You've already forked prometheus-fail2ban-exporter-charts
							
							Compare commits
	
		
			143 Commits
		
	
	
		
			16b5640fef
			...
			renovate/m
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 86cf52bf31 | |||
| 6ab50d653b | |||
| 2e1da27690 | |||
| c0a5c36010 | |||
| 731d6a2a63 | |||
| 87f1281751 | |||
| 838139cd79 | |||
| 542ee02b21 | |||
| 5cdb57fb2e | |||
| f2a2978f51 | |||
| a0b612c5f1 | |||
| b4733d1332 | |||
| bf8aae45c7 | |||
| a0af25baaf | |||
| ac6702aec6 | |||
| 3d83e3a395 | |||
| 78c7a1bf9a | |||
| d2193b7f9e | |||
| f3a73f6fec | |||
| 7a565c491c | |||
| bbe0123d17 | |||
| e49fd13e9d | |||
| 156d1a2c41 | |||
| d4f9014d38 | |||
| 4b2f55d673 | |||
| a8c20dcef1 | |||
| 42b6fbb166 | |||
| e042629612 | |||
| 3e4d55f423 | |||
| 25cb3e0923 | |||
| ad260746c3 | |||
| 7d8ea5851d | |||
| 7530410537 | |||
| 90c3270eb8 | |||
| 417797e893 | |||
| 3e5751abad | |||
| f83ea9e153 | |||
| 2b537fd08a | |||
| ad61e17558 | |||
| d8882ddd1b | |||
| e5cc409025 | |||
| e75cd5ccef | |||
| cbc9fb4577 | |||
| c85df1fb4a | |||
| 7c7f0818d8 | |||
| b231966756 | |||
| 317df7187f | |||
| 1dcfc3fbe7 | |||
| a9324855df | |||
| 90e3520510 | |||
| 62b0fe206e | |||
| 23e52531bc | |||
| 879264a4e9 | |||
| cd91338a02 | |||
| ccf1f1c3bb | |||
| f29b326c07 | |||
| 9fb2f2fa1b | |||
| 4e948193c9 | |||
| 80673d104b | |||
| 4731577534 | |||
| e1ad6999c2 | |||
| 82f57cc993 | |||
| ae9b59f0c0 | |||
| 9e519d1659 | |||
| 1938a56284 | |||
| eefe3634ee | |||
| ea7b775501 | |||
| ccc60e335c | |||
| 02a9de23c0 | |||
| 0c0c0e5ea7 | |||
| 863c3a30c1 | |||
| c9a45d8040 | |||
| 24d29f2b09 | |||
| a4180e0953 | |||
| c5783bd053 | |||
| 7cfe55a106 | |||
| a0bb4f2277 | |||
| 022a4d2155 | |||
| 130ee5d49e | |||
| be667bad1d | |||
| 01614570f7 | |||
| 6de5e9aa48 | |||
| 2740175246 | |||
| 7caedbe80d | |||
| eac8c552bb | |||
| c4b209a1a4 | |||
| 9cd56ac7f6 | |||
| 6425930268 | |||
| 69c4b3dd4d | |||
| d56f5e65c7 | |||
| 4229055965 | |||
| 34edb19f8e | |||
| 61020ff224 | |||
| bfdec6719a | |||
| 3c150df5eb | |||
| fc1c83a377 | |||
| f6380cab84 | |||
| 563acfdade | |||
| 553d8e11b5 | |||
| d8efe91340 | |||
| 5833d4de38 | |||
| 38b4f95a1f | |||
| 51ee91fed1 | |||
| c0416cdf48 | |||
| 00231f462b | |||
| 9e962fbffd | |||
| 63125f1849 | |||
| 65d2452df4 | |||
| 2885f08ed6 | |||
| 5ca76168e6 | |||
| 0591f3c6ee | |||
| ec1e7f7b7a | |||
| ea0183bb1b | |||
| 36492ede79 | |||
| 660cbdb3a8 | |||
| 9298cbdd2c | |||
| 6aa80bc0cf | |||
| a702f8678f | |||
| e7ccd21400 | |||
| e97e6695d7 | |||
| 1f45cd0eda | |||
| ec402f5490 | |||
| 7db144b527 | |||
| e9dcea3568 | |||
| 9053f2b406 | |||
| 356bc276a7 | |||
| 5b3fb80716 | |||
| 4a2b968daf | |||
| fb69f54dd8 | |||
| 58cf0244a0 | |||
| 85fca15ad6 | |||
| 27bc608b4e | |||
| 6e9548ba92 | |||
| da0daf74aa | |||
| 7f921ff1eb | |||
| f8cf436855 | |||
| a17476a942 | |||
| f99a401095 | |||
| 76d6979ad3 | |||
| 59a5f5ba0b | |||
| 203eea0181 | |||
| d36990bcf1 | |||
| 493e0b684e | 
							
								
								
