kube-prometheus-stack基础上部署domain-exporter监控域名注册过期时间

代码仓库地址
自定义Helm项目

[root@ip-172-31-26-146 domain-exporter]# tree.├── Chart.yaml ├── domain-values.yaml ├── templates │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── deployment.yaml │ ├── service.yaml │ └── servicemonitor.yaml └── values.yaml

Chart.yaml文本

apiVersion:v2name:domain-exporterdescription:A Helm chart for Kubernetes to deploy domain_exportertype:applicationversion:0.1.0appVersion:"1.24.1"# 对应 caarlos0/domain_exporter 的版本

domain-values.yaml文本

domains:# 对于 parasial.net，改用对象格式，并指定 host#- name: parasial.network# host: whois.godaddy.com # <--- 这里填你的注册商 WHOIS 服务器-a.network-b.ventures-c.ioserviceMonitor:enabled:true# 如果你有 Prometheus Operatorlabels:release:kube-prometheus# 根据你的 Prometheus 实例标签进行调整

templates/_helpers.tpl文本

{{/* Expand the name of the chart.*/}}{{-define "domain-exporter.name"-}}{{-default .Chart.Name .Values.nameOverride|trunc 63|trimSuffix "-"}}{{-end}}{{/* Create a default fully qualified app name.*/}}{{-define "domain-exporter.fullname"-}}{{-if .Values.fullnameOverride}}{{-.Values.fullnameOverride|trunc 63|trimSuffix "-"}}{{-else}}{{-$name:= default .Chart.Name .Values.nameOverride}}{{-if contains $name .Release.Name}}{{-.Release.Name|trunc 63|trimSuffix "-"}}{{-else}}{{-printf "%s-%s" .Release.Name $name|trunc 63|trimSuffix "-"}}{{-end}}{{-end}}{{-end}}{{/* Common labels*/}}{{-define "domain-exporter.labels"-}}helm.sh/chart:{{include "domain-exporter.chart" .}}{{include "domain-exporter.selectorLabels" .}}{{-if .Chart.AppVersion}}app.kubernetes.io/version:{{.Chart.AppVersion|quote}}{{-end}}app.kubernetes.io/managed-by:{{.Release.Service}}{{-end}}{{/* Selector labels*/}}{{-define "domain-exporter.selectorLabels"-}}app.kubernetes.io/name:{{include "domain-exporter.name" .}}app.kubernetes.io/instance:{{.Release.Name}}{{-end}}{{/* Create chart name and version as used by the chart label.*/}}{{-define "domain-exporter.chart"-}}{{-printf "%s-%s" .Chart.Name .Chart.Version|replace "+" "_"|trunc 63|trimSuffix "-"}}{{-end}}

templates/configmap.yaml文本

apiVersion:v1kind:ConfigMapmetadata:name:{{include "domain-exporter.fullname" .}}labels:{{-include "domain-exporter.labels" .|nindent 4}}data:domain-exporter.yaml:|domains: {{- range .Values.domains }} {{- if kindIs "string" . }} - name: {{ . }} {{- else }} - name: {{ .name }} {{- if .host }} host: {{ .host }} {{- end }} {{- end }} {{- end }}

templates/deployment.yaml文本

apiVersion:apps/v1kind:Deploymentmetadata:name:{{include "domain-exporter.fullname" .}}labels:{{-include "domain-exporter.labels" .|nindent 4}}spec:replicas:{{.Values.replicaCount}}selector:matchLabels:{{-include "domain-exporter.selectorLabels" .|nindent 6}}template:metadata:annotations:# 确保 ConfigMap 变更时 Pod 会重启checksum/config:{{include (print $.Template.BasePath "/configmap.yaml") .|sha256sum}}# 为没有 ServiceMonitor 的 Prometheus 添加注解prometheus.io/scrape:"true"prometheus.io/port:"9222"labels:{{-include "domain-exporter.selectorLabels" .|nindent 8}}spec:containers:-name:{{.Chart.Name}}image:"{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"imagePullPolicy:{{.Values.image.pullPolicy}}args:-"--config"-"/etc/domain_exporter/domain-exporter.yaml"# <--- 修改这里：后缀改为 .yaml-"--bind"-":9222"#- "--log-format" # 建议加上 json 格式日志，方便排查#- "json"ports:-name:httpcontainerPort:9222protocol:TCPlivenessProbe:httpGet:path:/metricsport:httpreadinessProbe:httpGet:path:/metricsport:httpresources:{{-toYaml .Values.resources|nindent 12}}volumeMounts:-name:configmountPath:/etc/domain_exporterreadOnly:truevolumes:-name:configconfigMap:name:{{include "domain-exporter.fullname" .}}

templates/service.yaml文本

apiVersion:v1kind:Servicemetadata:name:{{include "domain-exporter.fullname" .}}labels:{{-include "domain-exporter.labels" .|nindent 4}}spec:type:{{.Values.service.type}}ports:-port:{{.Values.service.port}}targetPort:httpprotocol:TCPname:httpselector:{{-include "domain-exporter.selectorLabels" .|nindent 4}}

templates/servicemonitor.yaml文本

{{-if .Values.serviceMonitor.enabled}}apiVersion:monitoring.coreos.com/v1kind:ServiceMonitormetadata:name:{{include "domain-exporter.fullname" .}}labels:{{-include "domain-exporter.labels" .|nindent 4}}{{-if .Values.serviceMonitor.labels}}{{-toYaml .Values.serviceMonitor.labels|nindent 4}}{{-end}}spec:selector:matchLabels:{{-include "domain-exporter.selectorLabels" .|nindent 6}}endpoints:-port:httpinterval:{{.Values.serviceMonitor.interval}}scrapeTimeout:{{.Values.serviceMonitor.scrapeTimeout}}{{-end}}

values.yaml

# 镜像配置image:repository:caarlos0/domain_exporterpullPolicy:IfNotPresent# Overrides the image tag whose default is the chart appVersion.tag:"v1.24.1"# 副本数replicaCount:1# 服务配置service:type:ClusterIPport:9222# 要监控的域名列表 (在此处修改)domains:-google.com-github.com-your-domain.com# 资源限制resources:limits:cpu:100mmemory:128Mirequests:cpu:10mmemory:32Mi# Prometheus ServiceMonitor 配置 (如果你使用 Prometheus Operator)serviceMonitor:enabled:false# namespace: monitoringlabels:{}interval:1mscrapeTimeout:30s

2、部署domain-exporter

helm upgrade --install domain.-n monitoring -f domain-values.yaml

3、验证

[root@ip-172-31-26-146 domain-exporter]# helm list -n monitoringNAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION domain monitoring132025-12-16 07:27:09.287695031 +0000 UTC deployed domain-exporter-0.1.01.24.1

4、创建alertrules
包括domain注册过期时间以及ssl证书过期时间

apiVersion:monitoring.coreos.com/v1kind:PrometheusRulemetadata:name:domain-monitoring-alertsnamespace:monitoringlabels:# 关键！这个 label 必须和你的 kube-prometheus-stack 的匹配规则一致# 也就是之前你在 ServiceMonitor 里用的那个 release 名称release:kube-prometheusspec:groups:# ==============================# 组 1: SSL 证书监控 (Blackbox)# ==============================-name:ssl-expiry-alertsrules:# 告警级别：警告 (剩余时间 < 10 天)-alert:SslCertificateExpiringSoonexpr:(probe_ssl_earliest_cert_expiry-time()) < 86400 * 10for:10mlabels:severity:warningannotations:summary:"SSL证书将在30天内过期: {{ $labels.instance }}"description:"域名 {{ $labels.instance }} 的 SSL 证书还有 {{ humanizeDuration (query (printf \"probe_ssl_earliest_cert_expiry{instance='%s'} - time()\" .Labels.instance)) }} 过期。"# 告警级别：严重 (剩余时间 < 7 天)-alert:SslCertificateExpiringCriticalexpr:(probe_ssl_earliest_cert_expiry-time()) < 86400 * 5for:5mlabels:severity:criticalannotations:summary:"SSL证书将在7天内过期 (严重): {{ $labels.instance }}"description:"紧急！域名 {{ $labels.instance }} 的 SSL 证书将在 1 周内过期，请立即续费！"# ==============================# 组 2: 域名有效期监控 (Domain Exporter)# ==============================-name:domain-expiry-alertsrules:# 假设你的 domain-exporter 指标是 domain_expiry_days# 如果是时间戳，请参考上面 SSL 的写法：(metric - time()) < ...# 告警级别：警告 (剩余天数 < 10 天)-alert:DomainExpiringSoonexpr:domain_expiry_days < 10for:10mlabels:severity:warningannotations:summary:"域名将在30天内过期: {{ $labels.domain }}"description:"域名 {{ $labels.domain }} 将在 {{ $value }} 天后过期，请安排续费。"# 告警级别：严重 (剩余天数 < 5 天)-alert:DomainExpiringCriticalexpr:domain_expiry_days < 5for:5mlabels:severity:criticalannotations:summary:"域名将在7天内过期 (严重): {{ $labels.domain }}"description:"紧急！域名 {{ $labels.domain }} 只有 {{ $value }} 天有效期了，请立即处理！"

部署

[root@ip-172-31-26-146 prometheus-blackbox-exporter]# kubectl apply -f domain-ssl-rules.yaml