wip

canary-checker/.gitignore

@@ -0,0 +1 @@
+node_modules/

canary-checker/docs/cli.mdx

@@ -4,13 +4,16 @@ hide:
 title: CLI
 description: Troubleshooting and/or running from CI/CD pipeline
 ---
-
-# Installation
-
+import { set } from "lodash"
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 import ReactMarkdown from 'react-markdown';
 
+
+# Installation
+
+<Step step={1} name="Install the CLI">
+
 <Tabs>
 <TabItem value="linux-amd64" label="Linux (amd64)" default>
 
@@ -68,7 +71,9 @@ wget -nv -nc -O https://github.com/flanksource/canary-checker/releases/latest/do
   </TabItem>
 </Tabs>
 
-# Run
+</Step>
+<Step step={2} name="Create a canary definition">
+
 
 ```yaml title="canary.yaml"
 apiVersion: canaries.flanksource.com/v1
@@ -85,8 +90,13 @@ spec:
 
 ```
 
+</Step>
+<Step step={3} name="Run the check locally">
+
 ```shell-session
 canary-checker run canary.yaml
 ```
 
 <Asciinema id="594517"/>
+
+</Step>

canary-checker/docs/concepts/secret-management.md

@@ -12,6 +12,10 @@ Whenever a field uses the `EnvVar` object type you have the option of specifying
 
 ## Static Values
 
+:::warning
+Avoid inlining secrets, use `valueFrom` and <CommonLink to="authentication">EnvVar</CommonLink>
+:::
+
 Using a HTTP health check as an example for static values:
 
 ```yaml title="http-basic-auth-static.yaml"

canary-checker/docs/getting-started.md → canary-checker/docs/getting-started.mdx

@@ -1,14 +1,16 @@
+
 # Getting Started
 
-## Install canary checker
+<Step step={1} name="Install canary checker">
 
   ```bash
   helm repo add flanksource https://flanksource.github.io/charts
   helm repo update
   helm install canary-checker flanksource/canary-checker -n "canary-checker"  --create-namespace
   ```
+</Step>
+<Step step={2} name="Create a new check">
 
-## Create a new check
 
   ```yaml title="canary.yaml"
   apiVersion: canaries.flanksource.com/v1
@@ -30,25 +32,27 @@ And then apply it to the cluster:
   kubectl apply -f canary.yaml
   ```
 
-  :::info
+:::info
   You can also run the check locally to see its output by using the [cli](./cli)
 
   ```bash
   canary-checker run canary.yaml
   ```
 
   <Asciinema id="594517" width="850px"/>
-  :::
+:::
 
-3. Check the status of the health check:
+</Step>
+<Step name="Check the status" step={3}>
 
   ```shell
   kubectl get canary
   ```
 
   <Asciinema id="tXluDS5sH68gVdko4qctIZEC1"/>
 
-4. Check the Dashboard
+</Step>
+<Step step={4} name="Check the Dashboard">
 
 You can access the web dashboard by forwarding the port:
 
@@ -70,6 +74,7 @@ The canary checker itself only presents an API. To view the data graphically, th
 
 More details regarding ingress configuration can be found in the [kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/)
 
+</Step>
 
 ## Getting Help
 
@@ -81,3 +86,4 @@ If you have any questions about canary checker:
 * [Flanksource](https://www.flanksource.com) provides both commercial support for canary checker and a SaaS offering called Mission Control.
 
 Your feedback is always welcome!
+

canary-checker/docs/health-checks.md

@@ -0,0 +1,14 @@
+---
+pagination_next: notifications/overview
+pagination_prev: topology/overview
+---
+# Health Checks
+
+Health checks in mission control are implemented under the hood using the open-source [canary-checker](https://canarychecker.io) project.
+
+
+![](./images/health-checks.svg)
+
+
+
+![](./images/health-check-snippet.png)

canary-checker/docs/overview.md

@@ -0,0 +1,9 @@
+
+# Health Checks
+
+<!-- ![](./images/health-check-snippet.png) -->
+
+* [Health Checks](./canary-checker/overview) - RAG statuses across both cloud-native and legacy infrastructure/apps.
+  * Alert Aggregation
+  * Synthethic Tests
+  * Synthetic Infrastructure checks

canary-checker/docs/reference/batch-files.mdx

@@ -0,0 +1,37 @@
+```yaml title="batch-files.yaml"
+ - name: Correspondence/OSC - Failed
+      path: /mnt/efs/{{.Values.efs.path}}/oipa/correspondence/out/failed
+      filter:
+        regex: ".*.err"
+        # use the last known max, or 60 days ago if no last known max
+        since: |
+          {{`
+            {{-  if last_result.results.max }}
+            {{  last_result.results.max }}
+            {{- else}}
+            now-1d
+            {{- end}}
+          `}}
+      transform:
+        # Save the newest modified time to the results, overriding the full file listing that would normally be saved
+        # if no new files detected, use the last known max
+        expr: |
+          {
+            "detail": {
+              "max": string(results.?newest.modified.orValue(last_result().results.?max.orValue("now-60d"))),
+            }
+          }.toJSON()
+      display:
+        expr: results.?files.orValue([]).map(i, i.name).join(", ")
+      test:
+        expr: results.?files.orValue([]).size() ==  0
+      metrics:
+        - name: sybrin_xml_failed
+          value: results.?files.orValue([]).size()
+          type: counter
+          labels:
+            - name: folder
+              value: osc
+            - name: namespace
+              value: {{ .Release.Namespace }}
+  ```