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										114
									
								
								.gitea/scripts/add-annotations.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | #!/bin/bash | ||||||
|  |  | ||||||
|  | set -e | ||||||
|  |  | ||||||
|  | CHART_FILE="Chart.yaml" | ||||||
|  | if [ ! -f "${CHART_FILE}" ]; then | ||||||
|  |   echo "ERROR: ${CHART_FILE} not found!" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  | DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |  | ||||||
|  | if [ -z "${1}" ]; then | ||||||
|  |   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |   if [ -z "${OLD_TAG}" ]; then | ||||||
|  |     OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${OLD_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG | ||||||
|  |     if [ -z "${OLD_TAG}" ]; then | ||||||
|  |       OLD_TAG="${DEFAULT_OLD_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   OLD_TAG=${1} | ||||||
|  |   if [ -z "$(git tag --list "${OLD_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [ -z "${2}" ]; then | ||||||
|  |   read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |   if [ -z "${NEW_TAG}" ]; then | ||||||
|  |     NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |   fi | ||||||
|  |  | ||||||
|  |   while [ -z "$(git tag --list "${NEW_TAG}")" ]; do | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG | ||||||
|  |     if [ -z "${NEW_TAG}" ]; then | ||||||
|  |       NEW_TAG="${DEFAULT_NEW_TAG}" | ||||||
|  |     fi | ||||||
|  |   done | ||||||
|  | else | ||||||
|  |   NEW_TAG=${2} | ||||||
|  |  | ||||||
|  |   if [ -z "$(git tag --list "${NEW_TAG}")" ]; then | ||||||
|  |     echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | CHANGE_LOG_YAML=$(mktemp) | ||||||
|  | echo "[]" > "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  | function map_type_to_kind() { | ||||||
|  |   case "${1}" in | ||||||
|  |     feat) | ||||||
|  |       echo "added" | ||||||
|  |     ;; | ||||||
|  |     fix) | ||||||
|  |       echo "fixed" | ||||||
|  |     ;; | ||||||
|  |     chore|style|test|ci|docs|refac) | ||||||
|  |       echo "changed" | ||||||
|  |     ;; | ||||||
|  |     revert) | ||||||
|  |       echo "removed" | ||||||
|  |     ;; | ||||||
|  |     sec) | ||||||
|  |       echo "security" | ||||||
|  |     ;; | ||||||
|  |     *) | ||||||
|  |       echo "skip" | ||||||
|  |     ;; | ||||||
|  |   esac | ||||||
|  | } | ||||||
|  |  | ||||||
|  | COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")" | ||||||
|  |  | ||||||
|  | echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}" | ||||||
|  |  | ||||||
|  | while IFS= read -r line; do | ||||||
|  |   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then | ||||||
|  |     TYPE="${BASH_REMATCH[1]}" | ||||||
|  |     KIND=$(map_type_to_kind "${TYPE}") | ||||||
|  |  | ||||||
|  |     if [ "${KIND}" == "skip" ]; then | ||||||
|  |       continue | ||||||
|  |     fi | ||||||
|  |  | ||||||
|  |     DESC="${BASH_REMATCH[3]}" | ||||||
|  |  | ||||||
|  |     echo "- ${KIND}: ${DESC}" | ||||||
|  |  | ||||||
|  |     jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new" | ||||||
|  |     mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}" | ||||||
|  |  | ||||||
|  |   fi | ||||||
|  | done <<< "${COMMIT_TITLES}" | ||||||
|  |  | ||||||
|  | if [ -s "${CHANGE_LOG_YAML}" ]; then | ||||||
|  |   yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}" | ||||||
|  |   yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}" | ||||||
|  | else | ||||||
|  |   echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2 | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | rm "${CHANGE_LOG_YAML}" | ||||||
| @@ -15,7 +15,7 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   generate-parameters: |   generate-parameters: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:22.13.1-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -23,7 +23,7 @@ jobs: | |||||||
|       run: | |       run: | | ||||||
|         apk update |         apk update | ||||||
|         apk add git npm |         apk add git npm | ||||||
|     - uses: actions/checkout@v4.2.2 |     - uses: actions/checkout@v5.0.0 | ||||||
|     - name: Generate parameter section in README |     - name: Generate parameter section in README | ||||||
|       run: | |       run: | | ||||||
|         npm install |         npm install | ||||||
|   | |||||||
| @@ -13,7 +13,7 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   helm-lint: |   helm-lint: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/volkerraschek/helm:3.16.4 |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -21,14 +21,14 @@ jobs: | |||||||
|       run: | |       run: | | ||||||
|         apk update |         apk update | ||||||
|         apk add git npm |         apk add git npm | ||||||
|     - uses: actions/checkout@v4.2.2 |     - uses: actions/checkout@v5.0.0 | ||||||
|     - name: Lint helm files |     - name: Lint helm files | ||||||
|       run: | |       run: | | ||||||
|         helm lint --values values.yaml . |         helm lint --values values.yaml . | ||||||
|  |  | ||||||
|   helm-unittest: |   helm-unittest: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/volkerraschek/helm:3.16.4 |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -36,7 +36,7 @@ jobs: | |||||||
|       run: | |       run: | | ||||||
|         apk update |         apk update | ||||||
|         apk add git npm |         apk add git npm | ||||||
|     - uses: actions/checkout@v4.2.2 |     - uses: actions/checkout@v5.0.0 | ||||||
|     - name: Unittest |     - name: Unittest | ||||||
|       run: | |       run: | | ||||||
|         helm unittest --strict --file 'unittests/**/*.yaml' ./ |         helm unittest --strict --file 'unittests/**/*.yaml' ./ | ||||||
| @@ -15,7 +15,7 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   markdown-link-checker: |   markdown-link-checker: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:22.13.1-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -23,7 +23,7 @@ jobs: | |||||||
|       run: | |       run: | | ||||||
|         apk update |         apk update | ||||||
|         apk add git npm |         apk add git npm | ||||||
|     - uses: actions/checkout@v4.2.2 |     - uses: actions/checkout@v5.0.0 | ||||||
|     - name: Verify links in markdown files |     - name: Verify links in markdown files | ||||||
|       run: | |       run: | | ||||||
|         npm install |         npm install | ||||||
| @@ -31,7 +31,7 @@ jobs: | |||||||
|  |  | ||||||
|   markdown-lint: |   markdown-lint: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/library/node:22.13.1-alpine |       image: docker.io/library/node:25.0.0-alpine | ||||||
|     runs-on: |     runs-on: | ||||||
|     - ubuntu-latest |     - ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
| @@ -39,7 +39,7 @@ jobs: | |||||||
|       run: | |       run: | | ||||||
|         apk update |         apk update | ||||||
|         apk add git |         apk add git | ||||||
|     - uses: actions/checkout@v4.2.2 |     - uses: actions/checkout@v5.0.0 | ||||||
|     - name: Lint markdown files |     - name: Lint markdown files | ||||||
|       run: | |       run: | | ||||||
|         npm install |         npm install | ||||||
|   | |||||||
| @@ -8,39 +8,54 @@ on: | |||||||
| jobs: | jobs: | ||||||
|   publish-chart: |   publish-chart: | ||||||
|     container: |     container: | ||||||
|       image: docker.io/volkerraschek/helm:3.16.4 |       image: docker.io/volkerraschek/helm:3.19.0 | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - name: Install tooling |       - name: Install packages via apk | ||||||
|         run: | |         run: | | ||||||
|           apk update |           apk update | ||||||
|           apk add git npm |           apk add git npm jq yq | ||||||
|       - uses: actions/checkout@v4 |  | ||||||
|       - name: Package chart |  | ||||||
|         env: |  | ||||||
|           HELM_REPO_NAME: upload |  | ||||||
|  |  | ||||||
|  |       - uses: actions/checkout@v5.0.0 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Add Artifacthub.io annotations | ||||||
|  |         run: | | ||||||
|  |           NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" | ||||||
|  |           OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" | ||||||
|  |           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" | ||||||
|  |  | ||||||
|  |       - name: Extract meta information | ||||||
|  |         run: | | ||||||
|  |           echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | ||||||
|  |           echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV | ||||||
|  |           echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV | ||||||
|  |  | ||||||
|  |       - name: Update Helm Chart version in README.md | ||||||
|  |         run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md | ||||||
|  |  | ||||||
|  |       - name: Package chart | ||||||
|  |         run: | | ||||||
|  |           helm dependency build | ||||||
|  |           helm package --version "${PACKAGE_VERSION}" ./ | ||||||
|  |  | ||||||
|  |       - name: Upload Chart to ChartMuseum | ||||||
|  |         env: | ||||||
|           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} |           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} | ||||||
|           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} |           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} | ||||||
|           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} |           CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} | ||||||
|           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} |           CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} | ||||||
|  |  | ||||||
|           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} |  | ||||||
|           GITEA_SERVER_URL: ${{ github.server_url }} |  | ||||||
|         run: | |         run: | | ||||||
|           PACKAGE_VERSION=${GITHUB_REF#refs/tags/} |  | ||||||
|           REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g') |  | ||||||
|           REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1) |  | ||||||
|  |  | ||||||
|           helm dependency build |  | ||||||
|           helm package --version "${PACKAGE_VERSION}" ./ |  | ||||||
|  |  | ||||||
|           # chart-museum |  | ||||||
|           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} |           helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} | ||||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum | ||||||
|           helm repo remove chartmuseum |           helm repo remove chartmuseum | ||||||
|  |  | ||||||
|           # gitea |       - name: Upload Chart to Gitea | ||||||
|  |         env: | ||||||
|  |           GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} | ||||||
|  |           GITEA_SERVER_URL: ${{ github.server_url }} | ||||||
|  |         run: | | ||||||
|           helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm |           helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm | ||||||
|           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea |           helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea | ||||||
|           helm repo remove gitea |           helm repo remove gitea | ||||||
							
								
								
