volker.raschek/prometheus-fail2ban-exporter-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Markus Pesch
2025-01-19 20:43:51 +01:00
commit 34222954b0
51 changed files with 6141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
values.yaml Normal file
View File

@@ -0,0 +1,395 @@
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
## @section Configuration
config:
webConfig:
## @param config.webConfig.existingSecret.enabled Mount an existing secret containing the key `webConfig.yaml`.
## @param config.webConfig.existingSecret.secretName Name of the existing secret containing the key `webConfig.yaml`.
existingSecret:
enabled: false
secretName: ""
## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`.
## @skip config.webConfig.secret.webConfig Skip individual web configuration.
secret:
annotations: {}
labels: {}
webConfig: {}
# basic_auth_users:
# prom: <bcrypted password>
# http_server_config:
# http2: true
# tls_server_config:
# cert_file: /path/to/cert.pem
# client_allowed_sans:
# - fail2ban.example.local
# client_ca_file: /path/to/ca.pem
# key_file: /path/to/key.pem
# max_version: TLS13
# min_version: TLS12
## @section Daemonset
daemonSet:
## @param daemonSet.annotations Additional deployment annotations.
## @param daemonSet.labels Additional deployment labels.
annotations: {}
labels: {}
## @param daemonSet.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param daemonSet.affinity Affinity for the fail2ban-exporter daemonSet.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param daemonSet.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param daemonSet.dnsConfig dnsConfig of the fail2ban-exporter daemonSet.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param daemonSet.dnsPolicy dnsPolicy of the fail2ban-exporter daemonSet.
dnsPolicy: ""
## @param daemonSet.hostname Individual hostname of the pod.
## @param daemonSet.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param daemonSet.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param daemonSet.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
fail2banExporter:
## @param daemonSet.fail2banExporter.args Arguments passed to the fail2ban-exporter container.
args: []
## @param daemonSet.fail2banExporter.env List of environment variables for the fail2ban-exporter container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param daemonSet.fail2banExporter.envFrom List of environment variables mounted from configMaps or secrets for the fail2ban-exporter container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param daemonSet.fail2banExporter.image.registry Image registry, eg. `docker.io`.
## @param daemonSet.fail2banExporter.image.repository Image repository, eg. `library/busybox`.
## @param daemonSet.fail2banExporter.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param daemonSet.fail2banExporter.image.pullPolicy Image pull policy.
image:
registry: git.cryptic.systems
repository: volker.raschek/prometheus-fail2ban-exporter
tag: ""
pullPolicy: IfNotPresent
## @param daemonSet.fail2banExporter.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param daemonSet.fail2banExporter.securityContext Security context of the container of the daemonSet.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param daemonSet.fail2banExporter.volumeMounts Additional volume mounts.
## @skip daemonSet.fail2banExporter.volumeMounts Skip individual volume mounts configuration.
volumeMounts:
- name: socket
mountPath: /var/run/fail2ban
## @param daemonSet.nodeSelector NodeSelector of the fail2ban-exporter daemonSet.
nodeSelector: {}
## @param daemonSet.priorityClassName PriorityClassName of the fail2ban-exporter daemonSet.
priorityClassName: ""
## @param daemonSet.restartPolicy Restart policy of the fail2ban-exporter daemonSet.
restartPolicy: ""
## @param daemonSet.securityContext Security context of the fail2ban-exporter daemonSet.
securityContext: {}
# fsGroup: 2000
## @param daemonSet.updateStrategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param daemonSet.updateStrategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
## @param daemonSet.updateStrategy.type Strategy type - `OnDelete` or `RollingUpdate`.
updateStrategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: "RollingUpdate"
## @param daemonSet.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param daemonSet.tolerations Tolerations of the fail2ban-exporter daemonSet.
tolerations: []
# - key: database/type
# operator: Equal
# value: fail2ban
# effect: NoSchedule
## @param daemonSet.topologySpreadConstraints TopologySpreadConstraints of the fail2ban-exporter daemonSet.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-fail2ban-exporter
## @param daemonSet.volumes Additional volumes to mount into the pods of the prometheus-exporter daemonset.
## @skip daemonSet.volumes Skip individual volumes configuration.
volumes:
- name: socket
hostPath:
path: /var/run/fail2ban
type: Directory
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Grafana
## @param grafana.enabled Enable integration into Grafana. Require the Prometheus operator daemonSet.
grafana:
enabled: false
## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana daemonSet.
## @skip grafana.dashboardDiscoveryLabels
dashboardDiscoveryLabels:
grafana_dashboard: "1"
dashboards:
## @param grafana.dashboards.fail2banExporter.enabled Enable deployment of Grafana dashboard `fail2banExporter`.
## @param grafana.dashboards.fail2banExporter.annotations Additional configmap annotations.
## @param grafana.dashboards.fail2banExporter.labels Additional configmap labels.
fail2banExporter:
enabled: true
annotations: {}
labels: {}
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
labels: {}
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: fail2ban-exporter.example.local
# paths:
# - path: /
# pathType: Prefix
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: fail2ban-exporter-http-tls
# hosts:
# - fail2ban-exporter.example.local
## @section Pod disruption
## @param podDisruptionBudget Pod disruption budget.
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
## @section Network
## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
networkPolicies: {}
## @section Prometheus
prometheus:
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
metrics:
enabled: true
## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.
## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics.
## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration.
podMonitor:
enabled: false
annotations: {}
enableHttp2: true
followRedirects: false
honorLabels: false
labels: {}
interval: "60s"
path: "/metrics"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.
## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations.
## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels.
## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration.
serviceMonitor:
enabled: false
annotations: {}
labels: {}
enableHttp2: true
followRedirects: false
honorLabels: false
interval: "60s"
path: "/metrics"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @param prometheus.rules Array of Prometheus rules for monitoring the application and triggering alerts.
## @skip prometheus.rules Skip individual Prometheus rules.
rules: []
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 9191
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"