/reference/1-opensearch.mdx new file mode 100644 index 00000000..4c9bd138 --- /dev/null +++ b/canary-checker/docs/reference/1-opensearch.mdx @@ -0,0 +1,22 @@ +--- +title: OpenSearch +sidebar_custom_props: + icon: opensearch +--- + +# OpenSearch + + + +The OpenSearch check runs a query against an OpenSearch index and verifies that the hit count equals `results`. + +```yaml title="opensearch.yaml" file=/modules/canary-checker/fixtures/opensearch/opensearch_pass.yaml + +``` + + diff --git a/canary-checker/docs/reference/1-prometheus.mdx b/canary-checker/docs/reference/1-prometheus.mdx index 40be58e1..a5723220 100644 --- a/canary-checker/docs/reference/1-prometheus.mdx +++ b/canary-checker/docs/reference/1-prometheus.mdx @@ -9,7 +9,7 @@ sidebar_custom_props: -The Prometheus Check connects to the Prometheus host, performs the desired query, and displays the results. +The Prometheus check connects to Prometheus, runs a PromQL query, and displays the results. ```yaml title="prometheus.yaml" file=/modules/canary-checker/fixtures/datasources/prometheus.yaml @@ -21,10 +21,20 @@ The Prometheus Check connects to the Prometheus host, performs the desired query { field: 'url', description: - 'Prometheus instance, defaults to `--prometheus` command line argument', - required: true + 'Prometheus URL. Required unless `connection` or `--prometheus` supplies the URL', + scheme: 'string' + }, + { + field: 'connection', + description: 'Connection URL that supplies Prometheus connection details', + scheme: 'string' }, { field: 'query', description: 'PromQL query to execute', required: true }, + { + field: 'headers', + description: 'HTTP headers to send with the query request', + scheme: '[]EnvVar' + }, { field: 'username', description: 'Username for basic auth', @@ -41,10 +51,21 @@ The Prometheus Check connects to the Prometheus host, performs the desired query scheme: 'EnvVar' }, { field: 'oauth', scheme: '[OAuth](#oauth)' }, + { + field: 'awsSigV4', + description: 'AWS Signature Version 4 signing configuration', + scheme: 'AWSSigV4' + }, { field: 'tls', description: 'TLS and mutual TLS configuration', scheme: '[TLSConfig](#tls-config)' + }, + { + field: 'host', + description: 'Deprecated. Use `url`; setting `host` fails the check.', + scheme: 'string', + deprecated: true } ]} /> @@ -107,13 +128,13 @@ Use `tls.ca` to verify Prometheus with a custom CA. Add `tls.cert` and `tls.key` | Name | Description | Scheme | | ------------ | ----------------------- | -------------------------- | -| `value` | | _float_ | -| `firstValue` | Number of rows returned | _int_ | -| `results` | A list of results | _[]map[string]interface{}_ | +| `value` | First sample value, or `0` when the query returns no samples | _float_ | +| `firstResult` | First result map, including labels and value | _map[string]interface{}_ | +| `results` | List of result maps. Each map contains labels and `value`. | _[]map[string]interface{}_ | ## Examples -### Create a check per prometheus job using a transform +### Create a check per Prometheus job using a transform ```yaml title="jobs.yaml" file=/modules/canary-checker/fixtures/prometheus/jobs.yaml @@ -121,7 +142,7 @@ Use `tls.ca` to verify Prometheus with a custom CA. Add `tls.cert` and `tls.key` ### Create a check per failing job only -```yaml title="jobs.yaml" file=/modules/canary-checker/fixtures/prometheus/jobs-fail-only.yaml +```yaml title="jobs-fail-only.yaml" file=/modules/canary-checker/fixtures/prometheus/jobs-fail-only.yaml ``` @@ -129,4 +150,4 @@ Use `tls.ca` to verify Prometheus with a custom CA. Add `tls.cert` and `tls.key` ```yaml title="prometheus-mtls.yaml" file=/modules/canary-checker/fixtures/datasources/prometheus_mtls.yaml -``` \ No newline at end of file +``` diff --git a/canary-checker/docs/reference/1-pubsub.mdx b/canary-checker/docs/reference/1-pubsub.mdx index 5bc6e376..8c919895 100644 --- a/canary-checker/docs/reference/1-pubsub.mdx +++ b/canary-checker/docs/reference/1-pubsub.mdx @@ -1,21 +1,22 @@ --- -title: PubSub +title: Pub/Sub sidebar_custom_props: icon: aws-sqs --- -This check connects to a PubSub Queue (SQS, GCP PubSub, RabbitMQ, Kafka, NATs) and pulls messages. +The Pub/Sub check connects to a queue, such as Amazon SQS, Google Cloud Pub/Sub, RabbitMQ, Kafka, NATS, or an in-memory queue, and pulls messages. ```yaml title="pubsub-gcp.yaml" file=/modules/canary-checker/fixtures/external/pubsub-gcp.yaml ``` ## SQS @@ -23,7 +24,7 @@ This check connects to a PubSub Queue (SQS, GCP PubSub, RabbitMQ, Kafka, NATs) a @@ -35,27 +36,34 @@ This check connects to a PubSub Queue (SQS, GCP PubSub, RabbitMQ, Kafka, NATs) a {field: "group", description: "Kafka consumer group ID", scheme: "string", required: true} ]}/> -## GCP PubSub +## Google Cloud Pub/Sub ## NATS ## RabbitMQ + +## Memory + + diff --git a/canary-checker/docs/reference/1-redis.mdx b/canary-checker/docs/reference/1-redis.mdx index aaec2be8..c9b5b735 100644 --- a/canary-checker/docs/reference/1-redis.mdx +++ b/canary-checker/docs/reference/1-redis.mdx @@ -10,16 +10,16 @@ sidebar_custom_props: The Redis check connects to a specified Redis database instance to check its availability. -```yaml title="redis.yaml" file=/modules/canary-checker/fixtures/datasources/redis_pass.yaml +```yaml title="redis.yaml" file=/modules/canary-checker/fixtures/datasources/redis_pass.yaml ``` -/modules/canary-checker/fixtures/datasources/redis-tls-insecure.yaml ``` - diff --git a/canary-checker/docs/reference/1-s3-protocol.mdx b/canary-checker/docs/reference/1-s3-protocol.mdx index 974ca563..5f56e245 100644 --- a/canary-checker/docs/reference/1-s3-protocol.mdx +++ b/canary-checker/docs/reference/1-s3-protocol.mdx @@ -4,35 +4,34 @@ sidebar_className: infra sidebar_custom_props: icon: logos:aws-s3 tags: -- enterprise + - enterprise --- # S3 Protocol -Checks if S3 compatible endpoints (like Minio, EMC ECS) are functioning correctly, +The S3 protocol check verifies that S3-compatible endpoints, such as MinIO and EMC ECS, can list, put, and get objects. :::info -To check the contents of a S3 bucket use: [S3 Bucket](folder#s3) +To check the contents of an S3 bucket, use the [folder check](folder#s3). ::: The S3 check: -- Lists objects in the bucket to check for Read permissions -- Puts an object into the bucket for Write permissions -- Downloads previously uploaded object to check for Get permissions +- Lists objects in the bucket to check read permissions. +- Puts an object into the bucket to check write permissions. +- Downloads the uploaded object to check get permissions. +Each run writes random test content to `objectPath`, reads it back, and leaves the object in the bucket. Use a dedicated disposable key because the check can overwrite an existing object at that key. -```yaml title="s3-protocol" file=/modules/canary-checker/fixtures/aws/s3-protocol.yaml +```yaml title="s3-protocol.yaml" file=/modules/canary-checker/fixtures/aws/s3-protocol.yaml ``` - - diff --git a/canary-checker/docs/reference/1-sql.mdx b/canary-checker/docs/reference/1-sql.mdx index 1bcb84fe..4f97a5f8 100644 --- a/canary-checker/docs/reference/1-sql.mdx +++ b/canary-checker/docs/reference/1-sql.mdx @@ -10,58 +10,44 @@ import { AzureSqlServer } from "@flanksource/icons/mi" -This check connects to a specified Postgres database, run a query against it and verify the results. +The SQL checks connect to a database, run a query, and fail when the returned row count is less than `results`. If `results` is omitted, the threshold is `0`. Set `markFailOnEmpty: true` to fail on zero rows. Use the `postgres`, `mysql`, or `mssql` field for the database engine that you want to check. The following fields apply to all three SQL check types. -```yaml file=/modules/canary-checker/fixtures/datasources/postgres.yaml +```yaml title="postgres.yaml" file=/modules/canary-checker/fixtures/datasources/postgres.yaml ``` - ## Result Variables -| Name | Description | Scheme | -| ------- | ----------------------- | -------------------------- | -| `rows` | | *[]map[string]interface{}* | -| `count` | Number of rows returned | *int* | +Use `.results.rows` and `.results.count` in Go templates. +| Name | Description | Scheme | +| ---- | ----------- | ------ | +| `results.rows` | Rows returned by the query. | *[]map[string]interface{}* | +| `results.count` | Number of rows returned. | *int* | -## SQL Server +## MySQL + +```yaml title="mysql.yaml" file=/modules/canary-checker/fixtures/datasources/mysql_pass.yaml -```yaml title=canary-mssql.yaml -# ... -kind: Canary -spec: - mssql: - //highlight-next-line - - url: "server=mssql.default.svc;user id=$(username);password=$(password);port=1433;database=master" - # ... ``` -## MySQL +## PostgreSQL {#postgres} + +```yaml title="postgres.yaml" file=/modules/canary-checker/fixtures/datasources/postgres_pass.yaml -```yaml title=lookup-mysql.yaml -# ... -kind: Canary -spec: - mysql: - //highlight-next-line - - url: "$(username):$(password)@tcp(mysql.default.svc:3306)/mysqldb" - # ... ``` -## Postgres +## SQL Server {#mssql} -```yaml title=canary-postgres.yaml -# ... -kind: Canary -spec: - mysql: - //highlight-next-line - - url: "postgres://$(username):$(password)@postgres.default.svc:5432/postgres?sslmode=disable" - # ... -``` +```yaml title="mssql.yaml" file=/modules/canary-checker/fixtures/datasources/mssql_pass.yaml +``` diff --git a/canary-checker/docs/reference/1-tcp.mdx b/canary-checker/docs/reference/1-tcp.mdx index 77e5ccab..deceb071 100644 --- a/canary-checker/docs/reference/1-tcp.mdx +++ b/canary-checker/docs/reference/1-tcp.mdx @@ -8,19 +8,17 @@ sidebar_custom_props: -Checks if a network port is reachable. +The TCP check verifies that a network port is reachable. - -```yaml title="tcp.yaml" file=/modules/canary-checker/fixtures/minimal/tcp.yaml +```yaml title="tcp.yaml" file=/modules/canary-checker/fixtures/minimal/tcp.yaml ``` - - diff --git a/canary-checker/docs/reference/1-webhook.mdx b/canary-checker/docs/reference/1-webhook.mdx index 9344ce44..850b5100 100644 --- a/canary-checker/docs/reference/1-webhook.mdx +++ b/canary-checker/docs/reference/1-webhook.mdx @@ -18,12 +18,15 @@ Webhooks allow you to create and update checks by sending HTTP POST requests to ` or in the `Webhook-Token` header", scheme: "EnvVar" } ]}/> +Choose a webhook name that is unique across canaries because `/webhook/:id` does not include a namespace. + This example: + 1. Defines a webhook named `Github` accessible via `http:///webhook/Github` 2. Transforms the incoming JSON into [check](#output) @@ -74,16 +77,16 @@ The request is available to the transformation function with these fields: YAML and See CSV for handling other file formats', + description: 'For other content types, Canary Checker stores up to the first 10 KiB of the request body in `results.content`. See YAML and See CSV for handling other file formats', } ]}/> diff --git a/canary-checker/docs/reference/3-gcs-database-backup.mdx b/canary-checker/docs/reference/3-gcs-database-backup.mdx index 9a72267f..e6102158 100644 --- a/canary-checker/docs/reference/3-gcs-database-backup.mdx +++ b/canary-checker/docs/reference/3-gcs-database-backup.mdx @@ -1,6 +1,5 @@ --- -title: GCS Database Backup -sidebar_class_name: beta +title: Google Cloud SQL Backups sidebar_custom_props: icon: google-cloud --- @@ -11,14 +10,14 @@ sidebar_custom_props: Checks if a Google Cloud SQL instance has been successfully backed up recently. -```yaml title="gcs-database.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup.yaml +```yaml title="google-cloud-sql-backup.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup.yaml ``` @@ -28,12 +27,12 @@ Checks if a Google Cloud SQL instance has been successfully backed up recently. There are 3 options when connecting to GCP: 1. GKE [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) (the default if no `connection` or `credentials` is specified) -2. `connection`, this is the recommended method, connections are reusable and secure +2. `connection`, this is the recommended method. Connections are reusable and secure. ```yaml title="database-backup-check.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup_cred_from_connection.yaml ``` -3. `accessKey` and `secretKey` _EnvVar_ with the credentials stored in a secret. +3. `credentials` _EnvVar_ with Google Cloud service account JSON stored in a secret. -```yaml title="gcs-database-backup.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup_cred.yaml +```yaml title="google-cloud-sql-backup.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup_cred.yaml ``` diff --git a/canary-checker/docs/reference/3-restic.mdx b/canary-checker/docs/reference/3-restic.mdx index 85ad4fb3..6084907a 100644 --- a/canary-checker/docs/reference/3-restic.mdx +++ b/canary-checker/docs/reference/3-restic.mdx @@ -9,27 +9,24 @@ sidebar_custom_props: - + The Restic check: -* Queries a Restic Repository for content -* Checks the integrity and consistency of the repository and data-blobs -* Checks for backup freshness. +- Queries a Restic repository for content. +- When `checkIntegrity` is true, reads a file from the latest snapshot to verify that Restic can restore data. +- Checks backup freshness. - -```yaml title="restic.yaml" file=/modules/canary-checker/fixtures/restic/restic_without_integrity_pass.yaml +```yaml title="restic.yaml" file=/modules/canary-checker/fixtures/restic/restic_without_integrity_pass.yaml ``` - - diff --git a/canary-checker/docs/reference/4-removed-checks.mdx b/canary-checker/docs/reference/4-removed-checks.mdx new file mode 100644 index 00000000..8236702a --- /dev/null +++ b/canary-checker/docs/reference/4-removed-checks.mdx @@ -0,0 +1,27 @@ +--- +title: Removed Checks +sidebar_custom_props: + icon: alert-triangle +--- + +# Removed Checks + + + +Canary Checker still accepts some legacy check fields in the API schema for compatibility. The runner no longer executes these checks. If you configure one of these fields, the check fails with: + +`this check type has been removed, use kubernetesResource or exec checks instead` + +Use the replacement check type for new canaries. + +| Field | Runtime type | Replacement | +| ----- | ------------ | ----------- | +| `containerd` | `containerdPull` | [`exec`](./exec) | +| `containerdPush` | `containerdPush` | [`exec`](./exec) | +| `docker` | `dockerPull` | [`exec`](./exec) | +| `dockerPush` | `dockerPush` | [`exec`](./exec) | +| `gitProtocol` | `gitProtocol` | [`exec`](./exec) | +| `github` | `github` | [`exec`](./exec) | +| `helm` | `helm` | [`kubernetesResource`](./kubernetes-resource) or [`exec`](./exec) | +| `namespace` | `namespace` | [`kubernetesResource`](./kubernetes-resource) | +| `pod` | `pod` | [`kubernetesResource`](./kubernetes-resource) | diff --git a/canary-checker/docs/reference/_canary-spec.mdx b/canary-checker/docs/reference/_canary-spec.mdx index 146e9523..d9aa4606 100644 --- a/canary-checker/docs/reference/_canary-spec.mdx +++ b/canary-checker/docs/reference/_canary-spec.mdx @@ -22,15 +22,16 @@ title: Canary Spec | Field | Description | Type | | ------------------ | ------------------------------------------------ | ------------------------------------------------------ | -| `alertmanager` | List of AlertManager checks to run. | [`[]AlertManagerCheck`](./alert-manager) | +| `alertmanager` | List of Alertmanager checks to run. | [`[]AlertManagerCheck`](./alert-manager) | | `awsConfig` | List of AWS Config checks to run. | [`[]AwsConfigCheck`](./aws-config) | | `awsConfigRule` | List of AWS Config Rule checks to run. | [`[]AwsConfigRuleCheck`](./aws-config-rule) | | `azureDevops` | List of Azure DevOps checks to run. | [`[]AzureDevopsCheck`](./azure-devops) | | `catalog` | List of Catalog checks to run. | [`[]CatalogCheck`](./catalog) | -| `cloudwatch` | List of CloudWatch checks to run. | [`[]CloudWatchCheck`](./cloudwatch) | +| `cloudwatch` | List of CloudWatch checks to run. | [`[]CloudWatchCheck`](./aws-cloudwatch) | | `databaseBackup` | List of database backup checks to run. | [`[]DatabaseBackupCheck`](./gcs-database-backup) | | `dns` | List of DNS checks to run. | [`[]DNSCheck`](./dns) | -| `elasticsearch` | List of ElasticSearch checks to run. | [`[]ElasticsearchCheck`](./elasticsearch) | +| `dynatrace` | List of Dynatrace checks to run. | [`[]DynatraceCheck`](./dynatrace) | +| `elasticsearch` | List of Elasticsearch checks to run. | [`[]ElasticsearchCheck`](./elasticsearch) | | `exec` | List of exec checks to run. | [`[]ExecCheck`](./exec) | | `folder` | List of folder checks to run. | [`[]FolderCheck`](./folder) | | `http` | List of HTTP checks to run. | [`[]HTTPCheck`](./http) | @@ -41,14 +42,30 @@ title: Canary Spec | `kubernetesResource` | List of Kubernetes Resource checks to run. | [`[]KubernetesResourceCheck`](./kubernetes-resource) | | `ldap` | List of LDAP checks to run. | [`[]LDAPCheck`](./ldap) | | `mongodb` | List of MongoDB checks to run. | [`[]MongoDBCheck`](./mongo) | -| `mssql` | List of MSSQL checks to run. | [`[]MssqlCheck`](./sql) | +| `mssql` | List of SQL Server checks to run. | [`[]MssqlCheck`](./sql) | | `mysql` | List of MySQL checks to run. | [`[]MysqlCheck`](./sql) | -| `opensearch` | List of OpenSearch checks to run. | [`[]OpenSearchCheck`](./elasticsearch) | -| `postgres` | List of Postgres checks to run. | [`[]PostgresCheck`](./sql) | +| `opensearch` | List of OpenSearch checks to run. | [`[]OpenSearchCheck`](./opensearch) | +| `postgres` | List of PostgreSQL checks to run. | [`[]PostgresCheck`](./sql) | | `prometheus` | List of Prometheus checks to run. | [`[]PrometheusCheck`](./prometheus) | -| `pubsub` | List of PubSub checks to run. | [`[]PubSubCheck`](./pubsub) | +| `pubsub` | List of Pub/Sub checks to run. | [`[]PubSubCheck`](./pubsub) | | `redis` | List of Redis checks to run. | [`[]RedisCheck`](./redis) | -| `restic` | List of restic backup checks to run. | [`[]ResticCheck`](./restic) | +| `restic` | List of Restic backup checks to run. | [`[]ResticCheck`](./restic) | | `s3` | List of S3 checks to run. | [`[]S3Check`](./s3-protocol) | | `tcp` | List of TCP checks to run. | [`[]TCPCheck`](./tcp) | | `webhook` | Webhook check configuration. | [`WebhookCheck`](./webhook) | + +## Removed Check Fields + +The following fields remain in the API schema for compatibility, but the runner no longer executes them. Use [`kubernetesResource`](./kubernetes-resource) or [`exec`](./exec) instead. + +| Field | Replacement | +| ----- | ----------- | +| `containerd` | [`exec`](./exec) | +| `containerdPush` | [`exec`](./exec) | +| `docker` | [`exec`](./exec) | +| `dockerPush` | [`exec`](./exec) | +| `gitProtocol` | [`exec`](./exec) | +| `github` | [`exec`](./exec) | +| `helm` | [`kubernetesResource`](./kubernetes-resource) or [`exec`](./exec) | +| `namespace` | [`kubernetesResource`](./kubernetes-resource) | +| `pod` | [`kubernetesResource`](./kubernetes-resource) | diff --git a/canary-checker/docs/reference/_connections.mdx b/canary-checker/docs/reference/_connections.mdx index 52574d93..961d1053 100644 --- a/canary-checker/docs/reference/_connections.mdx +++ b/canary-checker/docs/reference/_connections.mdx @@ -29,38 +29,11 @@ By using the AWS [Instance Profile](https://docs.aws.amazon.com/AWSEC2/latest/Us 1. Connection Using a shared Connection -```yaml title="aws-connection.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: cloudwatch-check -spec: - interval: 30 - cloudwatch: - - connection: connection://aws/internal - region: us-east-1 # optional if specified in the connection +```yaml title="aws-connection.yaml" file=/modules/canary-checker/fixtures/minimal/exec_connection_aws_fail.yaml ``` 1. Inline -```yaml title="inline.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: cloudwatch-check -spec: - interval: 30 - cloudwatch: - - accessKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_ACCESS_KEY_ID - secretKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_SECRET_ACCESS_KEY - region: us-east-1 +```yaml title="aws-inline.yaml" file=/modules/canary-checker/fixtures/aws/minimal/aws_exec_pass.yaml ``` ## GCP @@ -82,39 +55,13 @@ GKE [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/w 1. Connection -```yaml title="gcs-connection.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: database-backup-check -spec: - interval: 60 - folder: - - name: gcs auth test - path: gcs://somegcsbucket - gcpConnection: - connection: connection://gcp/internal +```yaml title="gcp-connection.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup_cred_from_connection.yaml ``` 1. Inline -```yaml title="gcp-inline.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: database-backup-check -spec: - interval: 60 - folder: - - name: gcs auth test - path: gcs://somegcsbucket - gcpConnection: - credentials: - valueFrom: - secretKeyRef: - name: gcp-credentials - key: AUTH_ACCESS_TOKEN +```yaml title="gcp-inline.yaml" file=/modules/canary-checker/fixtures/datasources/GCP/database_backup_cred.yaml ``` ## Azure diff --git a/canary-checker/docs/reference/_dynatrace.mdx b/canary-checker/docs/reference/_dynatrace.mdx deleted file mode 100644 index e69de29b..00000000 diff --git a/canary-checker/docs/reference/jmeter.mdx b/canary-checker/docs/reference/jmeter.mdx index 59e72eff..1ad62e01 100644 --- a/canary-checker/docs/reference/jmeter.mdx +++ b/canary-checker/docs/reference/jmeter.mdx @@ -1,5 +1,6 @@ --- -title: Jmeter +title: JMeter +sidebar_class_name: beta --- # JMeter @@ -9,24 +10,21 @@ title: Jmeter -This check executes the JMeter CLI to execute the JMX test plan on the specified host. +The JMeter check runs the JMeter CLI with a JMX test plan. ```yaml title='jmeter-check.yaml' file=/modules/canary-checker/fixtures/minimal/jmeter.yaml ``` | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| **`jmx`** | Jmx defines the ConfigMap or Secret reference to get the JMX test plan | *EnvVar* | Yes | -| `properties` | Properties defines the local JMeter properties | *\[\]string* | | -| `responseDuration` | Duration under which all the tests should pass | *string* | | -| `systemProperties` | SystemProperties defines the Java system property | *\[\]string* | | -| `host` | Host is the server against which test plan needs to be executed | *string* | | -| `port` | Port on which the server is running | *int32* | | +| **`jmx`** | ConfigMap or Secret reference that contains the JMX test plan | *EnvVar* | Yes | +| `properties` | Local JMeter properties | *\[\]string* | | +| `responseDuration` | Maximum total JTL elapsed time. The check fails when the elapsed time exceeds this duration. | *Duration* | | +| `systemProperties` | Java system properties | *\[\]string* | | +| `host` | Proxy host passed to the JMeter CLI `-H` flag. The JMX plan defines the target under test. | *string* | | +| `port` | Proxy port passed to the JMeter CLI `-P` flag. | *int32* | | | **`name`** | Name of the check, must be unique within the canary | `string` | Yes | | `description` | Description for the check | `string` | | | `icon` | Icon for overwriting default icon on the dashboard | `string` | | | `labels` | Labels for check | `map[string]string` | | -| `test` | Evaluate whether a check is healthy | [`Expression`](../concepts/expressions/health-evaluation) | | -| `display` | Expression to change the formatting of the display | [`Expression`](../concepts/expressions/display-formatting ) | | -| `transform` | Transform data from a check into multiple individual checks | [`Expression`](../concepts/expressions/transforms) | | | `metrics` | Metrics to export from | [`[]Metrics`](../concepts/metrics#custom-metrics) | | diff --git a/canary-checker/docs/scripting/_functions.md b/canary-checker/docs/scripting/_functions.md index 325351d2..1325575a 100644 --- a/canary-checker/docs/scripting/_functions.md +++ b/canary-checker/docs/scripting/_functions.md @@ -1,70 +1,70 @@ Functions in scripts are a combination of gomplate and sprig -| Function | Description | Lang | -| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------------ | ------------ | -| `len` | | `gotemplate` | -| `index` | Returns the referenced element of an array/slice, string, or map | `gotemplate` | -| `and` (&&), `or` ( | | ), `not` (!), eq`(==), `lt` (<)`le`, (<=) `gt`(>),`ge`(>=) | Equality operators |`gotemplate`| -|`print`, `printf`, `println` | Aliases for Go’s [`fmt.Print`](https://golang.org/pkg/fmt/#Print), [`fmt.Printf`](https://golang.org/pkg/fmt/#Printf), and [`fmt.Println`](https://golang.org/pkg/fmt/#Println) functions | | -| [ternary](https://docs.gomplate.ca/functions/test/#testternary) | Returns one of two values depending on whether the third is true. | | -| `humanizeBytes` | Returns a human readable value for bytes .e.g.