volker.raschek/prometheus-fail2ban-exporter-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Markus Pesch 2025-01-19 20:43:51 +01:00
commit 34222954b0
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
51 changed files with 6141 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.editorconfig Normal file
View File

@ -0,0 +1,12 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

30
.gitea/workflows/generate-readme.yaml Normal file
View File

@ -0,0 +1,30 @@
name: Generate README
on:
pull_request:
paths: [ "README.md", "values.yaml" ]
types: [ "opened", "reopened", "synchronize" ]
push:
paths: [ "README.md", "values.yaml" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
generate-parameters:
container:
image: docker.io/library/node:22.13.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Generate parameter section in README
run: |
npm install
npm run readme:parameters
- name: Compare diff
run: git diff --exit-code --name-only README.md

40
.gitea/workflows/helm.yaml Normal file
View File

@ -0,0 +1,40 @@
name: Helm
on:
pull_request:
types: [ "opened", "reopened", "synchronize" ]
push:
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
helm-lint:
container:
image: docker.io/volkerraschek/helm:3.16.4
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Lint helm files
run: |
helm lint --values values.yaml .
helm-unittest:
container:
image: docker.io/volkerraschek/helm:3.16.4
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Unittest
run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./

44
.gitea/workflows/markdown-linters.yaml Normal file
View File

@ -0,0 +1,44 @@
name: Markdown linter
on:
pull_request:
paths: [ "**/*.md" ]
types: [ "opened", "reopened", "synchronize" ]
push:
paths: [ "**/*.md" ]
tags-ignore:
- '**'
workflow_dispatch: {}
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:22.13.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4.2.2
- name: Verify links in markdown files
run: |
npm install
npm run readme:link
markdown-lint:
container:
image: docker.io/library/node:22.13.0-alpine
runs-on:
- ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git
- uses: actions/checkout@v4.2.2
- name: Lint markdown files
run: |
npm install
npm run readme:lint

46
.gitea/workflows/release.yaml Normal file
View File

@ -0,0 +1,46 @@
name: Release
on:
push:
tags:
- "**"
jobs:
publish-chart:
container:
image: docker.io/volkerraschek/helm:3.16.4
runs-on: ubuntu-latest
steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4
- name: Package chart
env:
HELM_REPO_NAME: upload
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
# gitea
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
charts
node_modules
target
values2.yml
values2.yaml
*.tgz

60
.helmignore Normal file
View File

@ -0,0 +1,60 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# editorconfig
.editorconfig
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

156
.markdownlint.yaml Normal file
View File

@ -0,0 +1,156 @@
# markdownlint YAML configuration
# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml
# Default state for all rules
default: true
# Path to configuration file to extend
extends: null
# MD003/heading-style/header-style - Heading style
MD003:
# Heading style
style: "atx"
# MD004/ul-style - Unordered list style
MD004:
style: "dash"
# MD007/ul-indent - Unordered list indentation
MD007:
# Spaces for indent
indent: 2
# Whether to indent the first level of the list
start_indented: false
# MD009/no-trailing-spaces - Trailing spaces
MD009:
# Spaces for line break
br_spaces: 2
# Allow spaces for empty lines in list items
list_item_empty_lines: false
# Include unnecessary breaks
strict: false
# MD010/no-hard-tabs - Hard tabs
MD010:
# Include code blocks
code_blocks: true
# MD012/no-multiple-blanks - Multiple consecutive blank lines
MD012:
# Consecutive blank lines
maximum: 1
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 120
# Number of characters for headings
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
code_blocks: false
# Include tables
tables: false
# Include headings
headings: true
# Strict length checking
strict: false
# Stern length checking
stern: false
# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines
MD022:
# Blank lines above heading
lines_above: 1
# Blank lines below heading
lines_below: 1
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD026/no-trailing-punctuation - Trailing punctuation in heading
MD026:
# Punctuation characters
punctuation: ".,;:!。,;:!"
# MD029/ol-prefix - Ordered list item prefix
MD029:
# List style
style: "one_or_ordered"
# MD030/list-marker-space - Spaces after list markers
MD030:
# Spaces for single-line unordered list items
ul_single: 1
# Spaces for single-line ordered list items
ol_single: 1
# Spaces for multi-line unordered list items
ul_multi: 1
# Spaces for multi-line ordered list items
ol_multi: 1
# MD033/no-inline-html - Inline HTML
MD033:
# Allowed elements
allowed_elements: []
# MD035/hr-style - Horizontal rule style
MD035:
# Horizontal rule style
style: "---"
# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading
MD036:
# Punctuation characters
punctuation: ".,;:!?。,;:!?"
# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
MD041:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD044/proper-names - Proper names should have the correct capitalization
MD044:
# List of proper names
names:
- Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- ORBIS U
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks
code_blocks: false
# MD046/code-block-style - Code block style
MD046:
# Block style
style: "fenced"
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"

4
.markdownlintignore Normal file
View File

@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
Chart.lock

8
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,8 @@
{
"recommendations": [
"DavidAnson.vscode-markdownlint",
"esbenp.prettier-vscode",
"Tim-Koehler.helm-intellisense",
"yzhang.markdown-all-in-one"
]
}

8
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,8 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

20
.yamllint.yaml Normal file
View File

@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request 👍
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

19
Chart.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v2
name: prometheus-fail2ban-exporter
description: Prometheus metric exporter for Fail2Ban
type: application
kubeVersion: ">=1.20.0"
version: "0.1.0"
appVersion: "0.1.0"
# icon: https://annotations.example.com/icon.png
keywords:
- prometheus
- prometheus-exporter
- prometheus-fail2ban-exporter
- fail2ban-exporter
sources:
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter

91
Makefile Normal file
View File

@ -0,0 +1,91 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

317
README.md Normal file
View File

@ -0,0 +1,317 @@
# Prometheus Fail2Ban exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual
configuration of additional containers/initContainers, mounting of volumes and defining additional environment variables,
apply a user-defined `webConfig.yaml` and much more.
Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure helm
and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available parameters are [here](#parameters) in detail document. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
repository and use the `--set` flag for a basic deployment.
> [!IMPORTANT]
> By default is neither a serviceMonitor nor a podMonitor enabled. Use `prometheus.metrics.serviceMonitor.enabled=true`
> or `prometheus.metrics.podMonitor.enabled=true` to enable one monitor deployment. Deploying both monitors at the same
> time is not possible.
```bash
helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
helm repo update
helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.serviceMonitor.enabled=true'
```
Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
versions can break something!
```bash
CHART_VERSION=0.1.0
helm show values prometheus-exporters/prometheus-fail2ban-exporter --version "${CHART_VERSION}" > values.yaml
```
A complete list of available helm chart versions can be displayed via the following command:
```bash
helm search repo prometheus-fail2ban-exporter --versions
```
The helm chart also contains some prometheusRules. These are deactivated by default and serve as examples/inspiration
for customizations. These can be configured in more detail via `values.yaml`.
### Examples
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
#### Avoid CPU throttling by defining a CPU limit
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
cannot use the available CPU time to perform computing operations.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `100m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required.
```bash
helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.serviceMonitor.enabled=true' \
--set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \
--set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'daemonSet.fail2banExporter.resources.limits.cpu=100m'
```
<!-- #### TLS authentication and encryption
The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
certification will be skipped by Prometheus.
> [!WARNING]
> The secret `Prometheus-fail2banql-exporter-http` containing the TLS certificate is already present. The keys `ca.crt`,
> `TLS.key` and `TLS.crt` of the secret can be mounted into the container filesystem for TLS authentication / encryption.
```bash
helm install Prometheus-fail2ban-exporter Prometheus-exporters/Prometheus-fail2ban-exporter \
--set 'daemonSet.volumes[0].name=TLS' \
--set 'daemonSet.volumes[0].secret.secretName=Prometheus-fail2banql-exporter-http' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].name=TLS' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].mountPath=/etc/Prometheus-fail2ban-exporter/TLS' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].readOnly=true' \
--set 'Prometheus.metrics.enabled=true' \
--set 'Prometheus.metrics.serviceMonitor.enabled=true' \
--set 'Prometheus.metrics.serviceMonitor.scheme=https' \
--set 'Prometheus.metrics.serviceMonitor.tlsConfig.insecureSkipVerify=true'
```
If the Prometheus pod has a TLS certificate mounted and is also signed by the private key of the CA which issued the TLS
certificate for the metrics exporter - TLS certificate verification can be enabled. The following flags must be
replaced:
```diff
helm install Prometheus-fail2ban-exporter Prometheus-exporters/Prometheus-fail2ban-exporter \
--set 'config.webConfig.secret.webConfig.cert_file=/etc/Prometheus-fail2ban-exporter/TLS/TLS.crt' \
--set 'config.webConfig.secret.webConfig.client_ca_file=/etc/Prometheus-fail2ban-exporter/TLS/ca.crt' \
--set 'config.webConfig.secret.webConfig.key_file=/etc/Prometheus-fail2ban-exporter/TLS/TLS.key'
--set 'daemonSet.volumes[0].name=TLS' \
--set 'daemonSet.volumes[0].secret.secretName=Prometheus-fail2banql-exporter-http' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].name=TLS' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].mountPath=/etc/Prometheus-fail2ban-exporter/TLS' \
--set 'daemonSet.fail2banExporter.volumeMounts[0].readOnly=true' \
--set 'Prometheus.metrics.enabled=true' \
--set 'Prometheus.metrics.serviceMonitor.enabled=true' \
--set 'Prometheus.metrics.serviceMonitor.scheme=https' \
- --set 'Prometheus.metrics.serviceMonitor.tlsConfig.insecureSkipVerify=true' \
+ --set 'Prometheus.metrics.serviceMonitor.tlsConfig.caFile=/etc/Prometheus/TLS/ca.crt' \
+ --set 'Prometheus.metrics.serviceMonitor.tlsConfig.certFile=/etc/Prometheus/TLS/TLS.crt' \
+ --set 'Prometheus.metrics.serviceMonitor.tlsConfig.keyFile=/etc/Prometheus/TLS/TLS.key'
``` -->
#### Grafana dashboard
The helm chart includes Grafana dashboards. These can be deployed as a configMap by activating Grafana integration. It
is assumed that the dashboard is consumed by Grafana or a sidecar container itself and that the dashboard is stored in
the Grafana container file system so that it is subsequently available to the user. The
[kube-prometheus-stack](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) deployment
makes this possible.
```bash
helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'grafana.enabled=true'
```
#### Avoid deploying on same node / bare metal host as PostgresDB
As a best practice, avoid running the fail2ban-exporter on the same node / bare-metal host as the PostgresDB. This is
because if the fail2ban-exporter is running on the same node and this node fails, Prometheus can send an alert about the
failure of the node or that the fail2ban-exporter cannot be reached. However, it is not possible to react based on the
metrics that the fail2ban-exporter explicitly provides. Depending on the configuration of alerts, this may mean that the
corresponding notifications are not sent to the right person or group of people.
The following example prevent the fail2ban-exporter from running on nodes with a PostgresDB. The PostgresDB nodes has an
additional label `database=fail2ban`. The configuration is carried out in `values.yaml`.
```yaml
deployment:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: database
operator: NotIn
values:
- fail2ban
```
## Parameters
### Global
| Name | Description | Value |
| ------------------ | ----------------------------------------- | ----- |
| `nameOverride` | Individual release name suffix. | `""` |
| `fullnameOverride` | Override the complete release name logic. | `""` |
### Configuration
| Name | Description | Value |
| -------------------------------------------- | --------------------------------------------------------------------- | ------- |
| `config.webConfig.existingSecret.enabled` | Mount an existing secret containing the key `webConfig.yaml`. | `false` |
| `config.webConfig.existingSecret.secretName` | Name of the existing secret containing the key `webConfig.yaml`. | `""` |
| `config.webConfig.secret.annotations` | Additional annotations of the secret containing the `webConfig.yaml`. | `{}` |
| `config.webConfig.secret.labels` | Additional labels of the secret containing the `webConfig.yaml`. | `{}` |
| `config.webConfig.secret.webConfig` | Content of the `webConfig.yaml`. | `{}` |
### Daemonset
| Name | Description | Value |
| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
| `daemonSet.annotations` | Additional deployment annotations. | `{}` |
| `daemonSet.labels` | Additional deployment labels. | `{}` |
| `daemonSet.additionalContainers` | List of additional containers. | `[]` |
| `daemonSet.affinity` | Affinity for the fail2ban-exporter daemonSet. | `{}` |
| `daemonSet.initContainers` | List of additional init containers. | `[]` |
| `daemonSet.dnsConfig` | dnsConfig of the fail2ban-exporter daemonSet. | `{}` |
| `daemonSet.dnsPolicy` | dnsPolicy of the fail2ban-exporter daemonSet. | `""` |
| `daemonSet.hostname` | Individual hostname of the pod. | `""` |
| `daemonSet.subdomain` | Individual domain of the pod. | `""` |
| `daemonSet.hostNetwork` | Use the kernel network namespace of the host system. | `false` |
| `daemonSet.imagePullSecrets` | Secret to use for pulling the image. | `[]` |
| `daemonSet.fail2banExporter.args` | Arguments passed to the fail2ban-exporter container. | `[]` |
| `daemonSet.fail2banExporter.env` | List of environment variables for the fail2ban-exporter container. | `[]` |
| `daemonSet.fail2banExporter.envFrom` | List of environment variables mounted from configMaps or secrets for the fail2ban-exporter container. | `[]` |
| `daemonSet.fail2banExporter.image.registry` | Image registry, eg. `docker.io`. | `git.cryptic.systems` |
| `daemonSet.fail2banExporter.image.repository` | Image repository, eg. `library/busybox`. | `volker.raschek/prometheus-fail2ban-exporter` |
| `daemonSet.fail2banExporter.image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `daemonSet.fail2banExporter.image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `daemonSet.fail2banExporter.resources` | CPU and memory resources of the pod. | `{}` |
| `daemonSet.fail2banExporter.securityContext` | Security context of the container of the daemonSet. | `{}` |
| `daemonSet.fail2banExporter.volumeMounts` | Additional volume mounts. | `undefined` |
| `daemonSet.nodeSelector` | NodeSelector of the fail2ban-exporter daemonSet. | `{}` |
| `daemonSet.priorityClassName` | PriorityClassName of the fail2ban-exporter daemonSet. | `""` |
| `daemonSet.restartPolicy` | Restart policy of the fail2ban-exporter daemonSet. | `""` |
| `daemonSet.securityContext` | Security context of the fail2ban-exporter daemonSet. | `{}` |
| `daemonSet.strategy.type` | Strategy type - `Recreate` or `Rollingupdate`. | `Recreate` |
| `daemonSet.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `daemonSet.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `daemonSet.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
| `daemonSet.tolerations` | Tolerations of the fail2ban-exporter daemonSet. | `[]` |
| `daemonSet.topologySpreadConstraints` | TopologySpreadConstraints of the fail2ban-exporter daemonSet. | `[]` |
| `daemonSet.volumes` | Additional volumes to mount into the pods of the prometheus-exporter daemonset. | `undefined` |
### Grafana
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ----------- |
| `grafana.enabled` | Enable integration into Grafana. Require the Prometheus operator daemonSet. | `false` |
| `grafana.dashboardDiscoveryLabels` | Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana daemonSet. | `undefined` |
| `grafana.dashboards.fail2banExporter.enabled` | Enable deployment of Grafana dashboard `fail2banExporter`. | `true` |
| `grafana.dashboards.fail2banExporter.annotations` | Additional configmap annotations. | `{}` |
| `grafana.dashboards.fail2banExporter.labels` | Additional configmap labels. | `{}` |
### Ingress
| Name | Description | Value |
| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- |
| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` |
| `ingress.className` | Ingress class. | `nginx` |
| `ingress.annotations` | Additional ingress annotations. | `{}` |
| `ingress.labels` | Additional ingress labels. | `{}` |
| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` |
| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` |
### Pod disruption
| Name | Description | Value |
| --------------------- | ---------------------- | ----- |
| `podDisruptionBudget` | Pod disruption budget. | `{}` |
### Network
| Name | Description | Value |
| ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- |
| `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}` |
### Prometheus
| Name | Description | Value |
| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `prometheus.metrics.enabled` | Enable of scraping metrics by Prometheus. | `true` |
| `prometheus.metrics.podMonitor.enabled` | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. | `false` |
| `prometheus.metrics.podMonitor.annotations` | Additional podMonitor annotations. | `{}` |
| `prometheus.metrics.podMonitor.enableHttp2` | Enable HTTP2. | `true` |
| `prometheus.metrics.podMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.podMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.podMonitor.labels` | Additional podMonitor labels. | `{}` |
| `prometheus.metrics.podMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.podMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.podMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.podMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.podMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.podMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `prometheus.metrics.serviceMonitor.enabled` | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. | `false` |
| `prometheus.metrics.serviceMonitor.annotations` | Additional serviceMonitor annotations. | `{}` |
| `prometheus.metrics.serviceMonitor.labels` | Additional serviceMonitor labels. | `{}` |
| `prometheus.metrics.serviceMonitor.enableHttp2` | Enable HTTP2. | `true` |
| `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. | `false` |
| `prometheus.metrics.serviceMonitor.honorLabels` | Honor labels. | `false` |
| `prometheus.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `60s` |
| `prometheus.metrics.serviceMonitor.path` | HTTP path for scraping Prometheus metrics. | `/metrics` |
| `prometheus.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]` |
| `prometheus.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `30s` |
| `prometheus.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. | `http` |
| `prometheus.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
| `prometheus.rules` | Array of Prometheus rules for monitoring the application and triggering alerts. | `[]` |
### Service
| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `services.http.enabled` | Enable the service. | `true` |
| `services.http.annotations` | Additional service annotations. | `{}` |
| `services.http.externalIPs` | External IPs for the service. | `[]` |
| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` |
| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` |
| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` |
| `services.http.labels` | Additional service labels. | `{}` |
| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` |
| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` |
| `services.http.port` | Port to forward the traffic to. | `9191` |
| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` |
| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` |
| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` |
### ServiceAccount
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.existing.enabled` | Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. | `false` |
| `serviceAccount.existing.serviceAccountName` | Name of the existing service account. | `""` |
| `serviceAccount.new.annotations` | Additional service account annotations. | `{}` |
| `serviceAccount.new.labels` | Additional service account labels. | `{}` |
| `serviceAccount.new.automountServiceAccountToken` | Enable/disable auto mounting of the service account token. | `true` |
| `serviceAccount.new.imagePullSecrets` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. | `[]` |
| `serviceAccount.new.secrets` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. | `[]` |

