volker.raschek/prometheus-fail2ban-exporter-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:952d487b25c63412c35b725055fa2b883248e70a
Branches Tags
volker.raschek:master
volker.raschek:0.4.21 volker.raschek:0.4.20 volker.raschek:0.4.19 volker.raschek:0.4.18 volker.raschek:0.4.17 volker.raschek:0.4.16 volker.raschek:0.4.15 volker.raschek:0.4.14 volker.raschek:0.4.13 volker.raschek:0.4.12 volker.raschek:0.4.11 volker.raschek:0.4.10 volker.raschek:0.4.9 volker.raschek:0.4.8 volker.raschek:0.4.7 volker.raschek:0.4.6 volker.raschek:0.4.5 volker.raschek:0.4.4 volker.raschek:0.4.3 volker.raschek:0.4.2 volker.raschek:0.4.1 volker.raschek:0.4.0 volker.raschek:0.3.1 volker.raschek:0.3.0
..
compare: volker.raschek:0.4.0
Branches Tags
volker.raschek:master
volker.raschek:0.4.21 volker.raschek:0.4.20 volker.raschek:0.4.19 volker.raschek:0.4.18 volker.raschek:0.4.17 volker.raschek:0.4.16 volker.raschek:0.4.15 volker.raschek:0.4.14 volker.raschek:0.4.13 volker.raschek:0.4.12 volker.raschek:0.4.11 volker.raschek:0.4.10 volker.raschek:0.4.9 volker.raschek:0.4.8 volker.raschek:0.4.7 volker.raschek:0.4.6 volker.raschek:0.4.5 volker.raschek:0.4.4 volker.raschek:0.4.3 volker.raschek:0.4.2 volker.raschek:0.4.1 volker.raschek:0.4.0 volker.raschek:0.3.1 volker.raschek:0.3.0

7 Commits
952d487b25 ... 0.4.0

Author SHA1 Message Date
Markus Pesch
38b4f95a1f feat: automatically roll deployments
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Release / publish-chart (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 24s
Details 
The following patch extends the chart to automatically roll the deployment, when
one of the configurations, stored in a config map or secret, has been changed.

The implementation add annotations which triggers `helm update` or ArgoCD to
roll the deployment. Further information can be found on the official helm
website:

  https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
 2025-05-29 12:23:44 +02:00
Markus Pesch
51ee91fed1 fix(chart): remove kubernetes version limitation
All checks were successful
Helm / helm-lint (push) Successful in 6s
Details
Helm / helm-unittest (push) Successful in 5s
Details 
The kubernetes version limitation is incompatible with the custom AWS EKS
version pattern. For this reason, some AWS EKS installation needs to adapt the
Chart manually to get it running. To avoid this circumstance, the kubernetes
version limitation has been removed.
 2025-05-29 12:14:08 +02:00
Markus Pesch
c0416cdf48 Merge pull request 'chore(deps): update docker.io/library/node docker tag to v24' (#29) from renovate/docker.io-library-node-24.x into master
All checks were successful
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 19s
Details 
Reviewed-on: #29
 2025-05-28 07:06:47 +00:00
CSRBot
00231f462b chore(deps): update docker.io/library/node docker tag to v24
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 12s
Details
Markdown linter / markdown-link-checker (push) Successful in 10s
Details
Helm / helm-lint (pull_request) Successful in 5s
Details
Helm / helm-unittest (pull_request) Successful in 6s
Details
Markdown linter / markdown-lint (push) Successful in 28s
Details
Generate README / generate-parameters (push) Successful in 44s
Details
2025-05-27 22:11:01 +00:00
Markus Pesch
9e962fbffd chore(renovate): merge library/node packages
All checks were successful
Helm / helm-unittest (push) Successful in 6s
Details
Helm / helm-lint (push) Successful in 23s
Details
2025-05-27 22:54:08 +02:00
Markus Pesch
63125f1849 docs(README): be compliant with markdownlint MD044
All checks were successful
Helm / helm-unittest (push) Successful in 5s
Details
Helm / helm-lint (push) Successful in 12s
Details
Markdown linter / markdown-link-checker (push) Successful in 10s
Details
Markdown linter / markdown-lint (push) Successful in 26s
Details
Generate README / generate-parameters (push) Successful in 1m7s
Details
2025-05-27 22:25:51 +02:00
Markus Pesch
65d2452df4 docs(README): remove drone badge
Some checks failed
Generate README / generate-parameters (push) Successful in 8s
Details
Helm / helm-unittest (push) Successful in 13s
Details
Markdown linter / markdown-link-checker (push) Successful in 10s
Details
Helm / helm-lint (push) Successful in 22s
Details
Markdown linter / markdown-lint (push) Failing after 23s
Details
2025-05-27 17:03:34 +02:00
8 changed files with 87 additions and 9 deletions
Expand all files Collapse all files

2
.gitea/workflows/generate-readme.yaml
View File

@ -15,7 +15,7 @@ on:
jobs:
generate-parameters:
container:
image: docker.io/library/node:23.11.1-alpine
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:

4
.gitea/workflows/markdown-linters.yaml
View File

@ -15,7 +15,7 @@ on:
jobs:
markdown-link-checker:
container:
image: docker.io/library/node:23.11.1-alpine
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:
@ -31,7 +31,7 @@ jobs:
markdown-lint:
container:
image: docker.io/library/node:23.11.1-alpine
image: docker.io/library/node:24.1.0-alpine
runs-on:
- ubuntu-latest
steps:

1
Chart.yaml
View File

@ -2,7 +2,6 @@ apiVersion: v2
name: prometheus-fail2ban-exporter
description: Prometheus metric exporter for Fail2Ban
type: application
kubeVersion: ">=1.20.0"
version: "0.1.0"
appVersion: "0.1.1"

2
Makefile
View File

@ -10,7 +10,7 @@ HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_VERSION?=24.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT

6
README.md
View File

@ -1,6 +1,5 @@
# Prometheus Fail2Ban exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual
@ -20,7 +19,7 @@ helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from.
2. All available parameters are [here](#parameters) in detail documented. The parameters can be defined via the helm
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
repository and use the `--set` flag for a basic deployment.
@ -71,7 +70,8 @@ available. As this is a Golang application, this can be implemented using `GOMAX
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
Further information about this topic can be found in one of Kanishk's blog
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is

15
templates/prometheus-fail2ban-exporter/_pod.tpl
View File

@ -4,6 +4,21 @@
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
# The following annotations are required to trigger a rolling update. Further information can be found in the official
# documentation of helm:
#
# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
#
{{/* web config */}}
{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-fail2ban-exporter/secretWebConfig.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{/* labels */}}

2
templates/prometheus-fail2ban-exporter/daemonSet.yaml
View File

@ -17,6 +17,8 @@ spec:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }}
labels:
{{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }}
spec:

64
unittests/daemonset/daemonset.yaml
View File

@ -7,18 +7,22 @@ release:
namespace: testing
templates:
- templates/prometheus-fail2ban-exporter/daemonSet.yaml
- templates/prometheus-fail2ban-exporter/secretWebConfig.yaml
tests:
- it: Rendering default
asserts:
- hasDocuments:
count: 1
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- containsDocument:
apiVersion: apps/v1
kind: DaemonSet
name: prometheus-fail2ban-exporter-unittest
namespace: testing
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: metadata.annotations
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: metadata.labels
value:
@ -27,15 +31,31 @@ tests:
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.affinity
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.containers[0].envFrom
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.containers[0].args
value:
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
- --web.listen-address=:9191
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
@ -43,6 +63,7 @@ tests:
name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.volumes
value:
@ -53,42 +74,59 @@ tests:
- name: config-d
secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.containers[0].image
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.containers[0].resources
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.dnsConfig
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.dnsPolicy
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.hostname
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.nodeSelector
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.priorityClassName
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.restartPolicy
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.subdomain
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.tolerations
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.updateStrategy
value:
@ -96,6 +134,7 @@ tests:
maxSurge: 1
maxUnavailable: 0
type: "RollingUpdate"
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom affinity
set:
@ -122,6 +161,7 @@ tests:
values:
- antarctica-east1
- antarctica-west1
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test additional arguments
set:
@ -136,6 +176,7 @@ tests:
- --web.listen-address=:9191
- --foo=bar
- --bar=foo
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom imageRegistry and imageRepository
set:
@ -145,6 +186,7 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom imagePullPolicy
set:
@ -153,6 +195,7 @@ tests:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test config.webConfig.existingSecret
set:
@ -166,6 +209,7 @@ tests:
name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.volumes
value:
@ -176,6 +220,7 @@ tests:
- name: config-d
secret:
secretName: web-config-secret
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom resource limits and requests
set:
@ -195,6 +240,7 @@ tests:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
@ -204,6 +250,7 @@ tests:
requests:
cpu: 25m
memory: 100MB
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test custom securityContext
set:
@ -230,6 +277,7 @@ tests:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test dnsConfig
set:
@ -244,6 +292,7 @@ tests:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test dnsPolicy
set:
@ -252,6 +301,7 @@ tests:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test hostNetwork, hostname, subdomain
set:
@ -262,12 +312,15 @@ tests:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test imagePullSecrets
set:
@ -280,6 +333,7 @@ tests:
value:
- name: my-pull-secret
- name: my-special-secret
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test nodeSelector
set:
@ -290,6 +344,7 @@ tests:
path: spec.template.spec.nodeSelector
value:
foo: bar
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test priorityClassName
set:
@ -298,6 +353,7 @@ tests:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test restartPolicy
set:
@ -306,6 +362,7 @@ tests:
- equal:
path: spec.template.spec.restartPolicy
value: Always
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test terminationGracePeriodSeconds
set:
@ -314,6 +371,7 @@ tests:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test tolerations
set:
@ -330,6 +388,7 @@ tests:
operator: Equal
value: fail2ban
effect: NoSchedule
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test topologySpreadConstraints
set:
@ -348,6 +407,7 @@ tests:
labelSelector:
matchLabels:
app.kubernetes.io/instance: prometheus-fail2ban-exporter
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- it: Test additional volumeMounts and volumes
set:
@ -366,6 +426,7 @@ tests:
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d
mountPath: /etc/prometheus-fail2ban-exporter/config.d
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml
- equal:
path: spec.template.spec.volumes
value:
@ -374,4 +435,5 @@ tests:
path: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d
secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config
secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/prometheus-fail2ban-exporter/daemonSet.yaml