`1mb` | | -|`humanizeTime` | | | -|`humanizeDuration` | | | -| [`base64.encode`](https://docs.gomplate.ca/functions/base64/#base64encode) | | | -| [`base64.decode`](https://docs.gomplate.ca/functions/base64/#base64decode) | | | -| [`strings.Abbrev`](https://docs.gomplate.ca/functions/strings/#stringsabbrev) | | | -| [`strings.Contains`](https://docs.gomplate.ca/functions/strings/#stringscontains) | | | -| [`strings.HasPrefix`](https://docs.gomplate.ca/functions/strings/#stringshasprefix) | | | -| [`strings.HasSuffix`](https://docs.gomplate.ca/functions/strings/#stringshassuffix) | | | -| [`strings.Indent`](https://docs.gomplate.ca/functions/strings/#stringsindent) | | | -| [`strings.SkipLines`](https://docs.gomplate.ca/functions/strings/#stringsskiplines) | | | -| [`strings.Split`](https://docs.gomplate.ca/functions/strings/#stringssplit) | | | -| [`strings.Quote`](https://docs.gomplate.ca/functions/strings/#stringsquote) | | | -| [`strings.Repeat`](https://docs.gomplate.ca/functions/strings/#stringsrepeat) | | | -| [`strings.ReplaceAll`](https://docs.gomplate.ca/functions/strings/#stringsreplaceall) | | | -| [`strings.Slug`](https://docs.gomplate.ca/functions/strings/#stringsslug) | | | -| [`strings.ShellQuote`](https://docs.gomplate.ca/functions/strings/#stringsshellquote) | | | -| [`strings.Title`](https://docs.gomplate.ca/functions/strings/#stringstitle) | | | -| [`strings.ToLower`](https://docs.gomplate.ca/functions/strings/#stringstolower) | | | -| [`strings.ToUpper`](https://docs.gomplate.ca/functions/strings/#stringstoupprt) | | | -| [`strings.Trim`](https://docs.gomplate.ca/functions/strings/#stringstrim) | | | -| [`strings.TrimPrefix`](https://docs.gomplate.ca/functions/strings/#stringstrimprefix) | | | -| [`strings.TrimSpace`](https://docs.gomplate.ca/functions/strings/#stringstrimspace) | | | -| | | | -| [`strings.TrimSuffix`](https://docs.gomplate.ca/functions/strings/#stringstrimsuffix) | | | -| [`strings.Trunc`](https://docs.gomplate.ca/functions/strings/#stringstrunc) | | | -| [`strings.CamelCase`](https://docs.gomplate.ca/functions/strings/#stringscamelcase) | | | -| [`strings.SnakeCase`](https://docs.gomplate.ca/functions/strings/#stringssnakecase) | | | -| [`strings.KebabCase`](https://docs.gomplate.ca/functions/strings/#stringskebabcase) | | | -| [`strings.WordWrap`](https://docs.gomplate.ca/functions/strings/#stringswordwrap) | | | -| [`strings.RuneCount`](https://docs.gomplate.ca/functions/strings/#stringsrunecount) | | | -| [`strings.KebabCase`](https://docs.gomplate.ca/functions/strings/#stringskebabcase) | | | -| [regexp.Find](https://docs.gomplate.ca/functions/regexp/#regexpfind) | Returns a string holding the text of the leftmost match in `input`of the regular expression`expression`. | | -| [regexp.FindAll](https://docs.gomplate.ca/functions/regexp/#regexpfindall) | Returns a list of all successive matches of the regular expression. | | -| [regexp.Match](https://docs.gomplate.ca/functions/regexp/#regexpmatch) | Returns `true`if a given regular expression matches a given input. | | -| [regexp.Replace](https://docs.gomplate.ca/functions/regexp/#regexpreplace) | Replaces matches of a regular expression with the replacement string. | | -| [regexp.Split](https://docs.gomplate.ca/functions/regexp/#regexpsplit) | Splits`input` into sub-strings, separated by the expression. | | -| | | | -| [json](https://docs.gomplate.ca/functions/data/#datajson) | Converts a JSON string into an object | | -| [jsonArray](https://docs.gomplate.ca/functions/data/#datajsonarray) | Converts a JSON string into a slice. Only works for JSON Arrays. | | -| [yaml](https://docs.gomplate.ca/functions/data/#datayaml) | Converts a YAML string into an object. | | -| [yamlArray](https://docs.gomplate.ca/functions/data/#datayamlarray) | Converts a YAML string into a slice. Only works for YAML Arrays. | | -| [toml](https://docs.gomplate.ca/functions/data/#datatoml) | Converts a [TOML](https://github.com/toml-lang/toml) document into an object. | | -| [csv](https://docs.gomplate.ca/functions/data/#datacsv) | Converts a CSV-format string into a 2-dimensional string array. | | -| [csvByRow](https://docs.gomplate.ca/functions/data/#datacsvbyrow) | Converts a CSV-format string into a slice of maps. | | -| [csvByColumn](https://docs.gomplate.ca/functions/data/#datacsvbycolumn) | Like [`csvByRow`](https://docs.gomplate.ca/functions/data/#csvByRow), except that the data is presented as a columnar (column-oriented) map. | | -| [toJSON](https://docs.gomplate.ca/functions/data/#datatojson) | Converts an object to a JSON document | | -| [toJSONPretty](https://docs.gomplate.ca/functions/data/#datatojsonpretty) | Converts an object to a pretty-printed (or _indented_) JSON document | | -| [toYAML](https://docs.gomplate.ca/functions/data/#datatoyaml) | Converts an object to a YAML document | | -| [toTOML](https://docs.gomplate.ca/functions/data/#datatotoml) | Converts an object to a [TOML](https://github.com/toml-lang/toml) document. | | -| [toCSV](https://docs.gomplate.ca/functions/data/#datatocsv) | Converts an object to a CSV document. The input object must be a 2-dimensional array of strings (a `[][]string`). | | -| [sha1](https://docs.gomplate.ca/functions/crypto/#cryptosha1-cryptosha224-cryptosha256-cryptosha384-cryptosha512-cryptosha512_224-cryptosha512_256) | Compute a checksum with a SHA-1 or SHA-2 algorithm as defined | | -| [time.Now](https://docs.gomplate.ca/functions/time/#timenow) | | | -| [time.Parse](https://docs.gomplate.ca/functions/time/#timeparse) | Parses a timestamp defined by the given layout | | -| [time.ParseDuration](https://docs.gomplate.ca/functions/time/#timeparseduration) | Parses a duration string. This wraps [`time.ParseDuration`](https://golang.org/pkg/time/#ParseDuration). | | -| [time.Since](https://docs.gomplate.ca/functions/time/#timesince) | Returns the time elapsed since a given time | | -| [time.Unix](https://docs.gomplate.ca/functions/time/#timeunix) | Returns the local `Time` corresponding to the given Unix time | | -| [time.Until](https://docs.gomplate.ca/functions/time/#timeuntil) | Returns the duration until a given time. | | -| [uuid.V1](https://docs.gomplate.ca/functions/uuid/#uuidv1) | Create a version 1 UUID | | -| [uuid.V4](https://docs.gomplate.ca/functions/uuid/#uuidv4) | Create a version 4 UUID - this function consumes entropy | | -| | This function consumes entropy. | | +| Function | Description | Lang | +| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | ------------------ | ------------ | +| `len` | | `gotemplate` | +| `index` | Returns the referenced element of an array/slice, string, or map | `gotemplate` | +| `and` (&&), `or` ( | | ), `not` (!), eq`(==), `lt` (<)`le`, (<=) `gt`(>),`ge`(>=) | Equality operators | `gotemplate` | +| `print`, `printf`, `println` | Aliases for Go’s [`fmt.Print`](https://golang.org/pkg/fmt/#Print), [`fmt.Printf`](https://golang.org/pkg/fmt/#Printf), and [`fmt.Println`](https://golang.org/pkg/fmt/#Println) functions | | +| [ternary](https://docs.gomplate.ca/functions/test/#testternary) | Returns one of two values depending on whether the third is true. | | +| `humanizeBytes` | Returns a human readable value for bytes .e.g.