Skip to content

Bucket

Field Description Scheme Required
name string Yes
region string Yes
endpoint string Yes

DNS

dns:
  - server: 8.8.8.8
    port: 53
    query: "flanksource.com"
    querytype: "A"
    minrecords: 1
    exactreply: ["34.65.228.161"]
    timeout: 10
Field Description Scheme Required
description string Yes
server string Yes
port int Yes
query string
querytype string Yes
minrecords int
exactreply []string
timeout int Yes
thresholdMillis int Yes

DockerPull

Check docker images

This check will try to pull a Docker image from specified registry, verify it's checksum and size.

docker:
  - image: docker.io/library/busybox:1.31.1
    username:
    password:
    expectedDigest: 6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
    expectedSize: 1219782
Field Description Scheme Required
description string Yes
image string Yes
username string Yes
password string Yes
expectedDigest string Yes
expectedSize int64 Yes

DockerPush

Field Description Scheme Required
description string Yes
image string Yes
username string Yes
password string Yes

HTTP

http:
  - endpoints:
      - https://httpstat.us/200
      - https://httpstat.us/301
    thresholdMillis: 3000
    responseCodes: [201,200,301]
    responseContent: ""
    maxSSLExpiry: 60
  - endpoints:
      - https://httpstat.us/500
    thresholdMillis: 3000
    responseCodes: [500]
    responseContent: ""
    maxSSLExpiry: 60
  - endpoints:
      - https://httpstat.us/500
    thresholdMillis: 3000
    responseCodes: [302]
    responseContent: ""
    maxSSLExpiry: 60
Field Description Scheme Required
description string Yes
endpoint HTTP endpoint to crawl string Yes
thresholdMillis Maximum duration in milliseconds for the HTTP request. It will fail the check if it takes longer. int Yes
responseCodes Expected response codes for the HTTP Request. []int Yes
responseContent Exact response content expected to be returned by the endpoint. string Yes
maxSSLExpiry Maximum number of days until the SSL Certificate expires. int Yes

Helm

Field Description Scheme Required
description string Yes
chartmuseum string Yes
project string
username string Yes
password string Yes
cafile *string

ICMP

This test will check ICMP packet loss and duration.

icmp:
  - endpoints:
      - https://google.com
      - https://yahoo.com
    thresholdMillis: 400
    packetLossThreshold: 0.5
    packetCount: 2
Field Description Scheme Required
description string Yes
endpoint string Yes
thresholdMillis int64 Yes
packetLossThreshold int64 Yes
packetCount int Yes

LDAP

The LDAP check will:

  • bind using provided user/password to the ldap host. Supports ldap/ldaps protocols.
  • search an object type in the provided bind DN.s
ldap:
  - host: ldap://127.0.0.1:10389
    username: uid=admin,ou=system
    password: secret
    bindDN: ou=users,dc=example,dc=com
    userSearch: "(&(objectClass=organizationalPerson))"
  - host: ldap://127.0.0.1:10389
    username: uid=admin,ou=system
    password: secret
    bindDN: ou=groups,dc=example,dc=com
    userSearch: "(&(objectClass=groupOfNames))"
Field Description Scheme Required
description string Yes
host string Yes
username string Yes
password string Yes
bindDN string Yes
userSearch string Yes
skipTLSVerify bool Yes

Namespace

The Namespace check will:

  • create a new namespace using the labels/annotations provided
namespace:
  - namePrefix: "test-name-prefix-"
    labels:
      team: test
    annotations:
      "foo.baz.com/foo": "bar"
Field Description Scheme Required
description string Yes
checkName string Yes
namespaceNamePrefix string Yes
namespaceLabels map[string]string Yes
namespaceAnnotations map[string]string Yes
podSpec string Yes
scheduleTimeout int64 Yes
readyTimeout int64 Yes
httpTimeout int64 Yes
deleteTimeout int64 Yes
ingressTimeout int64 Yes
httpRetryInterval int64 Yes
deadline int64 Yes
port int64 Yes
path string Yes
ingressName string Yes
ingressHost string Yes
expectedContent string Yes
expectedHttpStatuses []int64 Yes
priorityClass string Yes

