Connections
AWS
| Field | Description | Type | Required |
|---|---|---|---|
connection | Mutually exclusive with accessKey and secretKey | Connections | |
accessKey | Access key | EnvVar | |
secretKey | Secret key | EnvVar | |
region | Region | string | |
endpoint | Endpoint | string | |
skipTLSVerify | Skip TLS verify | bool | |
objectPath | Object path | string | |
usePathStyle | Use path style | bool |
There are 3 options when connecting to AWS:
AWS Instance or Pod IdentityBy using the AWS Instance Profile or Pod Identity (the default if no connection or accessKey is specified)
ConnectionUsing a shared Connection
aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: cloudwatch-check
spec:
interval: 30
cloudwatch:
- connection: connection://aws/internal
region: us-east-1 # optional if specified in the connection
Inlineinline.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: cloudwatch-check
spec:
interval: 30
cloudwatch:
- accessKey:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_ACCESS_KEY_ID
secretKey:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_SECRET_ACCESS_KEY
region: us-east-1
GCP
| Field | Description | Type | Required |
|---|---|---|---|
connection | Mutually exclusive with credentials4 | Connections | |
endpoint | Endpoint | string | |
credentials | Credentials | EnvVar to service account JSON |
There are 3 options when connecting to GCP:
GKE Workload IdentityGKE workload identity (the default if no connection or credentials is specified)
Connectiongcs-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
folder:
- name: gcs auth test
path: gcs://somegcsbucket
gcpConnection:
connection: connection://gcp/internal
gcp-inline.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
folder:
- name: gcs auth test
path: gcs://somegcsbucket
gcpConnection:
credentials:
valueFrom:
secretKeyRef:
name: gcp-credentials
key: AUTH_ACCESS_TOKEN
Azure
| Field | Description | Type | Required |
|---|---|---|---|
connection | Connections | ||
clientID | Client ID | EnvVar | |
clientSecret | Client Secret | EnvVar | |
tenantID | Tenant ID | string |
SFTP
| Field | Description | Scheme |
|---|---|---|
connection | Path of existing connection e.g. connection://sftp/instanceMutually exclusive with username | Connection |
username | utually exclusive with connection | EnvVar |
password | Mutually exclusive with connection | EnvVar |
host | Custom AWS Cloudwatch endpoint | string |
port | Default to 22 | int |
SMB
| Field | Description | Scheme |
|---|---|---|
connection | Path of existing connection e.g. connection://windows/svc-account Mutually exclusive with username and password | Connections |
username | Mutually exclusive with connection | EnvVar |
password | Mutually exclusive with connection | EnvVar |
domain | Windows domain name | string |
port | Default to 445 | int |