prometheus-blackbox-exporter
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
global:
2
## Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...)
3
##
4
imageRegistry: ""
5
restartPolicy: Always
6
kind: Deployment
7
## Override the namespace
8
##
9
namespaceOverride: ""
10
# Override Kubernetes version if your distribution does not follow semver v2
11
kubeVersionOverride: ""
12
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
13
releaseLabel: false
14
podDisruptionBudget: {}
15
# maxUnavailable: 0
16
17
## Allow automount the serviceaccount token for sidecar container (eg: oauthproxy)
18
automountServiceAccountToken: false
19
## Additional blackbox-exporter container environment variables
20
extraEnv: []
21
# - name: GOMAXPROCS
22
# valueFrom:
23
# resourceFieldRef:
24
# resource: limits.cpu
25
# divisor: "1"
26
# - name: HTTP_PROXY
27
# value: "http://superproxy.com:3128"
28
29
## Additional blackbox-exporter container environment variables for secret or configMap
30
extraEnvFrom: []
31
# - configMapRef:
32
# name: configMapOne
33
# - secretRef:
34
# name: secretOne
35
# - secretRef:
36
# name: secretTwo
37
38
extraVolumes: []
39
# - name: secret-blackbox-oauth-htpasswd
40
# secret:
41
# defaultMode: 420
42
# secretName: blackbox-oauth-htpasswd
43
# - name: storage-volume
44
# persistentVolumeClaim:
45
# claimName: example
46
47
## Additional volumes that will be attached to the blackbox-exporter container
48
extraVolumeMounts:
49
# - name: ca-certs
50
# mountPath: /etc/ssl/certs/ca-certificates.crt
51
52
## Additional InitContainers to initialize the pod
53
## This supports either a structured array or a templatable string
54
extraInitContainers: []
55
## This supports either a structured array or a templatable string
56
57
# Array mode
58
extraContainers: []
59
# - name: oAuth2-proxy
60
# args:
61
# - -https-address=:9116
62
# - -upstream=http://localhost:9115
63
# - -skip-auth-regex=^/metrics
64
# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}}
65
# image: openshift/oauth-proxy:v1.1.0
66
# ports:
67
# - containerPort: 9116
68
# name: proxy
69
# resources:
70
# limits:
71
# memory: 16Mi
72
# requests:
73
# memory: 4Mi
74
# cpu: 20m
75
# volumeMounts:
76
# - mountPath: /etc/prometheus/secrets/blackbox-tls
77
# name: secret-blackbox-tls
78
79
## Number of replicasets to retain ##
80
## default value is 10, 0 will not retain any replicasets and make rollbacks impossible ##
81
revisionHistoryLimit: 10
82
# String mode
83
# extraContainers: |-
84
# - name: oAuth2-proxy
85
# args:
86
# - -https-address=:9116
87
# - -upstream=http://localhost:9115
88
# - -skip-auth-regex=^/metrics
89
# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}}
90
# image: {{ .Values.global.imageRegistry }}/openshift/oauth-proxy:v1.1.0
91
hostNetwork: false
92
strategy:
93
rollingUpdate:
94
maxSurge: 1
95
maxUnavailable: 0
96
type: RollingUpdate
97
image:
98
registry: cgr.dev
99
repository: chainguard-private/prometheus-blackbox-exporter
100
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
101
tag: latest
102
pullPolicy: IfNotPresent
103
digest: sha256:285dd7ae4be91e439ce0f725019b03e8b909c2fdd75e41fec710da1ed6206452
104
## Optionally specify an array of imagePullSecrets.
105
## Secrets must be manually created in the namespace.
106
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
107
##
108
# pullSecrets:
109
# - myRegistrKeySecretName
110
podSecurityContext: {}
111
# fsGroup: 1000
112
113
## User and Group to run blackbox-exporter container as
114
securityContext:
115
runAsUser: 1000
116
runAsGroup: 1000
117
readOnlyRootFilesystem: true
118
runAsNonRoot: true
119
allowPrivilegeEscalation: false
120
capabilities:
121
drop: ["ALL"]
122
# Add NET_RAW to enable ICMP
123
# add: ["NET_RAW"]
124
125
livenessProbe:
126
httpGet:
127
path: /-/healthy
128
port: http
129
failureThreshold: 3
130
readinessProbe:
131
httpGet:
132
path: /-/healthy
133
port: http
134
nodeSelector: {}
135
tolerations: []
136
affinity: {}
137
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
138
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
139
topologySpreadConstraints: []
140
# - maxSkew: 1
141
# topologyKey: failure-domain.beta.kubernetes.io/zone
142
# whenUnsatisfiable: DoNotSchedule
143
# labelSelector:
144
# matchLabels:
145
# app.kubernetes.io/instance: jiralert
146
147
# if the configuration is managed as secret outside the chart, using SealedSecret for example,
148
# provide the name of the secret here. If secretConfig is set to true, configExistingSecretName will be ignored
149
# in favor of the config value.
150
configExistingSecretName: ""
151
# Store the configuration as a `Secret` instead of a `ConfigMap`, useful in case it contains sensitive data
152
secretConfig: false
153
config:
154
modules:
155
http_2xx:
156
prober: http
157
timeout: 5s
158
http:
159
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
160
follow_redirects: true
161
preferred_ip_protocol: "ip4"
162
# Set custom config path, other than default /config/blackbox.yaml. If let empty, path will be "/config/blackbox.yaml"
163
# configPath: "/foo/bar"
164
extraConfigmapMounts: []
165
# - name: certs-configmap
166
# mountPath: /etc/secrets/ssl/
167
# subPath: certificates.crt # (optional)
168
# configMap: certs-configmap
169
# readOnly: true
170
# defaultMode: 420
171
172
## Additional secret mounts
173
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
174
extraSecretMounts: []
175
# - name: secret-files
176
# mountPath: /etc/secrets
177
# secretName: blackbox-secret-files
178
# readOnly: true
179
# defaultMode: 420
180
181
resources: {}
182
# limits:
183
# memory: 300Mi
184
# requests:
185
# memory: 50Mi
186
187
priorityClassName: ""
188
service:
189
annotations: {}
190
labels: {}
191
type: ClusterIP
192
port: 9115
193
ipDualStack:
194
enabled: false
195
ipFamilies: ["IPv6", "IPv4"]
196
ipFamilyPolicy: "PreferDualStack"
197
# Only changes container port. Application port can be changed with extraArgs (--web.listen-address=:9115)
198
# https://github.com/prometheus/blackbox_exporter/blob/998037b5b40c1de5fee348ffdea8820509d85171/main.go#L55
199
containerPort: 9115
200
# Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If zero, no port is exposed.
201
# This is useful for communicating with Daemon Pods when kind is DaemonSet.
202
hostPort: 0
203
serviceAccount:
204
# Specifies whether a ServiceAccount should be created
205
create: true
206
# The name of the ServiceAccount to use.
207
# If not set and create is true, a name is generated using the fullname template
208
name:
209
annotations: {}
210
## An Ingress resource can provide name-based virtual hosting and TLS
211
## termination among other things for CouchDB deployments which are accessed
212
## from outside the Kubernetes cluster.
213
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
214
ingress:
215
enabled: false
216
className: ""
217
labels: {}
218
annotations: {}
219
# kubernetes.io/tls-acme: "true"
220
hosts:
221
## The host property on hosts and tls is passed through helm tpl function.
222
## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
223
- host: chart-example.local
224
paths:
225
- path: /
226
pathType: ImplementationSpecific
227
tls: []
228
# - secretName: chart-example-tls
229
# hosts:
230
# - chart-example.local
231
## A HTTPRoute (Gateway API) resource is an alternative to Ingress for routing
232
## external HTTP traffic to the blackbox exporter Service.
233
## ref: https://gateway-api.sigs.k8s.io/api-types/httproute/
234
route:
235
main:
236
## Enable this route
237
enabled: false
238
## ApiVersion set by default to "gateway.networking.k8s.io/v1"
239
apiVersion: ""
240
## kind set by default to HTTPRoute
241
kind: ""
