Skip to main content

GCSBucket

Checks the contents of a GCP bucket for size, age and count.

See Folder for a full description.

gcs-folder-check.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: gcs-bucket-check
spec:
interval: 30
spec:
folder:
- name: gcs auth test
path: gcs://somegcsbucket
minCount: 5
FieldDescriptionSchemeRequired
nameName of the checkstringYes
pathA path to a GCS bucket and folder e.g. gcs://bucket/folderstringYes
gcpConnectionConnection details for GCPGCPConnection
*All other fields available in the folder checkFolder
nameName of the check, must be unique within the canarystringYes
descriptionDescription for the checkstring
iconIcon for overwriting default icon on the dashboardstring
labelsLabels for checkmap[string]string
testEvaluate whether a check is healthyExpression
displayExpression to change the formatting of the displayExpression
transformTransform data from a check into multiple individual checksExpression
metricsMetrics to export from[]Metrics
Connection
connectionPath of an existing connection e.g. connection://aws/instance
Mutually exclusive with credentials
Connection
credentialsGCP Access Token File. Mutually exclusive with connection EnvVarYes

Connecting to GCP

There are 3 options when connecting to GCP:

  1. GKE workload identity (the default if no connection or credentials is specified)
  2. connection, this is the recommended method, connections are reusable and secure
aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
folder:
- name: gcs auth test
path: gcs://somegcsbucket
gcpConnection:
connection: connection://gcp/internal
  1. credentials EnvVar with the service account json key stored in a secret.
aws.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
folder:
- name: gcs auth test
path: gcs://somegcsbucket
gcpConnection:
credentials:
valueFrom:
secretKeyRef:
name: gcp-credentials
key: AUTH_ACCESS_TOKEN

To create the secret

kubectl create secret generic gcp-credentials --from-file=AUTH_ACCESS_TOKEN=path/to/your/SA_Key.json