`1mb` | | +| `humanizeTime` | | | +| `humanizeDuration` | | | +| [`base64.encode`](https://docs.gomplate.ca/functions/base64/#base64encode) | | | +| [`base64.decode`](https://docs.gomplate.ca/functions/base64/#base64decode) | | | +| [`strings.Abbrev`](https://docs.gomplate.ca/functions/strings/#stringsabbrev) | | | +| [`strings.Contains`](https://docs.gomplate.ca/functions/strings/#stringscontains) | | | +| [`strings.HasPrefix`](https://docs.gomplate.ca/functions/strings/#stringshasprefix) | | | +| [`strings.HasSuffix`](https://docs.gomplate.ca/functions/strings/#stringshassuffix) | | | +| [`strings.Indent`](https://docs.gomplate.ca/functions/strings/#stringsindent) | | | +| [`strings.SkipLines`](https://docs.gomplate.ca/functions/strings/#stringsskiplines) | | | +| [`strings.Split`](https://docs.gomplate.ca/functions/strings/#stringssplit) | | | +| [`strings.Quote`](https://docs.gomplate.ca/functions/strings/#stringsquote) | | | +| [`strings.Repeat`](https://docs.gomplate.ca/functions/strings/#stringsrepeat) | | | +| [`strings.ReplaceAll`](https://docs.gomplate.ca/functions/strings/#stringsreplaceall) | | | +| [`strings.Slug`](https://docs.gomplate.ca/functions/strings/#stringsslug) | | | +| [`strings.ShellQuote`](https://docs.gomplate.ca/functions/strings/#stringsshellquote) | | | +| [`strings.Title`](https://docs.gomplate.ca/functions/strings/#stringstitle) | | | +| [`strings.ToLower`](https://docs.gomplate.ca/functions/strings/#stringstolower) | | | +| [`strings.ToUpper`](https://docs.gomplate.ca/functions/strings/#stringstoupprt) | | | +| [`strings.Trim`](https://docs.gomplate.ca/functions/strings/#stringstrim) | | | +| [`strings.TrimPrefix`](https://docs.gomplate.ca/functions/strings/#stringstrimprefix) | | | +| [`strings.TrimSpace`](https://docs.gomplate.ca/functions/strings/#stringstrimspace) | | | +| | | | +| [`strings.TrimSuffix`](https://docs.gomplate.ca/functions/strings/#stringstrimsuffix) | | | +| [`strings.Trunc`](https://docs.gomplate.ca/functions/strings/#stringstrunc) | | | +| [`strings.CamelCase`](https://docs.gomplate.ca/functions/strings/#stringscamelcase) | | | +| [`strings.SnakeCase`](https://docs.gomplate.ca/functions/strings/#stringssnakecase) | | | +| [`strings.KebabCase`](https://docs.gomplate.ca/functions/strings/#stringskebabcase) | | | +| [`strings.WordWrap`](https://docs.gomplate.ca/functions/strings/#stringswordwrap) | | | +| [`strings.RuneCount`](https://docs.gomplate.ca/functions/strings/#stringsrunecount) | | | +| [`strings.KebabCase`](https://docs.gomplate.ca/functions/strings/#stringskebabcase) | | | +| [regexp.Find](https://docs.gomplate.ca/functions/regexp/#regexpfind) | Returns a string holding the text of the leftmost match in `input`of the regular expression`expression`. | | +| [regexp.FindAll](https://docs.gomplate.ca/functions/regexp/#regexpfindall) | Returns a list of all successive matches of the regular expression. | | +| [regexp.Match](https://docs.gomplate.ca/functions/regexp/#regexpmatch) | Returns `true`if a given regular expression matches a given input. | | +| [regexp.Replace](https://docs.gomplate.ca/functions/regexp/#regexpreplace) | Replaces matches of a regular expression with the replacement string. | | +| [regexp.Split](https://docs.gomplate.ca/functions/regexp/#regexpsplit) | Splits`input` into sub-strings, separated by the expression. | | +| | | | +| [json](https://docs.gomplate.ca/functions/data/#datajson) | Converts a JSON string into an object | | +| [jsonArray](https://docs.gomplate.ca/functions/data/#datajsonarray) | Converts a JSON string into a slice. Only works for JSON Arrays. | | +| [yaml](https://docs.gomplate.ca/functions/data/#datayaml) | Converts a YAML string into an object. | | +| [yamlArray](https://docs.gomplate.ca/functions/data/#datayamlarray) | Converts a YAML string into a slice. Only works for YAML Arrays. | | +| [toml](https://docs.gomplate.ca/functions/data/#datatoml) | Converts a [TOML](https://github.com/toml-lang/toml) document into an object. | | +| [csv](https://docs.gomplate.ca/functions/data/#datacsv) | Converts a CSV-format string into a 2-dimensional string array. | | +| [csvByRow](https://docs.gomplate.ca/functions/data/#datacsvbyrow) | Converts a CSV-format string into a slice of maps. | | +| [csvByColumn](https://docs.gomplate.ca/functions/data/#datacsvbycolumn) | Like [`csvByRow`](https://docs.gomplate.ca/functions/data/#csvByRow), except that the data is presented as a columnar (column-oriented) map. | | +| [toJSON](https://docs.gomplate.ca/functions/data/#datatojson) | Converts an object to a JSON document | | +| [toJSONPretty](https://docs.gomplate.ca/functions/data/#datatojsonpretty) | Converts an object to a pretty-printed (or _indented_) JSON document | | +| [toYAML](https://docs.gomplate.ca/functions/data/#datatoyaml) | Converts an object to a YAML document | | +| [toTOML](https://docs.gomplate.ca/functions/data/#datatotoml) | Converts an object to a [TOML](https://github.com/toml-lang/toml) document. | | +| [toCSV](https://docs.gomplate.ca/functions/data/#datatocsv) | Converts an object to a CSV document. The input object must be a 2-dimensional array of strings (a `[][]string`). | | +| [sha1](https://docs.gomplate.ca/functions/crypto/#cryptosha1-cryptosha224-cryptosha256-cryptosha384-cryptosha512-cryptosha512_224-cryptosha512_256) | Compute a checksum with a SHA-1 or SHA-2 algorithm as defined | | +| [time.Now](https://docs.gomplate.ca/functions/time/#timenow) | | | +| [time.Parse](https://docs.gomplate.ca/functions/time/#timeparse) | Parses a timestamp defined by the given layout | | +| [time.ParseDuration](https://docs.gomplate.ca/functions/time/#timeparseduration) | Parses a duration string. This wraps [`time.ParseDuration`](https://golang.org/pkg/time/#ParseDuration). | | +| [time.Since](https://docs.gomplate.ca/functions/time/#timesince) | Returns the time elapsed since a given time | | +| [time.Unix](https://docs.gomplate.ca/functions/time/#timeunix) | Returns the local `Time` corresponding to the given Unix time | | +| [time.Until](https://docs.gomplate.ca/functions/time/#timeuntil) | Returns the duration until a given time. | | +| [uuid.V1](https://docs.gomplate.ca/functions/uuid/#uuidv1) | Create a version 1 UUID | | +| [uuid.V4](https://docs.gomplate.ca/functions/uuid/#uuidv4) | Create a version 4 UUID - this function consumes entropy | | +| | This function consumes entropy. | | diff --git a/common/src/components/Fields.jsx b/common/src/components/Fields.jsx index 0bdf1bb7..fccd6f23 100644 --- a/common/src/components/Fields.jsx +++ b/common/src/components/Fields.jsx @@ -135,6 +135,16 @@ export default function Fields({ common = [], rows = [], oneOf, anyOf, connectio description: "Secret Access Key", scheme: "EnvVar" }, + { + field: "sessionToken", + description: "Session token", + scheme: "EnvVar" + }, + { + field: "assumeRole", + description: "Role ARN to assume", + scheme: "string" + }, { field: "region", description: "The AWS region", @@ -206,7 +216,7 @@ export default function Fields({ common = [], rows = [], oneOf, anyOf, connectio rows = rows.concat([ { field: oss ? null : "connection", - description: "The connection url to use, mutually exclusive with `username` and `password`", + description: "Connection reference or URL to use. Inline username and password can supply credentials when the check supports them", scheme: "Connection", }, { @@ -233,7 +243,7 @@ export default function Fields({ common = [], rows = [], oneOf, anyOf, connectio rows = rows.concat([ { field: oss ? null : "connection", - description: "The connection url or name to use`", + description: "Connection reference or URL