.gitea/workflows/generate-readme.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:23.8.0-alpine
+      image: docker.io/library/node:22.13.0-alpine
     runs-on:
     - ubuntu-latest
     steps:

.gitea/workflows/helm.yaml

@@ -13,7 +13,7 @@ on:
 jobs:
   helm-lint:
     container:
-      image: docker.io/volkerraschek/helm:3.17.1
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on:
     - ubuntu-latest
     steps:
@@ -28,7 +28,7 @@ jobs:
 
   helm-unittest:
     container:
-      image: docker.io/volkerraschek/helm:3.17.1
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on:
     - ubuntu-latest
     steps:

.gitea/workflows/markdown-linters.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:23.8.0-alpine
+      image: docker.io/library/node:22.13.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
@@ -31,7 +31,7 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:23.8.0-alpine
+      image: docker.io/library/node:22.13.0-alpine
     runs-on:
     - ubuntu-latest
     steps:

.gitea/workflows/release.yaml

@@ -8,7 +8,7 @@ on:
 jobs:
   publish-chart:
     container:
-      image: docker.io/volkerraschek/helm:3.17.1
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on: ubuntu-latest
     steps:
       - name: Install tooling

README.md

@@ -43,7 +43,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-CHART_VERSION=0.2.0
+CHART_VERSION=0.1.0
 helm show values prometheus-exporters/prometheus-fail2ban-exporter --version "${CHART_VERSION}" > values.yaml
 ```
 
@@ -68,7 +68,7 @@ cannot use the available CPU time to perform computing operations.
 
 The application must be informed that despite several CPUs only a part (limit) of the available computing time is
 available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
-of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
+of defining `GOMAXPROCS` automatically based on the defined CPU limit like `100m`. Please keep in mind, that the CFS
 rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
 
 Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
@@ -76,8 +76,6 @@ Further information about this topic can be found [here](https://kanishk.io/post
 > [!NOTE]
 > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
 > not anymore required.
->
-> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
 
 ```bash
 helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
@@ -85,11 +83,10 @@ helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2b
   --set 'prometheus.metrics.serviceMonitor.enabled=true' \
   --set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \
   --set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
-  --set 'daemonSet.fail2banExporter.resources.limits.cpu=1000m'
+  --set 'daemonSet.fail2banExporter.resources.limits.cpu=100m'
 ```
 
-<!--
+<!-- #### TLS authentication and encryption
-#### TLS authentication and encryption
 
 The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
 certification will be skipped by Prometheus.
@@ -132,8 +129,7 @@ replaced:
 +   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.caFile=/etc/Prometheus/TLS/ca.crt' \
 +   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.certFile=/etc/Prometheus/TLS/TLS.crt' \
 +   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.keyFile=/etc/Prometheus/TLS/TLS.key'
-```
+``` -->
--->
 
 #### Grafana dashboard
 
@@ -148,61 +144,6 @@ helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2b
   --set 'grafana.enabled=true'
 ```
 
-### Network policies
-
-Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
-network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
-
-The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example
-predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example:
-
-> [!NOTE]
-> The structure of each custom network policy must be equal like that of default. For this reason don't forget to define
-> `annotations`, `labels` and the other properties as well.
-
-```yaml
-networkPolicies:
-  enabled: false
-  default: {}
-  my-custom-network-policy: {}
-```
-
-The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow
-incoming traffic from Prometheus.
-
-> [!IMPORTANT]
-> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
-> this reason, there is are not default network policy rules defined.
-
-```yaml
-networkPolicies:
-  enabled: true
-  default:
-    enabled: true
-    annotations: {}
-    labels: {}
-    policyTypes:
-    - Egress
-    - Ingress
-    egress: []
-      ports:
-      - port: 53
-        protocol: TCP
-      - port: 53
-        protocol: UDP
-    ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: monitoring
-        podSelector:
-          matchLabels:
-            app.kubernetes.io/name: prometheus
-      ports:
-      - port: http
-        protocol: TCP
-```
-
 ## Parameters
 
 ### Global

package.json

@@ -16,6 +16,6 @@
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
     "markdown-link-check": "^3.13.6",
-    "markdownlint-cli": "^0.44.0"
+    "markdownlint-cli": "^0.43.0"
   }
 }

renovate.json

@@ -1,8 +1,6 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [
+  "assignees": [ "volker.raschek" ],
-    "volker.raschek"
-  ],
   "customManagers": [
     {
       "fileMatch": [
@@ -27,45 +25,21 @@
       "versioningTemplate": "semver"
     }
   ],
-  "labels": [
+  "labels": [ "renovate" ],
-    "renovate"
-  ],
-  "lockFileMaintenance": {
-    "addLabels": [
-      "renovate/automerge",
-      "renovate/lockFileMaintenance"
-    ],
-    "automerge": true,
-    "enabled": true
-  },
-  "npm": {
-    "enabled": true
-  },
   "packageRules": [
     {
-      "addLabels": [
+      "addLabels": [ "renovate/automerge", "renovate/npm" ],
-        "renovate/automerge",
-        "renovate/npm"
-      ],
       "automerge": true,
       "matchPackageNames": [
-        "@bitnami/readme-generator-for-helm",
         "markdownlint-cli",
-        "markdown-link-check"
+        "markdown-link-check",
+        "@bitnami/readme-generator-for-helm"
       ],
-      "matchManagers": [
+      "matchManagers": [ "npm" ],
-        "npm"
+      "matchUpdateTypes": [ "minor", "patch"]
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ]
     },
     {
-      "addLabels": [
+      "addLabels": [ "renovate/automerge", "renovate/container" ],
-        "renovate/automerge",
-        "renovate/container"
-      ],
       "automerge": true,
       "excludePackagePatterns": [
         "volker.raschek/prometheus-fail2ban-exporter"
@@ -77,21 +51,6 @@
         "minor",
         "patch"
       ]
-    },
-    {
-      "addLabels": [
-        "renovate/automerge",
-        "renovate/documentation"
-      ],
-      "automerge": true,
-      "matchDepNames": [
-        "volker.raschek/prometheus-fail2ban-exporter-charts"
-      ],
-      "matchUpdateTypes": [
-        "major",
-        "minor",
-        "patch"
-      ]
     }
   ],
   "rebaseLabel": "renovate/rebase",

templates/prometheus-fail2ban-exporter/_networkPolicies.tpl

@@ -1,19 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/* annotations */}}
-
-{{- define "prometheus-fail2ban-exporter.networkPolicies.annotations" -}}
-{{ include "prometheus-fail2ban-exporter.annotations" .context }}
-{{- if .networkPolicy.annotations }}
-{{ toYaml .networkPolicy.annotations }}
-{{- end }}
-{{- end }}
-
-{{/* labels */}}
-
-{{- define "prometheus-fail2ban-exporter.networkPolicies.labels" -}}
-{{ include "prometheus-fail2ban-exporter.labels" .context }}
-{{- if .networkPolicy.labels }}
-{{ toYaml .networkPolicy.labels }}
-{{- end }}
-{{- end }}

templates/prometheus-fail2ban-exporter/networkPolicies.yaml

@@ -1,36 +0,0 @@
-{{- if .Values.networkPolicies.enabled }}
-{{- range $key, $value := .Values.networkPolicies -}}
-{{- if and (not (eq $key "enabled")) $value.enabled }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  {{- with (include "prometheus-fail2ban-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with (include "prometheus-fail2ban-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
-  labels:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  name: {{ printf "%s-%s" (include "prometheus-fail2ban-exporter.fullname" $ ) $key }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" $ | nindent 6 }}
-  {{- with $value.policyTypes }}
-  policyTypes:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  {{- with $value.egress }}
-  egress:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  {{- with $value.ingress }}
-  ingress:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}