1880
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

21
package.json Normal file
View File

@ -0,0 +1,21 @@
{
"name": "prometheus-fail2ban-exporter",
"homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.43.0"
}
}

58
renovate.json Normal file
View File

@ -0,0 +1,58 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ],
"customManagers": [
{
"fileMatch": [
"^Chart\\.yaml$"
],
"matchStrings": [
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
"versioningTemplate": "semver"
},
{
"fileMatch": ["^README\\.md$"],
"matchStrings": [
"VERSION=(?<currentValue>.*)"
],
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
"datasourceTemplate": "git-tags",
"versioningTemplate": "semver"
}
],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/automerge", "renovate/npm" ],
"automerge": true,
"matchPackageNames": [
"markdownlint-cli",
"markdown-link-check",
"@bitnami/readme-generator-for-helm"
],
"matchManagers": [ "npm" ],
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/automerge", "renovate/container" ],
"automerge": true,
"excludePackagePatterns": [
"volker.raschek/prometheus-fail2ban-exporter"
],
"matchDatasources": [
"docker"
],
"matchUpdateTypes": [
"minor",
"patch"
]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
}

58
templates/prometheus-fail2ban-exporter/_common.tpl Normal file
View File

@ -0,0 +1,58 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "prometheus-fail2ban-exporter.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "prometheus-fail2ban-exporter.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "prometheus-fail2ban-exporter.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common annotations
*/}}
{{- define "prometheus-fail2ban-exporter.annotations" -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "prometheus-fail2ban-exporter.labels" -}}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "prometheus-fail2ban-exporter.chart" . }}
{{- end }}
{{/*
Common selector labels
*/}}
{{- define "prometheus-fail2ban-exporter.selectorLabels" -}}
app.kubernetes.io/name: {{ include "prometheus-fail2ban-exporter.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

20
templates/prometheus-fail2ban-exporter/_configMap.tpl Normal file
View File

@ -0,0 +1,20 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.grafana.dashboards.fail2banExporter.annotations }}
{{ toYaml .Values.grafana.dashboards.fail2banExporter.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.grafana.dashboards.fail2banExporter.labels }}
{{ toYaml .Values.grafana.dashboards.fail2banExporter.labels }}
{{- end }}
{{ toYaml .Values.grafana.dashboardDiscoveryLabels }}
{{- end }}

72
templates/prometheus-fail2ban-exporter/_daemonSet.tpl Normal file
View File

@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.daemonSet.annotations }}
{{ toYaml .Values.daemonSet.annotations }}
{{- end }}
{{- end }}
{{/* env */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.env" -}}
{{- $env := dict "env" (.Values.daemonSet.fail2banExporter.env | default (list) ) }}
{{- if and (hasKey .Values.daemonSet.fail2banExporter.resources "limits") (hasKey .Values.daemonSet.fail2banExporter.resources.limits "cpu") }}
{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
{{- end }}
{{ toYaml $env }}
{{- end -}}
{{/* image */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.images.fail2ban-exporter.fqin" -}}
{{- $registry := .Values.daemonSet.fail2banExporter.image.registry -}}
{{- $repository := .Values.daemonSet.fail2banExporter.image.repository -}}
{{- $tag := default .Chart.AppVersion .Values.daemonSet.fail2banExporter.image.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.daemonSet.labels }}
{{ toYaml .Values.daemonSet.labels }}
{{- end }}
{{- end }}
{{/* serviceAccount */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.serviceAccount" -}}
{{- if .Values.serviceAccount.existing.enabled -}}
{{- printf "%s" .Values.serviceAccount.existing.serviceAccountName -}}
{{- else -}}
{{- include "prometheus-fail2ban-exporter.fullname" . -}}
{{- end -}}
{{- end }}
{{/* volumeMounts */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.volumeMounts" -}}
{{- $volumeMounts := .Values.daemonSet.fail2banExporter.volumeMounts | default list }}
{{- $volumeMounts = concat $volumeMounts (list (dict "name" "config-d" "mountPath" "/etc/prometheus-fail2ban-exporter/config.d" )) }}
{{ toYaml (dict "volumeMounts" $volumeMounts) }}
{{- end -}}
{{/* volumes */}}
{{- define "prometheus-fail2ban-exporter.daemonSet.volumes" -}}
{{- $volumes := .Values.daemonSet.volumes | default list }}
{{- $webConfigSecretName := .Values.config.webConfig.existingSecret.secretName -}}
{{- if not .Values.config.webConfig.existingSecret.enabled }}
{{- $webConfigSecretName = printf "%s-web-config" (include "prometheus-fail2ban-exporter.fullname" . ) }}
{{- end }}
{{- $volumes = concat $volumes (list (dict "name" "config-d" "secret" (dict "secretName" $webConfigSecretName))) }}
{{ toYaml (dict "volumes" $volumes) }}
{{- end -}}

19
templates/prometheus-fail2ban-exporter/_ingress.tpl Normal file
View File

@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.ingress.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.ingress.annotations }}
{{ toYaml .Values.ingress.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.ingress.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels }}
{{- end }}
{{- end }}

