You've already forked prometheus-fail2ban-exporter-charts
feat: automatically roll deployments
The following patch extends the chart to automatically roll the deployment, when one of the configurations, stored in a config map or secret, has been changed. The implementation add annotations which triggers `helm update` or ArgoCD to roll the deployment. Further information can be found on the official helm website: https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
This commit is contained in:
@@ -4,6 +4,21 @@
|
||||
|
||||
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
|
||||
{{ include "prometheus-fail2ban-exporter.annotations" . }}
|
||||
|
||||
# The following annotations are required to trigger a rolling update. Further information can be found in the official
|
||||
# documentation of helm:
|
||||
#
|
||||
# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
|
||||
#
|
||||
|
||||
{{/* web config */}}
|
||||
{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
|
||||
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
|
||||
checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
|
||||
{{- else }}
|
||||
checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-fail2ban-exporter/secretWebConfig.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{/* labels */}}
|
||||
|
||||
@@ -17,6 +17,8 @@ spec:
|
||||
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }}
|
||||
labels:
|
||||
{{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }}
|
||||
spec:
|
||||
|
||||
@@ -7,18 +7,22 @@ release:
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- templates/prometheus-fail2ban-exporter/secretWebConfig.yaml
|
||||
tests:
|
||||
- it: Rendering default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- containsDocument:
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
name: prometheus-fail2ban-exporter-unittest
|
||||
namespace: testing
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
@@ -27,15 +31,31 @@ tests:
|
||||
app.kubernetes.io/name: prometheus-fail2ban-exporter
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- exists:
|
||||
path: spec.template.metadata.annotations.checksum/secret-web-config
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: prometheus-fail2ban-exporter
|
||||
app.kubernetes.io/version: 0.1.0
|
||||
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.affinity
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].envFrom
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].args
|
||||
value:
|
||||
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
|
||||
- --web.listen-address=:9191
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].volumeMounts
|
||||
value:
|
||||
@@ -43,6 +63,7 @@ tests:
|
||||
name: socket
|
||||
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||||
name: config-d
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.volumes
|
||||
value:
|
||||
@@ -53,42 +74,59 @@ tests:
|
||||
- name: config-d
|
||||
secret:
|
||||
secretName: prometheus-fail2ban-exporter-unittest-web-config
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: IfNotPresent
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsConfig
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.hostname
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: false
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.nodeSelector
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.priorityClassName
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.restartPolicy
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.subdomain
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 60
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.tolerations
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- notExists:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.updateStrategy
|
||||
value:
|
||||
@@ -96,6 +134,7 @@ tests:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 0
|
||||
type: "RollingUpdate"
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test custom affinity
|
||||
set:
|
||||
@@ -122,6 +161,7 @@ tests:
|
||||
values:
|
||||
- antarctica-east1
|
||||
- antarctica-west1
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test additional arguments
|
||||
set:
|
||||
@@ -136,6 +176,7 @@ tests:
|
||||
- --web.listen-address=:9191
|
||||
- --foo=bar
|
||||
- --bar=foo
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test custom imageRegistry and imageRepository
|
||||
set:
|
||||
@@ -145,6 +186,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test custom imagePullPolicy
|
||||
set:
|
||||
@@ -153,6 +195,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: Always
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test config.webConfig.existingSecret
|
||||
set:
|
||||
@@ -166,6 +209,7 @@ tests:
|
||||
name: socket
|
||||
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||||
name: config-d
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.volumes
|
||||
value:
|
||||
@@ -176,6 +220,7 @@ tests:
|
||||
- name: config-d
|
||||
secret:
|
||||
secretName: web-config-secret
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test custom resource limits and requests
|
||||
set:
|
||||
@@ -195,6 +240,7 @@ tests:
|
||||
resourceFieldRef:
|
||||
divisor: "1"
|
||||
resource: limits.cpu
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources
|
||||
value:
|
||||
@@ -204,6 +250,7 @@ tests:
|
||||
requests:
|
||||
cpu: 25m
|
||||
memory: 100MB
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test custom securityContext
|
||||
set:
|
||||
@@ -230,6 +277,7 @@ tests:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test dnsConfig
|
||||
set:
|
||||
@@ -244,6 +292,7 @@ tests:
|
||||
nameservers:
|
||||
- "8.8.8.8"
|
||||
- "8.8.4.4"
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test dnsPolicy
|
||||
set:
|
||||
@@ -252,6 +301,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.dnsPolicy
|
||||
value: ClusterFirst
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test hostNetwork, hostname, subdomain
|
||||
set:
|
||||
@@ -262,12 +312,15 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.hostNetwork
|
||||
value: true
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.hostname
|
||||
value: pg-exporter
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.subdomain
|
||||
value: exporters.internal
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test imagePullSecrets
|
||||
set:
|
||||
@@ -280,6 +333,7 @@ tests:
|
||||
value:
|
||||
- name: my-pull-secret
|
||||
- name: my-special-secret
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test nodeSelector
|
||||
set:
|
||||
@@ -290,6 +344,7 @@ tests:
|
||||
path: spec.template.spec.nodeSelector
|
||||
value:
|
||||
foo: bar
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test priorityClassName
|
||||
set:
|
||||
@@ -298,6 +353,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.priorityClassName
|
||||
value: my-priority
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test restartPolicy
|
||||
set:
|
||||
@@ -306,6 +362,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.restartPolicy
|
||||
value: Always
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test terminationGracePeriodSeconds
|
||||
set:
|
||||
@@ -314,6 +371,7 @@ tests:
|
||||
- equal:
|
||||
path: spec.template.spec.terminationGracePeriodSeconds
|
||||
value: 120
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test tolerations
|
||||
set:
|
||||
@@ -330,6 +388,7 @@ tests:
|
||||
operator: Equal
|
||||
value: fail2ban
|
||||
effect: NoSchedule
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test topologySpreadConstraints
|
||||
set:
|
||||
@@ -348,6 +407,7 @@ tests:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: prometheus-fail2ban-exporter
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
|
||||
- it: Test additional volumeMounts and volumes
|
||||
set:
|
||||
@@ -366,6 +426,7 @@ tests:
|
||||
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
|
||||
- name: config-d
|
||||
mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
- equal:
|
||||
path: spec.template.spec.volumes
|
||||
value:
|
||||
@@ -374,4 +435,5 @@ tests:
|
||||
path: /usr/lib/prometheus-fail2ban-exporter/data
|
||||
- name: config-d
|
||||
secret:
|
||||
secretName: prometheus-fail2ban-exporter-unittest-web-config
|
||||
secretName: prometheus-fail2ban-exporter-unittest-web-config
|
||||
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||||
Reference in New Issue
Block a user