prometheus-blackbox-exporter
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
global:
2
## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...)
3
##
4
imageRegistry: ""
5
restartPolicy: Always
6
kind: Deployment
7
## Override the namespace
8
##
9
namespaceOverride: ""
10
# Override Kubernetes version if your distribution does not follow semver v2
11
kubeVersionOverride: ""
12
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
13
releaseLabel: false
14
podDisruptionBudget: {}
15
# maxUnavailable: 0
16
17
## Allow automount the serviceaccount token for sidecar container (eg: oauthproxy)
18
automountServiceAccountToken: false
19
## Additional blackbox-exporter container environment variables
20
extraEnv: []
21
# - name: GOMAXPROCS
22
# valueFrom:
23
# resourceFieldRef:
24
# resource: limits.cpu
25
# divisor: "1"
26
# - name: HTTP_PROXY
27
# value: "http://superproxy.com:3128"
28
29
## Additional blackbox-exporter container environment variables for secret or configMap
30
extraEnvFrom: []
31
# - configMapRef:
32
# name: configMapOne
33
# - secretRef:
34
# name: secretOne
35
# - secretRef:
36
# name: secretTwo
37
38
extraVolumes: []
39
# - name: secret-blackbox-oauth-htpasswd
40
# secret:
41
# defaultMode: 420
42
# secretName: blackbox-oauth-htpasswd
43
# - name: storage-volume
44
# persistentVolumeClaim:
45
# claimName: example
46
47
## Additional volumes that will be attached to the blackbox-exporter container
48
extraVolumeMounts:
49
# - name: ca-certs
50
# mountPath: /etc/ssl/certs/ca-certificates.crt
51
52
## Additional InitContainers to initialize the pod
53
## This supports either a structured array or a templatable string
54
extraInitContainers: []
55
## This supports either a structured array or a templatable string
56
57
# Array mode
58
extraContainers: []
59
# - name: oAuth2-proxy
60
# args:
61
# - -https-address=:9116
62
# - -upstream=http://localhost:9115
63
# - -skip-auth-regex=^/metrics
64
# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}}
65
# image: openshift/oauth-proxy:v1.1.0
66
# ports:
67
# - containerPort: 9116
68
# name: proxy
69
# resources:
70
# limits:
71
# memory: 16Mi
72
# requests:
73
# memory: 4Mi
74
# cpu: 20m
75
# volumeMounts:
76
# - mountPath: /etc/prometheus/secrets/blackbox-tls
77
# name: secret-blackbox-tls
78
79
## Number of replicasets to retain ##
80
## default value is 10, 0 will not retain any replicasets and make rollbacks impossible ##
81
revisionHistoryLimit: 10
82
# String mode
83
# extraContainers: |-
84
# - name: oAuth2-proxy
85
# args:
86
# - -https-address=:9116
87
# - -upstream=http://localhost:9115
88
# - -skip-auth-regex=^/metrics
89
# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}}
90
# image: {{ .Values.global.imageRegistry }}/openshift/oauth-proxy:v1.1.0
91
hostNetwork: false
92
strategy:
93
rollingUpdate:
94
maxSurge: 1
95
maxUnavailable: 0
96
type: RollingUpdate
97
image:
98
registry: cgr.dev
99
repository: chainguard-private/prometheus-blackbox-exporter
100
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
101
tag: latest
102
pullPolicy: IfNotPresent
103
digest: sha256:5dfac82736c04251d4683e81059ef68e1e1553d6eaeecdd49af82c48e12b7eb9
104
## Optionally specify an array of imagePullSecrets.
105
## Secrets must be manually created in the namespace.
106
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
107
##
108
# pullSecrets:
109
# - myRegistrKeySecretName
110
podSecurityContext: {}
111
# fsGroup: 1000
112
113
## User and Group to run blackbox-exporter container as
114
securityContext:
115
runAsUser: 1000
116
runAsGroup: 1000
117
readOnlyRootFilesystem: true
118
runAsNonRoot: true
119
allowPrivilegeEscalation: false
120
capabilities:
121
drop: ["ALL"]
122
# Add NET_RAW to enable ICMP
123
# add: ["NET_RAW"]
124
125
livenessProbe:
126
httpGet:
127
path: /-/healthy
128
port: http
129
failureThreshold: 3
130
readinessProbe:
131
httpGet:
132
path: /-/healthy
133
port: http
134
nodeSelector: {}
135
tolerations: []
136
affinity: {}
137
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
138
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
139
topologySpreadConstraints: []
