Skip to main content
Verification allows you to validate that a deployment is healthy after it completes. Ctrlplane can automatically run verification checks by querying metrics from external providers and evaluating success conditions.

Overview

Why Use Verification?

Verification helps you:
  • Catch Issues Early - Detect problems before they impact users
  • Automate Rollbacks - Trigger rollback policies when verification fails
  • Build Confidence - Ensure deployments meet quality standards
  • Gate Promotions - Block progression to production until QA verifies
  • Environment-Specific Checks - Run different verifications per environment

Basic Configuration

Add a verification rule to your policy:

Environment-Specific Verifications

Different environments can have completely different verification requirements:

Reusable Verification with Selectors

Use policy selectors to apply the same verification across multiple deployments or environments:

Progressive Delivery Gates

Use verification to gate promotion through environments:

Metric Configuration

Metric Properties

metrics[].name
string
required
Unique name for this verification metric. Used for identification in logs and UI.
metrics[].intervalSeconds
integer
required
Seconds between each measurement. For example, 30 means check every 30 seconds.
metrics[].count
integer
required
Total number of measurements to take. Combined with intervalSeconds, this determines the verification duration.
metrics[].provider
object
required
Configuration for the metric provider (HTTP, Datadog, etc.). See provider-specific documentation for available options.
metrics[].successCondition
string
required
CEL expression evaluated against the provider response. Returns true for success. Example: result.ok && result.statusCode == 200
metrics[].failureCondition
string
Optional CEL expression for explicit failure. If matched, verification fails immediately without waiting for more measurements.
metrics[].failureThreshold
integer
default:"0"
Number of consecutive failures allowed before the metric is considered failed. Set to 0 for no tolerance (fail on first failure).
metrics[].successThreshold
integer
default:"1"
Number of consecutive successes required before the metric is considered passed.

Metric Providers

Ctrlplane supports multiple metric providers for collecting verification data. Each provider has its own configuration and capabilities: See the individual provider documentation for detailed configuration options, examples, and best practices.

Template Variables

Provider configurations, success conditions, and failure conditions all support Go templates with access to deployment context:

Templated Conditions

Success and failure conditions can also use Go templates, which are rendered before CEL evaluation:

Storing Secrets in Variables

For sensitive values like API keys, use deployment variables:
  1. Create a deployment variable:
  1. Set the value:
  1. Reference in verification config:

Success Conditions (CEL)

Success conditions are written in CEL (Common Expression Language). The measurement data is available as the result variable.

Verification Lifecycle

1. Policy Evaluation

When a job completes, Ctrlplane evaluates policies to determine which verifications apply based on the policy selectors.

2. Verification Starts

If a matching policy has verification rules, Ctrlplane creates a verification record and starts the measurement process.

3. Measurements Taken

For each configured metric, measurements are taken at the specified interval:

4. Verification Result

  • Passed: All measurements passed, or failures stayed below failureLimit
  • Failed: Failures exceeded failureLimit

5. Policy Action

Based on the verification result, the policy can:
  • Allow promotion to the next environment
  • Trigger rollback to a previous version
  • Block release until manual intervention

Verification Status

Best Practices

Timing Recommendations

Failure Limits

Environment-Specific Recommendations

Troubleshooting

Verification always fails

  • Check if the provider can reach the target (network, DNS)
  • Verify API credentials are correct
  • Test the query manually
  • Review measurement data for unexpected values
  • Check if success condition is too strict

Verification not running

  • Verify the policy selector matches the release target
  • Check that the policy is enabled
  • Review policy evaluation logs
  • Ensure verification is configured in the policy rules

Wrong verification applied

  • Review policy selectors
  • Check policy priority/ordering
  • Verify environment and metadata values
  • Review which policies matched the release

Provider Documentation

For detailed information about each metric provider, see:

Next Steps