Compare commits

...

7 Commits

Author SHA1 Message Date
502501cacf
chore(deps): update docker.io/library/node docker tag to v23.5.0
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2025-01-04 23:23:30 +00:00
45ed6d61c1
fix: move templates into chart dir
Some checks failed
continuous-integration/drone/push Build is failing
2025-01-04 22:31:00 +01:00
9c15f66c55
fix(Makefile): remove markdownlink-check target
Some checks failed
continuous-integration/drone/push Build is failing
2025-01-04 22:27:12 +01:00
154bd40f44
fix(values): add parameter documentation
Some checks failed
continuous-integration/drone/push Build is failing
2025-01-04 22:22:32 +01:00
c139e18822
fix(values): add parameter documentation
All checks were successful
continuous-integration/drone/push Build is passing
2025-01-04 22:22:00 +01:00
760a3e69d5
fix(ci): impl project defaults 2025-01-04 22:11:50 +01:00
a4a6f39173
fix(chart): remove icon
Some checks failed
continuous-integration/drone/push Build is failing
2025-01-04 22:05:00 +01:00
24 changed files with 2304 additions and 53 deletions

View File

@ -124,7 +124,7 @@ steps:
- npm run readme:link
- npm run readme:lint
- npm run readme:parameters
image: docker.io/library/node:23.3.0-alpine
image: docker.io/library/node:23.5.0-alpine
resources:
limits:
cpu: 150

View File

@ -1,6 +1,3 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
@ -10,3 +7,6 @@ end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

5
.gitignore vendored
View File

@ -1,3 +1,6 @@
*.tgz
charts
node_modules
target
values2.yml
values2.yaml
*.tgz

View File

@ -2,6 +2,7 @@
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
@ -10,23 +11,50 @@
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# drone
.drone.yml
# markdownlint
.markdownlint.yaml
# editorconfig
.editorconfig
# customized values
values2.yml
values2.yaml
# helm packages
*.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

View File

@ -45,9 +45,9 @@ MD012:
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
line_length: 120
# Number of characters for headings
heading_line_length: 80
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
@ -56,8 +56,6 @@ MD013:
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
@ -73,7 +71,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
@ -128,8 +126,22 @@ MD041:
# MD044/proper-names - Proper names should have the correct capitalization
MD044:
# List of proper names
# names:
# - drone
names:
- Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- ORBIS U
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks
code_blocks: false

4
.markdownlintignore Normal file
View File

@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
Chart.lock

20
.yamllint.yaml Normal file
View File

@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request đź‘Ť
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

View File

@ -4,7 +4,6 @@ description: Helm chart for prometheus-fail2ban-exporter
type: application
version: "0.1.0"
appVersion: "0.1.0"
icon: https://www.fail2ban.org/fail2ban_logo.png
keywords:
- fail2ban

91
Makefile Normal file
View File

@ -0,0 +1,91 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY=volkerraschek/helm
HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY=library/node
NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