140
# - maxSkew: 1
141
# topologyKey: failure-domain.beta.kubernetes.io/zone
142
# whenUnsatisfiable: DoNotSchedule
143
# labelSelector:
144
# matchLabels:
145
# app.kubernetes.io/instance: jiralert
146
147
# if the configuration is managed as secret outside the chart, using SealedSecret for example,
148
# provide the name of the secret here. If secretConfig is set to true, configExistingSecretName will be ignored
149
# in favor of the config value.
150
configExistingSecretName: ""
151
# Store the configuration as a `Secret` instead of a `ConfigMap`, useful in case it contains sensitive data
152
secretConfig: false
153
config:
154
modules:
155
http_2xx:
156
prober: http
157
timeout: 5s
158
http:
159
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
160
follow_redirects: true
161
preferred_ip_protocol: "ip4"
162
# Set custom config path, other than default /config/blackbox.yaml. If let empty, path will be "/config/blackbox.yaml"
163
# configPath: "/foo/bar"
164
extraConfigmapMounts: []
165
# - name: certs-configmap
166
# mountPath: /etc/secrets/ssl/
167
# subPath: certificates.crt # (optional)
168
# configMap: certs-configmap
169
# readOnly: true
170
# defaultMode: 420
171
172
## Additional secret mounts
173
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
174
extraSecretMounts: []
175
# - name: secret-files
176
# mountPath: /etc/secrets
177
# secretName: blackbox-secret-files
178
# readOnly: true
179
# defaultMode: 420
180
181
resources: {}
182
# limits:
183
# memory: 300Mi
184
# requests:
185
# memory: 50Mi
186
187
priorityClassName: ""
188
service:
189
annotations: {}
190
labels: {}
191
type: ClusterIP
192
port: 9115
193
ipDualStack:
194
enabled: false
195
ipFamilies: ["IPv6", "IPv4"]
196
ipFamilyPolicy: "PreferDualStack"
197
# Only changes container port. Application port can be changed with extraArgs (--web.listen-address=:9115)
198
# https://github.com/prometheus/blackbox_exporter/blob/998037b5b40c1de5fee348ffdea8820509d85171/main.go#L55
199
containerPort: 9115
200
# Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If zero, no port is exposed.
201
# This is useful for communicating with Daemon Pods when kind is DaemonSet.
202
hostPort: 0
203
serviceAccount:
204
# Specifies whether a ServiceAccount should be created
205
create: true
206
# The name of the ServiceAccount to use.
207
# If not set and create is true, a name is generated using the fullname template
208
name:
209
annotations: {}
210
## An Ingress resource can provide name-based virtual hosting and TLS
211
## termination among other things for CouchDB deployments which are accessed
212
## from outside the Kubernetes cluster.
213
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
214
ingress:
215
enabled: false
216
className: ""
217
labels: {}
218
annotations: {}
219
# kubernetes.io/tls-acme: "true"
220
hosts:
221
## The host property on hosts and tls is passed through helm tpl function.
222
## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
223
- host: chart-example.local
224
paths:
225
- path: /
226
pathType: ImplementationSpecific
227
tls: []
228
# - secretName: chart-example-tls
229
# hosts:
230
# - chart-example.local
231
podAnnotations: {}
232
# Annotations for the Deployment
233
deploymentAnnotations: {}
234
# Annotations for the Secret
235
secretAnnotations: {}
236
# Hostaliases allow to add additional DNS entries to be injected directly into pods.
237
# This will take precedence over your implemented DNS solution
238
hostAliases: []
239
# - ip: 192.168.1.1
240
# hostNames:
241
# - test.example.com
242
# - another.example.net
243
244
pod:
245
labels: {}
246
extraArgs: []
247
# - --history.limit=1000
248
249
replicas: 1
250
serviceMonitor:
251
## If true, a ServiceMonitor CRD is created for a prometheus operator
252
## https://github.com/coreos/prometheus-operator for blackbox-exporter itself
253
##
254
selfMonitor:
255
enabled: false
256
additionalMetricsRelabels: {}
257
additionalRelabeling: []
258
labels: {}
259
path: /metrics
260
scheme: http
261
tlsConfig: {}
262
interval: 30s
263
scrapeTimeout: 30s
264
## Port can be defined by assigning a value for the port key below
265
## port:
266
## If true, a ServiceMonitor CRD is created for a prometheus operator
267
## https://github.com/coreos/prometheus-operator for each target
268
##
269
enabled: false
270
# Default values that will be used for all ServiceMonitors created by `targets`
271
defaults:
272
additionalMetricsRelabels: {}
273
additionalRelabeling: []
274
labels: {}
275
interval: 30s
276
scrapeTimeout: 30s
277
honorTimestamps: true
278
module: http_2xx
279
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
280
scheme: http
281
## path: HTTP path. Needs to be adjusted, if web.route-prefix is set
282
path: "/probe"
283
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
284
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
285
tlsConfig: {}
286
bearerTokenFile:
287
targets:
288
# - name: example # Human readable URL that will appear in Prometheus / AlertManager
289
# url: http://example.com/healthz # The URL that blackbox will scrape
290
# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI
291
# labels: {} # Map of labels for ServiceMonitor. Overrides value set in `defaults`
292
# interval: 60s # Scraping interval. Overrides value set in `defaults`
293
# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults`
294
# module: http_2xx # Module used for scraping. Overrides value set in `defaults`
295
# additionalMetricsRelabels: {} # Map of metric labels and values to add
296
# additionalRelabeling: [] # List of metric relabeling actions to run
297
298
## Custom PrometheusRules to be defined
299
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
300
prometheusRule:
301
enabled: false
302
additionalLabels: {}
303
namespace: ""
304
rules: []
305
podMonitoring:
306
## If true, a PodMonitoring CR is created for google managed prometheus
307
## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for blackbox-exporter itself
308
##
309
selfMonitor:
310
enabled: false
311
additionalMetricsRelabels: {}
312
labels: {}
313
path: /metrics
314
interval: 30s
315
scrapeTimeout: 30s
316
## If true, a PodMonitoring CR is created for a google managed prometheus
317
## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for each target
318
##
319
enabled: false
320
## Default values that will be used for all PodMonitoring created by `targets`
321
## Following PodMonitoring API specs https://github.com/GoogleCloudPlatform/prometheus-engine/blob/main/doc/api.md#scrapeendpoint
322
defaults:
323
additionalMetricsRelabels: {}
324
labels: {}
325
interval: 30s
326
scrapeTimeout: 30s
327
module: http_2xx
328
## scheme: Protocol scheme to use to scrape.
329
scheme: http
330
## path: HTTP path. Needs to be adjusted, if web.route-prefix is set
331
path: "/probe"
332
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
333
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
334
tlsConfig: {}
335
targets:
336
# - name: example # Human readable URL that will appear in Google Managed Prometheus / AlertManager
337
# url: http://example.com/healthz # The URL that blackbox will scrape
338
# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI
339
# labels: {} # Map of labels for PodMonitoring. Overrides value set in `defaults`
340
# interval: 60s # Scraping interval. Overrides value set in `defaults`
341
# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults`
342
# module: http_2xx # Module used for scraping. Overrides value set in `defaults`
343
# additionalMetricsRelabels: {} # Map of metric labels and values to add
344
345
## Network policy for chart
346
networkPolicy:
347
# Enable network policy and allow access from anywhere
348
enabled: false
349
# Limit access only from monitoring namespace
350
# Before setting this value to true, you must add the name=monitoring label to the monitoring namespace. Name can be rewritten by monitoringNamespaceName
351
# Network Policy uses label filtering
352
allowMonitoringNamespace: false
353
# Rewrite monitoring namespace in network policy (default value monitoring)
354
monitoringNamespaceName: "monitoring"
355
## dnsPolicy and dnsConfig for Deployments and Daemonsets if you want non-default settings.
356
## These will be passed directly to the PodSpec of same.
357
dnsPolicy:
358
dnsConfig:
359
# Extra manifests to deploy as an array
360
extraManifests: []
361
# - apiVersion: v1
362
# kind: ConfigMap
363
# metadata:
364
# labels:
365
# name: prometheus-extra
366
# data:
367
# extra-data: "value"
368
369
# global common labels, applied to all ressources
370
commonLabels: {}
371
# Enable vertical pod autoscaler support for prometheus-blackbox-exporter
372
verticalPodAutoscaler:
373
enabled: false
374
# Recommender responsible for generating recommendation for the object.
375
# List should be empty (then the default recommender will generate the recommendation)
376
# or contain exactly one recommender.
377
# recommenders:
378
# - name: custom-recommender-performance
379
380
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
381
controlledResources: []
382
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
383
# controlledValues: RequestsAndLimits
384
385
# Define the max allowed resources for the pod
386
maxAllowed: {}
387
# cpu: 200m
388
# memory: 100Mi
389
# Define the min allowed resources for the pod
390
minAllowed: {}
391
# cpu: 200m
392
# memory: 100Mi
393
394
updatePolicy:
395
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
396
# minReplicas: 1
397
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
398
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
399
updateMode: Auto
400
configReloader:
401
enabled: false
402
containerPort: 8080
403
config:
404
logFormat: logfmt
405
logLevel: info
406
watchInterval: 1m
407
image:
408
registry: cgr.dev
409
repository: chainguard-private/prometheus-config-reloader
410
tag: latest
411
pullPolicy: IfNotPresent
412
digest: sha256:eb239dcc1286fd751acd05884b68fff08c35ee95451eb7ba028e2bbacdd22530
413
securityContext:
414
runAsUser: 1000
415
runAsGroup: 1000
416
readOnlyRootFilesystem: true
417
runAsNonRoot: true
418
allowPrivilegeEscalation: false
419
capabilities:
420
drop: ["ALL"]
421
resources:
422
limits:
423
memory: 50Mi
424
requests:
425
cpu: 10m
426
memory: 20Mi
427
livenessProbe:
428
httpGet:
429
path: /healthz
430
port: reloader-web
431
scheme: HTTP
432
readinessProbe:
433
httpGet:
434
path: /healthz
435
port: reloader-web
436
scheme: HTTP
437
service:
438
port: 8080
439
serviceMonitor:
440
selfMonitor:
441
additionalMetricsRelabels: {}
442
additionalRelabeling: []
443
path: /metrics
444
scheme: http
445
tlsConfig: {}
446
interval: 30s
447
scrapeTimeout: 30s
448
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.