chore(deps): update git.cryptic.systems/volker.raschek/helm docker tag to v3.16.4

.drone.yml

@@ -17,7 +17,7 @@ steps:
 - name: helm lint
   commands:
   - helm lint
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
+  image: git.cryptic.systems/volker.raschek/helm:3.16.4
   resources:
     limits:
       cpu: 150
@@ -69,7 +69,7 @@ steps:
 - name: helm unittest
   commands:
   - helm unittest --strict --file 'unittests/**/*.yaml' ./
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
+  image: git.cryptic.systems/volker.raschek/helm:3.16.4
   resources:
     limits:
       cpu: 150
@@ -187,7 +187,7 @@ steps:
       from_secret: helm_repo_password
     HELM_REPO_USERNAME:
       from_secret: helm_repo_username
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
+  image: git.cryptic.systems/volker.raschek/helm:3.16.4
   resources:
     limits:
       cpu: 150

.editorconfig

@@ -1,6 +1,3 @@
-# EditorConfig is awesome: https://EditorConfig.org
-
-# top-most EditorConfig file
 root = true
 
 [*]
@@ -10,3 +7,6 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = false
+
+[Makefile]
+indent_style = tab

.gitignore

@@ -1,3 +1,6 @@
-*.tgz
+charts
+node_modules
+target
 values2.yml
 values2.yaml
+*.tgz

.helmignore

@@ -2,6 +2,7 @@
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
+
 # Common VCS dirs
 .git/
 .gitignore
@@ -10,23 +11,50 @@
 .hg/
 .hgignore
 .svn/
+
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
+
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
+
 # drone
 .drone.yml
-# markdownlint
+
-.markdownlint.yaml
+# editorconfig
+.editorconfig
+
 # customized values
 values2.yml
 values2.yaml
+
 # helm packages
 *.tgz
+.helmignore
+unittests
+
+# markdownlint
+.markdownlint.yml
+.markdownlint.yaml
+.markdownlintignore
+
+# npm
+.prettierignore
+.npmrc
+package*
+
+# yamllint
+.yamllint.yaml
+
+# Others
+CONTRIBUTING.md
+CODEOWNERS
+Makefile
+renovate.json

.markdownlint.yaml

@@ -45,9 +45,9 @@ MD012:
 # MD013/line-length - Line length
 MD013:
   # Number of characters
-  line_length: 80
+  line_length: 120
   # Number of characters for headings
-  heading_line_length: 80
+  heading_line_length: 120
   # Number of characters for code blocks
   code_block_line_length: 80
   # Include code blocks
@@ -56,8 +56,6 @@ MD013:
   tables: false
   # Include headings
   headings: true
-  # Include headings
-  headers: true
   # Strict length checking
   strict: false
   # Stern length checking
@@ -73,7 +71,7 @@ MD022:
 # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
 MD024:
   # Only check sibling headings
-  allow_different_nesting: true
+  siblings_only: true
 
 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
@@ -128,8 +126,22 @@ MD041:
 # MD044/proper-names - Proper names should have the correct capitalization
 MD044:
   # List of proper names
-  # names:
+  names:
-  # - drone
+    - Git
+    - GitDevOps
+    - Gitea
+    - GitHub
+    - GitLab
+    - GitOps
+    - kube-prometheus-stack
+    - Memcached
+    - Oracle
+    - ORBIS U
+    - PostgreSQL
+    - Prometheus
+    - prometheus-exporter
+    - SSL
+    - TLS
   # Include code blocks
   code_blocks: false
 

.markdownlintignore

@@ -0,0 +1,4 @@
+.github/
+Chart.lock
+charts/
+node_modules/

.npmrc

@@ -0,0 +1 @@
+engine-strict=true

.prettierignore

@@ -0,0 +1 @@
+Chart.lock

.yamllint.yaml

@@ -0,0 +1,20 @@
+---
+extends: default
+
+ignore: |
+  .yamllint
+  node_modules
+  templates
+
+
+rules:
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: False
+    level: error
+  line-length: disable
+  document-start: disable
+  comments:
+    min-spaces-from-content: 1
+  braces:
+    max-spaces-inside: 2

