auricom-home-cluster/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: blackbox-exporter
  namespace: monitoring
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://prometheus-community.github.io/helm-charts
      chart: prometheus-blackbox-exporter
      version: 5.0.3
      sourceRef:
        kind: HelmRepository
        name: prometheus-community-charts
        namespace: flux-system
      interval: 5m
  values:
    allowIcmp: true

    config:
      modules:
        icmp:
          prober: icmp
          timeout: 30s
          icmp:
            preferred_ip_protocol: "ip4"
        http_2xx:
          prober: http
          timeout: 30s
          http:
            valid_http_versions: ["HTTP/1.0", "HTTP/1.1", "HTTP/2.0"]
            no_follow_redirects: false
            preferred_ip_protocol: "ip4"
        tcp_connect:
          prober: tcp
          timeout: 30s

    serviceMonitor:
      enabled: true
      defaults:
        labels:
          release: prometheus
        interval: 2m
        scrapeTimeout: 30s
      targets:
        - name: truenas
          url: "${LOCAL_LAN_TRUENAS}"
          module: icmp
        - name: truenas-remote
          url: "${LOCAL_LAN_TRUENAS_REMOTE}"
          module: icmp
        - name: borgbackup
          url: "${LOCAL_LAN_BORGBACKUP}"
          module: icmp
        - name: k3s-server
          url: "${LOCAL_LAN_K3SSERVER}"
          module: icmp
        - name: k3s-worker1
          url: "${LOCAL_LAN_K3SWORKER1}"
          module: icmp
        - name: k3s-worker2
          url: "${LOCAL_LAN_K3SWORKER2}"
          module: icmp
        - name: k3s-worker3
          url: "${LOCAL_LAN_K3SWORKER3}"
          module: icmp

    prometheusRule:
      enabled: true
      additionalLabels:
        app: prometheus-operator
        release: prometheus
      rules:
        - alert: HostDown
          expr: probe_success == 0
          for: 10m
          labels:
            severity: critical
          annotations:
            message: The host {{"{{ $labels.target }}"}} is currently unreachable
        - alert: SlowResponseTime
          annotations:
            message: The response time for {{"{{ $labels.target }}"}} has been greater than 30 seconds for 5 minutes.
          expr: probe_duration_seconds > 30
          for: 15m
          labels:
            severity: warning

    ingress:
      enabled: true
      annotations:
        nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
        nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
        # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
      hosts:
        - host: "blackbox.${SECRET_CLUSTER_DOMAIN}"
          paths:
            - path: /
              pathType: Prefix
      tls:
        - hosts:
            - "blackbox.${SECRET_CLUSTER_DOMAIN}"
          secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"

  postRenderers:
    - kustomize:
        patchesJson6902:
          - target:
              kind: Ingress
              name: blackbox-exporter-prometheus-blackbox-exporter
            patch:
              - op: add
                path: /spec/ingressClassName
                value: nginx