Compare commits
1 Commits
502501cacf
...
6ee9b6f094
Author | SHA1 | Date | |
---|---|---|---|
6ee9b6f094 |
@ -1,3 +1,6 @@
|
||||
# EditorConfig is awesome: https://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
[*]
|
||||
@ -7,6 +10,3 @@ end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = false
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,6 +1,3 @@
|
||||
charts
|
||||
node_modules
|
||||
target
|
||||
*.tgz
|
||||
values2.yml
|
||||
values2.yaml
|
||||
*.tgz
|
||||
|
32
.helmignore
32
.helmignore
@ -2,7 +2,6 @@
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
@ -11,50 +10,23 @@
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
||||
# drone
|
||||
.drone.yml
|
||||
|
||||
# editorconfig
|
||||
.editorconfig
|
||||
|
||||
# markdownlint
|
||||
.markdownlint.yaml
|
||||
# customized values
|
||||
values2.yml
|
||||
values2.yaml
|
||||
|
||||
# helm packages
|
||||
*.tgz
|
||||
.helmignore
|
||||
unittests
|
||||
|
||||
# markdownlint
|
||||
.markdownlint.yml
|
||||
.markdownlint.yaml
|
||||
.markdownlintignore
|
||||
|
||||
# npm
|
||||
.prettierignore
|
||||
.npmrc
|
||||
package*
|
||||
|
||||
# yamllint
|
||||
.yamllint.yaml
|
||||
|
||||
# Others
|
||||
CONTRIBUTING.md
|
||||
CODEOWNERS
|
||||
Makefile
|
||||
renovate.json
|
||||
|
@ -45,9 +45,9 @@ MD012:
|
||||
# MD013/line-length - Line length
|
||||
MD013:
|
||||
# Number of characters
|
||||
line_length: 120
|
||||
line_length: 80
|
||||
# Number of characters for headings
|
||||
heading_line_length: 120
|
||||
heading_line_length: 80
|
||||
# Number of characters for code blocks
|
||||
code_block_line_length: 80
|
||||
# Include code blocks
|
||||
@ -56,6 +56,8 @@ MD013:
|
||||
tables: false
|
||||
# Include headings
|
||||
headings: true
|
||||
# Include headings
|
||||
headers: true
|
||||
# Strict length checking
|
||||
strict: false
|
||||
# Stern length checking
|
||||
@ -71,7 +73,7 @@ MD022:
|
||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||
MD024:
|
||||
# Only check sibling headings
|
||||
siblings_only: true
|
||||
allow_different_nesting: true
|
||||
|
||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||
MD025:
|
||||
@ -126,22 +128,8 @@ MD041:
|
||||
# MD044/proper-names - Proper names should have the correct capitalization
|
||||
MD044:
|
||||
# List of proper names
|
||||
names:
|
||||
- Git
|
||||
- GitDevOps
|
||||
- Gitea
|
||||
- GitHub
|
||||
- GitLab
|
||||
- GitOps
|
||||
- kube-prometheus-stack
|
||||
- Memcached
|
||||
- Oracle
|
||||
- ORBIS U
|
||||
- PostgreSQL
|
||||
- Prometheus
|
||||
- prometheus-exporter
|
||||
- SSL
|
||||
- TLS
|
||||
# names:
|
||||
# - drone
|
||||
# Include code blocks
|
||||
code_blocks: false
|
||||
|
||||
|
@ -1,4 +0,0 @@
|
||||
.github/
|
||||
Chart.lock
|
||||
charts/
|
||||
node_modules/
|
@ -1 +0,0 @@
|
||||
Chart.lock
|
@ -1,20 +0,0 @@
|
||||
---
|
||||
extends: default
|
||||
|
||||
ignore: |
|
||||
.yamllint
|
||||
node_modules
|
||||
templates
|
||||
|
||||
|
||||
rules:
|
||||
truthy:
|
||||
allowed-values: ['true', 'false']
|
||||
check-keys: False
|
||||
level: error
|
||||
line-length: disable
|
||||
document-start: disable
|
||||
comments:
|
||||
min-spaces-from-content: 1
|
||||
braces:
|
||||
max-spaces-inside: 2
|
@ -1 +0,0 @@
|
||||
* @volker.raschek
|
@ -1,82 +0,0 @@
|
||||
# Contributing
|
||||
|
||||
I am very happy if you would like to provide a pull request đź‘Ť
|
||||
|
||||
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
|
||||
|
||||
1. [Valid Git commits](#valid-git-commits)
|
||||
|
||||
## Valid Git commits
|
||||
|
||||
### Commit message
|
||||
|
||||
The repository is subject to a strict commit message template. This states that there are several types of commits. For
|
||||
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
|
||||
|
||||
| type | description |
|
||||
| ------------------- | ----------------------------------------------------------------- |
|
||||
| `feat` | New feature. |
|
||||
| `fix` | Fixes a bug. |
|
||||
| `refac` | Refactoring production code. |
|
||||
| `style` | Fixes formatting issues. No production code change. |
|
||||
| `docs` | Adapt documentation. No production code change. |
|
||||
| `test` | Adds new or modifies existing tests. No production code change. |
|
||||
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
|
||||
|
||||
Based on these types, commit messaged can then be created. Here are a few examples:
|
||||
|
||||
```text
|
||||
style(README): Wrong indentation
|
||||
feat(deployment): support restartPolicy
|
||||
fix(my-app): Add missing volume
|
||||
docs(CONTRIBUTING): Describe how to commit correctly
|
||||
```
|
||||
|
||||
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
|
||||
pull request PR to be combined into one commit (squashing).
