Prometheus
The Prometheus check connects to Prometheus, runs a PromQL query, and displays the results.
prometheus.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: prometheus
spec:
schedule: "@every 5m"
prometheus:
- url: http://kube-prometheus-stack-prometheus.monitoring:9090
name: prometheus-check
query: kubernetes_build_info{job!~"kube-dns|coredns"}
display:
expr: results[0].git_version
| Field | Description | Scheme |
|---|---|---|
name* | Name of the check, must be unique within the canary |
|
query* | PromQL query to execute | |
awsSigV4 | AWS Signature Version 4 signing configuration | AWSSigV4 |
bearer | Bearer token to use for authentication | |
connection | Connection URL that supplies Prometheus connection details |
|
headers | HTTP headers to send with the query request | |
host | Deprecated. Use |
|
oauth | ||
password | Password for basic auth | |
tls | TLS and mutual TLS configuration | |
url | Prometheus URL. Required unless |
|
username | Username for basic auth | |
dependsOn | Checks that must complete before this check runs |
|
description | Description for the check |
|
display | Expression to change the formatting of the display | |
icon | Icon for overwriting default icon on the dashboard | |
labels | Labels for check |
|
markFailOnEmpty | If a transformation or datasource returns empty results, the check should fail |
|
metrics | Metrics to export from | |
namespace | Namespace to insert the check result into when it differs from the canary namespace |
|
relationships | Relationships that link check results to components or configs | Relationship |
test | Evaluate whether a check is healthy | |
transform | Transform data from a check into multiple individual checks | |
transformDeleteStrategy | Status to apply to transformed checks when the source check no longer returns them |
|
TLS Config
Use tls.ca to verify Prometheus with a custom CA. Add tls.cert and tls.key for mutual TLS.
| Field | Description | Scheme |
|---|---|---|
ca | PEM encoded CA certificate to verify the Prometheus server certificate | |
cert | PEM encoded client certificate | |
handshakeTimeout | TLS handshake timeout. Defaults to 10 seconds | |
insecureSkipVerify | Skip verification of the server certificate chain and host name |
|
key | PEM encoded client private key |
OAuth
| Field | Description | Scheme |
|---|---|---|
clientID | Client ID | |
clientSecret | Client Secret | |
params | OAuth parameters when requesting a token |
|
scope | Scopes to request |
|
tokenURL | Token URL |
|
Result Variables
| Name | Description | Scheme |
|---|---|---|
value | First sample value, or 0 when the query returns no samples | float |
firstResult | First result map, including labels and value | map[string]interface |
results | List of result maps. Each map contains labels and value. | []map[string]interface |
Examples
Create a check per Prometheus job using a transform
jobs.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: prometheus-jobs
spec:
schedule: "@every 5m"
prometheus:
- name: Jobs
query: up{namespace!~"kube-system|monitoring"}
url: http://prometheus.monitoring.svc:9090
transform:
expr: |
dyn(results).map(r, {
'name': r.job,
'namespace': 'namespace' in r ? r.namespace : '',
'labels': r.omit(["value", "__name__"]),
'pass': r["value"] > 0
}).toJSON()
Create a check per failing job only
jobs-fail-only.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: prometheus-failing-jobs
spec:
schedule: "@every 5m"
prometheus:
- name: Jobs
query: up{namespace!~"kube-system|monitoring"} == 0
url: http://prometheus.monitoring.svc:9090
transform:
expr: |
dyn(results).map(r, {
'name': r.job,
'namespace': 'namespace' in r ? r.namespace : '',
'labels': r.omit(["value", "__name__"]),
'pass': false
}).toJSON()
Prometheus with mutual TLS
prometheus-mtls.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: prometheus-mtls
spec:
schedule: "@every 1m"
prometheus:
- name: Prometheus mutual TLS
url: https://prometheus.example.com
query: up
tls:
ca:
valueFrom:
secretKeyRef:
name: prometheus-mtls
key: ca.crt
cert:
valueFrom:
secretKeyRef:
name: prometheus-mtls
key: client.crt
key:
valueFrom:
secretKeyRef:
name: prometheus-mtls
key: client.key