do-uptime-kubernetes-operator

GitHub Repository

DigitalOcean Uptime Monitoring, Automated from Kubernetes.

This operator watches your cluster and keeps DigitalOcean Uptime checks and alert policies in sync using Ingress annotations or `DoMonitor` CRDs.

Install with Helm Read Documentation

Ingress-Driven Monitoring

Add douz.io/do-monitor: "true" to Ingress resources and let the operator provision checks and alerts automatically.

CRD-Based Control

Use DoMonitor custom resources when you want explicit and versioned monitor configuration in Git.

Alert Channels

Configure email and Slack notifications for down, latency, and SSL expiry events from one source of truth.

Installation

Install from the public chart repository and either create a new DigitalOcean token secret from Helm values or reference an existing one.

helm repo add do-uptime-operator https://charts.douz.io
helm repo update
helm upgrade --install do-uptime-operator do-uptime-operator/do-uptime-operator \
  --namespace kube-system \
  --create-namespace \
  --set digitalocean.createSecret=true \
  --set digitalocean.token='<DIGITALOCEAN_TOKEN>'

Use an existing secret:

helm upgrade --install do-uptime-operator do-uptime-operator/do-uptime-operator \
  --namespace kube-system \
  --create-namespace \
  --set digitalocean.createSecret=false \
  --set digitalocean.existingSecret=do-token-secret

Usage

The operator supports two flows:

• Ingress annotations (douz.io/do-monitor: "true") for automatic reconciliation.
• DoMonitor resources for explicit, Git-managed monitor definitions.

Ingress flow summary:

• Reads all douz.io/do-monitor-* annotations.
• Validates notification and alert settings.
• Creates or updates one host-specific DoMonitor per Ingress host.
• Reconciles DigitalOcean monitor + alert resources from that CR.

Ingress Example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
  annotations:
    douz.io/do-monitor: "true"
    douz.io/do-monitor-email: "your-email@example.com"
    douz.io/do-monitor-slack-webhook: "https://hooks.slack.com/services/T000/B000/XXXX"
    douz.io/do-monitor-slack-channel: "#your-slack-channel"
    douz.io/do-monitor-latency-threshold: "200"
    douz.io/do-monitor-latency-period: "2m"
    douz.io/do-monitor-ssl-expiry: "30"
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: example-service
                port:
                  number: 80

DoMonitor Example

apiVersion: douz.io/v1
kind: DoMonitor
metadata:
  name: ingress-test-default-domonitor
  namespace: default
spec:
  ingressName: ingress-test
  host: example.com
  config:
    email: your-email@example.com
    emailAlert: true
    slackWebhook: https://hooks.slack.com/services/...
    slackChannel: #your-slack-channel
    slackAlert: true
    latencyThreshold: 200
    latencyPeriod: 2m
    sslExpiryPeriod: 30

Ingress Annotation Reference

Annotation	Description
douz.io/do-monitor	Set to "true" to enable monitoring for an Ingress.
douz.io/do-monitor-email	Notification email (must be verified in DigitalOcean).
douz.io/do-monitor-slack-webhook	Slack webhook URL for alert delivery.
douz.io/do-monitor-slack-channel	Slack channel, for example #alerts.
douz.io/do-monitor-latency-threshold	Latency threshold in milliseconds.
douz.io/do-monitor-latency-period	Latency evaluation window (for example 2m).
douz.io/do-monitor-ssl-expiry	Days before SSL cert expiry to trigger alert.

Validation rules enforced by the operator:

• At least one channel: email or Slack webhook is required.
• If Slack webhook is set, Slack channel is required.
• If latency threshold is set, latency period is required.
• Latency threshold and SSL expiry values must be integers.

Project Links

• Source Code
• README
• Contributing
• Security Policy
• Helm Repository