diff --git a/.github/workflows/helm-prometheus-blackbox-exporter.yaml b/.github/workflows/helm-prometheus-blackbox-exporter.yaml index 0a7f1157..adb6314a 100644 --- a/.github/workflows/helm-prometheus-blackbox-exporter.yaml +++ b/.github/workflows/helm-prometheus-blackbox-exporter.yaml @@ -31,7 +31,7 @@ jobs: ${{ steps.helm.outputs.helm-path }} template prometheus-blackbox-exporter prometheus-community/prometheus-blackbox-exporter \ --create-namespace \ --namespace=prometheus \ - -f ${{ github.workspace }}//base-helm-configs/prometheus-blackbox-exporter/values.yaml \ + -f ${{ github.workspace }}//base-helm-configs/prometheus-blackbox-exporter/prometheus-blackbox-exporter-helm-overrides.yaml \ -f ${{ github.workspace }}//base-helm-configs/prometheus-blackbox-exporter/probe_targets.yaml \ --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ --post-renderer-args prometheus-blackbox-exporter/${{ matrix.overlays }} > /tmp/rendered.yaml diff --git a/base-helm-configs/prometheus-blackbox-exporter/prometheus-blackbox-exporter-helm-overrides.yaml b/base-helm-configs/prometheus-blackbox-exporter/prometheus-blackbox-exporter-helm-overrides.yaml new file mode 100644 index 00000000..cb44c4ab --- /dev/null +++ b/base-helm-configs/prometheus-blackbox-exporter/prometheus-blackbox-exporter-helm-overrides.yaml @@ -0,0 +1,19 @@ +## Enable pod security policy +--- +pspEnabled: true + +nodeSelector: + openstack-control-plane: enabled + +config: + modules: + http_2xx: + http: + valid_status_codes: + - 200 + - 202 + - 204 + - 300 + +selfMonitor: + enabled: true diff --git a/base-helm-configs/prometheus-blackbox-exporter/values.yaml b/base-helm-configs/prometheus-blackbox-exporter/values.yaml deleted file mode 100644 index cff68ce6..00000000 --- a/base-helm-configs/prometheus-blackbox-exporter/values.yaml +++ /dev/null @@ -1,484 +0,0 @@ -global: - ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) - ## - imageRegistry: "" - -restartPolicy: Always - -kind: Deployment - -## Override the namespace -## -namespaceOverride: "" - -# Override Kubernetes version if your distribution does not follow semver v2 -kubeVersionOverride: "" - -## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box -releaseLabel: false - -podDisruptionBudget: {} -# maxUnavailable: 0 - -## Allow automount the serviceaccount token for sidecar container (eg: oauthproxy) -automountServiceAccountToken: false - -## Additional blackbox-exporter container environment variables -## For instance to add a http_proxy -## -## extraEnv: -## HTTP_PROXY: "http://superproxy.com:3128" -## NO_PROXY: "localhost,127.0.0.1" -extraEnv: {} - -## Additional blackbox-exporter container environment variables for secret -## extraEnvFromSecret: -## - secretOne -## - secretTwo -extraEnvFromSecret: "" - -extraVolumes: [] - # - name: secret-blackbox-oauth-htpasswd - # secret: - # defaultMode: 420 - # secretName: blackbox-oauth-htpasswd - # - name: storage-volume - # persistentVolumeClaim: -# claimName: example - -## Additional volumes that will be attached to the blackbox-exporter container -extraVolumeMounts: -# - name: ca-certs -# mountPath: /etc/ssl/certs/ca-certificates.crt - -## Additional InitContainers to initialize the pod -## This supports either a structured array or a templatable string -extraInitContainers: [] - -## This supports either a structured array or a templatable string - -# Array mode -extraContainers: [] - # - name: oAuth2-proxy - # args: - # - -https-address=:9116 - # - -upstream=http://localhost:9115 - # - -skip-auth-regex=^/metrics - # - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}} - # image: openshift/oauth-proxy:v1.1.0 - # ports: - # - containerPort: 9116 - # name: proxy - # resources: - # limits: - # memory: 16Mi - # requests: - # memory: 4Mi - # cpu: 20m - # volumeMounts: - # - mountPath: /etc/prometheus/secrets/blackbox-tls -# name: secret-blackbox-tls - -# String mode -# extraContainers: |- -# - name: oAuth2-proxy -# args: -# - -https-address=:9116 -# - -upstream=http://localhost:9115 -# - -skip-auth-regex=^/metrics -# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}} -# image: {{ .Values.global.imageRegistry }}/openshift/oauth-proxy:v1.1.0 - -## Enable pod security policy -pspEnabled: true - -hostNetwork: false - -strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - -image: - registry: quay.io - repository: prometheus/blackbox-exporter - # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }} - tag: "" - pullPolicy: IfNotPresent - digest: "" - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -podSecurityContext: {} -# fsGroup: 1000 - -## User and Group to run blackbox-exporter container as -securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] -# Add NET_RAW to enable ICMP -# add: ["NET_RAW"] - -livenessProbe: - httpGet: - path: /-/healthy - port: http - failureThreshold: 3 - -readinessProbe: - httpGet: - path: /-/healthy - port: http - -nodeSelector: - openstack-control-plane: enabled - -tolerations: [] -affinity: {} - -## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: failure-domain.beta.