feat(x509-exporter): update x509-exporter from 3.21.0 to 4.1.0

update notes:
- '--listen-address' and '--watch-dir' cli flags are deprecated
- add '--config' cli flag and config.yaml

ansible/inventory/group_vars/all.yaml

@@ -192,7 +192,7 @@ version:
     # infra
     step: "0.30.2"
     ldap: "v0.6.3"
-    x509-exporter: "3.21.0"
+    x509-exporter: "4.1.0"
     prometheus: "v3.9.1"
     loki: "3.7.1"
     grafana: "12.3.3"

ansible/roles/infra/tasks/services/set_x509-exporter.yaml

@@ -8,9 +8,20 @@
     mode: "0770"
   loop:
     - "x509-exporter"
+    - "x509-exporter/config"
     - "x509-exporter/certs"
   become: true
 
+- name: Deploy config.yaml
+  ansible.builtin.copy:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/x509-exporter/config/config.yaml"
+    dest: "{{ node['home_path'] }}/containers/x509-exporter/config/config.yaml"
+    owner: "{{ services['x509-exporter']['subuid'] }}"
+    group: "svadmins"
+    mode: "0440"
+  become: true
+  no_log: true
+
 - name: Deploy certificates
   ansible.builtin.copy:
     content: |

config/services/containers/infra/x509-exporter/config/config.yaml

@@ -0,0 +1,11 @@
+server:
+  listen: :9793
+
+sources:
+  - kind: file
+    name: homelab-certs
+    paths:
+      - /certs/*.crt
+      - /certs/*.pem
+      - /certs/*.cer
+    refreshInterval: 1m

config/services/containers/infra/x509-exporter/x509-exporter.container.j2

@@ -11,11 +11,12 @@ Image=docker.io/enix/x509-certificate-exporter:{{ version['containers']['x509-ex
 ContainerName=x509-exporter
 HostName=X509-exporter
 
+Volume=%h/containers/x509-exporter/config/config.yaml:/etc/config.yaml:ro
 Volume=%h/containers/x509-exporter/certs:/certs:ro
 
 PublishPort={{ services['x509-exporter']['ports']['http'] }}:9793
 
-Exec=--listen-address :9793 --watch-dir=/certs
+Exec=--config /etc/config.yaml
 
 [Service]
 Restart=always