17
templates/prometheus-fail2ban-exporter/_pod.tpl Normal file
View File

@ -0,0 +1,17 @@
---
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.pod.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- end }}
{{- define "prometheus-fail2ban-exporter.pod.selectorLabels" -}}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{- end }}

19
templates/prometheus-fail2ban-exporter/_podMonitors.tpl Normal file
View File

@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.podMonitors.http.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.prometheus.metrics.podMonitor.annotations }}
{{ toYaml .Values.prometheus.metrics.podMonitor.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.podMonitors.http.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.prometheus.metrics.podMonitor.labels }}
{{ toYaml .Values.prometheus.metrics.podMonitor.labels }}
{{- end }}
{{- end }}

13
templates/prometheus-fail2ban-exporter/_prometheusRules.tpl Normal file
View File

@ -0,0 +1,13 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.prometheusRules.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.prometheusRules.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- end }}

19
templates/prometheus-fail2ban-exporter/_secrets.tpl Normal file
View File

@ -0,0 +1,19 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.secrets.webConfig.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.config.webConfig.secret.annotations }}
{{ toYaml .Values.config.webConfig.secret.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.secrets.webConfig.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.config.webConfig.secret.labels }}
{{ toYaml .Values.config.webConfig.secret.labels }}
{{- end }}
{{- end }}

17
templates/prometheus-fail2ban-exporter/_serviceAccount.tpl Normal file
View File

@ -0,0 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.serviceAccount.annotations" -}}
{{- if .Values.serviceAccount.new.annotations }}
{{ toYaml .Values.serviceAccount.new.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.serviceAccount.labels" -}}
{{- if .Values.serviceAccount.new.labels }}
{{ toYaml .Values.serviceAccount.new.labels }}
{{- end }}
{{- end }}

25
templates/prometheus-fail2ban-exporter/_serviceMonitors.tpl Normal file
View File

@ -0,0 +1,25 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.serviceMonitors.http.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.prometheus.metrics.serviceMonitor.annotations }}
{{ toYaml .Values.prometheus.metrics.serviceMonitor.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.serviceMonitors.http.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- if .Values.prometheus.metrics.serviceMonitor.labels }}
{{ toYaml .Values.prometheus.metrics.serviceMonitor.labels }}
{{- end }}
{{- end }}
{{- define "prometheus-fail2ban-exporter.serviceMonitors.http.selectorLabels" -}}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- end }}

29
templates/prometheus-fail2ban-exporter/_services.tpl Normal file
View File

@ -0,0 +1,29 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.services.http.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- if .Values.services.http.annotations }}
{{ toYaml .Values.services.http.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.services.http.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
app.kubernetes.io/service-name: http
{{- if .Values.services.http.labels }}
{{ toYaml .Values.services.http.labels }}
{{- end }}
{{- end }}
{{/* names */}}
{{- define "prometheus-fail2ban-exporter.services.http.name" -}}
{{- if .Values.services.http.enabled -}}
{{ include "prometheus-fail2ban-exporter.fullname" . }}-http
{{- end -}}
{{- end -}}

895
templates/prometheus-fail2ban-exporter/configMapGrafanaDashboardFail2BanExporter.yaml Normal file
View File

@ -0,0 +1,895 @@
{{- if and .Values.grafana.enabled .Values.grafana.dashboards.fail2banExporter }}
---
apiVersion: v1
kind: ConfigMap
metadata:
{{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" . | fromYaml) }}
annotations:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}-grafana-dashboard-fail2ban-exporter
namespace: {{ .Release.Namespace }}
data:
fail2banExporter.json: |-
{{`{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "9.1.8"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "table",
"name": "Table",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 2,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"displayMode": "auto",
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": ".*Time"
},
"properties": [
{
"id": "unit",
"value": "s"
}
]
}
]
},
"gridPos": {
"h": 6,
"w": 24,
"x": 0,
"y": 0
},
"id": 206,
"options": {
"footer": {
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "9.1.8",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "f2b_config_jail_max_retries{instance=~\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "f2b_config_jail_ban_time{instance=~\"$instance\"}",
"format": "table",
"hide": false,
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "f2b_config_jail_find_time{instance=~\"$instance\"}",
"format": "table",
"hide": false,
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "C"
}
],
"title": "F2B Config",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "groupBy",
"options": {
"fields": {
"Value #A": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"Value #B": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"Value #C": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"instance": {
"aggregations": [],
"operation": "groupby"
},
"jail": {
"aggregations": [],
"operation": "groupby"
}
}
}
},
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Value #A (lastNotNull)": "Max Retries",
"Value #B (lastNotNull)": "Ban Time",
"Value #C (lastNotNull)": "Find Time",
"jail": "Jail"
}
}
}
],
"transparent": true,
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 6
},
"id": 190,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_jail_failed_total{instance=~\"$instance\"}",
"hide": false,
"interval": "",
"legendFormat": "{{jail}} ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Failures (Total)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 6
},
"id": 191,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_jail_banned_total{instance=~\"$instance\"}",
"interval": "",
"legendFormat": "{{jail}} ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Bans (Total)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 14
},
"id": 208,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_jail_failed_current{instance=~\"$instance\"}",
"interval": "",
"legendFormat": "{{jail}} ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Failures (Current)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 14
},
"id": 209,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_jail_banned_current{instance=~\"$instance\"}",
"interval": "",
"legendFormat": "{{jail}} ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Bans (Current)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 1,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 12,
"x": 0,
"y": 22
},
"id": 203,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_up{instance=~\"$instance\"}",
"interval": "",
"legendFormat": "Up ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Up",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 1,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 12,
"x": 12,
"y": 22
},
"id": 204,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": true,
"expr": "f2b_errors{instance=~\"$instance\"}",
"interval": "",
"legendFormat": "{{type}} ({{instance}})",
"range": true,
"refId": "A"
}
],
"title": "Fail2Ban Exporter Errors",
"transparent": true,
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 37,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"label": "Data Source",
"multi": false,
"name": "DataSource",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "f2b_up",
"description": "Select which instance(s) to show",
"hide": 0,
"includeAll": false,
"label": "Instance",
"multi": true,
"name": "instance",
"options": [],
"query": {
"query": "f2b_up",
"refId": "StandardVariableQuery"
},
"refresh": 1,
"regex": "/.*instance=\"([^\"]+)\"/",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "F2B",
"uid": "cTkH9AT7z",
"version": 3,
"weekStart": ""
}`}}
{{- end }}

129
templates/prometheus-fail2ban-exporter/daemonSet.yaml Normal file
View File

@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
{{- with (include "prometheus-fail2ban-exporter.daemonSet.annotations" . | fromYaml) }}
annotations:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.daemonSet.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }}
spec:
{{- with .Values.daemonSet.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: fail2ban-exporter
args:
# - "--web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml"
- "--web.listen-address=:9191"
{{- range .Values.daemonSet.fail2banExporter.args }}
- {{ . | quote }}
{{- end }}
{{- $env := (include "prometheus-fail2ban-exporter.daemonSet.env" . | fromYaml) }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env:
{{- toYaml $env.env | nindent 8 }}
{{- end }}
{{- with .Values.daemonSet.fail2banExporter.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
image: {{ include "prometheus-fail2ban-exporter.daemonSet.images.fail2ban-exporter.fqin" . | quote }}
imagePullPolicy: {{ .Values.daemonSet.fail2banExporter.image.pullPolicy }}
livenessProbe:
tcpSocket:
port: 9191
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
tcpSocket:
port: 9191
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
ports:
- name: http
containerPort: 9191
protocol: TCP
{{- with .Values.daemonSet.fail2banExporter.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.daemonSet.fail2banExporter.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- $volumeMounts := (include "prometheus-fail2ban-exporter.daemonSet.volumeMounts" . | fromYaml) }}
{{- if hasKey $volumeMounts "volumeMounts" }}
volumeMounts:
{{- toYaml $volumeMounts.volumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.daemonSet.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.daemonSet.dnsPolicy }}
dnsPolicy: {{ .Values.daemonSet.dnsPolicy }}
{{- end }}
{{- if .Values.daemonSet.hostname }}
hostname: {{ .Values.daemonSet.hostname }}
{{- end }}
hostNetwork: {{ .Values.daemonSet.hostNetwork }}
{{- with .Values.daemonSet.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.daemonSet.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.daemonSet.priorityClassName }}
priorityClassName: {{ .Values.daemonSet.priorityClassName }}
{{- end }}
{{- if .Values.daemonSet.restartPolicy }}
restartPolicy: {{ .Values.daemonSet.restartPolicy }}
{{- end }}
{{- with .Values.daemonSet.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccount: {{ include "prometheus-fail2ban-exporter.daemonSet.serviceAccount" . }}
{{- if .Values.daemonSet.subdomain }}
subdomain: {{ .Values.daemonSet.subdomain }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.daemonSet.terminationGracePeriodSeconds }}
{{- with .Values.daemonSet.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.daemonSet.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- $volumes := (include "prometheus-fail2ban-exporter.daemonSet.volumes" . | fromYaml) }}
{{- if hasKey $volumes "volumes" }}
volumes:
{{- toYaml $volumes.volumes | nindent 6 }}
{{- end }}
{{- with .Values.daemonSet.updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}

45
templates/prometheus-fail2ban-exporter/ingress.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- if and .Values.services.http.enabled .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- with (include "prometheus-fail2ban-exporter.ingress.annotations" . | fromYaml) }}
annotations:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.ingress.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "prometheus-fail2ban-exporter.fullname" $ }}
port:
number: {{ $.Values.services.http.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

40
templates/prometheus-fail2ban-exporter/podMonitor.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if and .Values.prometheus.metrics.enabled .Values.prometheus.metrics.podMonitor.enabled (not .Values.prometheus.metrics.serviceMonitor.enabled) }}
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
{{- with (include "prometheus-fail2ban-exporter.podMonitors.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.podMonitors.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}-http
namespace: {{ .Release.Namespace }}
spec:
podMetricsEndpoints:
- enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }}
honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }}
interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }}
path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }}
port: "http"
{{- with .Values.prometheus.metrics.podMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }}
scheme: {{ required "The scheme of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scheme}}
{{- with .Values.prometheus.metrics.podMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
{{- end }}

23
templates/prometheus-fail2ban-exporter/prometheusRules.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if gt (len .Values.prometheus.rules) 0 }}
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
{{- with (include "prometheus-fail2ban-exporter.prometheusRules.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.prometheusRules.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.prometheus.rules }}
groups:
- name: {{ template "prometheus-fail2ban-exporter.fullname" $ }}
rules:
{{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}

19
templates/prometheus-fail2ban-exporter/secretWebConfig.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if not .Values.config.webConfig.existingSecret.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
{{- with (include "prometheus-fail2ban-exporter.secrets.webConfig.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.secrets.webConfig.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}-web-config
namespace: {{ .Release.Namespace }}
stringData:
webConfig.yaml: |
{{- toYaml .Values.config.webConfig.secret.webConfig | nindent 4 }}
{{- end }}

25
templates/prometheus-fail2ban-exporter/serviceAccount.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if not .Values.serviceAccount.existing.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- with (include "prometheus-fail2ban-exporter.serviceAccount.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.serviceAccount.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.new.automountServiceAccountToken }}
{{- with .Values.serviceAccount.new.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.new.secrets }}
secrets:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

57
templates/prometheus-fail2ban-exporter/serviceHTTP.yaml Normal file
View File

@ -0,0 +1,57 @@
{{- if .Values.services.http.enabled }}
---
apiVersion: v1
kind: Service
metadata:
{{- with (include "prometheus-fail2ban-exporter.services.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.services.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.services.http.name" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if not (empty .Values.services.http.externalIPs) }}
externalIPs:
{{- range .Values.services.http.externalIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }}
{{- end }}
internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }}
{{- if .Values.services.http.ipFamilies }}
ipFamilies:
{{- range .Values.services.http.ipFamilies }}
- {{ . }}
{{- end }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.services.http.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.services.http.loadBalancerIP }}
{{- end }}
{{- if eq .Values.services.http.type "LoadBalancer" }}
loadBalancerSourceRanges:
{{- range .Values.services.http.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end }}
ports:
- name: http
protocol: TCP
port: {{ required "No service port defined!" .Values.services.http.port }}
selector:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 4 }}
sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }}
{{- with .Values.services.http.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4}}
{{- end }}
type: {{ required "No service type defined!" .Values.services.http.type }}
{{- end }}

40
templates/prometheus-fail2ban-exporter/serviceMonitorHTTP.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if and .Values.services.http.enabled .Values.prometheus.metrics.enabled .Values.prometheus.metrics.serviceMonitor.enabled (not .Values.prometheus.metrics.podMonitor.enabled)}}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- with (include "prometheus-fail2ban-exporter.serviceMonitors.http.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.serviceMonitors.http.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}-http
namespace: {{ .Release.Namespace }}
spec:
endpoints:
- enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }}
followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }}
honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }}
interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }}
path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }}
{{- with .Values.prometheus.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }}
scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme }}
targetPort: {{ required "The port of the service is not defined!" .Values.services.http.port }}
{{- with .Values.prometheus.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "prometheus-fail2ban-exporter.serviceMonitors.http.selectorLabels" . | nindent 6 }}
{{- end }}

79
unittests/configMaps/grafanaDashboardPostgresExporter.yaml Normal file
View File

@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ConfigMap template (Grafana Dashboard PostgresExporter)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/configMapGrafanaDashboardFail2BanExporter.yaml
tests:
- it: Rendering fail2banExporter
asserts:
- hasDocuments:
count: 0
- it: Rendering
set:
grafana.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ConfigMap
name: prometheus-fail2ban-exporter-unittest-grafana-dashboard-fail2ban-exporter
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
grafana_dashboard: "1"
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- exists:
path: data["fail2banExporter.json"]
- it: Test custom annotations and labels
set:
grafana.enabled: true
grafana.dashboards.fail2banExporter.annotations:
foo: bar
grafana.dashboards.fail2banExporter.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
grafana_dashboard: "1"
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
bar: foo
- it: Test custom grafana discovery labels
set:
grafana.enabled: true
grafana.dashboardDiscoveryLabels:
grafana_dashboard: null
my-custom-discovery-label: my-value
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
my-custom-discovery-label: my-value
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0

