diff --git a/stable/prometheus-blackbox-exporter/README.md b/stable/prometheus-blackbox-exporter/README.md
index 2a9ecc8f43e0..447f6d8a5584 100644
--- a/stable/prometheus-blackbox-exporter/README.md
+++ b/stable/prometheus-blackbox-exporter/README.md
@@ -64,6 +64,7 @@ The following table lists the configurable parameters of the Blackbox-Exporter c
 | `podAnnotations`                          | annotations to add to each pod                                                   | `{}`                                                                         |
 | `podDisruptionBudget`                     | pod disruption budget                                                            | `{}`                                                                         |
 | `priorityClassName`                       | priority class name                                                              | None                                                                         |
+| `allowIcmp`                               | whether to enable ICMP probes, by giving the pods `CAP_NET_RAW` and running as root | `false`                                                                   |
 | `resources`                               | pod resource requests & limits                                                   | `{}`                                                                         |
 | `restartPolicy`                           | container restart policy                                                         | `Always`                                                                     |
 | `service.annotations`                     | annotations for the service                                                      | `{}`                                                                         |
diff --git a/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml b/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml
new file mode 100644
index 000000000000..39dfe5e8782c
--- /dev/null
+++ b/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml
@@ -0,0 +1 @@
+allowIcmp: true
diff --git a/stable/prometheus-blackbox-exporter/templates/deployment.yaml b/stable/prometheus-blackbox-exporter/templates/deployment.yaml
index 1e0a22dcc346..bc2761d318f3 100644
--- a/stable/prometheus-blackbox-exporter/templates/deployment.yaml
+++ b/stable/prometheus-blackbox-exporter/templates/deployment.yaml
@@ -59,8 +59,13 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             readOnlyRootFilesystem: {{ .Values.readOnlyRootFilesystem }}
+            {{- if .Values.allowIcmp }}
+            capabilities:
+              add: ["NET_RAW"]
+            {{- else }}
             runAsNonRoot: {{ .Values.runAsNonRoot  }}
             runAsUser: {{ .Values.runAsUser }}
+            {{- end }}
           args:
 {{- if .Values.config }}
             - "--config.file=/config/blackbox.yaml"
diff --git a/stable/prometheus-blackbox-exporter/values.yaml b/stable/prometheus-blackbox-exporter/values.yaml
index 935a03189004..f6e7eac14b90 100644
--- a/stable/prometheus-blackbox-exporter/values.yaml
+++ b/stable/prometheus-blackbox-exporter/values.yaml
@@ -60,6 +60,8 @@ extraSecretMounts: []
   #   readOnly: true
   #   defaultMode: 420
 
+allowIcmp: false
+
 resources: {}
   # limits:
   #   memory: 300Mi