{{- if .Values.prometheus.exporter.blackbox.enabled }} --- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: prometheus-blackbox-exporter spec: chart: spec: sourceRef: kind: HelmRepository name: "prometheus-community" chart: "prometheus-blackbox-exporter" install: {{- toYaml .Values.commons.helm.release.install | nindent 4 }} test: {{- toYaml .Values.commons.helm.release.test | nindent 4 }} upgrade: {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} driftDetection: {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} interval: 10m values: {{- if .Values.prometheus.exporter.blackbox.hostNetwork }} hostNetwork: true strategy: type: Recreate rollingUpdate: {{- else }} # to run icmp # Workaround: https://github.com/prometheus-community/helm-charts/issues/2360 podSecurityContext: sysctls: - name: net.ipv4.ping_group_range value: "0 65536" # securityContext: # capabilities: # add: ["NET_RAW"] {{- end }} serviceMonitor: selfMonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} labels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} {{- with .Values.prometheus.exporter.blackbox.ingress }} {{- if .enabled }} {{- $host := .host | default (printf "blackbox.exporter.%s" $.Values.commons.ingress.domain)}} ingress: enabled: true annotations: {{- with $.Values.commons.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .annotations }} {{- toYaml . | nindent 8 }} {{- end }} hosts: - host: "{{ $host }}" paths: - path: "/" pathType: Prefix {{- if $.Values.commons.ingress.tls.enabled }} tls: {{- with $.Values.commons.ingress.tls.override }} {{- toYaml . | nindent 8 }} {{- else }} - secretName: "infra-monitoring-exporter-blackbox-cert" hosts: - "{{ $host }}" {{- end }} {{- end }} {{- end }} {{- end }} config: modules: # HTTP IPv4 and IPv6 only http_2xx: prober: http http_2xx_tls_skip_verify: prober: http http: tls_config: insecure_skip_verify: true http_2xx_ipv4: prober: http http: ip_protocol_fallback: false preferred_ip_protocol: "ip4" http_2xx_ipv6: prober: http http: ip_protocol_fallback: false preferred_ip_protocol: "ip6" http_post_2xx: prober: http http: method: POST # TCP tcp_connect: prober: tcp tcp_connect_ipv4: prober: tcp tcp: ip_protocol_fallback: false preferred_ip_protocol: "ip4" tcp_connect_ipv6: prober: tcp tcp: ip_protocol_fallback: false preferred_ip_protocol: "ip6" # TLS tls_connect: prober: tcp tcp: tls: true tls_config: insecure_skip_verify: false tls_connect_tls_skip_verify: prober: tcp tcp: tls: true tls_config: insecure_skip_verify: true tls_connect_ipv4: prober: tcp tcp: tls: true tls_config: insecure_skip_verify: false ip_protocol_fallback: false preferred_ip_protocol: "ip4" tls_connect_ipv6: prober: tcp tcp: tls: true tls_config: insecure_skip_verify: false ip_protocol_fallback: false preferred_ip_protocol: "ip6" pop3s_banner: prober: tcp tcp: query_response: - expect: "^+OK" tls: true tls_config: insecure_skip_verify: false grpc: prober: grpc grpc: tls: true grpc_plain: prober: grpc grpc: tls: false service: "service1" ssh_banner: prober: tcp tcp: query_response: - expect: "^SSH-2.0-" - send: "SSH-2.0-blackbox-ssh-check" # Ping IPv4 and IPv6 only icmp: prober: icmp icmp: preferred_ip_protocol: "ip4" icmp_ipv4: prober: icmp icmp: ip_protocol_fallback: false preferred_ip_protocol: "ip4" icmp_ipv6: prober: icmp icmp: ip_protocol_fallback: false preferred_ip_protocol: "ip6" {{- end }}