unittests/networkPolicies/default.yaml

@@ -1,118 +0,0 @@
-chart:
-  appVersion: 0.1.0
-  version: 0.1.0
-suite: NetworkPolicies template (basic)
-release:
-  name: prometheus-fail2ban-exporter-unittest
-  namespace: testing
-templates:
-- templates/prometheus-fail2ban-exporter/networkPolicies.yaml
-tests:
-- it: Skip networkPolicies in general disabled.
-  set:
-    networkPolicies.enabled: false
-  asserts:
-  - hasDocuments:
-      count: 0
-
-- it: Skip networkPolicy 'default' when disabled.
-  set:
-    networkPolicies.enabled: true
-    networkPolicies.default.enabled: false
-  asserts:
-  - hasDocuments:
-      count: 0
-
-- it: Loop over networkPolicies
-  set:
-    networkPolicies.enabled: true
-    networkPolicies.default.enabled: false
-    networkPolicies.nginx.enabled: true
-    networkPolicies.prometheus.enabled: true
-  asserts:
-  - hasDocuments:
-      count: 2
-
-- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
-  set:
-    networkPolicies.enabled: true
-    networkPolicies.default.enabled: true
-  asserts:
-  - hasDocuments:
-      count: 1
-  - containsDocument:
-      apiVersion: networking.k8s.io/v1
-      kind: NetworkPolicy
-      name: prometheus-fail2ban-exporter-unittest-default
-      namespace: testing
-  - notExists:
-      path: metadata.annotations
-  - equal:
-      path: metadata.labels
-      value:
-        app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: prometheus-fail2ban-exporter
-        app.kubernetes.io/version: 0.1.0
-        helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
-  - equal:
-      path: spec.podSelector.matchLabels
-      value:
-        app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
-        app.kubernetes.io/name: prometheus-fail2ban-exporter
-  - notExists:
-      path: spec.policyTypes
-  - notExists:
-      path: spec.egress
-  - notExists:
-      path: spec.ingress
-
-- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
-  set:
-    networkPolicies.enabled: true
-    networkPolicies.default.enabled: true
-    networkPolicies.default.policyTypes:
-    - Egress
-    - Ingress
-    networkPolicies.default.ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: khv-production
-        podSelector:
-          matchLabels:
-            app.kubernetes.io/name: prometheus
-    networkPolicies.default.egress:
-    - to:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: database
-        podSelector:
-          matchLabels:
-            app.kubernetes.io/name: oracle
-  asserts:
-  - equal:
-      path: spec.policyTypes
-      value:
-      - Egress
-      - Ingress
-  - equal:
-      path: spec.egress
-      value:
-      - to:
-        - namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: database
-          podSelector:
-            matchLabels:
-              app.kubernetes.io/name: oracle
-  - equal:
-      path: spec.ingress
-      value:
-      - from:
-        - namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: khv-production
-          podSelector:
-            matchLabels:
-              app.kubernetes.io/name: prometheus

values.yaml

@@ -270,53 +270,9 @@ podDisruptionBudget: {}
 #  maxUnavailable: 1
 #  minAvailable: 1
 
-## @section NetworkPolicies
+## @section Network
-## @param networkPolicies.enabled Enable network policies in general.
+## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
-networkPolicies:
+networkPolicies: {}
-  enabled: false
-
-  ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
-  ## @param networkPolicies.default.annotations Additional network policy annotations.
-  ## @param networkPolicies.default.labels Additional network policy labels.
-  ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
-  ## @param networkPolicies.default.egress Concrete egress network policy implementation.
-  ## @skip networkPolicies.default.egress Skip individual egress configuration.
-  ## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
-  ## @skip networkPolicies.default.ingress Skip individual ingress configuration.
-  default:
-    enabled: false
-    annotations: {}
-    labels: {}
-    policyTypes: []
-    # - Egress
-    # - Ingress
-    egress: []
-    ingress: []
-    # Allow incoming HTTP traffic from prometheus.
-    #
-    # - from:
-    #   - namespaceSelector:
-    #       matchLabels:
-    #         kubernetes.io/metadata.name: monitoring
-    #     podSelector:
-    #       matchLabels:
-    #         app.kubernetes.io/name: prometheus
-    #   ports:
-    #   - port: http
-    #     protocol: TCP
-
-    # Allow incoming HTTP traffic from ingress-nginx.
-    #
-    # - from:
-    #   - namespaceSelector:
-    #       matchLabels:
-    #         kubernetes.io/metadata.name: ingress-nginx
-    #     podSelector:
-    #       matchLabels:
-    #         app.kubernetes.io/name: ingress-nginx
-    #   ports:
-    #   - port: http
-    #     protocol: TCP
 
 ## @section Prometheus
 prometheus: