--- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: blackbox-exporter namespace: monitoring spec: interval: 5m chart: spec: chart: prometheus-blackbox-exporter version: 6.0.0 sourceRef: kind: HelmRepository name: prometheus-community-charts namespace: flux-system interval: 15m install: createNamespace: true remediation: retries: 5 upgrade: remediation: retries: 5 values: fullnameOverride: blackbox-exporter image: repository: quay.io/prometheus/blackbox-exporter allowIcmp: true podAnnotations: configmap.reloader.stakater.com/reload: "blackbox-exporter" config: modules: icmp: prober: icmp timeout: 30s icmp: preferred_ip_protocol: "ip4" http_2xx: prober: http timeout: 30s http: valid_http_versions: ["HTTP/1.0", "HTTP/1.1", "HTTP/2.0"] no_follow_redirects: false preferred_ip_protocol: "ip4" tcp_connect: prober: tcp timeout: 30s serviceMonitor: enabled: true defaults: labels: release: prometheus interval: 2m scrapeTimeout: 30s targets: - module: http_2xx name: opnsense-http url: "https://opnsense.${SECRET_DOMAIN}" - module: http_2xx name: truenas-http url: "https://truenas.${SECRET_DOMAIN}" - module: http_2xx name: truenas-remote-http url: "https://truenas-remote.${SECRET_DOMAIN}" - name: truenas-icmp url: "${LOCAL_LAN_TRUENAS}" module: icmp - name: truenas-remote-icmp url: "${LOCAL_LAN_TRUENAS_REMOTE}" module: icmp - name: openmediavault-icmp url: "${LOCAL_LAN_OPENMEDIAVAULT}" module: icmp - name: k3s-master-icmp url: "${LOCAL_LAN_K3SSERVER}" module: icmp - name: k3s-worker1-icmp url: "${LOCAL_LAN_K3SWORKER1}" module: icmp - name: k3s-worker2-icmp url: "${LOCAL_LAN_K3SWORKER2}" module: icmp - name: k3s-worker3-icmp url: "${LOCAL_LAN_K3SWORKER3}" module: icmp prometheusRule: enabled: true additionalLabels: app: prometheus-operator release: prometheus rules: - alert: BlackboxSslCertificateWillExpireSoon expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 3 for: 15m labels: severity: critical annotations: description: |- The SSL certificate for {{"{{ $labels.target }}"}} will expire in less than 3 days - alert: BlackboxSslCertificateExpired expr: probe_ssl_earliest_cert_expiry - time() <= 0 for: 15m labels: severity: critical annotations: description: |- The SSL certificate for {{"{{ $labels.target }}"}} has expired - alert: BlackboxProbeFailed expr: probe_success == 0 for: 15m labels: severity: critical annotations: description: |- The host {{"{{ $labels.target }}"}} is currently unreachable - alert: SlowResponseTime annotations: message: The response time for {{"{{ $labels.target }}"}} has been greater than 30 seconds for 5 minutes. expr: probe_duration_seconds > 30 for: 15m labels: severity: warning ingress: enabled: true className: nginx annotations: nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify" nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}" hosts: - host: "blackbox.${SECRET_CLUSTER_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - "blackbox.${SECRET_CLUSTER_DOMAIN}"