FIX(blackbox-exporter): handle Authelia-protected endpoints

- Add http_auth module accepting 401/403 status codes - Apply http_auth to grafana, code-server, pgweb, velero-ui - These services return 401 when accessed without authentication
2026-01-09 15:48:12 +09:00
parent 884a38d8ad
commit 37c216c433
1 changed files with 16 additions and 4 deletions
--- a/blackbox-exporter/helm-values.yaml
+++ b/blackbox-exporter/helm-values.yaml
@@ -36,6 +36,18 @@ config:
        preferred_ip_protocol: ip4
        tls_config:
          insecure_skip_verify: true
+    # For services behind Authelia (returns 401 when not authenticated)
+    http_auth:
+      prober: http
+      timeout: 10s
+      http:
+        valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
+        valid_status_codes: [200, 301, 302, 303, 401, 403]
+        method: GET
+        follow_redirects: false
+        preferred_ip_protocol: ip4
+        tls_config:
+          insecure_skip_verify: false
    tcp_connect:
      prober: tcp
      timeout: 5s
@@ -61,7 +73,7 @@ serviceMonitor:
      module: http_2xx
    - name: grafana
      url: https://grafana0213.kro.kr
-      module: http_2xx
+      module: http_auth
    - name: vault
      url: https://vault0213.kro.kr
      module: http_2xx
@@ -79,7 +91,7 @@ serviceMonitor:
      module: http_2xx
    - name: velero-ui
      url: https://velero0213.kro.kr
-      module: http_2xx
+      module: http_auth
    - name: headlamp
      url: https://kubernetes0213.kro.kr
      module: http_2xx
@@ -88,10 +100,10 @@ serviceMonitor:
      module: http_2xx
    - name: code-server
      url: https://vscode0213.kro.kr
-      module: http_2xx
+      module: http_auth
    - name: pgweb
      url: https://pgweb0213.kro.kr
-      module: http_2xx
+      module: http_auth
    - name: zot
      url: https://zot0213.kro.kr
      module: http_2xx