									
										2
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.vscode/settings.json
									
									
									
									
										vendored
									
									
								
							| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "yaml.schemas": { |   "yaml.schemas": { | ||||||
|     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ |     "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ | ||||||
|       "/unittests/**/*.yaml" |       "/unittests/**/*.yaml" | ||||||
|     ] |     ] | ||||||
|   }, |   }, | ||||||
|   | |||||||
							
								
								
									
										18
									
								
								Chart.yaml
									
									
									
									
									
								
							
							
						
						
									
										18
									
								
								Chart.yaml
									
									
									
									
									
								
							| @@ -1,19 +1,21 @@ | |||||||
|  | annotations: | ||||||
|  |   artifacthub.io/links: | | ||||||
|  |     - name: Prometheus Fail2Ban exporter (binary) | ||||||
|  |       url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter | ||||||
|  |     - name: support | ||||||
|  |       url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts/issues | ||||||
| apiVersion: v2 | apiVersion: v2 | ||||||
| name: prometheus-fail2ban-exporter | appVersion: "0.1.1" | ||||||
| description: Prometheus metric exporter for Fail2Ban | description: Prometheus metric exporter for Fail2Ban | ||||||
| type: application |  | ||||||
| kubeVersion: ">=1.20.0" |  | ||||||
| version: "0.1.0" |  | ||||||
| appVersion: "0.1.0" |  | ||||||
|  |  | ||||||
| # icon: https://annotations.example.com/icon.png | # icon: https://annotations.example.com/icon.png | ||||||
|  |  | ||||||
| keywords: | keywords: | ||||||
|   - prometheus |   - prometheus | ||||||
|   - prometheus-exporter |   - prometheus-exporter | ||||||
|   - prometheus-fail2ban-exporter |   - prometheus-fail2ban-exporter | ||||||
|   - fail2ban-exporter |   - fail2ban-exporter | ||||||
|  | name: prometheus-fail2ban-exporter | ||||||
| sources: | sources: | ||||||
|   - https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts |   - https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts | ||||||
|   - https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter |   - https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter | ||||||
|  | type: application | ||||||
|  | version: "0.4.1" | ||||||
|   | |||||||
							
								
								
									
										21
									
								
								LICENSE
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								LICENSE
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | |||||||
|  | MIT License | ||||||
|  |  | ||||||
|  | Copyright (c) 2025 Markus Pesch | ||||||
|  |  | ||||||
|  | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
|  | of this software and associated documentation files (the "Software"), to deal | ||||||
|  | in the Software without restriction, including without limitation the rights | ||||||
|  | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||||
|  | copies of the Software, and to permit persons to whom the Software is | ||||||
|  | furnished to do so, subject to the following conditions: | ||||||
|  |  | ||||||
|  | The above copyright notice and this permission notice shall be included in all | ||||||
|  | copies or substantial portions of the Software. | ||||||
|  |  | ||||||
|  | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||||
|  | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||||
|  | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||||
|  | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||||
|  | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||||
|  | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||||||
|  | SOFTWARE. | ||||||
							
								
								
									
										4
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								Makefile
									
									
									
									
									
								
							| @@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman) | |||||||
| # HELM_IMAGE | # HELM_IMAGE | ||||||
| HELM_IMAGE_REGISTRY_HOST?=docker.io | HELM_IMAGE_REGISTRY_HOST?=docker.io | ||||||
| HELM_IMAGE_REPOSITORY?=volkerraschek/helm | HELM_IMAGE_REPOSITORY?=volkerraschek/helm | ||||||
| HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm | HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm | ||||||
| HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} | ||||||
|  |  | ||||||
| # NODE_IMAGE | # NODE_IMAGE | ||||||
| NODE_IMAGE_REGISTRY_HOST?=docker.io | NODE_IMAGE_REGISTRY_HOST?=docker.io | ||||||
| NODE_IMAGE_REPOSITORY?=library/node | NODE_IMAGE_REPOSITORY?=library/node | ||||||
| NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node | NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node | ||||||
| NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} | ||||||
|  |  | ||||||
| # MISSING DOT | # MISSING DOT | ||||||
|   | |||||||
							
								
								
									
										121
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										121
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,6 +1,5 @@ | |||||||
| # Prometheus Fail2Ban exporter | # Prometheus Fail2Ban exporter | ||||||
|  |  | ||||||
| [](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter) |  | ||||||
| [](https://artifacthub.io/packages/search?repo=prometheus-exporters) | [](https://artifacthub.io/packages/search?repo=prometheus-exporters) | ||||||
|  |  | ||||||
| This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual | This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual | ||||||
| @@ -15,12 +14,15 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d | |||||||
| and use it to deploy the exporter. It also contains further configuration examples. | and use it to deploy the exporter. It also contains further configuration examples. | ||||||
|  |  | ||||||
| Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this | ||||||
| helm chart is tested for deployment scenarios with **ArgoCD**. | helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the | ||||||
|  | *[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)* | ||||||
|  | concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a | ||||||
|  | separate [chapter](#argocd). | ||||||
|  |  | ||||||
| ## Helm: configuration and installation | ## Helm: configuration and installation | ||||||
|  |  | ||||||
| 1. A helm chart repository must be configured, to pull the helm charts from. | 1. A helm chart repository must be configured, to pull the helm charts from. | ||||||
| 2. All available parameters are [here](#parameters) in detail documented. The parameters can be defined via the helm | 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm | ||||||
|    `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter` |    `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter` | ||||||
|    repository and use the `--set` flag for a basic deployment. |    repository and use the `--set` flag for a basic deployment. | ||||||
|  |  | ||||||
| @@ -32,7 +34,8 @@ helm chart is tested for deployment scenarios with **ArgoCD**. | |||||||
| ```bash | ```bash | ||||||
| helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters | helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters | ||||||
| helm repo update | helm repo update | ||||||
| helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | CHART_VERSION=0.4.21 | ||||||
|  | helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | ||||||
|   --set 'prometheus.metrics.enabled=true' \ |   --set 'prometheus.metrics.enabled=true' \ | ||||||
|   --set 'prometheus.metrics.serviceMonitor.enabled=true' |   --set 'prometheus.metrics.serviceMonitor.enabled=true' | ||||||
| ``` | ``` | ||||||
| @@ -43,8 +46,8 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi | |||||||
| versions can break something! | versions can break something! | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| CHART_VERSION=0.1.0 | CHART_VERSION=0.4.21 | ||||||
| helm show values prometheus-exporters/prometheus-fail2ban-exporter --version "${CHART_VERSION}" > values.yaml | helm show values --version "${CHART_VERSION}" prometheus-exporters/prometheus-fail2ban-exporter > values.yaml | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| A complete list of available helm chart versions can be displayed via the following command: | A complete list of available helm chart versions can be displayed via the following command: | ||||||
| @@ -68,22 +71,26 @@ cannot use the available CPU time to perform computing operations. | |||||||
|  |  | ||||||
| The application must be informed that despite several CPUs only a part (limit) of the available computing time is | The application must be informed that despite several CPUs only a part (limit) of the available computing time is | ||||||
| available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way | ||||||
| of defining `GOMAXPROCS` automatically based on the defined CPU limit like `100m`. Please keep in mind, that the CFS | of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS | ||||||
| rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. | ||||||
|  |  | ||||||
| Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | Further information about this topic can be found in one of Kanishk's blog | ||||||
|  | [posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/). | ||||||
|  |  | ||||||
| > [!NOTE] | > [!NOTE] | ||||||
| > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is | ||||||
| > not anymore required. | > not anymore required. | ||||||
|  | > | ||||||
|  | > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | CHART_VERSION=0.4.21 | ||||||
|  | helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | ||||||
|   --set 'prometheus.metrics.enabled=true' \ |   --set 'prometheus.metrics.enabled=true' \ | ||||||
|   --set 'prometheus.metrics.serviceMonitor.enabled=true' \ |   --set 'prometheus.metrics.serviceMonitor.enabled=true' \ | ||||||
|   --set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \ |   --set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \ | ||||||
|   --set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ |   --set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ | ||||||
|   --set 'daemonSet.fail2banExporter.resources.limits.cpu=100m' |   --set 'daemonSet.fail2banExporter.resources.limits.cpu=1000m' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| <!-- | <!-- | ||||||
| @@ -142,10 +149,90 @@ the Grafana container file system so that it is subsequently available to the us | |||||||
| makes this possible. | makes this possible. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | CHART_VERSION=0.4.21 | ||||||
|  | helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \ | ||||||
|   --set 'grafana.enabled=true' |   --set 'grafana.enabled=true' | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ### Network policies | ||||||
|  |  | ||||||
|  | Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom | ||||||
|  | network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`. | ||||||
|  |  | ||||||
|  | The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example | ||||||
|  | predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example: | ||||||
|  |  | ||||||
|  | > [!NOTE] | ||||||
|  | > The structure of each custom network policy must be equal like that of default. For this reason don't forget to define | ||||||
|  | > `annotations`, `labels` and the other properties as well. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | networkPolicies: | ||||||
|  |   enabled: false | ||||||
|  |   default: {} | ||||||
|  |   my-custom-network-policy: {} | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow | ||||||
|  | incoming traffic from Prometheus. | ||||||
|  |  | ||||||
|  | > [!IMPORTANT] | ||||||
|  | > Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For | ||||||
|  | > this reason, there is are not default network policy rules defined. | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | networkPolicies: | ||||||
|  |   enabled: true | ||||||
|  |   default: | ||||||
|  |     enabled: true | ||||||
|  |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     policyTypes: | ||||||
|  |     - Egress | ||||||
|  |     - Ingress | ||||||
|  |     egress: [] | ||||||
|  |     ingress: | ||||||
|  |     - from: | ||||||
|  |       - namespaceSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             kubernetes.io/metadata.name: monitoring | ||||||
|  |         podSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/name: prometheus | ||||||
|  |       ports: | ||||||
|  |       - port: http | ||||||
|  |         protocol: TCP | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## ArgoCD | ||||||
|  |  | ||||||
|  | ### Daily execution of rolling updates | ||||||
|  |  | ||||||
|  | The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in | ||||||
|  | connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll | ||||||
|  | Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). | ||||||
|  |  | ||||||
|  | The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the | ||||||
|  | content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version, | ||||||
|  | Helm render order, different timestamps). | ||||||
|  |  | ||||||
|  | This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this | ||||||
|  | can lead to unnecessary notifications from ArgoCD. | ||||||
|  |  | ||||||
|  | To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all | ||||||
|  | annotations with the prefix `checksum`. | ||||||
|  |  | ||||||
|  | ```diff | ||||||
|  |   apiVersion: argoproj.io/v1alpha1 | ||||||
|  |   kind: Application | ||||||
|  |   spec: | ||||||
|  | +   ignoreDifferences: | ||||||
|  | +   - group: apps/v1 | ||||||
|  | +     kind: Deployment | ||||||
|  | +     jqPathExpressions: | ||||||
|  | +     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))' | ||||||
|  | ``` | ||||||
|  |  | ||||||
| ## Parameters | ## Parameters | ||||||
|  |  | ||||||
| ### Global | ### Global | ||||||
| @@ -229,11 +316,17 @@ helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2b | |||||||
| | --------------------- | ---------------------- | ----- | | | --------------------- | ---------------------- | ----- | | ||||||
| | `podDisruptionBudget` | Pod disruption budget. | `{}`  | | | `podDisruptionBudget` | Pod disruption budget. | `{}`  | | ||||||
|  |  | ||||||
| ### Network | ### NetworkPolicies | ||||||
|  |  | ||||||
| | Name                                  | Description                                                                                           | Value   | | | Name                                  | Description                                                                                           | Value   | | ||||||
| | ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- | | | ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | ||||||
| | `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}`  | | | `networkPolicies.enabled`             | Enable network policies in general.                                                                   | `false` | | ||||||
|  | | `networkPolicies.default.enabled`     | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` | | ||||||
|  | | `networkPolicies.default.annotations` | Additional network policy annotations.                                                                | `{}`    | | ||||||
|  | | `networkPolicies.default.labels`      | Additional network policy labels.                                                                     | `{}`    | | ||||||
|  | | `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress.                             | `[]`    | | ||||||
|  | | `networkPolicies.default.egress`      | Concrete egress network policy implementation.                                                        | `[]`    | | ||||||
|  | | `networkPolicies.default.ingress`     | Concrete ingress network policy implementation.                                                       | `[]`    | | ||||||
|  |  | ||||||
| ### Prometheus | ### Prometheus | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										1143
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										1143
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -16,6 +16,6 @@ | |||||||
|   "devDependencies": { |   "devDependencies": { | ||||||
|     "@bitnami/readme-generator-for-helm": "^2.5.0", |     "@bitnami/readme-generator-for-helm": "^2.5.0", | ||||||
|     "markdown-link-check": "^3.13.6", |     "markdown-link-check": "^3.13.6", | ||||||
|     "markdownlint-cli": "^0.43.0" |     "markdownlint-cli": "^0.45.0" | ||||||
|   } |   } | ||||||
| } | } | ||||||
|   | |||||||
| @@ -1,8 +1,15 @@ | |||||||
| { | { | ||||||
|   "$schema": "https://docs.renovatebot.com/renovate-schema.json", |   "$schema": "https://docs.renovatebot.com/renovate-schema.json", | ||||||
|   "assignees": [ "volker.raschek" ], |   "extends": [ | ||||||
|  |     "local>volker.raschek/renovate-config:default#master", | ||||||
|  |     "local>volker.raschek/renovate-config:container#master", | ||||||
|  |     "local>volker.raschek/renovate-config:actions#master", | ||||||
|  |     "local>volker.raschek/renovate-config:npm#master", | ||||||
|  |     "local>volker.raschek/renovate-config:regexp#master" | ||||||
|  |   ], | ||||||
|   "customManagers": [ |   "customManagers": [ | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": [ |       "fileMatch": [ | ||||||
|         "^Chart\\.yaml$" |         "^Chart\\.yaml$" | ||||||
|       ], |       ], | ||||||
| @@ -15,34 +22,61 @@ | |||||||
|       "versioningTemplate": "semver" |       "versioningTemplate": "semver" | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|  |       "customType": "regex", | ||||||
|       "fileMatch": ["^README\\.md$"], |       "fileMatch": ["^README\\.md$"], | ||||||
|       "matchStrings": [ |       "matchStrings": [ | ||||||
|         "VERSION=(?<currentValue>.*)" |         "CHART_VERSION=(?<currentValue>.*)" | ||||||
|       ], |       ], | ||||||
|       "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-charts", |       "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-charts", | ||||||
|       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts", |       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts", | ||||||
|       "datasourceTemplate": "git-tags", |       "datasourceTemplate": "git-tags", | ||||||
|       "versioningTemplate": "semver" |       "versioningTemplate": "semver" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "customType": "regex", | ||||||
|  |       "datasourceTemplate": "github-releases", | ||||||
|  |       "fileMatch": [ | ||||||
|  |         ".vscode/settings\\.json$" | ||||||
|  |       ], | ||||||
|  |       "matchStrings": [ | ||||||
|  |         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json" | ||||||
|  |       ] | ||||||
|     } |     } | ||||||
|   ], |   ], | ||||||
|   "labels": [ "renovate" ], |  | ||||||
|   "lockFileMaintenance": { |  | ||||||
|     "enabled": true |  | ||||||
|   }, |  | ||||||
|   "packageRules": [ |   "packageRules": [ | ||||||
|     { |     { | ||||||
|       "addLabels": [ "renovate/automerge", "renovate/npm" ], |       "groupName": "Update docker.io/volkerraschek/helm", | ||||||
|       "automerge": true, |       "matchDepNames": [ | ||||||
|       "matchPackageNames": [ |         "docker.io/volkerraschek/helm", | ||||||
|         "markdownlint-cli", |         "volkerraschek/helm" | ||||||
|         "markdown-link-check", |       ] | ||||||
|         "@bitnami/readme-generator-for-helm" |  | ||||||
|       ], |  | ||||||
|       "matchManagers": [ "npm" ], |  | ||||||
|       "matchUpdateTypes": [ "minor", "patch"] |  | ||||||
|     }, |     }, | ||||||
|     { |     { | ||||||
|       "addLabels": [ "renovate/automerge", "renovate/container" ], |       "automerge": true, | ||||||
|  |       "groupName": "Update helm plugin 'unittest'", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "helm-unittest/helm-unittest" | ||||||
|  |       ], | ||||||
|  |       "matchDatasources": [ | ||||||
|  |         "github-releases" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "groupName": "Update docker.io/library/node", | ||||||
|  |       "matchDepNames": [ | ||||||
|  |         "docker.io/library/node", | ||||||
|  |         "library/node" | ||||||
|  |       ] | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "addLabels": [ | ||||||
|  |         "renovate/automerge", | ||||||
|  |         "renovate/container" | ||||||
|  |       ], | ||||||
|       "automerge": true, |       "automerge": true, | ||||||
|       "excludePackagePatterns": [ |       "excludePackagePatterns": [ | ||||||
|         "volker.raschek/prometheus-fail2ban-exporter" |         "volker.raschek/prometheus-fail2ban-exporter" | ||||||
| @@ -54,8 +88,21 @@ | |||||||
|         "minor", |         "minor", | ||||||
|         "patch" |         "patch" | ||||||
|       ] |       ] | ||||||
|     } |     }, | ||||||
|  |     { | ||||||
|  |       "addLabels": [ | ||||||
|  |         "renovate/automerge", | ||||||
|  |         "renovate/documentation" | ||||||
|       ], |       ], | ||||||
|   "rebaseLabel": "renovate/rebase", |       "automerge": true, | ||||||
|   "rebaseWhen": "behind-base-branch" |       "matchDepNames": [ | ||||||
|  |         "volker.raschek/prometheus-fail2ban-exporter-charts" | ||||||
|  |       ], | ||||||
|  |       "matchUpdateTypes": [ | ||||||
|  |         "major", | ||||||
|  |         "minor", | ||||||
|  |         "patch" | ||||||
|  |       ] | ||||||
|  |     } | ||||||
|  |   ] | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										19
									
								
								templates/_networkPolicies.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								templates/_networkPolicies.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | |||||||
|  | {{/* vim: set filetype=mustache: */}} | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "prometheus-fail2ban-exporter.networkPolicies.annotations" -}} | ||||||
|  | {{ include "prometheus-fail2ban-exporter.annotations" .context }} | ||||||
|  | {{- if .networkPolicy.annotations }} | ||||||
|  | {{ toYaml .networkPolicy.annotations }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "prometheus-fail2ban-exporter.networkPolicies.labels" -}} | ||||||
|  | {{ include "prometheus-fail2ban-exporter.labels" .context }} | ||||||
|  | {{- if .networkPolicy.labels }} | ||||||
|  | {{ toYaml .networkPolicy.labels }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
							
								
								
									
										32
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								templates/_pod.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | {{/* annotations */}} | ||||||
|  |  | ||||||
|  | {{- define "prometheus-fail2ban-exporter.pod.annotations" -}} | ||||||
|  | {{ include "prometheus-fail2ban-exporter.annotations" . }} | ||||||
|  |  | ||||||
|  | # The following annotations are required to trigger a rolling update. Further information can be found in the official | ||||||
|  | # documentation of helm: | ||||||
|  | # | ||||||
|  | #   https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments | ||||||
|  | # | ||||||
|  |  | ||||||
|  | {{/* web config */}} | ||||||
|  | {{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }} | ||||||
|  | {{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }} | ||||||
|  | checksum/secret-web-config: {{ print $secret.spec | sha256sum }} | ||||||
|  | {{- else }} | ||||||
|  | checksum/secret-web-config: {{ include (print $.Template.BasePath "/secretWebConfig.yaml") . | sha256sum }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{/* labels */}} | ||||||
|  |  | ||||||
|  | {{- define "prometheus-fail2ban-exporter.pod.labels" -}} | ||||||
|  | {{ include "prometheus-fail2ban-exporter.labels" . }} | ||||||
|  | {{- end }} | ||||||
|  |  | ||||||
|  | {{- define "prometheus-fail2ban-exporter.pod.selectorLabels" -}} | ||||||
|  | {{ include "prometheus-fail2ban-exporter.selectorLabels" . }} | ||||||
|  | {{- end }} | ||||||
| @@ -5,7 +5,7 @@ kind: ConfigMap | |||||||
| metadata: | metadata: | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" . | fromYaml) }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- tpl (. | toYaml) $ | nindent 4 }} |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" . | fromYaml) }} | ||||||
|   labels: |   labels: | ||||||
| @@ -3,7 +3,7 @@ kind: DaemonSet | |||||||
| metadata: | metadata: | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.daemonSet.annotations" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.daemonSet.annotations" . | fromYaml) }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- tpl (. | toYaml) $ | nindent 4 }} |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.daemonSet.labels" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.daemonSet.labels" . | fromYaml) }} | ||||||
|   labels: |   labels: | ||||||
| @@ -17,6 +17,8 @@ spec: | |||||||
|       {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }} |       {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }} | ||||||
|   template: |   template: | ||||||
|     metadata: |     metadata: | ||||||
|  |       annotations: | ||||||
|  |         {{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }} | ||||||
|       labels: |       labels: | ||||||
|         {{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }} |         {{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }} | ||||||
|     spec: |     spec: | ||||||
| @@ -5,7 +5,7 @@ kind: Ingress | |||||||
| metadata: | metadata: | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.ingress.annotations" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.ingress.annotations" . | fromYaml) }} | ||||||
|   annotations: |   annotations: | ||||||
|     {{- tpl (. | toYaml) $ | nindent 4 }} |     {{- tpl (toYaml .) $ | nindent 4 }} | ||||||
|   {{- end }} |   {{- end }} | ||||||
|   {{- with (include "prometheus-fail2ban-exporter.ingress.labels" . | fromYaml) }} |   {{- with (include "prometheus-fail2ban-exporter.ingress.labels" . | fromYaml) }} | ||||||
|   labels: |   labels: | ||||||
							
								
								