canary-checker/docs/reference/canary-spec.mdx

@@ -2,11 +2,10 @@
 
 | Field            | Description                                                                                   | Type                                                | Required |
 | ---------------- | --------------------------------------------------------------------------------------------- | --------------------------------------------------- | -------- |
-| `env`            | Environment variables.                                                                        | `map[string]`[`VarSource`](#varsource)              |          |
-| `schedule`       | Schedule to run checks on.\Supports all cron expression.\Also supports golang duration. | `string`                                            |          |
+| `env`            | Environment variables.                                                                        | `map[string]`<CommonLink to="authentication">`EnvVar`</CommonLink>            |          |
+| `schedule`       | Schedule to run checks on.\Supports all cron expression.\Also supports golang duration. | `cron`                                            |          |
 | `icon`           | Icon to use for the check.                                                                    | `string`                                            |          |
 | `severity`       | Severity of the check.                                                                        | `string`                                            |          |
-| `owner`          | Owner of the check.                                                                           | `string`                                            |          |
 | `resultmode`     | Result mode of the check.                                                                     | `string`                                            |          |
 | `alertmanager`   | List of AlertManager checks to run.                                                           | [`[]AlertManagerCheck`](alert-manager)         |          |
 | `awsConfig`      | List of AWS Config checks to run.                                                             | [`[]AwsConfigCheck`](aws-config)               |          |
@@ -41,36 +40,3 @@
 | `s3`             | List of S3 checks to run.                                                                     | [`[]S3Check`](s3-bucket)                              |          |
 | `tcp`            | List of TCP checks to run.                                                                    | [`[]TCPCheck`](./tcp)                            |          |
 