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - # labelSelector: -# matchLabels: -# app.kubernetes.io/instance: jiralert - -# if the configuration is managed as secret outside the chart, using SealedSecret for example, -# provide the name of the secret here. If secretConfig is set to true, configExistingSecretName will be ignored -# in favor of the config value. -configExistingSecretName: "" -# Store the configuration as a `Secret` instead of a `ConfigMap`, useful in case it contains sensitive data -secretConfig: false -config: - modules: - http_2xx: - prober: http - timeout: 5s - http: - valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] - follow_redirects: true - preferred_ip_protocol: "ip4" - valid_status_codes: [200, 202, 204, 300] - -# Set custom config path, other than default /config/blackbox.yaml. If let empty, path will be "/config/blackbox.yaml" -# configPath: "/foo/bar" - -extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/secrets/ssl/ - # subPath: certificates.crt # (optional) - # configMap: certs-configmap - # readOnly: true -# defaultMode: 420 - -## Additional secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: blackbox-secret-files - # readOnly: true -# defaultMode: 420 - -resources: {} - # limits: - # memory: 300Mi - # requests: -# memory: 50Mi - -priorityClassName: "" - -service: - annotations: {} - labels: {} - type: ClusterIP - port: 9115 - ipDualStack: - enabled: false - ipFamilies: ["IPv6", "IPv4"] - ipFamilyPolicy: "PreferDualStack" - -# Only changes container port. Application port can be changed with extraArgs (--web.listen-address=:9115) -# https://github.com/prometheus/blackbox_exporter/blob/998037b5b40c1de5fee348ffdea8820509d85171/main.go#L55 -containerPort: 9115 - -# Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If zero, no port is exposed. -# This is useful for communicating with Daemon Pods when kind is DaemonSet. -hostPort: 0 - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -## An Ingress resource can provide name-based virtual hosting and TLS -## termination among other things for CouchDB deployments which are accessed -## from outside the Kubernetes cluster. -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - labels: {} - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - ## The host property on hosts and tls is passed through helm tpl function. - ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -podAnnotations: {} - -# Annotations for the Deployment -deploymentAnnotations: {} - -# Annotations for the Secret -secretAnnotations: {} - -# Hostaliases allow to add additional DNS entries to be injected directly into pods. -# This will take precedence over your implemented DNS solution -hostAliases: [] -# - ip: 192.168.1.1 -# hostNames: -# - test.example.com -# - another.example.net - -pod: - labels: {} - -extraArgs: [] -# - --history.limit=1000 - -replicas: 1 - -serviceMonitor: - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator for blackbox-exporter itself - ## - selfMonitor: - enabled: false - additionalMetricsRelabels: {} - additionalRelabeling: [] - labels: {} - path: /metrics - scheme: http - tlsConfig: {} - interval: 30s - scrapeTimeout: 30s - ## Port can be defined by assigning a value for the port key below - ## port: - - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator for each target - ## - enabled: true - - # Default values that will be used for all ServiceMonitors created by `targets` - defaults: - additionalMetricsRelabels: {} - additionalRelabeling: [] - labels: {} - interval: 30s - scrapeTimeout: 30s - module: http_2xx - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: http - ## path: HTTP path. Needs to be adjusted, if web.route-prefix is set - path: "/probe" - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig - tlsConfig: {} - bearerTokenFile: - - targets: -# - name: example # Human readable URL that will appear in Prometheus / AlertManager -# url: http://example.com/healthz # The URL that blackbox will scrape -# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI -# labels: {} # Map of labels for ServiceMonitor. Overrides value set in `defaults` -# interval: 60s # Scraping interval. Overrides value set in `defaults` -# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults` -# module: http_2xx # Module used for scraping. Overrides value set in `defaults` -# additionalMetricsRelabels: {} # Map of metric labels and values to add -# additionalRelabeling: [] # List of metric relabeling actions to run - -## Custom PrometheusRules to be defined -## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions -prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: [] - -podMonitoring: - ## If true, a PodMonitoring CR is created for google managed prometheus - ## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for blackbox-exporter itself - ## - selfMonitor: - enabled: false - additionalMetricsRelabels: {} - labels: {} - path: /metrics - interval: 30s - scrapeTimeout: 30s - - ## If true, a PodMonitoring CR is created for a google managed prometheus - ## https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#gmp-pod-monitoring for each target - ## - enabled: false - - ## Default values that will be used for all PodMonitoring created by `targets` - ## Following PodMonitoring API specs https://github.com/GoogleCloudPlatform/prometheus-engine/blob/main/doc/api.md#scrapeendpoint - defaults: - additionalMetricsRelabels: {} - labels: {} - interval: 30s - scrapeTimeout: 30s - module: http_2xx - ## scheme: Protocol scheme to use to scrape. - scheme: http - ## path: HTTP path. Needs to be adjusted, if web.route-prefix is set - path: "/probe" - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig - tlsConfig: {} - - targets: -# - name: example # Human readable URL that will appear in Google Managed Prometheus / AlertManager -# url: http://example.com/healthz # The URL that blackbox will scrape -# hostname: example.com # HTTP probes can accept an additional `hostname` parameter that will set `Host` header and TLS SNI -# labels: {} # Map of labels for PodMonitoring. Overrides value set in `defaults` -# interval: 60s # Scraping interval. Overrides value set in `defaults` -# scrapeTimeout: 60s # Scrape timeout. Overrides value set in `defaults` -# module: http_2xx # Module used for scraping. Overrides value set in `defaults` -# additionalMetricsRelabels: {} # Map of metric labels and values to add - -## Network policy for chart -networkPolicy: - # Enable network policy and allow access from anywhere - enabled: false - # Limit access only from monitoring namespace - # Before setting this value to true, you must add the name=monitoring label to the monitoring namespace - # Network Policy uses label filtering - allowMonitoringNamespace: false - -## dnsPolicy and dnsConfig for Deployments and Daemonsets if you want non-default settings. -## These will be passed directly to the PodSpec of same. -dnsPolicy: -dnsConfig: - -# Extra manifests to deploy as an array -extraManifests: [] - # - apiVersion: v1 - # kind: ConfigMap - # metadata: - # labels: - # name: prometheus-extra - # data: -# extra-data: "value" - -# global common labels, applied to all ressources -commonLabels: {} - -# Enable vertical pod autoscaler support for prometheus-blackbox-exporter -verticalPodAutoscaler: - enabled: false - - # Recommender responsible for generating recommendation for the object. - # List should be empty (then the default recommender will generate the recommendation) - # or contain exactly one recommender. - # recommenders: - # - name: custom-recommender-performance - - # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - controlledResources: [] - # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. - # controlledValues: RequestsAndLimits - - # Define the max allowed resources for the pod - maxAllowed: {} - # cpu: 200m - # memory: 100Mi - # Define the min allowed resources for the pod - minAllowed: {} - # cpu: 200m - # memory: 100Mi - - updatePolicy: - # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction - # minReplicas: 1 - # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - updateMode: Auto - -configReloader: - enabled: false - containerPort: 8080 - config: - logFormat: logfmt - logLevel: info - watchInterval: 1m - image: - registry: quay.io - repository: prometheus-operator/prometheus-config-reloader - tag: "v0.71.2" - pullPolicy: IfNotPresent - digest: "" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - resources: - limits: - memory: 50Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - httpGet: - path: /healthz - port: reloader-web - scheme: HTTP - readinessProbe: - httpGet: - path: /healthz - port: reloader-web - scheme: HTTP - service: - port: 8080 - serviceMonitor: - selfMonitor: - additionalMetricsRelabels: {} - additionalRelabeling: [] - path: /metrics - scheme: http - tlsConfig: {} - interval: 30s - scrapeTimeout: 30s diff --git a/bin/install-prometheus-blackbox-exporter.sh b/bin/install-prometheus-blackbox-exporter.sh new file mode 100755 index 00000000..cc9281ac --- /dev/null +++ b/bin/install-prometheus-blackbox-exporter.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="prometheus-blackbox-exporter" +SERVICE_NAMESPACE="prometheus" + +# Helm +HELM_REPO_NAME="prometheus-community" +HELM_REPO_URL="https://prometheus-community.github.io/helm-charts" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect --values arguments +values_args=() + +# Base Override Files +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + values_args+=("--values" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + values_args+=("--values" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m + --version "${SERVICE_VERSION}" + + "${values_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/docs/prometheus-blackbox-exporter.md b/docs/prometheus-blackbox-exporter.md index 59054d06..de8ed308 100644 --- a/docs/prometheus-blackbox-exporter.md +++ b/docs/prometheus-blackbox-exporter.md @@ -8,8 +8,7 @@ The blackbox exporter ideally would be ran outside the cluster but can still pro ``` shell -source /opt/genestack/scripts/genestack.rc -bin/install-chart.sh prometheus-blackbox-exporter +bin/install-prometheus-blackbox-exporter.sh ``` !!! success diff --git a/helm-chart-versions.yaml b/helm-chart-versions.yaml index 0f9adfdd..df27ef22 100644 --- a/helm-chart-versions.yaml +++ b/helm-chart-versions.yaml @@ -38,3 +38,4 @@ charts: zaqar: 2025.2.0+2d37d445c prometheus-snmp-exporter: 9.8.1 prometheus-rabbitmq-exporter: 1.13.0 + prometheus-blackbox-exporter: 11.4.1