to use", scheme: "Connection", }, { diff --git a/common/src/components/HealthCheck.jsx b/common/src/components/HealthCheck.jsx index 265059d3..67db234d 100644 --- a/common/src/components/HealthCheck.jsx +++ b/common/src/components/HealthCheck.jsx @@ -38,12 +38,22 @@ export default function HealthCheck({ name, edition, rows, ...props }) { scheme: "map[string]string" }, { - field: "test", + field: "namespace", + description: "Namespace to insert the check result into when it differs from the canary namespace", + scheme: "string" + }, + { + field: "dependsOn", + description: "Checks that must complete before this check runs", + scheme: "[]string" + }, + { + field: ["mongo", "mongodb", "redis"].includes(name) ? null : "test", description: "Evaluate whether a check is healthy", scheme: "[`Expression`](../concepts/expressions/health-evaluation)" }, { - field: "display", + field: ["mongo", "mongodb", "redis"].includes(name) ? null : "display", description: "Expression to change the formatting of the display", scheme: "[`Expression`](../concepts/expressions/display-formatting)" }, @@ -53,7 +63,17 @@ export default function HealthCheck({ name, edition, rows, ...props }) { scheme: "bool" }, { - field: "transform", + field: "transformDeleteStrategy", + description: "Status to apply to transformed checks when the source check no longer returns them", + scheme: "string" + }, + { + field: ["pubsub", "mongo", "mongodb"].includes(name) ? null : "relationships", + description: "Relationships that link check results to components or configs", + scheme: "Relationship" + }, + { + field: ["mongo", "mongodb", "redis"].includes(name) ? null : "transform", description: "Transform data from a check into multiple individual checks", scheme: "[`Expression`](../concepts/expressions/transforms)" }, diff --git a/mission-control/docs/integrations/kubernetes/index.mdx b/mission-control/docs/integrations/kubernetes/index.mdx index 51f705cd..faa82261 100644 --- a/mission-control/docs/integrations/kubernetes/index.mdx +++ b/mission-control/docs/integrations/kubernetes/index.mdx @@ -47,7 +47,7 @@ Monitor pod health, resource usage, and cluster state with automated health chec - + --- diff --git a/mission-control/docs/integrations/ldap.mdx b/mission-control/docs/integrations/ldap.mdx index ed5cc413..d2c9cd9a 100644 --- a/mission-control/docs/integrations/ldap.mdx +++ b/mission-control/docs/integrations/ldap.mdx @@ -28,119 +28,19 @@ Mission Control integrates with LDAP directories to monitor authentication infra Test LDAP connectivity, authentication, and user searches. -```yaml title="ldap-connection-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: ldap-connectivity -spec: - interval: 60 - ldap: - - name: ldap-bind - url: ldaps://ldap.example.com:636 - bindDN: cn=readonly,dc=example,dc=com - username: - valueFrom: - secretKeyRef: - name: ldap-credentials - key: username - password: - valueFrom: - secretKeyRef: - name: ldap-credentials - key: password +```yaml title="ldap.yaml" file=/modules/canary-checker/fixtures/ldap/ldap_pass.yaml ``` -
- -```yaml title="ldap-search-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: ldap-user-search -spec: - interval: 300 - ldap: - - name: search-admin-users - url: ldaps://ldap.example.com:636 - bindDN: cn=readonly,dc=example,dc=com - username: - valueFrom: - secretKeyRef: - name: ldap-credentials - key: username - password: - valueFrom: - secretKeyRef: - name: ldap-credentials - key: password - userSearch: "(&(objectClass=user)(memberOf=cn=admins,ou=groups,dc=example,dc=com))" -``` -
- -
- -```yaml title="ldap-ad-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: active-directory -spec: - interval: 60 - ldap: - - name: ad-connectivity - url: ldaps://dc.corp.example.com:636 - bindDN: CN=Service Account,OU=Service Accounts,DC=corp,DC=example,DC=com - username: - valueFrom: - secretKeyRef: - name: ad-credentials - key: username - password: - valueFrom: - secretKeyRef: - name: ad-credentials - key: password - userSearch: "(sAMAccountName=testuser)" -``` -
- -
- -```yaml title="ldap-insecure-check.yaml" -apiVersion: canaries.flanksource.com/v1 -kind: Canary -metadata: - name: ldap-dev -spec: - interval: 60 - ldap: - - name: ldap-dev-check - url: ldaps://ldap-dev.example.com:636 - bindDN: cn=admin,dc=dev,dc=example,dc=com - username: - valueFrom: - secretKeyRef: - name: ldap-dev-credentials - key: username - password: - valueFrom: - secretKeyRef: - name: ldap-dev-credentials - key: password - skipTLSVerify: true # Only for development/testing -``` -
- ## Configuration Options | Field | Description | Default | -|-------|-------------|---------| -| `url` | LDAP server URL (`ldap://` or `ldaps://`) | Required | -| `bindDN` | Distinguished name for binding | Required | -| `username` | Bind username | Required | -| `password` | Bind password | Required | -| `userSearch` | LDAP filter to search for users | Optional | +| ----- | ----------- | ------- | +| `connection` | Connection URL that supplies the LDAP server URL and credentials. | Optional | +| `url` | LDAP server URL, such as `ldap://` or `ldaps://`. Required unless `connection` supplies the URL. | Optional | +| `bindDN` | Base DN for the LDAP search. | Required | +| `username` | Bind username. Required unless `connection` supplies the username. | Optional | +| `password` | Bind password. Required unless `connection` supplies the password. | Optional | +| `userSearch` | LDAP search filter. | Optional | | `skipTLSVerify` | Skip TLS certificate verification | `false` | ## Common LDAP Filters diff --git a/mission-control/docs/reference/canary-checker/index.mdx b/mission-control/docs/reference/canary-checker/index.mdx index 8c64a7eb..3db832e4 100644 --- a/mission-control/docs/reference/canary-checker/index.mdx +++ b/mission-control/docs/reference/canary-checker/index.mdx @@ -6,36 +6,43 @@ sidebar_custom_props: icon: tabler:heart --- -| Field | Description | Type | Required | -| ---------------- | --------------------------------------------------------------------------------------------- | --------------------------------------------------- | -------- | -| `env` | Environment variables. | `map[string]``EnvVar` | | -| `schedule` | Schedule to run checks on.\Supports all cron expression.\Also supports golang duration. | `cron` | | -| `icon` | Icon to use for the check. | `string` | | -| `severity` | Severity of the check. | `string` | | -| `resultmode` | Result mode of the check. | `string` | | -| `alertmanager` | List of AlertManager checks to run. | [`[]AlertManager`](/docs/guide/canary-checker/reference/alert-manager) | | -| `awsConfig` | List of AWS Config checks to run. | [`[]AwsConfig`](/docs/guide/canary-checker/reference/aws-config) | | -| `awsConfigRule` | List of AWS Config Rule checks to run. | [`[]AwsConfigRule`](/docs/guide/canary-checker/reference/aws-config-rule) | | -| `cloudwatch` | List of CloudWatch checks to run. | [`[]CloudWatch`](/docs/guide/canary-checker/reference/aws-cloudwatch) | | -| `catalog` | List of config DB checks to run. | [`[]Catalog`](/docs/guide/canary-checker/reference/catalog) | | -| `gcsDatabaseBackup` | List of GCP database backup checks to run. | [`[]DatabaseBackup`](/docs/guide/canary-checker/reference/gcs-database-backup) | | -| `dns` | List of DNS checks to run. | [`[]DNS`](/docs/guide/canary-checker/reference/dns) | | -| `elasticsearch` | List of ElasticSearch checks to run. | [`[]Elasticsearch`](/docs/guide/canary-checker/reference/elasticsearch) | | -| `exec` | List of exec checks to run. | [`[]Exec`](/docs/guide/canary-checker/reference/exec) | | -| `folder` | List of folder checks to run. | [`[]Folder`](/docs/guide/canary-checker/reference/folder) | | -| `http` | List of HTTP checks to run. | [`[]HTTP`](/docs/guide/canary-checker/reference/http) | | -| `icmp` | List of ICMP checks to run. | [`[]ICMP`](/docs/guide/canary-checker/reference/icmp) | | -| `jmeter` | List