-## Scheme Reference
-
-### VarSource
-
-| Field             | Description                                                                                                                                                                                        | Type                                            | Required |
-| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -------- |
-| `value`           |                                                                                                                                                                                                    | `string`                                        |          |
-| `fieldRef`        | Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. | [`ObjectFieldSelector`](#objectfieldselector)   |          |
-| `configMapKeyRef` | Selects a key of a ConfigMap.                                                                                                                                                                      | [`ConfigMapKeySelector`](#configmapkeyselector) |          |
-| `secretKeyRef`    | Selects a key of a secret in the pod's namespace                                                                                                                                                   | [`SecretKeySelector`](#secretkeyselector)       |          |
-
-### ObjectFieldSelector
-
-| Field        | Description                                                                   | Type     | Required |
-| ------------ | ----------------------------------------------------------------------------- | -------- | -------- |
-| `apiVersion` | Version of the schema the FieldPath is written in terms of, defaults to "v1". | `string` |          |
-| `fieldPath`  | Path of the field to select in the specified API version.                     | `string` |          |
-
-### ConfigMapKeySelector
-
-| Field      | Description                                              | Type     | Required |
-| ---------- | -------------------------------------------------------- | -------- | -------- |
-| `name`     | Name of the referent.                                    | `string` |          |
-| `key`      | The key to select.                                       | `string` |          |
-| `optional` | Specify whether the ConfigMap or its key must be defined | `bool`   |          |
-
-### SecretKeySelector
-
-| Field      | Description                                                       | Type     | Required |
-| ---------- | ----------------------------------------------------------------- | -------- | -------- |
-| `name`     | Name of the referent.                                             | `string` |          |
-| `key`      | The key of the secret to select from. Must be a valid secret key. | `string` |          |
-| `optional` | Specify whether the Secret or its key must be defined             | `bool`   |          |

canary-checker/docs/reference/cloudwatch.mdx

@@ -55,40 +55,51 @@ spec:
 
 There are 3 options when connecting to AWS:
 
-1. An AWS [instance profile](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) or [pod identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html) (the default if no `connection` or `accessKey` is specified)
-2. `connection`, this is the recommended method, connections are reusable and secure
+<Step step={1} name="AWS Instance or Pod Identity" style="list">
 
-   ```yaml title="aws-connection.yaml"
-   apiVersion: canaries.flanksource.com/v1
-   kind: Canary
-   metadata:
-     name: cloudwatch-check
-   spec:
-     interval: 30
-     cloudwatch:
-       - connection: connection://aws/internal
-         region: us-east-1 # optional if specified in the connection
-   ```
+By using the AWS [Instance Profile](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) or [Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html) (the default if no `connection` or `accessKey` is specified)
+</Step>
+<Step step={2} name="Connection" style="list">
+
+Using a shared <CommonLink to="connection">Connection</CommonLink>
+```yaml title="aws-connection.yaml"
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: cloudwatch-check
+spec:
+  interval: 30
+  cloudwatch:
+    - connection: connection://aws/internal
+      region: us-east-1 # optional if specified in the connection
+```
+</Step>
+<Step step={3} name="Inline" style="list">
+
+```yaml title="inline.yaml"
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: cloudwatch-check
+spec:
+  interval: 30
+  cloudwatch:
+    - accessKey:
+        valueFrom:
+          secretKeyRef:
+            name: aws-credentials
+            key: AWS_ACCESS_KEY_ID
+      secretKey:
+        valueFrom:
+          secretKeyRef:
+            name: aws-credentials
+            key: AWS_SECRET_ACCESS_KEY
+      region: us-east-1
+```
+
+:::warning
+Avoid inlining secrets, use `valueFrom` and <CommonLink to="authentication">EnvVar</CommonLink>
+:::
+</Step>
 
-3. `accessKey` and `secretKey` <CommonLink to="authentication">_EnvVar_</CommonLink> with the credentials stored in a secret.
 
-   ```yaml title="aws.yaml"
-   apiVersion: canaries.flanksource.com/v1
-   kind: Canary
-   metadata:
-     name: cloudwatch-check
-   spec:
-     interval: 30
-     cloudwatch:
-       - accessKey:
-           valueFrom:
-             secretKeyRef:
-               name: aws-credentials
-               key: AWS_ACCESS_KEY_ID
-         secretKey:
-           valueFrom:
-             secretKeyRef:
-               name: aws-credentials
-               key: AWS_SECRET_ACCESS_KEY
-         region: us-east-1
-   ```