CODEOWNERS

@@ -0,0 +1 @@
+* @volker.raschek

CONTRIBUTING.md

@@ -0,0 +1,82 @@
+# Contributing
+
+I am very happy if you would like to provide a pull request 👍
+
+The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
+
+1. [Valid Git commits](#valid-git-commits)
+
+## Valid Git commits
+
+### Commit message
+
+The repository is subject to a strict commit message template. This states that there are several types of commits. For
+example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
+
+| type                | description                                                       |
+| ------------------- | ----------------------------------------------------------------- |
+| `feat`              | New feature.                                                      |
+| `fix`               | Fixes a bug.                                                      |
+| `refac`             | Refactoring production code.                                      |
+| `style`             | Fixes formatting issues. No production code change.               |
+| `docs`              | Adapt documentation. No production code change.                   |
+| `test`              | Adds new or modifies existing tests. No production code change.   |
+| `chore`             | Updating grunt tasks. Is everything which the user does not see.  |
+
+Based on these types, commit messaged can then be created. Here are a few examples:
+
+```text
+style(README): Wrong indentation
+feat(deployment): support restartPolicy
+fix(my-app): Add missing volume
+docs(CONTRIBUTING): Describe how to commit correctly
+```
+
+This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
+pull request PR to be combined into one commit (squashing).
+
+### Smart commits
+
+Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
+commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
+needs to be added to the merge commit.
+
+This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
+of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
+
+```text
+* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
+|\
+| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
+| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
+| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
+|/
+* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
+```
+
+### Commit signing
+
+Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
+can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
+Linux kernel.
+
+```bash
+git config --global user.name 'Linux Torvalds'
+git config --global user.email 'torvalds@linux-foundation.org'
+```
+
+To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
+delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
+commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
+
+The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
+address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
+Otherwise will be marked the Git commit as *Unverified*.
+
+1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
+
+Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
+
+Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
+example an external USB drive.

Chart.yaml

@@ -4,7 +4,6 @@ description: Helm chart for prometheus-fail2ban-exporter
 type: application
 version: "0.1.0"
 appVersion: "0.1.0"
-icon: https://www.fail2ban.org/fail2ban_logo.png
 
 keywords:
 - fail2ban

Makefile

@@ -0,0 +1,91 @@
+# CONTAINER_RUNTIME
+CONTAINER_RUNTIME?=$(shell which podman)
+
+# HELM_IMAGE
+HELM_IMAGE_REGISTRY_HOST?=docker.io
+HELM_IMAGE_REPOSITORY=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
+
+# NODE_IMAGE
+NODE_IMAGE_REGISTRY_HOST?=docker.io
+NODE_IMAGE_REPOSITORY=library/node
+NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
+NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
+
+# MISSING DOT
+# ==============================================================================
+missing-dot:
+	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
+
+# CONTAINER RUN - README
+# ==============================================================================
+PHONY+=container-run/readme
+container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
+
+container-run/readme/link:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:link
+
+container-run/readme/lint:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:lint
+
+container-run/readme/parameters:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:parameters
+
+# CONTAINER RUN - HELM UNITTESTS
+# ==============================================================================
+PHONY+=container-run/helm-unittests
+container-run/helm-unittests:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				unittest --strict --file 'unittests/**/*.yaml' ./
+
+# CONTAINER RUN - HELM UPDATE DEPENDENCIES
+# ==============================================================================
+PHONY+=container-run/helm-update-dependencies
+container-run/helm-update-dependencies:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				dependency update
+
+# CONTAINER RUN - MARKDOWN-LINT
+# ==============================================================================
+PHONY+=container-run/helm-lint
+container-run/helm-lint:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+		${HELM_IMAGE_FULLY_QUALIFIED} \
+			lint --values values.yaml .
+
+# PHONY
+# ==============================================================================
+# Declare the contents of the PHONY variable as phony. We keep that information
+# in a variable so we can use it in if_changed.
+.PHONY: ${PHONY}

README.md

@@ -1,17 +1,15 @@
-# prometheus-fail2ban-charts
+# Prometheus Fail2Ban exporter
 
 [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
 
-This helm chart contains a daemonset to deploy a fail2ban metric exporter on
+This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban
-kubernetes nodes, which have fail2ban locally installed and configured.
+locally installed and configured.
 