242
## Optional name for the default rule in the rendered HTTPRoute.
243
name: ""
244
## Annotations to attach to the HTTPRoute resource
245
annotations: {}
246
## Labels to attach to the HTTPRoute resource
247
labels: {}
248
## ParentRefs refers to resources this HTTPRoute is to be attached to (Gateways)
249
parentRefs: []
250
# - name: contour
251
# sectionName: http
252
253
## Hostnames (templated) defines a set of hostnames that should match against the HTTP Host
254
## header to select a HTTPRoute used to process the request
255
hostnames: []
256
# - my.example.com
257
258
## additionalRules (templated) allows adding custom rules to the route
259
additionalRules: []
260
## Filters define the filters that are applied to requests that match
261
## this rule
262
filters: []
263
## Matches define conditions used for matching the rule against incoming
264
## HTTP requests
265
matches:
266
- path:
267
type: PathPrefix
268
value: /
269
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
270
## To redirect HTTP traffic to HTTPS, you need to have a Gateway with both HTTP and HTTPS listeners.
271
## Matches and filters do not take effect if enabled.
272
## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/
273
httpsRedirect: false
274
podAnnotations: {}
275
# Annotations for the Deployment
276
deploymentAnnotations: {}
277
# Annotations for the Secret
278
secretAnnotations: {}
279
# Hostaliases allow to add additional DNS entries to be injected directly into pods.
280
# This will take precedence over your implemented DNS solution
281
hostAliases: []
282
# - ip: 192.168.1.1
283
# hostNames:
284
# - test.example.com
285
# - another.example.net
286
287
pod:
288
labels: {}
289
extraArgs: []
290
# - --history.limit=1000
291
292
replicas: 1
293
serviceMonitor:
294
## If true, a ServiceMonitor CRD is created for a prometheus operator
295
## https://github.com/coreos/prometheus-operator for blackbox-exporter itself
296
##
297
selfMonitor:
298
enabled: false
299
additionalMetricsRelabels: {}
300
additionalRelabeling: []
301
labels: {}
302
path: /metrics
303
scheme: http
304
tlsConfig: {}
305
interval: 30s
306
scrapeTimeout: 30s
307
## Port can be defined by assigning a value for the port key below
308
## port:
309
## If true, a ServiceMonitor CRD is created for a prometheus operator
310
## https://github.com/coreos/prometheus-operator for each target
311
##
312
enabled: false
313
# Default values that will be used for all ServiceMonitors created by `targets`
314
defaults:
315
additionalMetricsRelabels: {}
316
additionalRelabeling: []
317
labels: {}
318
interval: 30s
319
scrapeTimeout: 30s
320
honorTimestamps: true
321
module: http_2xx
322
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
323
scheme: http
324
## path: HTTP path. Needs to be adjusted, if web.route-prefix is set
325
path: "/probe"
326
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
327
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
328
tlsConfig: {}
329
bearerTokenFile:
330
targets:
331
# - name: example # Human readable URL that will appear in Prometheus / AlertManager
332
# url: http://example.com/healthz # The URL that blackbox will scrape
333
# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI
334
# labels: {} # Map of labels for ServiceMonitor. Overrides value set in `defaults`
335
# interval: 60s # Scraping interval. Overrides value set in `defaults`
336
# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults`
337
# module: http_2xx # Module used for scraping. Overrides value set in `defaults`
338
# additionalMetricsRelabels: {} # Map of metric labels and values to add
339
# additionalRelabeling: [] # List of metric relabeling actions to run
340
341
## Custom PrometheusRules to be defined
342
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
343
prometheusRule:
344
enabled: false
345
additionalLabels: {}
346
namespace: ""
347
rules: []
348
podMonitoring:
349
## If true, a PodMonitoring CR is created for google managed prometheus
350
## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for blackbox-exporter itself
351
##
352
selfMonitor:
353
enabled: false
354
additionalMetricsRelabels: {}
355
labels: {}
356
path: /metrics
357
interval: 30s
358
scrapeTimeout: 30s
359
## If true, a PodMonitoring CR is created for a google managed prometheus
360
## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for each target
361
##
362
enabled: false
363
## Default values that will be used for all PodMonitoring created by `targets`
364
## Following PodMonitoring API specs https://github.com/GoogleCloudPlatform/prometheus-engine/blob/main/doc/api.md#scrapeendpoint
365
defaults:
