ServiceRadar is a distributed network monitoring system designed for infrastructure and services in hard-to-reach places or constrained environments. It provides real-time monitoring of internal services with cloud-based alerting to ensure you stay informed even during network or power outages.
- Distributed Architecture: Multi-component design (Agent, Gateway, Core) for flexible edge deployments.
- WASM Plugin System: Securely extend monitoring with custom checks in Go or Rust. Runs in a hardware-level sandbox with zero local dependencies and proxied networking.
- SRQL: intuitive key:value syntax for querying time-series and relational data.
- Unified Data Layer: Powered by CloudNativePG, TimescaleDB, and Apache AGE for relational, time-series, and graph topology data.
- Observability: Native support for OTEL, GELF, Syslog, SNMP (polling/traps), and NetFlow.
- Graph Network Mapper: Discovery engine that maps interfaces and topology relationships via SNMP/LLDP/CDP.
- Security: Hardened with mTLS (SPIFFE/SPIRE on Kubernetes), RBAC, and SSO integration.
ServiceRadar replaces traditional "script-and-shell" plugins with a modern WebAssembly runtime. This provides a generation leap in security and portability:
| Feature | ServiceRadar (WASM) | Traditional NMS (Nagios/Zabbix) | Enterprise (SolarWinds) |
|---|---|---|---|
| Isolation | Hardware Sandbox | None (OS Process) | None (User Session) |
| Dependencies | Zero (Static Binaries) | High (Local Libs/Python) | High (.NET/Runtimes) |
| Security | Capability-based (Proxy) | Sudo/Root access | Local Admin / WMI |
| Portability | Cross-platform WASM | Script-specific | Windows-centric |
| Auditability | Every network call logged | Invisible to Agent | Opaque |
Why WASM? Plugins are "FS-less" by default. They cannot access the host filesystem or raw sockets. Instead, they use a Network Bridge where the Agent proxies specific HTTP/TCP calls based on admin-approved allowlists.
Go: https://github.com/carverauto/serviceradar-sdk-go
Rust: https://github.com/carverauto/serviceradar-sdk-rust -- Coming Soon
Get ServiceRadar running in under 5 minutes:
# Optional - set these in your .env
export SERVICERADAR_HOST=<my-vm-ip>
export GATEWAY_PUBLIC_BIND=0.0.0.0
git clone https://github.com/carverauto/serviceradar.git
cd serviceradar
docker compose up -d
# Get your admin password
docker compose logs config-updaterAccess: http://localhost (login: root@localhost)
ServiceRadar provides an official Helm chart for Kubernetes deployments, published to GHCR as an OCI artifact.
# Inspect chart metadata and default values
helm show chart oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.91
helm show values oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.91 > values.yaml
# Install a pinned release (recommended)
helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \
--version 1.0.91 \
-n serviceradar --create-namespace \
--set global.imageTag="v1.0.91"
# Track mutable images (staging/dev): pulls :latest and forces re-pull
helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \
--version 1.0.91 \
-n serviceradar --create-namespace \
--set global.imageTag="latest" \
--set global.imagePullPolicy="Always"
# Get password for 'root@localhost' user created by helm install
kubectl get secret serviceradar-secrets -n serviceradar \
-o jsonpath='{.data.admin-password}' | base64 -dNote: if you omit global.imageTag, the chart defaults to latest. Set global.imagePullPolicy=Always when you want to pick up new pushes on restart.
Docker Compose notes:
- Set
APP_TAGin.envto pin release images (example:APP_TAG=v1.0.91). - Set
COMPOSE_FILE=docker-compose.yml:docker-compose.dev.ymlin.envto default to the dev overlay without-f.
Chart URL: oci://ghcr.io/carverauto/charts/serviceradar
Notes:
- Chart versions are like
1.0.91; ServiceRadar image tags are likev1.0.91. - If your cluster requires registry credentials, set
image.registryPullSecret(defaultghcr-io-cred).
For ArgoCD deployments, use ghcr.io/carverauto/charts as the repository URL (without the oci:// prefix):
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: serviceradar
namespace: argocd
spec:
destination:
server: https://kubernetes.default.svc
namespace: serviceradar
source:
repoURL: ghcr.io/carverauto/charts
chart: serviceradar
targetRevision: "1.0.91"
helm:
values: |
global:
imageTag: "v1.0.91"- Agent: Lightweight Go service on monitored hosts; manages WASM execution and local collection.
- Agent-Gateway: Ingestion point that receives gRPC streams from edge agents.
- Core (core-elx): Control plane (Elixir/Phoenix/Ash) for orchestration, ERTS, and job scheduling (Oban).
- Web UI (web-ng): Real-time LiveView dashboard and APIs for configuration and visualization.
- NATS: NATS JetStream message broker for bulk ingestion streams.
- Collectors: Collect bulk data (netflow, logs, SNMP, etc.).
For detailed guides on setup, security, and WASM SDK usage, visit: https://docs.serviceradar.cloud
Contributions are welcome! Please feel free to submit a Pull Request. Join our Discord!
Apache 2.0 License - see the LICENSE file for details.