---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app blackbox-exporter
spec:
  interval: 30m
  chart:
    spec:
      chart: prometheus-blackbox-exporter
      version: 9.4.0
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  values:
    fullnameOverride: *app
    ingress:
      enabled: true
      className: internal
      hosts:
        - host: blackbox-exporter.${SECRET_EXTERNAL_DOMAIN}
          paths:
            - path: /
              pathType: Prefix
    securityContext:
      readOnlyRootFilesystem: true
      allowPrivilegeEscalation: false
      capabilities:
        add: [NET_RAW]
    config:
      modules:
        http_2xx:
          prober: http
          timeout: 5s
          http:
            valid_http_versions: [HTTP/1.1, HTTP/2.0]
            follow_redirects: true
            preferred_ip_protocol: ipv4
        icmp:
          prober: icmp
          timeout: 5s
          icmp:
            preferred_ip_protocol: ipv4
        tcp_connect:
          prober: tcp
          timeout: 5s
          tcp:
            preferred_ip_protocol: ipv4
    serviceMonitor:
      enabled: true
      defaults:
        interval: 1m
        scrapeTimeout: 10s
    prometheusRule:
      enabled: true
      rules:
        - alert: BlackboxProbeFailed
          expr: probe_success == 0
          for: 15m
          labels:
            severity: critical
          annotations:
            summary: |-
              The host {{ $labels.target }} is currently unreachable