Initial Commit

This commit is contained in:
Markus Pesch 2023-07-09 12:32:39 +02:00
commit b5ec529129
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
15 changed files with 698 additions and 0 deletions

106
.drone.yml Normal file
View File

@ -0,0 +1,106 @@
---
kind: pipeline
type: kubernetes
name: linter
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.2.1
- name: helm lint
commands:
- helm lint
image: git.cryptic.systems/volker.raschek/helm:3.12.1
resources:
limits:
cpu: 50
memory: 50M
- name: markdown lint
commands:
- markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.34.0
resources:
limits:
cpu: 150
memory: 150M
- name: helm template
commands:
- helm template .
image: git.cryptic.systems/volker.raschek/helm:3.12.1
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.1
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: release
clone:
disable: true
platform:
os: linux
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.2.1
- name: release-helm-chart
commands:
- helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
- helm package --version ${DRONE_TAG} .
- helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
environment:
HELM_REPO_PASSWORD:
from_secret: helm_repo_password
HELM_REPO_USERNAME:
from_secret: helm_repo_username
image: git.cryptic.systems/volker.raschek/helm:3.12.1
resources:
limits:
cpu: 150
memory: 150M
trigger:
event:
- tag
repo:
- volker.raschek/prometheus-fail2ban-exporter-charts

12
.editorconfig Normal file
View File

@ -0,0 +1,12 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.tgz
values2.yml
values2.yaml

32
.helmignore Normal file
View File

@ -0,0 +1,32 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# markdownlint
.markdownlint.yaml
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz

144
.markdownlint.yaml Normal file
View File

@ -0,0 +1,144 @@
# markdownlint YAML configuration
# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml
# Default state for all rules
default: true
# Path to configuration file to extend
extends: null
# MD003/heading-style/header-style - Heading style
MD003:
# Heading style
style: "atx"
# MD004/ul-style - Unordered list style
MD004:
style: "dash"
# MD007/ul-indent - Unordered list indentation
MD007:
# Spaces for indent
indent: 2
# Whether to indent the first level of the list
start_indented: false
# MD009/no-trailing-spaces - Trailing spaces
MD009:
# Spaces for line break
br_spaces: 2
# Allow spaces for empty lines in list items
list_item_empty_lines: false
# Include unnecessary breaks
strict: false
# MD010/no-hard-tabs - Hard tabs
MD010:
# Include code blocks
code_blocks: true
# MD012/no-multiple-blanks - Multiple consecutive blank lines
MD012:
# Consecutive blank lines
maximum: 1
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
# Number of characters for headings
heading_line_length: 80
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
code_blocks: false
# Include tables
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
stern: false
# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines
MD022:
# Blank lines above heading
lines_above: 1
# Blank lines below heading
lines_below: 1
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD026/no-trailing-punctuation - Trailing punctuation in heading
MD026:
# Punctuation characters
punctuation: ".,;:!。,;:!"
# MD029/ol-prefix - Ordered list item prefix
MD029:
# List style
style: "one_or_ordered"
# MD030/list-marker-space - Spaces after list markers
MD030:
# Spaces for single-line unordered list items
ul_single: 1
# Spaces for single-line ordered list items
ol_single: 1
# Spaces for multi-line unordered list items
ul_multi: 1
# Spaces for multi-line ordered list items
ol_multi: 1
# MD033/no-inline-html - Inline HTML
MD033:
# Allowed elements
allowed_elements: []
# MD035/hr-style - Horizontal rule style
MD035:
# Horizontal rule style
style: "---"
# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading
MD036:
# Punctuation characters
punctuation: ".,;:!?。,;:!?"
# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
MD041:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD044/proper-names - Proper names should have the correct capitalization
MD044:
# List of proper names
# names:
# - drone
# Include code blocks
code_blocks: false
# MD046/code-block-style - Code block style
MD046:
# Block style
style: "fenced"
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"

18
Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v2
name: prometheus-fail2ban-exporter
description: Helm chart for prometheus-fail2ban-exporter
type: application
version: "0.1.0"
appVersion: "latest"
icon: https://www.fail2ban.org/fail2ban_logo.png
keywords:
- fail2ban
- prometheus
sources:
- https://github.com/volker-raschek/prometheus-fail2ban-exporter-charts
maintainers:
- name: Markus Pesch
email: markus.pesch+apps@cryptic.systems

13
LICENSE Normal file
View File

@ -0,0 +1,13 @@
Copyright 2023 Markus Pesch
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1
README.md Normal file
View File

@ -0,0 +1 @@
# prometheus-fail2ban-charts

37
renovate.json Normal file
View File

@ -0,0 +1,37 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"automergeStrategy": "merge-commit",
"automergeType": "pr",
"assignees": [ "volker.raschek" ],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": false,
"matchPackageNames": [ "prometheus-fail2ban-exporter" ],
"matchManagers": [ "regex" ]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch",
"regexManagers": [
{
"description": "Update container image reference",
"fileMatch": [
"^Chart\\.yaml$"
],
"matchStrings": [
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "prometheus-fail2ban-exporter",
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter"
}
]
}

62
templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "prometheus-fail2ban-exporter.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "prometheus-fail2ban-exporter.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "prometheus-fail2ban-exporter.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "prometheus-fail2ban-exporter.labels" -}}
helm.sh/chart: {{ include "prometheus-fail2ban-exporter.chart" . }}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "prometheus-fail2ban-exporter.selectorLabels" -}}
app.kubernetes.io/name: {{ include "prometheus-fail2ban-exporter.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "prometheus-fail2ban-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "prometheus-fail2ban-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

71
templates/daemonset.yaml Normal file
View File

@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
labels:
{{- include "prometheus-fail2ban-exporter.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "prometheus-fail2ban-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus-fail2ban-exporter.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
envFrom:
- secretRef:
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 9191
protocol: TCP
livenessProbe:
httpGet:
path: /metrics
port: http
readinessProbe:
httpGet:
path: /metrics
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podPriorityClassName }}
priorityClassName: {{ .Values.podPriorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}

61
templates/ingress.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "prometheus-fail2ban-exporter.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "prometheus-fail2ban-exporter.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

15
templates/secrets.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
type: Opaque
stringData:
{{- if not (hasKey .Values "config") -}}
{{- $_ := set .Values "config" dict -}}
{{- end -}}
{{/* SETUP CONFIG */}}
{{ range $key, $value := .Values.config }}
{{ upper $key}}: {{ quote $value }}
{{ end }}

15
templates/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "prometheus-fail2ban-exporter.fullname" . }}
labels:
{{- include "prometheus-fail2ban-exporter.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "prometheus-fail2ban-exporter.selectorLabels" . | nindent 4 }}

108
values.yaml Normal file
View File

@ -0,0 +1,108 @@
# Default values for prometheus-fail2ban-exporter.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
affinity: {}
config: {}
# F2B_COLLECTOR_SOCKET
# Path to the fail2ban socket inside the container filesystem.
# F2B_COLLECTOR_SOCKET: ""
# F2B_COLLECTOR_TEXT_PATH
# Directory to read text files with metrics from.
# F2B_COLLECTOR_TEXT_PATH: ""
# F2B_EXIT_ON_SOCKET_CONN_ERROR
# When set to true the exporter will immediately exit on a fail2ban socket connection error.
# F2B_EXIT_ON_SOCKET_CONN_ERROR: ""
# F2B_WEB_BASICAUTH_PASS
# Basic auth password to access the metrics endpoint.
# F2B_WEB_BASICAUTH_PASS: ""
# F2B_WEB_BASICAUTH_USER
# Basic auth user to access the metrics endpoint.
# F2B_WEB_BASICAUTH_USER:""
# F2B_WEB_LISTEN_ADDRESS
# Alternative listen address instead of 0.0.0.0/0 and ::/0.
# F2B_WEB_LISTEN_ADDRESS: ""
image:
repository: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
ingress:
enabled: false
className: "nginx"
annotations:
# cert-manager.io/cluster-issuer:
# cert-manager.io/issuer:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: "your-hostname"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "your-tls-secret"
hosts:
- "your-hostname"
nodeSelector: {}
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "9191"
podPriorityClassName: ""
podSecurityContext: {}
# fsGroup: 2000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 9191
tolerations: []
volumeMounts:
- name: socket
mountPath: /var/run/fail2ban/fail2ban.sock
volumes:
- name: socket
hostPath:
path: /var/run/fail2ban/fail2ban.sock
type: Socket