									
										36
									
								
								templates/networkPolicies.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								templates/networkPolicies.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,36 @@ | |||||||
|  | {{- if .Values.networkPolicies.enabled }} | ||||||
|  | {{- range $key, $value := .Values.networkPolicies -}} | ||||||
|  | {{- if and (not (eq $key "enabled")) $value.enabled }} | ||||||
|  | --- | ||||||
|  | apiVersion: networking.k8s.io/v1 | ||||||
|  | kind: NetworkPolicy | ||||||
|  | metadata: | ||||||
|  |   {{- with (include "prometheus-fail2ban-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }} | ||||||
|  |   annotations: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with (include "prometheus-fail2ban-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }} | ||||||
|  |   labels: | ||||||
|  |     {{- toYaml . | nindent 4 }} | ||||||
|  |   {{- end }} | ||||||
|  |   name: {{ printf "%s-%s" (include "prometheus-fail2ban-exporter.fullname" $ ) $key }} | ||||||
|  |   namespace: {{ $.Release.Namespace }} | ||||||
|  | spec: | ||||||
|  |   podSelector: | ||||||
|  |     matchLabels: | ||||||
|  |       {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" $ | nindent 6 }} | ||||||
|  |   {{- with $value.policyTypes }} | ||||||
|  |   policyTypes: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with $value.egress }} | ||||||
|  |   egress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  |   {{- with $value.ingress }} | ||||||
|  |   ingress: | ||||||
|  |   {{- toYaml . | nindent 2 }} | ||||||
|  |   {{- end }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
|  | {{- end }} | ||||||
| @@ -1,17 +0,0 @@ | |||||||
| --- |  | ||||||
|  |  | ||||||
| {{/* annotations */}} |  | ||||||
|  |  | ||||||
| {{- define "prometheus-fail2ban-exporter.pod.annotations" -}} |  | ||||||
| {{ include "prometheus-fail2ban-exporter.annotations" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{/* labels */}} |  | ||||||
|  |  | ||||||
| {{- define "prometheus-fail2ban-exporter.pod.labels" -}} |  | ||||||
| {{ include "prometheus-fail2ban-exporter.labels" . }} |  | ||||||
| {{- end }} |  | ||||||
|  |  | ||||||
| {{- define "prometheus-fail2ban-exporter.pod.selectorLabels" -}} |  | ||||||
| {{ include "prometheus-fail2ban-exporter.selectorLabels" . }} |  | ||||||
| {{- end }} |  | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/configMapGrafanaDashboardFail2BanExporter.yaml | - templates/configMapGrafanaDashboardFail2BanExporter.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering fail2banExporter | - it: Rendering fail2banExporter | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,19 +6,23 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/daemonSet.yaml | - templates/daemonSet.yaml | ||||||
|  | - templates/secretWebConfig.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default | - it: Rendering default | ||||||
|   asserts: |   asserts: | ||||||
|   - hasDocuments: |   - hasDocuments: | ||||||
|       count: 1 |       count: 1 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - containsDocument: |   - containsDocument: | ||||||
|       apiVersion: apps/v1 |       apiVersion: apps/v1 | ||||||
|       kind: DaemonSet |       kind: DaemonSet | ||||||
|       name: prometheus-fail2ban-exporter-unittest |       name: prometheus-fail2ban-exporter-unittest | ||||||
|       namespace: testing |       namespace: testing | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: metadata.annotations |       path: metadata.annotations | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: metadata.labels |       path: metadata.labels | ||||||
|       value: |       value: | ||||||
| @@ -27,15 +31,31 @@ tests: | |||||||
|         app.kubernetes.io/name: prometheus-fail2ban-exporter |         app.kubernetes.io/name: prometheus-fail2ban-exporter | ||||||
|         app.kubernetes.io/version: 0.1.0 |         app.kubernetes.io/version: 0.1.0 | ||||||
|         helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 |         helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |   - exists: | ||||||
|  |       path: spec.template.metadata.annotations.checksum/secret-web-config | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |   - equal: | ||||||
|  |       path: spec.template.metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: prometheus-fail2ban-exporter | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.affinity |       path: spec.template.spec.affinity | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].envFrom |       path: spec.template.spec.containers[0].envFrom | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].args |       path: spec.template.spec.containers[0].args | ||||||
|       value: |       value: | ||||||
|       # - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml |       # - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml | ||||||
|       - --web.listen-address=:9191 |       - --web.listen-address=:9191 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].volumeMounts |       path: spec.template.spec.containers[0].volumeMounts | ||||||
|       value: |       value: | ||||||
| @@ -43,6 +63,7 @@ tests: | |||||||
|         name: socket |         name: socket | ||||||
|       - mountPath: /etc/prometheus-fail2ban-exporter/config.d |       - mountPath: /etc/prometheus-fail2ban-exporter/config.d | ||||||
|         name: config-d |         name: config-d | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.volumes |       path: spec.template.spec.volumes | ||||||
|       value: |       value: | ||||||
| @@ -53,42 +74,59 @@ tests: | |||||||
|       - name: config-d |       - name: config-d | ||||||
|         secret: |         secret: | ||||||
|           secretName: prometheus-fail2ban-exporter-unittest-web-config |           secretName: prometheus-fail2ban-exporter-unittest-web-config | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0 |       value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: IfNotPresent |       value: IfNotPresent | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.containers[0].securityContext |       path: spec.template.spec.containers[0].securityContext | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsConfig |       path: spec.template.spec.dnsConfig | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: false |       value: false | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.imagePullSecrets |       path: spec.template.spec.imagePullSecrets | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 60 |       value: 60 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.tolerations |       path: spec.template.spec.tolerations | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - notExists: |   - notExists: | ||||||
|       path: spec.template.spec.topologySpreadConstraints |       path: spec.template.spec.topologySpreadConstraints | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.updateStrategy |       path: spec.updateStrategy | ||||||
|       value: |       value: | ||||||
| @@ -96,6 +134,7 @@ tests: | |||||||
|           maxSurge: 1 |           maxSurge: 1 | ||||||
|           maxUnavailable: 0 |           maxUnavailable: 0 | ||||||
|         type: "RollingUpdate" |         type: "RollingUpdate" | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test custom affinity | - it: Test custom affinity | ||||||
|   set: |   set: | ||||||
| @@ -122,6 +161,7 @@ tests: | |||||||
|                 values: |                 values: | ||||||
|                 - antarctica-east1 |                 - antarctica-east1 | ||||||
|                 - antarctica-west1 |                 - antarctica-west1 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test additional arguments | - it: Test additional arguments | ||||||
|   set: |   set: | ||||||
| @@ -136,6 +176,7 @@ tests: | |||||||
|       - --web.listen-address=:9191 |       - --web.listen-address=:9191 | ||||||
|       - --foo=bar |       - --foo=bar | ||||||
|       - --bar=foo |       - --bar=foo | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test custom imageRegistry and imageRepository | - it: Test custom imageRegistry and imageRepository | ||||||
|   set: |   set: | ||||||
| @@ -145,6 +186,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].image |       path: spec.template.spec.containers[0].image | ||||||
|       value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0 |       value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test custom imagePullPolicy | - it: Test custom imagePullPolicy | ||||||
|   set: |   set: | ||||||
| @@ -153,6 +195,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].imagePullPolicy |       path: spec.template.spec.containers[0].imagePullPolicy | ||||||
|       value: Always |       value: Always | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test config.webConfig.existingSecret | - it: Test config.webConfig.existingSecret | ||||||
|   set: |   set: | ||||||
| @@ -166,6 +209,7 @@ tests: | |||||||
|         name: socket |         name: socket | ||||||
|       - mountPath: /etc/prometheus-fail2ban-exporter/config.d |       - mountPath: /etc/prometheus-fail2ban-exporter/config.d | ||||||
|         name: config-d |         name: config-d | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.volumes |       path: spec.template.spec.volumes | ||||||
|       value: |       value: | ||||||
| @@ -176,6 +220,7 @@ tests: | |||||||
|       - name: config-d |       - name: config-d | ||||||
|         secret: |         secret: | ||||||
|           secretName: web-config-secret |           secretName: web-config-secret | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test custom resource limits and requests | - it: Test custom resource limits and requests | ||||||
|   set: |   set: | ||||||
| @@ -195,6 +240,7 @@ tests: | |||||||
|           resourceFieldRef: |           resourceFieldRef: | ||||||
|             divisor: "1" |             divisor: "1" | ||||||
|             resource: limits.cpu |             resource: limits.cpu | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.containers[0].resources |       path: spec.template.spec.containers[0].resources | ||||||
|       value: |       value: | ||||||
| @@ -204,6 +250,7 @@ tests: | |||||||
|         requests: |         requests: | ||||||
|           cpu: 25m |           cpu: 25m | ||||||
|           memory: 100MB |           memory: 100MB | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test custom securityContext | - it: Test custom securityContext | ||||||
|   set: |   set: | ||||||
| @@ -230,6 +277,7 @@ tests: | |||||||
|         readOnlyRootFilesystem: true |         readOnlyRootFilesystem: true | ||||||
|         runAsNonRoot: true |         runAsNonRoot: true | ||||||
|         runAsUser: 1000 |         runAsUser: 1000 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test dnsConfig | - it: Test dnsConfig | ||||||
|   set: |   set: | ||||||
| @@ -244,6 +292,7 @@ tests: | |||||||
|         nameservers: |         nameservers: | ||||||
|         - "8.8.8.8" |         - "8.8.8.8" | ||||||
|         - "8.8.4.4" |         - "8.8.4.4" | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test dnsPolicy | - it: Test dnsPolicy | ||||||
|   set: |   set: | ||||||
| @@ -252,6 +301,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.dnsPolicy |       path: spec.template.spec.dnsPolicy | ||||||
|       value: ClusterFirst |       value: ClusterFirst | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test hostNetwork, hostname, subdomain | - it: Test hostNetwork, hostname, subdomain | ||||||
|   set: |   set: | ||||||
| @@ -262,12 +312,15 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostNetwork |       path: spec.template.spec.hostNetwork | ||||||
|       value: true |       value: true | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.hostname |       path: spec.template.spec.hostname | ||||||
|       value: pg-exporter |       value: pg-exporter | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.subdomain |       path: spec.template.spec.subdomain | ||||||
|       value: exporters.internal |       value: exporters.internal | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test imagePullSecrets | - it: Test imagePullSecrets | ||||||
|   set: |   set: | ||||||
| @@ -280,6 +333,7 @@ tests: | |||||||
|       value: |       value: | ||||||
|       - name: my-pull-secret |       - name: my-pull-secret | ||||||
|       - name: my-special-secret |       - name: my-special-secret | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test nodeSelector | - it: Test nodeSelector | ||||||
|   set: |   set: | ||||||
| @@ -290,6 +344,7 @@ tests: | |||||||
|       path: spec.template.spec.nodeSelector |       path: spec.template.spec.nodeSelector | ||||||
|       value: |       value: | ||||||
|         foo: bar |         foo: bar | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test priorityClassName | - it: Test priorityClassName | ||||||
|   set: |   set: | ||||||
| @@ -298,6 +353,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.priorityClassName |       path: spec.template.spec.priorityClassName | ||||||
|       value: my-priority |       value: my-priority | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test restartPolicy | - it: Test restartPolicy | ||||||
|   set: |   set: | ||||||
| @@ -306,6 +362,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.restartPolicy |       path: spec.template.spec.restartPolicy | ||||||
|       value: Always |       value: Always | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test terminationGracePeriodSeconds | - it: Test terminationGracePeriodSeconds | ||||||
|   set: |   set: | ||||||
| @@ -314,6 +371,7 @@ tests: | |||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.terminationGracePeriodSeconds |       path: spec.template.spec.terminationGracePeriodSeconds | ||||||
|       value: 120 |       value: 120 | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test tolerations | - it: Test tolerations | ||||||
|   set: |   set: | ||||||
| @@ -330,6 +388,7 @@ tests: | |||||||
|         operator: Equal |         operator: Equal | ||||||
|         value: fail2ban |         value: fail2ban | ||||||
|         effect: NoSchedule |         effect: NoSchedule | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test topologySpreadConstraints | - it: Test topologySpreadConstraints | ||||||
|   set: |   set: | ||||||
| @@ -348,6 +407,7 @@ tests: | |||||||
|         labelSelector: |         labelSelector: | ||||||
|           matchLabels: |           matchLabels: | ||||||
|             app.kubernetes.io/instance: prometheus-fail2ban-exporter |             app.kubernetes.io/instance: prometheus-fail2ban-exporter | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|  |  | ||||||
| - it: Test additional volumeMounts and volumes | - it: Test additional volumeMounts and volumes | ||||||
|   set: |   set: | ||||||
| @@ -366,6 +426,7 @@ tests: | |||||||
|         mountPath: /usr/lib/prometheus-fail2ban-exporter/data |         mountPath: /usr/lib/prometheus-fail2ban-exporter/data | ||||||
|       - name: config-d |       - name: config-d | ||||||
|         mountPath: /etc/prometheus-fail2ban-exporter/config.d |         mountPath: /etc/prometheus-fail2ban-exporter/config.d | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
|   - equal: |   - equal: | ||||||
|       path: spec.template.spec.volumes |       path: spec.template.spec.volumes | ||||||
|       value: |       value: | ||||||
| @@ -375,3 +436,4 @@ tests: | |||||||
|       - name: config-d |       - name: config-d | ||||||
|         secret: |         secret: | ||||||
|           secretName: prometheus-fail2ban-exporter-unittest-web-config |           secretName: prometheus-fail2ban-exporter-unittest-web-config | ||||||
|  |     template: templates/daemonSet.yaml | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/ingress.yaml | - templates/ingress.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip ingress by default. | - it: Skip ingress by default. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
							