View File

@ -1,17 +1,15 @@
# prometheus-fail2ban-charts
# Prometheus Fail2Ban exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This helm chart contains a daemonset to deploy a fail2ban metric exporter on
kubernetes nodes, which have fail2ban locally installed and configured.
This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban
locally installed and configured.
The fail2ban exporter was repackaged to make it possible to deploy the
application on kubernetes. The forked fail2ban exporter can be found
[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban
exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
can be installed via helm.
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm.
```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
@ -22,6 +20,48 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp
All [configuration
options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12)
can be defined in the `values.yml` file below the `config` section.
Alternatively can be the options passed via the `--set` flag of the `helm
install` command.
can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the
`--set` flag of the `helm install` command.
## Parameters
### Affinity
| Name | Description | Value |
| ---------- | ---------------------------------------------- | ----- |
| `affinity` | Affinity for the postgres-exporter deployment. | `{}` |
### Configuration
### Image
| Name | Description | Value |
| ------------------ | -------------------------------------------------------- | ----------------------------------------------------------------- |
| `image.repository` | Image repository, eg. `library/busybox`. | `git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter` |
| `image.pullPolicy` | Image pull policy. | `Always` |
| `image.tag` | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""` |
| `imagePullSecrets` | Secret to use for pulling the image. | `[]` |
### Ingress
### NodeSelector
### PodAnnotations
### PodPriorityClassName
### PodSecurityContext
### Resources
### SecurityContext
### Service
### ServiceMonitor
### Tolerations
### VolumeMounts
### Volume

1900
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

21
package.json Normal file
View File

@ -0,0 +1,21 @@
{
"name": "prometheus-fail2ban-exporter-chart",
"homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.43.0"
}
}

View File

@ -1,24 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": false,
"matchPackageNames": [ "prometheus-fail2ban-exporter" ],
"matchManagers": [ "regex" ]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch",
"regexManagers": [
"customManagers": [
{
"description": "Update container image reference",
"fileMatch": [
@ -28,8 +11,40 @@
"appVersion: \"(?<currentValue>.*?)\"\\s+"
],
"datasourceTemplate": "docker",
"depNameTemplate": "prometheus-fail2ban-exporter",
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter"
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
"versioningTemplate": "semver"
},
{
"description": "Detect helm chart version in README",
"fileMatch": [
"^README\\.md$"
],
"matchStrings": [
"^CHART_VERSION=(?<currentValue>.*)$"
],
"datasourceTemplate": "git-tags",
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart",
"packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart",
"versioningTemplate": "semver"
}
]
],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/automerge", "renovate/droneci" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/automerge", "renovate/npm" ],
"automerge": true,
"matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
"matchManagers": [ "npm" ],
"matchUpdateTypes": [ "minor", "patch"]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
}

View File

@ -2,11 +2,17 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""
## @section Affinity
## @param affinity Affinity for the fail2ban-exporter deployment.
affinity: {}
## @section Configuration
## @skip config Skip individual fail2ban exporter configuration.
config: {}
# F2B_COLLECTOR_SOCKET
# Path to the fail2ban socket inside the container filesystem.
@ -32,14 +38,21 @@ config: {}
# Alternative listen address instead of 0.0.0.0/0 and ::/0.
# F2B_WEB_LISTEN_ADDRESS: ""
## @section Image
## @param image.repository Image repository, eg. `library/busybox`.
## @param image.pullPolicy Image pull policy.
## @param image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
image:
repository: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""
## @param imagePullSecrets Secret to use for pulling the image.
imagePullSecrets: []
## @section Ingress
## @skip ingress Skip individual ingress configuration.
ingress:
enabled: false
className: "nginx"
@ -58,15 +71,25 @@ ingress:
hosts:
- "your-hostname"
## @section NodeSelector
## @skip nodeSelector Skip individual nodeSelector configuration.
nodeSelector: {}
## @section PodAnnotations
## @skip podAnnotations Skip individual podAnnotations configuration.
podAnnotations: {}
## @section PodPriorityClassName
## @skip podPriorityClassName Skip individual podPriorityClassName configuration.
podPriorityClassName: ""
## @section PodSecurityContext
## @skip podSecurityContext Skip individual PodSecurityContext configuration.
podSecurityContext: {}
# fsGroup: 2000
## @section Resources
## @skip resources Skip individual resource configuration.
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -79,6 +102,8 @@ resources: {}
# cpu: 100m
# memory: 128Mi
## @section SecurityContext
## @skip securityContext Skip individual securityContext configuration.
securityContext: {}
# capabilities:
# drop:
@ -87,12 +112,14 @@ securityContext: {}
# runAsNonRoot: true
# runAsUser: 1000
## @section Service
## @skip service Skip individual service configuration.
service:
type: ClusterIP
port: 9191
# Deploy a serviceMonitor to scrape the metrics automatically via prometheus
# operator.
## @section ServiceMonitor
## @skip serviceMonitor Skip individual serviceMonitor configuration.
serviceMonitor:
enabled: false
annotations: {}
@ -104,12 +131,18 @@ serviceMonitor:
tlsConfig:
insecureSkipVerify: false
## @section Tolerations
## @skip tolerations Skip individual tolerations configuration.
tolerations: []
## @section VolumeMounts
## @skip volumeMounts Skip individual volumeMounts configuration.
volumeMounts:
- name: socket
mountPath: /var/run/fail2ban/fail2ban.sock
## @section Volume
## @skip volumes Skip individual volume configuration.
volumes:
- name: socket
hostPath: