volker.raschek/prometheus-fail2ban-exporter-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: automatically roll deployments
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Release / publish-chart (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 24s
Details

Browse Source 
The following patch extends the chart to automatically roll the deployment, when
one of the configurations, stored in a config map or secret, has been changed.

The implementation add annotations which triggers `helm update` or ArgoCD to
roll the deployment. Further information can be found on the official helm
website:

  https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
This commit is contained in:
Markus Pesch
2025-05-29 12:23:44 +02:00
parent 51ee91fed1
commit 38b4f95a1f
3 changed files with 80 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
templates/prometheus-fail2ban-exporter/_pod.tpl
View File

@@ -4,6 +4,21 @@
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}} {{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }} {{ include "prometheus-fail2ban-exporter.annotations" . }}
# The following annotations are required to trigger a rolling update. Further information can be found in the official
# documentation of helm:
#
# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
#
{{/* web config */}}
{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-fail2ban-exporter/secretWebConfig.yaml") . | sha256sum }}
{{- end }}
{{- end }} {{- end }}
{{/* labels */}} {{/* labels */}}

2
templates/prometheus-fail2ban-exporter/daemonSet.yaml
View File

@@ -17,6 +17,8 @@ spec:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }} {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
annotations:
{{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }}
labels: labels:
{{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }} {{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }}
spec: spec:

64
unittests/daemonset/daemonset.yaml
View File

@@ -7,18 +7,22 @@ release:
namespace: testing namespace: testing
templates: templates:
- templates/prometheus-fail2ban-exporter/daemonSet.yaml - templates/prometheus-fail2ban-exporter/daemonSet.yaml
- templates/prometheus-fail2ban-exporter/secretWebConfig.yaml
tests: tests:
- it: Rendering default - it: Rendering default
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- containsDocument: - containsDocument:
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: metadata.labels path: metadata.labels
value: value:
@@ -27,15 +31,31 @@ tests:
app.kubernetes.io/name: prometheus-fail2ban-exporter app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0 app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.affinity path: spec.template.spec.affinity
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].envFrom path: spec.template.spec.containers[0].envFrom
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].args path: spec.template.spec.containers[0].args
value: value:
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml # - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
- --web.listen-address=:9191 - --web.listen-address=:9191
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
value: value:
@@ -43,6 +63,7 @@ tests:
name: socket name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d - mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d name: config-d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -53,42 +74,59 @@ tests:
- name: config-d - name: config-d
secret: secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0 value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent value: IfNotPresent
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].securityContext path: spec.template.spec.containers[0].securityContext
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.dnsConfig path: spec.template.spec.dnsConfig
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.hostname path: spec.template.spec.hostname
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: false value: false
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.imagePullSecrets path: spec.template.spec.imagePullSecrets
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 60 value: 60
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.tolerations path: spec.template.spec.tolerations
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.topologySpreadConstraints path: spec.template.spec.topologySpreadConstraints
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.updateStrategy path: spec.updateStrategy
value: value:
@@ -96,6 +134,7 @@ tests:
maxSurge: 1 maxSurge: 1
maxUnavailable: 0 maxUnavailable: 0
type: "RollingUpdate" type: "RollingUpdate"
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom affinity - it: Test custom affinity
set: set:
@@ -122,6 +161,7 @@ tests:
values: values:
- antarctica-east1 - antarctica-east1
- antarctica-west1 - antarctica-west1
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test additional arguments - it: Test additional arguments
set: set:
@@ -136,6 +176,7 @@ tests:
- --web.listen-address=:9191 - --web.listen-address=:9191
- --foo=bar - --foo=bar
- --bar=foo - --bar=foo
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom imageRegistry and imageRepository - it: Test custom imageRegistry and imageRepository
set: set:
@@ -145,6 +186,7 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0 value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom imagePullPolicy - it: Test custom imagePullPolicy
set: set:
@@ -153,6 +195,7 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: Always value: Always
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test config.webConfig.existingSecret - it: Test config.webConfig.existingSecret
set: set:
@@ -166,6 +209,7 @@ tests:
name: socket name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d - mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d name: config-d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -176,6 +220,7 @@ tests:
- name: config-d - name: config-d
secret: secret:
secretName: web-config-secret secretName: web-config-secret
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom resource limits and requests - it: Test custom resource limits and requests
set: set:
@@ -195,6 +240,7 @@ tests:
resourceFieldRef: resourceFieldRef:
divisor: "1" divisor: "1"
resource: limits.cpu resource: limits.cpu
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
value: value:
@@ -204,6 +250,7 @@ tests:
requests: requests:
cpu: 25m cpu: 25m
memory: 100MB memory: 100MB
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom securityContext - it: Test custom securityContext
set: set:
@@ -230,6 +277,7 @@ tests:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test dnsConfig - it: Test dnsConfig
set: set:
@@ -244,6 +292,7 @@ tests:
nameservers: nameservers:
- "8.8.8.8" - "8.8.8.8"
- "8.8.4.4" - "8.8.4.4"
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test dnsPolicy - it: Test dnsPolicy
set: set:
@@ -252,6 +301,7 @@ tests:
- equal: - equal:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
value: ClusterFirst value: ClusterFirst
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test hostNetwork, hostname, subdomain - it: Test hostNetwork, hostname, subdomain
set: set:
@@ -262,12 +312,15 @@ tests:
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: true value: true
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.hostname path: spec.template.spec.hostname
value: pg-exporter value: pg-exporter
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
value: exporters.internal value: exporters.internal
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test imagePullSecrets - it: Test imagePullSecrets
set: set:
@@ -280,6 +333,7 @@ tests:
value: value:
- name: my-pull-secret - name: my-pull-secret
- name: my-special-secret - name: my-special-secret
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test nodeSelector - it: Test nodeSelector
set: set:
@@ -290,6 +344,7 @@ tests:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
value: value:
foo: bar foo: bar
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test priorityClassName - it: Test priorityClassName
set: set:
@@ -298,6 +353,7 @@ tests:
- equal: - equal:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
value: my-priority value: my-priority
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test restartPolicy - it: Test restartPolicy
set: set:
@@ -306,6 +362,7 @@ tests:
- equal: - equal:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
value: Always value: Always
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test terminationGracePeriodSeconds - it: Test terminationGracePeriodSeconds
set: set:
@@ -314,6 +371,7 @@ tests:
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 120 value: 120
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test tolerations - it: Test tolerations
set: set:
@@ -330,6 +388,7 @@ tests:
operator: Equal operator: Equal
value: fail2ban value: fail2ban
effect: NoSchedule effect: NoSchedule
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test topologySpreadConstraints - it: Test topologySpreadConstraints
set: set:
@@ -348,6 +407,7 @@ tests:
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/instance: prometheus-fail2ban-exporter app.kubernetes.io/instance: prometheus-fail2ban-exporter
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test additional volumeMounts and volumes - it: Test additional volumeMounts and volumes
set: set:
@@ -366,6 +426,7 @@ tests:
mountPath: /usr/lib/prometheus-fail2ban-exporter/data mountPath: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d - name: config-d
mountPath: /etc/prometheus-fail2ban-exporter/config.d mountPath: /etc/prometheus-fail2ban-exporter/config.d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -374,4 +435,5 @@ tests:
path: /usr/lib/prometheus-fail2ban-exporter/data path: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d - name: config-d
secret: secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml