Alerting
Flagger can be configured to send alerts to various chat platforms. You can define a global alert provider at install time or configure alerts on a per canary basis.
Flagger can be configured to send Slack notifications:
helm upgrade -i flagger flagger/flagger \--set slack.url=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK \--set slack.channel=general \--set slack.user=flagger
Once configured with a Slack incoming webhook, Flagger will post messages when a canary deployment has been initialised, when a new revision has been detected and if the canary analysis failed or succeeded.
A canary deployment will be rolled back if the progress deadline exceeded or if the analysis reached the maximum number of failed checks:
Flagger can be configured to send notifications to Microsoft Teams:
helm upgrade -i flagger flagger/flagger \--set msteams.url=https://outlook.office.com/webhook/YOUR/TEAMS/WEBHOOK
Similar to Slack, Flagger alerts on canary analysis events:
Configuring alerting globally has several limitations as it's not possible to specify different channels or configure the verbosity on a per canary basis. To make the alerting move flexible, the canary analysis can be extended with a list of alerts that reference an alert provider. For each alert, users can configure the severity level. The alerts section overrides the global setting.
Slack example:
apiVersion: flagger.app/v1beta1kind: AlertProvidermetadata:name: on-callnamespace: flaggerspec:type: slackchannel: on-call-alertsusername: flagger# webhook address (ignored if secretRef is specified)address: https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK# secret containing the webhook address (optional)secretRef:name: on-call-url---apiVersion: v1kind: Secretmetadata:name: on-call-urlnamespace: flaggerdata:address: <encoded-url>
The alert provider type can be: slack, msteams, rocket or discord. When set to discord, Flagger will use Slack formatting and will append /slack to the Discord address.
When not specified, channel defaults to general and username defaults to flagger.
When secretRef is specified, the Kubernetes secret must contain a data field named address, the address in the secret will take precedence over the address field in the provider spec.
The canary analysis can have a list of alerts, each alert referencing an alert provider:
analysis:alerts:- name: "on-call Slack"severity: errorproviderRef:name: on-callnamespace: flagger- name: "qa Discord"severity: warnproviderRef:name: qa-discord- name: "dev MS Teams"severity: infoproviderRef:name: dev-msteams
Alert fields:
name (required)
severity levels:
info,warn,error(default info)providerRef.name alert provider name (required)
providerRef.namespace alert provider namespace (defaults to the canary namespace)
When the severity is set to warn, Flagger will alert when waiting on manual confirmation or if the analysis fails. When the severity is set to error, Flagger will alert only if the canary analysis fails.
You can use Alertmanager to trigger alerts when a canary deployment failed:
- alert: canary_rollbackexpr: flagger_canary_status > 1for: 1mlabels:severity: warningannotations:summary: "Canary failed"description: "Workload {{ $labels.name }} namespace {{ $labels.namespace }}"