366
additionalMetricsRelabels: {}
367
labels: {}
368
interval: 30s
369
scrapeTimeout: 30s
370
module: http_2xx
371
## scheme: Protocol scheme to use to scrape.
372
scheme: http
373
## path: HTTP path. Needs to be adjusted, if web.route-prefix is set
374
path: "/probe"
375
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
376
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
377
tlsConfig: {}
378
targets:
379
# - name: example # Human readable URL that will appear in Google Managed Prometheus / AlertManager
380
# url: http://example.com/healthz # The URL that blackbox will scrape
381
# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI
382
# labels: {} # Map of labels for PodMonitoring. Overrides value set in `defaults`
383
# interval: 60s # Scraping interval. Overrides value set in `defaults`
384
# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults`
385
# module: http_2xx # Module used for scraping. Overrides value set in `defaults`
386
# additionalMetricsRelabels: {} # Map of metric labels and values to add
387
388
## Network policy for chart
389
networkPolicy:
390
# Enable network policy and allow access from anywhere
391
enabled: false
392
# Limit access only from monitoring namespace
393
# Before setting this value to true, you must add the name=monitoring label to the monitoring namespace. Name can be rewritten by monitoringNamespaceName
394
# Network Policy uses label filtering
395
allowMonitoringNamespace: false
396
# Rewrite monitoring namespace in network policy (default value monitoring)
397
monitoringNamespaceName: "monitoring"
398
## dnsPolicy and dnsConfig for Deployments and Daemonsets if you want non-default settings.
399
## These will be passed directly to the PodSpec of same.
400
dnsPolicy:
401
dnsConfig:
402
# Extra manifests to deploy as an array
403
extraManifests: []
404
# - apiVersion: v1
405
# kind: ConfigMap
406
# metadata:
407
# labels:
408
# name: prometheus-extra
409
# data:
410
# extra-data: "value"
411
412
# global common labels, applied to all resources
413
commonLabels: {}
414
# Enable vertical pod autoscaler support for prometheus-blackbox-exporter
415
verticalPodAutoscaler:
416
enabled: false
417
# Recommender responsible for generating recommendation for the object.
418
# List should be empty (then the default recommender will generate the recommendation)
419
# or contain exactly one recommender.
420
# recommenders:
421
# - name: custom-recommender-performance
422
423
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
424
controlledResources: []
425
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
426
# controlledValues: RequestsAndLimits
427
428
# Define the max allowed resources for the pod
429
maxAllowed: {}
430
# cpu: 200m
431
# memory: 100Mi
432
# Define the min allowed resources for the pod
433
minAllowed: {}
434
# cpu: 200m
435
# memory: 100Mi
436
437
updatePolicy:
438
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
439
# minReplicas: 1
440
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
441
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
442
updateMode: Auto
443
configReloader:
444
enabled: false
445
containerPort: 8080
446
config:
447
logFormat: logfmt
448
logLevel: info
449
watchInterval: 1m
450
image:
451
registry: cgr.dev
452
repository: chainguard-private/prometheus-config-reloader
453
tag: latest
454
pullPolicy: IfNotPresent
455
digest: sha256:e577ca8ad74880486d549548ab42a7205d02f845baa177640d932d3728e0395e
456
securityContext:
457
runAsUser: 1000
458
runAsGroup: 1000
459
readOnlyRootFilesystem: true
460
runAsNonRoot: true
461
allowPrivilegeEscalation: false
462
capabilities:
463
drop: ["ALL"]
464
resources:
465
limits:
466
memory: 50Mi
467
requests:
468
cpu: 10m
469
memory: 20Mi
470
livenessProbe:
471
httpGet:
472
path: /healthz
473
port: reloader-web
474
scheme: HTTP
475
readinessProbe:
476
httpGet:
477
path: /healthz
478
port: reloader-web
479
scheme: HTTP
480
service:
481
port: 8080
482
serviceMonitor:
483
selfMonitor:
484
additionalMetricsRelabels: {}
485
additionalRelabeling: []
486
path: /metrics
487
scheme: http
488
tlsConfig: {}
489
interval: 30s
490
scrapeTimeout: 30s
491
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.