								
								
									
										118
									
								
								unittests/networkPolicies/default.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										118
									
								
								unittests/networkPolicies/default.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,118 @@ | |||||||
|  | chart: | ||||||
|  |   appVersion: 0.1.0 | ||||||
|  |   version: 0.1.0 | ||||||
|  | suite: NetworkPolicies template (basic) | ||||||
|  | release: | ||||||
|  |   name: prometheus-fail2ban-exporter-unittest | ||||||
|  |   namespace: testing | ||||||
|  | templates: | ||||||
|  | - templates/networkPolicies.yaml | ||||||
|  | tests: | ||||||
|  | - it: Skip networkPolicies in general disabled. | ||||||
|  |   set: | ||||||
|  |     networkPolicies.enabled: false | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Skip networkPolicy 'default' when disabled. | ||||||
|  |   set: | ||||||
|  |     networkPolicies.enabled: true | ||||||
|  |     networkPolicies.default.enabled: false | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 0 | ||||||
|  |  | ||||||
|  | - it: Loop over networkPolicies | ||||||
|  |   set: | ||||||
|  |     networkPolicies.enabled: true | ||||||
|  |     networkPolicies.default.enabled: false | ||||||
|  |     networkPolicies.nginx.enabled: true | ||||||
|  |     networkPolicies.prometheus.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 2 | ||||||
|  |  | ||||||
|  | - it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration | ||||||
|  |   set: | ||||||
|  |     networkPolicies.enabled: true | ||||||
|  |     networkPolicies.default.enabled: true | ||||||
|  |   asserts: | ||||||
|  |   - hasDocuments: | ||||||
|  |       count: 1 | ||||||
|  |   - containsDocument: | ||||||
|  |       apiVersion: networking.k8s.io/v1 | ||||||
|  |       kind: NetworkPolicy | ||||||
|  |       name: prometheus-fail2ban-exporter-unittest-default | ||||||
|  |       namespace: testing | ||||||
|  |   - notExists: | ||||||
|  |       path: metadata.annotations | ||||||
|  |   - equal: | ||||||
|  |       path: metadata.labels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest | ||||||
|  |         app.kubernetes.io/managed-by: Helm | ||||||
|  |         app.kubernetes.io/name: prometheus-fail2ban-exporter | ||||||
|  |         app.kubernetes.io/version: 0.1.0 | ||||||
|  |         helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 | ||||||
|  |   - equal: | ||||||
|  |       path: spec.podSelector.matchLabels | ||||||
|  |       value: | ||||||
|  |         app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest | ||||||
|  |         app.kubernetes.io/name: prometheus-fail2ban-exporter | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.policyTypes | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.egress | ||||||
|  |   - notExists: | ||||||
|  |       path: spec.ingress | ||||||
|  |  | ||||||
|  | - it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration | ||||||
|  |   set: | ||||||
|  |     networkPolicies.enabled: true | ||||||
|  |     networkPolicies.default.enabled: true | ||||||
|  |     networkPolicies.default.policyTypes: | ||||||
|  |     - Egress | ||||||
|  |     - Ingress | ||||||
|  |     networkPolicies.default.ingress: | ||||||
|  |     - from: | ||||||
|  |       - namespaceSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             kubernetes.io/metadata.name: khv-production | ||||||
|  |         podSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/name: prometheus | ||||||
|  |     networkPolicies.default.egress: | ||||||
|  |     - to: | ||||||
|  |       - namespaceSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             kubernetes.io/metadata.name: database | ||||||
|  |         podSelector: | ||||||
|  |           matchLabels: | ||||||
|  |             app.kubernetes.io/name: oracle | ||||||
|  |   asserts: | ||||||
|  |   - equal: | ||||||
|  |       path: spec.policyTypes | ||||||
|  |       value: | ||||||
|  |       - Egress | ||||||
|  |       - Ingress | ||||||
|  |   - equal: | ||||||
|  |       path: spec.egress | ||||||
|  |       value: | ||||||
|  |       - to: | ||||||
|  |         - namespaceSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               kubernetes.io/metadata.name: database | ||||||
|  |           podSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               app.kubernetes.io/name: oracle | ||||||
|  |   - equal: | ||||||
|  |       path: spec.ingress | ||||||
|  |       value: | ||||||
|  |       - from: | ||||||
|  |         - namespaceSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               kubernetes.io/metadata.name: khv-production | ||||||
|  |           podSelector: | ||||||
|  |             matchLabels: | ||||||
|  |               app.kubernetes.io/name: prometheus | ||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/podMonitor.yaml | - templates/podMonitor.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip podMonitor when metrics are disabled. | - it: Skip podMonitor when metrics are disabled. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/secretWebConfig.yaml | - templates/secretWebConfig.yaml | ||||||
| tests: | tests: | ||||||
| - it: Rendering default secret. | - it: Rendering default secret. | ||||||
|   asserts: |   asserts: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/serviceAccount.yaml | - templates/serviceAccount.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip rendering. | - it: Skip rendering. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/serviceMonitorHTTP.yaml | - templates/serviceMonitorHTTP.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip serviceMonitor when service is disabled. | - it: Skip serviceMonitor when service is disabled. | ||||||
|   set: |   set: | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ release: | |||||||
|   name: prometheus-fail2ban-exporter-unittest |   name: prometheus-fail2ban-exporter-unittest | ||||||
|   namespace: testing |   namespace: testing | ||||||
| templates: | templates: | ||||||
| - templates/prometheus-fail2ban-exporter/serviceHTTP.yaml | - templates/serviceHTTP.yaml | ||||||
| tests: | tests: | ||||||
| - it: Skip service when disabled. | - it: Skip service when disabled. | ||||||
|   set: |   set: | ||||||
|   | |||||||
							
								
								
									
										50
									
								
								values.yaml
									
									
									
									
									
								
							
							
						
						
									
										50
									
								
								values.yaml
									
									
									
									
									
								
							| @@ -270,9 +270,53 @@ podDisruptionBudget: {} | |||||||
| #  maxUnavailable: 1 | #  maxUnavailable: 1 | ||||||
| #  minAvailable: 1 | #  minAvailable: 1 | ||||||
|  |  | ||||||
| ## @section Network | ## @section NetworkPolicies | ||||||
| ## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | ## @param networkPolicies.enabled Enable network policies in general. | ||||||
| networkPolicies: {} | networkPolicies: | ||||||
|  |   enabled: false | ||||||
|  |  | ||||||
|  |   ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics. | ||||||
|  |   ## @param networkPolicies.default.annotations Additional network policy annotations. | ||||||
|  |   ## @param networkPolicies.default.labels Additional network policy labels. | ||||||
|  |   ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress. | ||||||
|  |   ## @param networkPolicies.default.egress Concrete egress network policy implementation. | ||||||
|  |   ## @skip networkPolicies.default.egress Skip individual egress configuration. | ||||||
|  |   ## @param networkPolicies.default.ingress Concrete ingress network policy implementation. | ||||||
|  |   ## @skip networkPolicies.default.ingress Skip individual ingress configuration. | ||||||
|  |   default: | ||||||
|  |     enabled: false | ||||||
|  |     annotations: {} | ||||||
|  |     labels: {} | ||||||
|  |     policyTypes: [] | ||||||
|  |     # - Egress | ||||||
|  |     # - Ingress | ||||||
|  |     egress: [] | ||||||
|  |     ingress: [] | ||||||
|  |     # Allow incoming HTTP traffic from prometheus. | ||||||
|  |     # | ||||||
|  |     # - from: | ||||||
|  |     #   - namespaceSelector: | ||||||
|  |     #       matchLabels: | ||||||
|  |     #         kubernetes.io/metadata.name: monitoring | ||||||
|  |     #     podSelector: | ||||||
|  |     #       matchLabels: | ||||||
|  |     #         app.kubernetes.io/name: prometheus | ||||||
|  |     #   ports: | ||||||
|  |     #   - port: http | ||||||
|  |     #     protocol: TCP | ||||||
|  |  | ||||||
|  |     # Allow incoming HTTP traffic from ingress-nginx. | ||||||
|  |     # | ||||||
|  |     # - from: | ||||||
|  |     #   - namespaceSelector: | ||||||
|  |     #       matchLabels: | ||||||
|  |     #         kubernetes.io/metadata.name: ingress-nginx | ||||||
|  |     #     podSelector: | ||||||
|  |     #       matchLabels: | ||||||
|  |     #         app.kubernetes.io/name: ingress-nginx | ||||||
|  |     #   ports: | ||||||
|  |     #   - port: http | ||||||
|  |     #     protocol: TCP | ||||||
|  |  | ||||||
| ## @section Prometheus | ## @section Prometheus | ||||||
| prometheus: | prometheus: | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user