Pod

pod:
  - name: golang
    namespace: default
    spec: |
      apiVersion: v1
      kind: Pod
      metadata:
        name: hello-world-golang
        namespace: default
        labels:
          app: hello-world-golang
      spec:
        containers:
          - name: hello
            image: quay.io/toni0/hello-webserver-golang:latest
    port: 8080
    path: /foo/bar
    ingressName: hello-world-golang
    ingressHost: "hello-world-golang.127.0.0.1.nip.io"
    scheduleTimeout: 2000
    readyTimeout: 5000
    httpTimeout: 2000
    deleteTimeout: 12000
    ingressTimeout: 5000
    deadline: 29000
    httpRetryInterval: 200
    expectedContent: bar
    expectedHttpStatuses: [200, 201, 202]
Field Description Scheme Required
description string Yes
name string Yes
namespace string Yes
spec string Yes
scheduleTimeout int64 Yes
readyTimeout int64 Yes
httpTimeout int64 Yes
deleteTimeout int64 Yes
ingressTimeout int64 Yes
httpRetryInterval int64 Yes
deadline int64 Yes
port int64 Yes
path string Yes
ingressName string Yes
ingressHost string Yes
expectedContent string Yes
expectedHttpStatuses []int Yes
priorityClass string Yes

Postgres

This check will try to connect to a specified Postgresql database, run a query against it and verify the results.

postgres:
  - connection: "user=postgres password=mysecretpassword host=192.168.0.103 port=15432 dbname=postgres sslmode=disable"
    query:  "SELECT 1"
    results: 1
Field Description Scheme Required
description string Yes
driver string Yes
connection string Yes
query string Yes
results int Yes

S3

This check will:

  • list objects in the bucket to check for Read permissions
  • PUT an object into the bucket for Write permissions
  • download previous uploaded object to check for Get permissions
s3:
  - buckets:
      - name: "test-bucket"
        region: "us-east-1"
        endpoint: "https://test-bucket.s3.us-east-1.amazonaws.com"
    secretKey: "<access-key>"
    accessKey: "<secret-key>"
    objectPath: "path/to/object"
Field Description Scheme Required
description string Yes
bucket Bucket Yes
accessKey string Yes
secretKey string Yes
objectPath string Yes
skipTLSVerify Skip TLS verify when connecting to s3 bool Yes

S3Bucket

This check will

  • search objects matching the provided object path pattern
  • check that latest object is no older than provided MaxAge value in seconds
  • check that latest object size is not smaller than provided MinSize value in bytes.
s3Bucket:
  - bucket: foo
    accessKey: "<access-key>"
    secretKey: "<secret-key>"
    region: "us-east-2"
    endpoint: "https://s3.us-east-2.amazonaws.com"
    objectPath: "(.*)archive.zip$"
    readWrite: true
    maxAge: 5000000
    minSize: 50000
Field Description Scheme Required
description string Yes
bucket string Yes
accessKey string Yes
secretKey string Yes
region string Yes
endpoint string Yes
objectPath glob path to restrict matches to a subset string Yes
readWrite bool Yes
maxAge maximum allowed age of matched objects in seconds int64 Yes
minSize min size of of most recent matched object in bytes int64 Yes
usePathStyle Use path style path: http://s3.amazonaws.com/BUCKET/KEY instead of http://BUCKET.s3.amazonaws.com/KEY bool Yes
skipTLSVerify Skip TLS verify when connecting to s3 bool Yes

SSL

Field Description Scheme Required
description string Yes
endpoint HTTP endpoint to crawl string Yes
maxSSLExpiry Maximum number of days until the SSL Certificate expires. int Yes

TCP

Field Description Scheme Required
description string Yes
endpoint string Yes
thresholdMillis int64 Yes