|
||||
|
||||
### Smart commits
|
||||
|
||||
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
|
||||
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
|
||||
needs to be added to the merge commit.
|
||||
|
||||
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
|
||||
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
|
||||
|
||||
```text
|
||||
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|
||||
|\
|
||||
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
|
||||
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
|
||||
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|
||||
|/
|
||||
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
|
||||
```
|
||||
|
||||
### Commit signing
|
||||
|
||||
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
|
||||
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
|
||||
Linux kernel.
|
||||
|
||||
```bash
|
||||
git config --global user.name 'Linux Torvalds'
|
||||
git config --global user.email 'torvalds@linux-foundation.org'
|
||||
```
|
||||
|
||||
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
|
||||
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
|
||||
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
|
||||
|
||||
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
|
||||
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
|
||||
Otherwise will be marked the Git commit as *Unverified*.
|
||||
|
||||
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
|
||||
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
|
||||
|
||||
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
|
||||
|
||||
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
|
||||
example an external USB drive.
|
@ -4,6 +4,7 @@ description: Helm chart for prometheus-fail2ban-exporter
|
||||
type: application
|
||||
version: "0.1.0"
|
||||
appVersion: "0.1.0"
|
||||
icon: https://www.fail2ban.org/fail2ban_logo.png
|
||||
|
||||
keywords:
|
||||
- fail2ban
|
||||
|
91
Makefile
91
Makefile
@ -1,91 +0,0 @@
|
||||
# CONTAINER_RUNTIME
|
||||
CONTAINER_RUNTIME?=$(shell which podman)
|
||||
|
||||
# HELM_IMAGE
|
||||
HELM_IMAGE_REGISTRY_HOST?=docker.io
|
||||
HELM_IMAGE_REPOSITORY=volkerraschek/helm
|
||||
HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
|
||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
|
||||
|
||||
# NODE_IMAGE
|
||||
NODE_IMAGE_REGISTRY_HOST?=docker.io
|
||||
NODE_IMAGE_REPOSITORY=library/node
|
||||
NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
|
||||
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
|
||||
|
||||
# MISSING DOT
|
||||
# ==============================================================================
|
||||
missing-dot:
|
||||
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
|
||||
|
||||
# CONTAINER RUN - README
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/readme
|
||||
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
|
||||
|
||||
container-run/readme/link:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:link
|
||||
|
||||
container-run/readme/lint:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:lint
|
||||
|
||||
container-run/readme/parameters:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${NODE_IMAGE_FULLY_QUALIFIED} \
|
||||
npm install && npm run readme:parameters
|
||||
|
||||
# CONTAINER RUN - HELM UNITTESTS
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-unittests
|
||||
container-run/helm-unittests:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
unittest --strict --file 'unittests/**/*.yaml' ./
|
||||
|
||||
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-update-dependencies
|
||||
container-run/helm-update-dependencies:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
|
||||
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
dependency update
|
||||
|
||||
# CONTAINER RUN - MARKDOWN-LINT
|
||||
# ==============================================================================
|
||||
PHONY+=container-run/helm-lint
|
||||
container-run/helm-lint:
|
||||
${CONTAINER_RUNTIME} run \
|
||||
--rm \
|
||||
--volume $(shell pwd):$(shell pwd) \
|
||||
--workdir $(shell pwd) \
|
||||
${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
lint --values values.yaml .
|
||||
|
||||
# PHONY
|
||||
# ==============================================================================
|
||||
# Declare the contents of the PHONY variable as phony. We keep that information
|
||||
# in a variable so we can use it in if_changed.
|
||||
.PHONY: ${PHONY}
|
62
README.md
62
README.md
@ -1,15 +1,17 @@
|
||||
# Prometheus Fail2Ban exporter
|
||||
# prometheus-fail2ban-charts
|
||||
|
||||
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts)
|
||||
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
|
||||
|
||||
This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban
|
||||
locally installed and configured.
|
||||
This helm chart contains a daemonset to deploy a fail2ban metric exporter on
|
||||
kubernetes nodes, which have fail2ban locally installed and configured.
|
||||
|
||||
The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban
|
||||
exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
|
||||
The fail2ban exporter was repackaged to make it possible to deploy the
|
||||
application on kubernetes. The forked fail2ban exporter can be found
|
||||
[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
|
||||
|
||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm.
|
||||
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
|
||||
can be installed via helm.
|
||||
|
||||
```bash
|
||||
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
|
||||
@ -20,48 +22,6 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp
|
||||
|
||||
All [configuration
|
||||
options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12)
|
||||
can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the
|
||||
`--set` flag of the `helm install` command.
|
||||
|
||||
## Parameters
|
||||
|
||||
### Affinity
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------- | ---------------------------------------------- | ----- |
|
||||
| `affinity` | Affinity for the postgres-exporter deployment. | `{}` |
|
||||
|
||||
### Configuration
|
||||
|
||||
### Image
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------ | -------------------------------------------------------- | ----------------------------------------------------------------- |
|
||||
| `image.repository` | Image repository, eg. `library/busybox`. | `git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter` |
|
||||
| `image.pullPolicy` | Image pull policy. | `Always` |
|
||||
| `image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
|
||||
| `imagePullSecrets` | Secret to use for pulling the image. | `[]` |
|
||||
|
||||
### Ingress
|
||||
|
||||
### NodeSelector
|
||||
|
||||
### PodAnnotations
|
||||
|
||||
### PodPriorityClassName
|
||||
|
||||
### PodSecurityContext
|
||||
|
||||
### Resources
|
||||
|
||||
### SecurityContext
|
||||
|
||||
### Service
|
||||
|
||||
### ServiceMonitor
|
||||
|
||||
### Tolerations
|
||||
|
||||
### VolumeMounts
|
||||
|
||||
### Volume
|
||||
can be defined in the `values.yml` file below the `config` section.
|
||||
Alternatively can be the options passed via the `--set` flag of the `helm
|
||||
install` command.
|
||||
|
1900
package-lock.json
generated
1900
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
21
package.json
21
package.json
@ -1,21 +0,0 @@
|
||||
{
|
||||
"name": "prometheus-fail2ban-exporter-chart",
|
||||
"homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git",
|
||||
"license": "MIT",
|
||||
"private": true,
|
||||
"engineStrict": true,
|
||||
"engines": {
|
||||
"node": ">=16.0.0",
|
||||
"npm": ">=8.0.0"
|
||||
},
|
||||
"scripts": {
|
||||
"readme:link": "markdown-link-check *.md",
|
||||
"readme:lint": "markdownlint *.md -f",
|
||||
"readme:parameters": "readme-generator -v values.yaml -r README.md"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdown-link-check": "^3.13.6",
|
||||
"markdownlint-cli": "^0.43.0"
|
||||
}
|
||||
}
|
@ -1,7 +1,24 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"assignees": [ "volker.raschek" ],
|
||||
"customManagers": [
|
||||
"labels": [ "renovate" ],
|
||||
"packageRules": [
|
||||
{
|
||||
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
|
||||
"automerge": true,
|
||||
"matchManagers": "droneci",
|
||||
"matchUpdateTypes": [ "minor", "patch"]
|
||||
},
|
||||
{
|
||||
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
|
||||
"automerge": false,
|
||||
"matchPackageNames": [ "prometheus-fail2ban-exporter" ],
|
||||
"matchManagers": [ "regex" ]
|
||||
}
|
||||
],
|
||||
"rebaseLabel": "renovate/rebase",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"regexManagers": [
|
||||
{
|
||||
"description": "Update container image reference",
|
||||
"fileMatch": [
|
||||
@ -11,40 +28,8 @@
|
||||
"appVersion: \"(?<currentValue>.*?)\"\\s+"
|
||||
],
|
||||
"datasourceTemplate": "docker",
|
||||
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
|
||||
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
|
||||
"versioningTemplate": "semver"
|
||||
},
|
||||
{
|
||||
"description": "Detect helm chart version in README",
|
||||
"fileMatch": [
|
||||
"^README\\.md$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"^CHART_VERSION=(?<currentValue>.*)$"
|
||||
],
|
||||
"datasourceTemplate": "git-tags",
|
||||
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart",
|
||||
"packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart",
|
||||
"versioningTemplate": "semver"
|
||||
"depNameTemplate": "prometheus-fail2ban-exporter",
|
||||
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter"
|
||||
}
|
||||
],
|
||||
"labels": [ "renovate" ],
|
||||
"packageRules": [
|
||||
{
|
||||
"addLabels": [ "renovate/automerge", "renovate/droneci" ],
|
||||
"automerge": true,
|
||||
"matchManagers": "droneci",
|
||||
"matchUpdateTypes": [ "minor", "patch"]
|
||||
},
|
||||
{
|
||||
"addLabels": [ "renovate/automerge", "renovate/npm" ],
|
||||
"automerge": true,
|
||||
"matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
|
||||
"matchManagers": [ "npm" ],
|
||||
"matchUpdateTypes": [ "minor", "patch"]
|
||||
}
|
||||
],
|
||||
"rebaseLabel": "renovate/rebase",
|
||||
"rebaseWhen": "behind-base-branch"
|
||||
]
|
||||
}
|
||||
|
37
values.yaml
37
values.yaml
@ -2,17 +2,11 @@
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
## @param nameOverride Individual release name suffix.
|
||||
## @param fullnameOverride Override the complete release name logic.
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
## @section Affinity
|
||||
## @param affinity Affinity for the fail2ban-exporter deployment.
|
||||
affinity: {}
|
||||
|
||||
## @section Configuration
|
||||
## @skip config Skip individual fail2ban exporter configuration.
|
||||
config: {}
|
||||
# F2B_COLLECTOR_SOCKET
|
||||
# Path to the fail2ban socket inside the container filesystem.
|
||||
@ -38,21 +32,14 @@ config: {}
|
||||
# Alternative listen address instead of 0.0.0.0/0 and ::/0.
|
||||
# F2B_WEB_LISTEN_ADDRESS: ""
|
||||
|
||||
## @section Image
|
||||
## @param image.repository Image repository, eg. `library/busybox`.
|
||||
## @param image.pullPolicy Image pull policy.
|
||||
## @param image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
|
||||
image:
|
||||
repository: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
|
||||
pullPolicy: Always
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: ""
|
||||
|
||||
## @param imagePullSecrets Secret to use for pulling the image.
|
||||
imagePullSecrets: []
|
||||
|
||||
## @section Ingress
|
||||
## @skip ingress Skip individual ingress configuration.
|
||||
ingress:
|
||||
enabled: false
|
||||
className: "nginx"
|
||||
@ -71,25 +58,15 @@ ingress:
|
||||
hosts:
|
||||
- "your-hostname"
|
||||
|
||||
## @section NodeSelector
|
||||
## @skip nodeSelector Skip individual nodeSelector configuration.
|
||||
nodeSelector: {}
|
||||
|
||||
## @section PodAnnotations
|
||||
## @skip podAnnotations Skip individual podAnnotations configuration.
|
||||
podAnnotations: {}
|
||||
|
||||
## @section PodPriorityClassName
|
||||
## @skip podPriorityClassName Skip individual podPriorityClassName configuration.
|
||||
podPriorityClassName: ""
|
||||
|
||||
## @section PodSecurityContext
|
||||
## @skip podSecurityContext Skip individual PodSecurityContext configuration.
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
|
||||
## @section Resources
|
||||
## @skip resources Skip individual resource configuration.
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
@ -102,8 +79,6 @@ resources: {}
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
## @section SecurityContext
|
||||
## @skip securityContext Skip individual securityContext configuration.
|
||||
securityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
@ -112,14 +87,12 @@ securityContext: {}
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
## @section Service
|
||||
## @skip service Skip individual service configuration.
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9191
|
||||
|
||||
## @section ServiceMonitor
|
||||
## @skip serviceMonitor Skip individual serviceMonitor configuration.
|
||||
# Deploy a serviceMonitor to scrape the metrics automatically via prometheus
|
||||
# operator.
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
@ -131,18 +104,12 @@ serviceMonitor:
|
||||
tlsConfig:
|
||||
insecureSkipVerify: false
|
||||
|
||||
## @section Tolerations
|
||||
## @skip tolerations Skip individual tolerations configuration.
|
||||
tolerations: []
|
||||
|
||||
## @section VolumeMounts
|
||||
## @skip volumeMounts Skip individual volumeMounts configuration.
|
||||
volumeMounts:
|
||||
- name: socket
|
||||
mountPath: /var/run/fail2ban/fail2ban.sock
|
||||
|
||||
## @section Volume
|
||||
## @skip volumes Skip individual volume configuration.
|
||||
volumes:
|
||||
- name: socket
|
||||
hostPath:
|
||||
|
Loading…
Reference in New Issue
Block a user