Blackbox Exporter

The blackbox exporter gives Lumie external reachability and certificate-expiry checks that do not depend on application-side instrumentation.

Source paths

lumie-infra/observability/blackbox-exporter/argocd.yaml
lumie-infra/observability/blackbox-exporter/helm-values.yaml

Runtime contract

one replica in the blackbox-exporter namespace
ServiceMonitor enabled with release: prometheus
PrometheusRule enabled in the same chart values

Probe modules

http_2xx
http_2xx_insecure
http_auth_ok
tcp_connect
icmp

Configured targets

The current repo-managed targets are:

https://joossameng.com
https://lumie-edu.com
https://lumie-infra.com
https://www.disciples-church.com

Alert surface

The chart defines these rule names:

BlackboxProbeFailed
BlackboxSlowProbe
BlackboxSslCertificateWillExpireSoon
BlackboxSslCertificateExpired

The SSL-expiry rules deliberately exclude some externally managed targets with the selector target!~"joossameng|jaejadle".

Failure modes

DNS or upstream CDN issues can trigger alerts even when the application cluster is healthy.
The configured target list is explicit; newly launched public services are not monitored until added here.
The http_auth_ok module treats 401 as success, so use it only when authentication is expected.

Verification

kubectl get applications.argoproj.io -n argocd blackbox-exporter
kubectl get pods -n blackbox-exporter
kubectl get servicemonitors,prometheusrules -n blackbox-exporter
kubectl describe deploy -n blackbox-exporter blackbox-exporter

Source paths​

Runtime contract​

Probe modules​

Configured targets​

Alert surface​

Failure modes​

Verification​

Related pages​