These three monitor types cover infrastructure-level health checks: TLS certificate expiry windows, SQL database connectivity, and gRPC Health Checking Protocol.
SSL monitor SSL monitors open a TLS connection to your host, read the peer certificate’s expiry date, and map the remaining time to a status.
Configuration Field Type Default Notes hoststring— Required — hostname for TLS connection portstring"443"Port as a string; defaults to 443 degradedRemainingHoursnumber168Hours until expiry at which status becomes DEGRADED (must be > downRemainingHours) downRemainingHoursnumber24Hours until expiry at which status becomes DOWN
degradedRemainingHours must be strictly greater than downRemainingHours. Validation fails if they are equal or inverted.
Status logic Let hours = hours remaining until certificate expiry:
Condition Status hours > degradedRemainingHoursUP downRemainingHours < hours ≤ degradedRemainingHoursDEGRADED hours ≤ downRemainingHoursDOWN
Connection errors and certificate retrieval failures also return DOWN .
Example { "type" : "SSL" , "type_data" : { "host" : "example.com" , "port" : "443" , "degradedRemainingHours" : 168 , "downRemainingHours" : 24 } }
168 hours = 7 days. With these defaults, the monitor goes DEGRADED a week before expiry and DOWN one day before.
Troubleshooting
Immediate DOWN : wrong host or port, or TLS is not available on that endpointValidation fails : ensure degradedRemainingHours is strictly greater than downRemainingHoursUnexpected expiry date : verify the certificate served by SNI for that exact hostname
SQL monitor SQL monitors connect to a database, execute your query, and return UP if the query succeeds within the timeout.
Configuration Field Type Default Notes dbTypepg | mysql2 | mssql | oracledb | sqlite3pgDatabase driver connectionStringstring— Required; supports $ENV_VAR substitution querystringSELECT 1SQL to execute timeoutnumber5000Query + connection timeout in milliseconds
Status logic Outcome Status Query succeeds within timeout UP Query exceeds timeout DOWN (type: TIMEOUT)Connection or query error DOWN (type: ERROR)
Examples PostgreSQL connectivity check
MySQL connectivity check
{ "type" : "SQL" , "type_data" : { "dbType" : "pg" , "connectionString" : "postgresql://monitor:[email protected] :5432/app" , "query" : "SELECT 1" , "timeout" : 5000 } }
Use $VARIABLE_NAME in the connection string to reference environment secrets. Kener replaces them before connecting.
Troubleshooting
Timeout : increase timeout, check network latency, or optimize the queryAuth / connection errors : verify driver type, connection string format, and credentialsPermission errors : grant the monitor database user the minimum read access required
gRPC monitor gRPC monitors call the standard gRPC Health Checking Protocol (grpc.health.v1.Health/Check) and map the ServingStatus response to a monitor status.
Configuration Field Type Default Notes hoststring— Required — gRPC server hostname portnumber50051Required — gRPC server port servicestring""Fully-qualified service name; empty string checks overall server health tlsbooleanfalseUse TLS credentials timeoutnumber10000Request deadline in milliseconds
Status logic The ServingStatus from the health check response maps to:
ServingStatusKener status SERVINGUP NOT_SERVINGDOWN UNKNOWNDEGRADED SERVICE_UNKNOWNDEGRADED
Connection errors and deadline exceeded → DOWN .
Example Check overall server health
Check a specific service
{ "type" : "GRPC" , "type_data" : { "host" : "grpc.example.com" , "port" : 50051 , "tls" : true , "timeout" : 5000 } }
Your gRPC server must implement the standard grpc.health.v1.Health service. Kener embeds the health proto definition — no proto file is required on the Kener host.
Troubleshooting
Immediate DOWN : wrong host or port, service not running, or firewall blocking the connectionDEGRADED : the server returned UNKNOWN or SERVICE_UNKNOWN — verify the service name is registered with the health serviceTimeout : increase timeout or investigate network latencyTLS errors : confirm the server has a valid certificate, or set tls: false if the server uses plain text