of JMeter load test checks to run. | [`[]Jmeter`](/docs/guide/canary-checker/reference/jmeter) | | -| `junit` | List of JUnit test result checks to run. | [`[]Junit`](/docs/guide/canary-checker/reference/junit) | | -| `kubernetes` | List of Kubernetes checks to run. | [`[]Kubernetes`](/docs/guide/canary-checker/reference/kubernetes) | | -| `kubernetesResource` | Kubernetes Resource Checks | [`[]KubernetesResource`](/docs/guide/canary-checker/reference/kubernetes-resource) | | -| `ldap` | List of LDAP checks to run. | [`[]LDAP`](/docs/guide/canary-checker/reference/ldap) | |s -| `mongodb` | List of MongoDB checks to run. | [`[]MongoDB`](/docs/guide/canary-checker/reference/mongo) | | -| `mssql` | List of MSSQL checks to run. | [`[]Mssql`](/docs/guide/canary-checker/reference/sql) | | -| `mysql` | List of MySQL checks to run. | [`[]Mysql`](/docs/guide/canary-checker/reference/sql) | | -| `postgres` | List of Postgres checks to run. | [`[]Postgres`](/docs/guide/canary-checker/reference/sql) | | -| `prometheus` | List of Prometheus checks to run. | [`[]Prometheus`](/docs/guide/canary-checker/reference/prometheus) | | -| `redis` | List of Redis checks to run. | [`[]Redis`](/docs/guide/canary-checker/reference/redis) | | -| `restic` | List of restic backup checks to run. | [`[]Restic`](/docs/guide/canary-checker/reference/restic) | | -| `s3` | List of S3 checks to run. | [`[]S3`](/docs/guide/canary-checker/reference/s3-protocol) | | -| `tcp` | List of TCP checks to run. | [`[]TCP`](/docs/guide/canary-checker/reference/tcp) | | +| Field | Description | Type | Required | +| ----- | ----------- | ---- | -------- | +| `env` | Environment variables. | `map[string]EnvVar` | | +| `schedule` | Schedule to run checks on. Supports cron expressions and Go durations, such as `@every 5m`. | `cron` | | +| `icon` | Icon to use for the check. | `string` | | +| `severity` | Severity of the check. | `string` | | +| `owner` | Contact person responsible for the canary. | `string` | | +| `resultMode` | Result mode of the check. | `string` | | +| `agentSelector` | Agents that should run this canary. Supports prefix and suffix matches, such as `eu-west-*`, and negations, such as `!team-b`. | `[]string` | | +| `alertmanager` | List of Alertmanager checks to run. | [`[]AlertManagerCheck`](/docs/guide/canary-checker/reference/alert-manager) | | +| `awsConfig` | List of AWS Config checks to run. | [`[]AwsConfigCheck`](/docs/guide/canary-checker/reference/aws-config) | | +| `awsConfigRule` | List of AWS Config Rule checks to run. | [`[]AwsConfigRuleCheck`](/docs/guide/canary-checker/reference/aws-config-rule) | | +| `azureDevops` | List of Azure DevOps checks to run. | [`[]AzureDevopsCheck`](/docs/guide/canary-checker/reference/azure-devops) | | +| `catalog` | List of Catalog checks to run. | [`[]CatalogCheck`](/docs/guide/canary-checker/reference/catalog) | | +| `cloudwatch` | List of CloudWatch checks to run. | [`[]CloudWatchCheck`](/docs/guide/canary-checker/reference/aws-cloudwatch) | | +| `databaseBackup` | List of database backup checks to run. | [`[]DatabaseBackupCheck`](/docs/guide/canary-checker/reference/gcs-database-backup) | | +| `dns` | List of DNS checks to run. | [`[]DNSCheck`](/docs/guide/canary-checker/reference/dns) | | +| `dynatrace` | List of Dynatrace checks to run. | [`[]DynatraceCheck`](/docs/guide/canary-checker/reference/dynatrace) | | +| `elasticsearch` | List of Elasticsearch checks to run. | [`[]ElasticsearchCheck`](/docs/guide/canary-checker/reference/elasticsearch) | | +| `exec` | List of exec checks to run. | [`[]ExecCheck`](/docs/guide/canary-checker/reference/exec) | | +| `folder` | List of folder checks to run. | [`[]FolderCheck`](/docs/guide/canary-checker/reference/folder) | | +| `http` | List of HTTP checks to run. | [`[]HTTPCheck`](/docs/guide/canary-checker/reference/http) | | +| `icmp` | List of ICMP checks to run. | [`[]ICMPCheck`](/docs/guide/canary-checker/reference/icmp) | | +| `jmeter` | List of JMeter load test checks to run. | [`[]JmeterCheck`](/docs/guide/canary-checker/reference/jmeter) | | +| `junit` | List of JUnit test result checks to run. | [`[]JunitCheck`](/docs/guide/canary-checker/reference/junit) | | +| `kubernetes` | List of Kubernetes checks to run. | [`[]KubernetesCheck`](/docs/guide/canary-checker/reference/kubernetes) | | +| `kubernetesResource` | List of Kubernetes Resource checks to run. | [`[]KubernetesResourceCheck`](/docs/guide/canary-checker/reference/kubernetes-resource) | | +| `ldap` | List of LDAP checks to run. | [`[]LDAPCheck`](/docs/guide/canary-checker/reference/ldap) | | +| `mongodb` | List of MongoDB checks to run. | [`[]MongoDBCheck`](/docs/guide/canary-checker/reference/mongo) | | +| `mssql` | List of SQL Server checks to run. | [`[]MssqlCheck`](/docs/guide/canary-checker/reference/sql) | | +| `mysql` | List of MySQL checks to run. | [`[]MysqlCheck`](/docs/guide/canary-checker/reference/sql) | | +| `opensearch` | List of OpenSearch checks to run. | [`[]OpenSearchCheck`](/docs/guide/canary-checker/reference/opensearch) | | +| `postgres` | List of PostgreSQL checks to run. | [`[]PostgresCheck`](/docs/guide/canary-checker/reference/sql) | | +| `prometheus` | List of Prometheus checks to run. | [`[]PrometheusCheck`](/docs/guide/canary-checker/reference/prometheus) | | +| `pubsub` | List of Pub/Sub checks to run. | [`[]PubSubCheck`](/docs/guide/canary-checker/reference/pubsub) | | +| `redis` | List of Redis checks to run. | [`[]RedisCheck`](/docs/guide/canary-checker/reference/redis) | | +| `restic` | List of Restic backup checks to run. | [`[]ResticCheck`](/docs/guide/canary-checker/reference/restic) | | +| `s3` | List of S3 checks to run. | [`[]S3Check`](/docs/guide/canary-checker/reference/s3-protocol) | | +| `tcp` | List of TCP checks to run. | [`[]TCPCheck`](/docs/guide/canary-checker/reference/tcp) | | +| `webhook` | Webhook check configuration. | [`WebhookCheck`](/docs/guide/canary-checker/reference/webhook) | | diff --git a/modules/canary-checker b/modules/canary-checker index e60eb7d9..c7de1457 160000 --- a/modules/canary-checker +++ b/modules/canary-checker @@ -1 +1 @@ -Subproject commit e60eb7d9a6b9fd1fa3f4736df3366a05be0100e9 +Subproject commit c7de1457d27d1d932bfc1b010ceb90acd943ed02 diff --git a/styles/ignore/words-with-suggestions.txt b/styles/ignore/words-with-suggestions.txt index b269cf78..ade82068 100644 --- a/styles/ignore/words-with-suggestions.txt +++ b/styles/ignore/words-with-suggestions.txt @@ -61,6 +61,7 @@ Ansible anyOf api API's +apiKey APIs apiVersion argocd @@ -489,3 +490,13 @@ OpenAI Ollama Slack WebSocket +accessKey +Alibaba +availableSize +errored +liveness +maxRedirects +rollout +secretKey +skipTLSVerify +totalSize From a517b8498bccde32f5ad4d47c02e27836f945bb6 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 6 Jul 2026 20:51:07 +0545 Subject: [PATCH 2/3] chore: remove removed checks docs --- .../docs/reference/4-removed-checks.mdx | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 canary-checker/docs/reference/4-removed-checks.mdx diff --git a/canary-checker/docs/reference/4-removed-checks.mdx b/canary-checker/docs/reference/4-removed-checks.mdx deleted file mode 100644 index 8236702a..00000000 --- a/canary-checker/docs/reference/4-removed-checks.mdx +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Removed Checks -sidebar_custom_props: - icon: alert-triangle ---- - -# Removed Checks - - - -Canary Checker still accepts some legacy check fields in the API schema for compatibility. The runner no longer executes these checks. If you configure one of these fields, the check fails with: - -`this check type has been removed, use kubernetesResource or exec checks instead` - -Use the replacement check type for new canaries. - -| Field | Runtime type | Replacement | -| ----- | ------------ | ----------- | -| `containerd` | `containerdPull` | [`exec`](./exec) | -| `containerdPush` | `containerdPush` | [`exec`](./exec) | -| `docker` | `dockerPull` | [`exec`](./exec) | -| `dockerPush` | `dockerPush` | [`exec`](./exec) | -| `gitProtocol` | `gitProtocol` | [`exec`](./exec) | -| `github` | `github` | [`exec`](./exec) | -| `helm` | `helm` | [`kubernetesResource`](./kubernetes-resource) or [`exec`](./exec) | -| `namespace` | `namespace` | [`kubernetesResource`](./kubernetes-resource) | -| `pod` | `pod` | [`kubernetesResource`](./kubernetes-resource) | From b45715698ba68b2d4b5e1680a648bf4e0453902b Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 6 Jul 2026 20:53:46 +0545 Subject: [PATCH 3/3] chore: make lint --- mission-control/blog/canary-checker-v1.2.md | 22 +++++------ .../docs/guide/config-db/scrapers/azure.md | 38 +++++++++---------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mission-control/blog/canary-checker-v1.2.md b/mission-control/blog/canary-checker-v1.2.md index 2ac6c51a..28f81cdc 100644 --- a/mission-control/blog/canary-checker-v1.2.md +++ b/mission-control/blog/canary-checker-v1.2.md @@ -1,5 +1,5 @@ --- -title: "Canary Checker v1.2: Chained Checks, Generated Checks and TLS Everywhere" +title: 'Canary Checker v1.2: Chained Checks, Generated Checks and TLS Everywhere' date: 2026-06-23 slug: canary-checker-v1.2 tags: [release, canary-checker] @@ -22,7 +22,7 @@ Two features in this release move Canary Checker from "a list of independent pro "a small workflow engine for health checks." **Request chaining** lets a check depend on another and reuse its output. The classic example -is an authenticated API: one check logs in and *exports* the token, and a downstream check +is an authenticated API: one check logs in and _exports_ the token, and a downstream check references it directly in its template: ```yaml @@ -36,7 +36,7 @@ http: url: https://api.example.com/me headers: - name: Authorization - value: "Bearer {{.responses.login.token}}" + value: 'Bearer {{.responses.login.token}}' ``` Behind the scenes a topological sort guarantees `login` runs before `get-profile`. And because @@ -44,12 +44,12 @@ we promoted `dependsOn` to the shared check spec, this isn't HTTP-only — any c depend on any other. (SQL checks also picked up a `timeout` in the same change, so a slow query no longer hangs a check indefinitely.) -**Transformed canaries** go a step further: a check can now *generate brand-new checks* from its +**Transformed canaries** go a step further: a check can now _generate brand-new checks_ from its output. This grew out of a real request ([#2731](https://github.com/flanksource/canary-checker/issues/2731)) — select all the Ingresses or HTTPRoutes in a cluster and automatically spin up an HTTP health check for each endpoint. The generated canaries are persisted as first-class objects, and a cleanup job prunes orphans every 12 hours (with cascading deletes when the parent goes away). -You describe *what* you want checked once, and Canary Checker keeps the concrete checks in sync +You describe _what_ you want checked once, and Canary Checker keeps the concrete checks in sync with reality. ```yaml @@ -58,12 +58,12 @@ kind: Canary metadata: name: ingress-canary spec: - schedule: "@every 5m" + schedule: '@every 5m' kubernetes: - name: ingress-http-checks kind: Ingress namespaceSelector: - name: "*" # scan Ingresses in every namespace + name: '*' # scan Ingresses in every namespace transform: expr: | { @@ -89,7 +89,7 @@ say exactly which agents should execute a canary using glob patterns and negatio ```yaml spec: - agentSelector: "eu-west-*, !team-b" + agentSelector: 'eu-west-*, !team-b' ``` Canary Checker creates a derived copy of the canary for each matched agent. Great for "run this @@ -138,17 +138,17 @@ fixed several bugs that were quietly distorting dashboards: `1 + success`, which is nonsense. It now correctly computes `(success / (failed + success)) * 100`, with guards against nil/empty/NaN so an idle window returns `0` instead of panicking. - With `--metric-labels-allowlist` configured, a couple of metrics were mismatching label sets - (causing silently-swallowed Prometheus panics) or emitting label *names* where *values* belonged. + (causing silently-swallowed Prometheus panics) or emitting label _names_ where _values_ belonged. We also caught a sneaky scheduling bug ([#2984](https://github.com/flanksource/canary-checker/pull/2984)): concurrent `SyncCanaryJob` calls could race and leave an **orphaned cron entry** that survived every cleanup sweep and fired on every tick — silently doubling check inserts. It's now serialized -per canary. And a self-comparison bug that meant `lastTransitionedTime` was *never* populated +per canary. And a self-comparison bug that meant `lastTransitionedTime` was _never_ populated ([#3001](https://github.com/flanksource/canary-checker/issues/3001)) is fixed. One more operational gotcha worth calling out: the controllers emit Kubernetes events through the v2 EventRecorder, which writes `events.k8s.io/v1` objects — but the shipped RBAC only granted -permissions on core events. Because events are only emitted on the *failure* path, passing +permissions on core events. Because events are only emitted on the _failure_ path, passing canaries hid the problem entirely. The chart and kustomize RBAC now grant the right permission. Worth a `helm upgrade`. diff --git a/mission-control/docs/guide/config-db/scrapers/azure.md b/mission-control/docs/guide/config-db/scrapers/azure.md index 26a9b6ff..2c56c96d 100644 --- a/mission-control/docs/guide/config-db/scrapers/azure.md +++ b/mission-control/docs/guide/config-db/scrapers/azure.md @@ -64,23 +64,23 @@ Either the `connection` name or the credentials (`clientID`, `clientSecret` & `t The following Azure resources are scraped and mapped to Mission Control config types: -| Resource Type | Config Class | +| Resource Type | Config Class | | ------------------------------------------ | --------------------- | --- | -| microsoft.compute/virtualmachines | VirtualMachine | -| microsoft.compute/virtualmachinescalesets | Node | -| microsoft.network/loadbalancers | LoadBalancer | -| microsoft.network/virtualnetworks | VirtualNetwork | -| microsoft.containerregistry/registries | ContainerRegistry | -| microsoft.network/azurefirewalls | Firewall | -| microsoft.sql/servers | RelationalDatabase | -| microsoft.dbforpostgresql/servers | RelationalDatabase | -| microsoft.containerservice/managedclusters | KubernetesCluster | -| microsoft.resources/resourcegroups | ResourceGroup | -| subscription | Subscription | -| microsoft.storage/storageaccounts | StorageAccount | -| microsoft.web/sites | AppService | -| microsoft.network/dnszones | DNSZone | -| microsoft.network/privatednszones | PrivateDNSZone | -| microsoft.network/trafficmanagerprofiles | TrafficManagerProfile | -| microsoft.network/networksecuritygroups | SecurityGroup | -| microsoft.network/publicipaddresses | PublicIPAddress | + | +| microsoft.compute/virtualmachines | VirtualMachine | +| microsoft.compute/virtualmachinescalesets | Node | +| microsoft.network/loadbalancers | LoadBalancer | +| microsoft.network/virtualnetworks | VirtualNetwork | +| microsoft.containerregistry/registries | ContainerRegistry | +| microsoft.network/azurefirewalls | Firewall | +| microsoft.sql/servers | RelationalDatabase | +| microsoft.dbforpostgresql/servers | RelationalDatabase | +| microsoft.containerservice/managedclusters | KubernetesCluster | +| microsoft.resources/resourcegroups | ResourceGroup | +| subscription | Subscription | +| microsoft.storage/storageaccounts | StorageAccount | +| microsoft.web/sites | AppService | +| microsoft.network/dnszones | DNSZone | +| microsoft.network/privatednszones | PrivateDNSZone | +| microsoft.network/trafficmanagerprofiles | TrafficManagerProfile | +| microsoft.network/networksecuritygroups | SecurityGroup | +| microsoft.network/publicipaddresses | PublicIPAddress | + |