377
unittests/daemonset/daemonset.yaml Normal file
View File

@ -0,0 +1,377 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: DaemonSet template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/daemonSet.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: apps/v1
kind: DaemonSet
name: prometheus-fail2ban-exporter-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- notExists:
path: spec.template.spec.affinity
- notExists:
path: spec.template.spec.containers[0].envFrom
- equal:
path: spec.template.spec.containers[0].args
value:
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
- --web.listen-address=:9191
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- mountPath: /var/run/fail2ban
name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d
- equal:
path: spec.template.spec.volumes
value:
- hostPath:
path: /var/run/fail2ban
type: Directory
name: socket
- name: config-d
secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config
- equal:
path: spec.template.spec.containers[0].image
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
- notExists:
path: spec.template.spec.containers[0].resources
- notExists:
path: spec.template.spec.containers[0].securityContext
- notExists:
path: spec.template.spec.dnsConfig
- notExists:
path: spec.template.spec.dnsPolicy
- notExists:
path: spec.template.spec.hostname
- equal:
path: spec.template.spec.hostNetwork
value: false
- notExists:
path: spec.template.spec.imagePullSecrets
- notExists:
path: spec.template.spec.nodeSelector
- notExists:
path: spec.template.spec.priorityClassName
- notExists:
path: spec.template.spec.restartPolicy
- notExists:
path: spec.template.spec.subdomain
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
- notExists:
path: spec.template.spec.tolerations
- notExists:
path: spec.template.spec.topologySpreadConstraints
- equal:
path: spec.updateStrategy
value:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: "RollingUpdate"
- it: Test custom affinity
set:
daemonSet.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
asserts:
- equal:
path: spec.template.spec.affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- antarctica-east1
- antarctica-west1
- it: Test additional arguments
set:
daemonSet.fail2banExporter.args:
- "--foo=bar"
- "--bar=foo"
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
- --web.listen-address=:9191
- --foo=bar
- --bar=foo
- it: Test custom imageRegistry and imageRepository
set:
daemonSet.fail2banExporter.image.registry: registry.example.local
daemonSet.fail2banExporter.image.repository: path/special/prometheus-fail2ban-exporter
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
- it: Test custom imagePullPolicy
set:
daemonSet.fail2banExporter.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
- it: Test config.webConfig.existingSecret
set:
config.webConfig.existingSecret.enabled: true
config.webConfig.existingSecret.secretName: web-config-secret
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- mountPath: /var/run/fail2ban
name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d
- equal:
path: spec.template.spec.volumes
value:
- hostPath:
path: /var/run/fail2ban
type: Directory
name: socket
- name: config-d
secret:
secretName: web-config-secret
- it: Test custom resource limits and requests
set:
daemonSet.fail2banExporter.resources:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 100m
memory: 250MB
requests:
cpu: 25m
memory: 100MB
- it: Test custom securityContext
set:
daemonSet.fail2banExporter.securityContext:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
capabilities:
add:
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
- it: Test dnsConfig
set:
daemonSet.dnsConfig:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
asserts:
- equal:
path: spec.template.spec.dnsConfig
value:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
- it: Test dnsPolicy
set:
daemonSet.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
- it: Test hostNetwork, hostname, subdomain
set:
daemonSet.hostNetwork: true
daemonSet.hostname: pg-exporter
daemonSet.subdomain: exporters.internal
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
- equal:
path: spec.template.spec.hostname
value: pg-exporter
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
- it: Test imagePullSecrets
set:
daemonSet.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: my-pull-secret
- name: my-special-secret
- it: Test nodeSelector
set:
daemonSet.nodeSelector:
foo: bar
asserts:
- equal:
path: spec.template.spec.nodeSelector
value:
foo: bar
- it: Test priorityClassName
set:
daemonSet.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
- it: Test restartPolicy
set:
daemonSet.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
- it: Test terminationGracePeriodSeconds
set:
daemonSet.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
- it: Test tolerations
set:
daemonSet.tolerations:
- key: database/type
operator: Equal
value: fail2ban
effect: NoSchedule
asserts:
- equal:
path: spec.template.spec.tolerations
value:
- key: database/type
operator: Equal
value: fail2ban
effect: NoSchedule
- it: Test topologySpreadConstraints
set:
daemonSet.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: prometheus-fail2ban-exporter
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints
value:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: prometheus-fail2ban-exporter
- it: Test additional volumeMounts and volumes
set:
daemonSet.fail2banExporter.volumeMounts:
- name: data
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
daemonSet.volumes:
- name: data
hostPath:
path: /usr/lib/prometheus-fail2ban-exporter/data
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- name: data
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d
mountPath: /etc/prometheus-fail2ban-exporter/config.d
- equal:
path: spec.template.spec.volumes
value:
- name: data
hostPath:
path: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d
secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config

140
unittests/ingress/ingress.yaml Normal file
View File

@ -0,0 +1,140 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Ingress template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/ingress.yaml
tests:
- it: Skip ingress by default.
asserts:
- hasDocuments:
count: 0
- it: Skip ingress, when service is disabled.
set:
services.http.enabled: false
ingress.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Render ingress with default values.
set:
ingress.enabled: true
ingress.hosts:
- host: fail2ban-exporter.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: fail2ban-exporter-http-tls
hosts:
- fail2ban-exporter.example.local
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: prometheus-fail2ban-exporter-unittest
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: fail2ban-exporter.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-fail2ban-exporter-unittest
port:
number: 9191
- contains:
path: spec.tls
content:
hosts:
- fail2ban-exporter.example.local
secretName: fail2ban-exporter-http-tls
- it: Render ingress with custom values.
set:
ingress.enabled: true
ingress.annotations:
foo: bar
ingress.className: nginx
ingress.labels:
bar: foo
ingress.hosts:
- host: fail2ban-exporter.example.local
paths:
- path: /
pathType: Prefix
ingress.tls:
- secretName: fail2ban-exporter-http-tls
hosts:
- fail2ban-exporter.example.local
services.http.port: 8080
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: Ingress
name: prometheus-fail2ban-exporter-unittest
namespace: testing
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
bar: foo
- equal:
path: spec.ingressClassName
value: nginx
- contains:
path: spec.rules
content:
host: fail2ban-exporter.example.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-fail2ban-exporter-unittest
port:
number: 8080
- contains:
path: spec.tls
content:
hosts:
- fail2ban-exporter.example.local
secretName: fail2ban-exporter-http-tls

169
unittests/podMonitors/podMonitorHTTP.yaml Normal file
View File

@ -0,0 +1,169 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: PodMonitor http template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/podMonitor.yaml
tests:
- it: Skip podMonitor when metrics are disabled.
set:
prometheus.metrics.enabled: false
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip podMonitor when podMonitor is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip podMonitor when both monitor types are enabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering podMonitor with default values - enabled manually.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
name: prometheus-fail2ban-exporter-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- equal:
path: spec.podMetricsEndpoints[0].enableHttp2
value: true
- equal:
path: spec.podMetricsEndpoints[0].followRedirects
value: false
- equal:
path: spec.podMetricsEndpoints[0].honorLabels
value: false
- equal:
path: spec.podMetricsEndpoints[0].interval
value: 60s
- equal:
path: spec.podMetricsEndpoints[0].path
value: /metrics
- equal:
path: spec.podMetricsEndpoints[0].port
value: http
- notExists:
path: spec.podMetricsEndpoints[0].relabelings
- equal:
path: spec.podMetricsEndpoints[0].scrapeTimeout
value: 30s
- equal:
path: spec.podMetricsEndpoints[0].scheme
value: http
- contains:
path: spec.namespaceSelector.matchNames
content:
testing
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/name: prometheus-fail2ban-exporter
- it: Render podMonitor with custom annotations and labels.
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.podMonitor.annotations:
foo: bar
prometheus.metrics.podMonitor.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- it: Change defaults
set:
prometheus.metrics.enabled: true
prometheus.metrics.podMonitor.enabled: true
prometheus.metrics.podMonitor.enableHttp2: false
prometheus.metrics.podMonitor.followRedirects: true
prometheus.metrics.podMonitor.honorLabels: true
prometheus.metrics.podMonitor.interval: "180s"
prometheus.metrics.podMonitor.path: "/my-metrics"
prometheus.metrics.podMonitor.relabelings:
- sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
prometheus.metrics.podMonitor.scrapeTimeout: "5s"
prometheus.metrics.podMonitor.scheme: "http"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.podMetricsEndpoints[0].enableHttp2
value: false
- equal:
path: spec.podMetricsEndpoints[0].followRedirects
value: true
- equal:
path: spec.podMetricsEndpoints[0].honorLabels
value: true
- equal:
path: spec.podMetricsEndpoints[0].interval
value: 180s
- equal:
path: spec.podMetricsEndpoints[0].path
value: /my-metrics
- equal:
path: spec.podMetricsEndpoints[0].port
value: http
- contains:
path: spec.podMetricsEndpoints[0].relabelings
content:
sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
- equal:
path: spec.podMetricsEndpoints[0].scrapeTimeout
value: 5s
- equal:
path: spec.podMetricsEndpoints[0].scheme
value: http

74
unittests/secrets/webconfig.yaml Normal file
View File

@ -0,0 +1,74 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Secret database template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/secretWebConfig.yaml
tests:
- it: Rendering default secret.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
name: prometheus-fail2ban-exporter-unittest-web-config
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- equal:
path: stringData["webConfig.yaml"]
value: |
{}
- it: Rendering custom webconfig.
set:
config.webConfig.secret.webConfig:
tls_server_config:
cert_file: /path/to/cert.pem
client_ca_file: /path/to/ca.pem
key_file: /path/to/key.pem
asserts:
- equal:
path: stringData["webConfig.yaml"]
value: |
tls_server_config:
cert_file: /path/to/cert.pem
client_ca_file: /path/to/ca.pem
key_file: /path/to/key.pem
- it: Rendering custom annotations and labels.
set:
config.webConfig.secret.annotations:
foo: bar
bar: foo
config.webConfig.secret.labels:
foo: bar
bar: foo
config.webConfig.secret.webConfig:
tls_server_config:
cert_file: /path/to/cert.pem
key_file: /path/to/key.pem
client_ca_file: /path/to/ca.pem
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
bar: foo
- isSubset:
path: metadata.labels
content:
foo: bar
bar: foo

79
unittests/serviceAccounts/serviceAccount.yaml Normal file
View File

@ -0,0 +1,79 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceAccount prometheus-fail2ban-exporter template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/serviceAccount.yaml
tests:
- it: Skip rendering.
set:
serviceAccount.existing.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceAccount with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: ServiceAccount
name: prometheus-fail2ban-exporter-unittest
namespace: testing
- notExists:
path: metadata.annotations
- notExists:
path: metadata.labels
- equal:
path: automountServiceAccountToken
value: true
- notExists:
path: imagePullSecrets
- notExists:
path: secrets
- it: Rendering serviceAccount with custom values.
set:
serviceAccount.new.annotations:
foo: bar
serviceAccount.new.labels:
bar: foo
serviceAccount.new.automountServiceAccountToken: false
serviceAccount.new.imagePullSecrets:
- name: "my-pull-secret"
serviceAccount.new.secrets:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"
asserts:
- hasDocuments:
count: 1
- exists:
path: metadata.annotations
value:
foo: bar
- exists:
path: metadata.labels
value:
bar: foo
- equal:
path: metadata.name
value: prometheus-fail2ban-exporter-unittest
- equal:
path: automountServiceAccountToken
value: false
- equal:
path: imagePullSecrets
value:
- name: "my-pull-secret"
- equal:
path: secrets
value:
- name: "my-secret"
namespace: "my-namespace"
fieldPath: "my-path"

168
unittests/serviceMonitors/serviceMonitorHTTP.yaml Normal file
View File

@ -0,0 +1,168 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: ServiceMonitor http template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/serviceMonitorHTTP.yaml
tests:
- it: Skip serviceMonitor when service is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip serviceMonitor when metrics are disabled.
set:
prometheus.metrics.enabled: false
prometheus.metrics.serviceMonitor.enabled: true
services.http.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Skip serviceMonitor when serviceMonitor is disabled.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: false
services.http.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Rendering serviceMonitor with default values - enabled manually.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
name: prometheus-fail2ban-exporter-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- equal:
path: spec.endpoints[0].enableHttp2
value: true
- equal:
path: spec.endpoints[0].followRedirects
value: false
- equal:
path: spec.endpoints[0].honorLabels
value: false
- equal:
path: spec.endpoints[0].interval
value: 60s
- equal:
path: spec.endpoints[0].path
value: /metrics
- notExists:
path: spec.endpoints[0].relabelings
- equal:
path: spec.endpoints[0].scrapeTimeout
value: 30s
- equal:
path: spec.endpoints[0].scheme
value: http
- equal:
path: spec.endpoints[0].targetPort
value: 9191
- contains:
path: spec.namespaceSelector.matchNames
content:
testing
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/service-name: http
- it: Render serviceMonitor with custom annotations and labels.
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.serviceMonitor.annotations:
foo: bar
prometheus.metrics.serviceMonitor.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
bar: foo
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- it: Change defaults
set:
prometheus.metrics.enabled: true
prometheus.metrics.serviceMonitor.enabled: true
prometheus.metrics.serviceMonitor.enableHttp2: false
prometheus.metrics.serviceMonitor.followRedirects: true
prometheus.metrics.serviceMonitor.honorLabels: true
prometheus.metrics.serviceMonitor.interval: "180s"
prometheus.metrics.serviceMonitor.path: "/my-metrics"
prometheus.metrics.serviceMonitor.relabelings:
- sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
prometheus.metrics.serviceMonitor.scrapeTimeout: "5s"
prometheus.metrics.serviceMonitor.scheme: "http"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.endpoints[0].enableHttp2
value: false
- equal:
path: spec.endpoints[0].followRedirects
value: true
- equal:
path: spec.endpoints[0].honorLabels
value: true
- equal:
path: spec.endpoints[0].interval
value: 180s
- equal:
path: spec.endpoints[0].path
value: /my-metrics
- contains:
path: spec.endpoints[0].relabelings
content:
sourceLabels: [ container ]
separator: ";"
regex: "app"
replacement: "$1"
action: "drop"
- equal:
path: spec.endpoints[0].scrapeTimeout
value: 5s
- equal:
path: spec.endpoints[0].scheme
value: http

174
unittests/services/http.yaml Normal file
View File

@ -0,0 +1,174 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: Service http template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/serviceHTTP.yaml
tests:
- it: Skip service when disabled.
set:
services.http.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Rendering service with default values.
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Service
name: prometheus-fail2ban-exporter-unittest-http
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- notExists:
path: spec.externalIPs
- notExists:
path: spec.externalTrafficPolicy
- equal:
path: spec.internalTrafficPolicy
value: Cluster
- notExists:
path: spec.ipFamilies
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- equal:
path: spec.ports[0].name
value: http
- equal:
path: spec.ports[0].protocol
value: TCP
- equal:
path: spec.ports[0].port
value: 9191
- equal:
path: spec.selector
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/name: prometheus-fail2ban-exporter
- equal:
path: spec.sessionAffinity
value: None
- notExists:
path: spec.sessionAffinityConfig
- equal:
path: spec.type
value: ClusterIP
- it: Require internalTrafficPolicy.
set:
services.http.internalTrafficPolicy: ""
asserts:
- failedTemplate:
errorMessage: No internal traffic policy defined!
- it: Require port.
set:
services.http.port: ""
asserts:
- failedTemplate:
errorMessage: No service port defined!
- it: Require sessionAffinity.
set:
services.http.sessionAffinity: ""
asserts:
- failedTemplate:
errorMessage: No session affinity defined!
- it: Require service type.
set:
services.http.type: ""
asserts:
- failedTemplate:
errorMessage: No service type defined!
- it: Render service with custom annotations and labels.
set:
services.http.annotations:
foo: bar
services.http.labels:
bar: foo
asserts:
- equal:
path: metadata.annotations
value:
foo: bar
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/service-name: http
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
bar: foo
- it: Change defaults
set:
services.http.externalIPs:
- "10.11.12.13/32"
services.http.externalTrafficPolicy: Local
services.http.internalTrafficPolicy: Local
services.http.ipFamilies:
- IPv4
services.http.loadBalancerClass: aws
services.http.loadBalancerIP: "11.12.13.14"
services.http.loadBalancerSourceRanges:
- "11.12.0.0/17"
services.http.port: 10443
services.http.sessionAffinity: ClientIP
services.http.type: LoadBalancer
asserts:
- equal:
path: spec.externalIPs
value:
- 10.11.12.13/32
- equal:
path: spec.externalTrafficPolicy
value: Local
- equal:
path: spec.internalTrafficPolicy
value: Local
- equal:
path: spec.ipFamilies
value:
- IPv4
- equal:
path: spec.loadBalancerClass
value: aws
- equal:
path: spec.loadBalancerIP
value: "11.12.13.14"
- equal:
path: spec.loadBalancerSourceRanges
value:
- "11.12.0.0/17"
- equal:
path: spec.ports[0].port
value: 10443
- equal:
path: spec.sessionAffinity
value: ClientIP
- equal:
path: spec.type
value: LoadBalancer

395
values.yaml Normal file
View File

@ -0,0 +1,395 @@
# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
## @section Configuration
config:
webConfig:
## @param config.webConfig.existingSecret.enabled Mount an existing secret containing the key `webConfig.yaml`.
## @param config.webConfig.existingSecret.secretName Name of the existing secret containing the key `webConfig.yaml`.
existingSecret:
enabled: false
secretName: ""
## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`.
## @skip config.webConfig.secret.webConfig Skip individual web configuration.
secret:
annotations: {}
labels: {}
webConfig: {}
# basic_auth_users:
# prom: <bcrypted password>
# http_server_config:
# http2: true
# tls_server_config:
# cert_file: /path/to/cert.pem
# client_allowed_sans:
# - fail2ban.example.local
# client_ca_file: /path/to/ca.pem
# key_file: /path/to/key.pem
# max_version: TLS13
# min_version: TLS12
## @section Daemonset
daemonSet:
## @param daemonSet.annotations Additional deployment annotations.
## @param daemonSet.labels Additional deployment labels.
annotations: {}
labels: {}
## @param daemonSet.additionalContainers List of additional containers.
additionalContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: side-car
## @param daemonSet.affinity Affinity for the fail2ban-exporter daemonSet.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 20
# preference:
# matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
## @param daemonSet.initContainers List of additional init containers.
initContainers: []
# - command: [ "sh", "-c", "echo hello world" ]
# image: "docker.io/library/busybox:latest"
# name: init
## @param daemonSet.dnsConfig dnsConfig of the fail2ban-exporter daemonSet.
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## @param daemonSet.dnsPolicy dnsPolicy of the fail2ban-exporter daemonSet.
dnsPolicy: ""
## @param daemonSet.hostname Individual hostname of the pod.
## @param daemonSet.subdomain Individual domain of the pod.
hostname: ""
subdomain: ""
## @param daemonSet.hostNetwork Use the kernel network namespace of the host system.
hostNetwork: false
## @param daemonSet.imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
# - name: "my-custom-secret"
fail2banExporter:
## @param daemonSet.fail2banExporter.args Arguments passed to the fail2ban-exporter container.
args: []
## @param daemonSet.fail2banExporter.env List of environment variables for the fail2ban-exporter container.
env: []
# - name: SPECIAL_ENV_A
# value: special-key
# - name: SPECIAL_ENV
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special-key
# - name: SPECIAL_ENV
# valueFrom:
# secretKeyRef:
# name: special-secret
# key: special-key
## @param daemonSet.fail2banExporter.envFrom List of environment variables mounted from configMaps or secrets for the fail2ban-exporter container.
envFrom: []
# - configMapRef:
# name: special-config
# - secretRef:
# name: special-secret
## @param daemonSet.fail2banExporter.image.registry Image registry, eg. `docker.io`.
## @param daemonSet.fail2banExporter.image.repository Image repository, eg. `library/busybox`.
## @param daemonSet.fail2banExporter.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
## @param daemonSet.fail2banExporter.image.pullPolicy Image pull policy.
image:
registry: git.cryptic.systems
repository: volker.raschek/prometheus-fail2ban-exporter
tag: ""
pullPolicy: IfNotPresent
## @param daemonSet.fail2banExporter.resources CPU and memory resources of the pod.
resources: {}
# limits:
# cpu:
# ephemeral-storage:
# memory:
# requests:
# cpu:
# ephemeral-storage:
# memory:
## @param daemonSet.fail2banExporter.securityContext Security context of the container of the daemonSet.
securityContext: {}
# capabilities:
# add:
# - NET_RAW
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## @param daemonSet.fail2banExporter.volumeMounts Additional volume mounts.
## @skip daemonSet.fail2banExporter.volumeMounts Skip individual volume mounts configuration.
volumeMounts:
- name: socket
mountPath: /var/run/fail2ban
## @param daemonSet.nodeSelector NodeSelector of the fail2ban-exporter daemonSet.
nodeSelector: {}
## @param daemonSet.priorityClassName PriorityClassName of the fail2ban-exporter daemonSet.
priorityClassName: ""
## @param daemonSet.restartPolicy Restart policy of the fail2ban-exporter daemonSet.
restartPolicy: ""
## @param daemonSet.securityContext Security context of the fail2ban-exporter daemonSet.
securityContext: {}
# fsGroup: 2000
## @param daemonSet.updateStrategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param daemonSet.updateStrategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
## @param daemonSet.updateStrategy.type Strategy type - `OnDelete` or `RollingUpdate`.
updateStrategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: "RollingUpdate"
## @param daemonSet.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
terminationGracePeriodSeconds: 60
## @param daemonSet.tolerations Tolerations of the fail2ban-exporter daemonSet.
tolerations: []
# - key: database/type
# operator: Equal
# value: fail2ban
# effect: NoSchedule
## @param daemonSet.topologySpreadConstraints TopologySpreadConstraints of the fail2ban-exporter daemonSet.
topologySpreadConstraints: []
# - topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: prometheus-fail2ban-exporter
## @param daemonSet.volumes Additional volumes to mount into the pods of the prometheus-exporter daemonset.
## @skip daemonSet.volumes Skip individual volumes configuration.
volumes:
- name: socket
hostPath:
path: /var/run/fail2ban
type: Directory
# - name: my-configmap-volume
# config:
# name: my-configmap
# - name: my-secret-volume
# secret:
# secretName: my-secret
## @section Grafana
## @param grafana.enabled Enable integration into Grafana. Require the Prometheus operator daemonSet.
grafana:
enabled: false
## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana daemonSet.
## @skip grafana.dashboardDiscoveryLabels
dashboardDiscoveryLabels:
grafana_dashboard: "1"
dashboards:
## @param grafana.dashboards.fail2banExporter.enabled Enable deployment of Grafana dashboard `fail2banExporter`.
## @param grafana.dashboards.fail2banExporter.annotations Additional configmap annotations.
## @param grafana.dashboards.fail2banExporter.labels Additional configmap labels.
fail2banExporter:
enabled: true
annotations: {}
labels: {}
## @section Ingress
ingress:
## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
## @param ingress.className Ingress class.
## @param ingress.annotations Additional ingress annotations.
## @param ingress.labels Additional ingress labels.
enabled: false
className: "nginx"
annotations: {}
labels: {}
## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
## @skip ingress.hosts Skip individual host configuration.
hosts: []
# - host: fail2ban-exporter.example.local
# paths:
# - path: /
# pathType: Prefix
## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
## @skip ingress.tls Skip individual TLS configuration.
tls: []
# - secretName: fail2ban-exporter-http-tls
# hosts:
# - fail2ban-exporter.example.local
## @section Pod disruption
## @param podDisruptionBudget Pod disruption budget.
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
## @section Network
## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
networkPolicies: {}
## @section Prometheus
prometheus:
## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
metrics:
enabled: true
## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.
## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics.
## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration.
podMonitor:
enabled: false
annotations: {}
enableHttp2: true
followRedirects: false
honorLabels: false
labels: {}
interval: "60s"
path: "/metrics"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.
## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations.
## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels.
## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2.
## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration.
serviceMonitor:
enabled: false
annotations: {}
labels: {}
enableHttp2: true
followRedirects: false
honorLabels: false
interval: "60s"
path: "/metrics"
relabelings: []
scrapeTimeout: "30s"
scheme: "http"
tlsConfig: {}
## @param prometheus.rules Array of Prometheus rules for monitoring the application and triggering alerts.
## @skip prometheus.rules Skip individual Prometheus rules.
rules: []
## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
http:
enabled: true
annotations: {}
externalIPs: []
externalTrafficPolicy: "Cluster"
internalTrafficPolicy: "Cluster"
ipFamilies: []
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 9191
sessionAffinity: "None"
sessionAffinityConfig: {}
type: "ClusterIP"
## @section ServiceAccount
serviceAccount:
## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
existing:
enabled: false
serviceAccountName: ""
## @param serviceAccount.new.annotations Additional service account annotations.
## @param serviceAccount.new.labels Additional service account labels.
## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
new:
annotations: {}
labels: {}
automountServiceAccountToken: true
imagePullSecrets: []
# - name: "my-image-pull-secret"
secrets: []
# - name: "my-secret"
# namespace: "my-namespace"
# fieldPath: "my-field"