-The fail2ban exporter was repackaged to make it possible to deploy the
+The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban
-application on kubernetes. The forked fail2ban exporter can be found
+exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
-[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
 
-This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
+This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm.
-can be installed via helm.
 
 ```bash
 helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
@@ -22,6 +20,48 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp
 
 All [configuration
 options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12)
-can be defined in the `values.yml` file below the `config` section.
+can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the
-Alternatively can be the options passed via the `--set` flag of the `helm
+`--set` flag of the `helm install` command.
-install` command.
+
+## Parameters
+
+### Affinity
+
+| Name       | Description                                    | Value |
+| ---------- | ---------------------------------------------- | ----- |
+| `affinity` | Affinity for the postgres-exporter deployment. | `{}`  |
+
+### Configuration
+
+### Image
+
+| Name               | Description                                              | Value                                                             |
+| ------------------ | -------------------------------------------------------- | ----------------------------------------------------------------- |
+| `image.repository` | Image repository, eg. `library/busybox`.                 | `git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter` |
+| `image.pullPolicy` | Image pull policy.                                       | `Always`                                                          |
+| `image.tag`        | Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. | `""`                                                              |
+| `imagePullSecrets` | Secret to use for pulling the image.                     | `[]`                                                              |
+
+### Ingress
+
+### NodeSelector
+
+### PodAnnotations
+
+### PodPriorityClassName
+
+### PodSecurityContext
+
+### Resources
+
+### SecurityContext
+
+### Service
+
+### ServiceMonitor
+
+### Tolerations
+
+### VolumeMounts
+
+### Volume

package.json

@@ -0,0 +1,21 @@
+{
+  "name": "prometheus-fail2ban-exporter-chart",
+  "homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git",
+  "license": "MIT",
+  "private": true,
+  "engineStrict": true,
+  "engines": {
+    "node": ">=16.0.0",
+    "npm": ">=8.0.0"
+  },
+  "scripts": {
+    "readme:link": "markdown-link-check *.md",
+    "readme:lint": "markdownlint *.md -f",
+    "readme:parameters": "readme-generator -v values.yaml -r README.md"
+  },
+  "devDependencies": {
+    "@bitnami/readme-generator-for-helm": "^2.5.0",
+    "markdown-link-check": "^3.13.6",
+    "markdownlint-cli": "^0.43.0"
+  }
+}

renovate.json

@@ -1,24 +1,7 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "assignees": [ "volker.raschek" ],
-  "labels": [ "renovate" ],
+  "customManagers": [
-  "packageRules": [
-    {
-      "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    },
-    {
-      "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
-      "automerge": false,
-      "matchPackageNames": [ "prometheus-fail2ban-exporter" ],
-      "matchManagers": [ "regex" ]
-    }
-  ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch",
-  "regexManagers": [
     {
       "description": "Update container image reference",
       "fileMatch": [
@@ -28,8 +11,40 @@
         "appVersion: \"(?<currentValue>.*?)\"\\s+"
       ],
       "datasourceTemplate": "docker",
-      "depNameTemplate": "prometheus-fail2ban-exporter",
+      "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
-      "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter"
+      "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "Detect helm chart version in README",
+      "fileMatch": [
+        "^README\\.md$"
+      ],
+      "matchStrings": [
+        "^CHART_VERSION=(?<currentValue>.*)$"
+      ],
+      "datasourceTemplate": "git-tags",
+      "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart",
+      "packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart",
+      "versioningTemplate": "semver"
     }
-  ]
+  ],
+  "labels": [ "renovate" ],
+  "packageRules": [
+    {
+      "addLabels": [ "renovate/automerge", "renovate/droneci" ],
+      "automerge": true,
+      "matchManagers": "droneci",
+      "matchUpdateTypes": [ "minor", "patch"]
+    },
+    {
+      "addLabels": [ "renovate/automerge", "renovate/npm" ],
+      "automerge": true,
+      "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
+      "matchManagers": [ "npm" ],
+      "matchUpdateTypes": [ "minor", "patch"]
+    }
+  ],
+  "rebaseLabel": "renovate/rebase",
+  "rebaseWhen": "behind-base-branch"
 }

values.yaml

@@ -2,11 +2,17 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+## @param nameOverride Individual release name suffix.
+## @param fullnameOverride Override the complete release name logic.
 nameOverride: ""
 fullnameOverride: ""
 
+## @section Affinity
+## @param affinity Affinity for the fail2ban-exporter deployment.
 affinity: {}
 
+## @section Configuration
+## @skip config Skip individual fail2ban exporter configuration.
 config: {}
   # F2B_COLLECTOR_SOCKET
   # Path to the fail2ban socket inside the container filesystem.
@@ -32,14 +38,21 @@ config: {}
   # Alternative listen address instead of 0.0.0.0/0 and ::/0.
   # F2B_WEB_LISTEN_ADDRESS: ""
 
+## @section Image
+## @param image.repository Image repository, eg. `library/busybox`.
+## @param image.pullPolicy Image pull policy.
+## @param image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
 image:
   repository: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
   pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
+## @param imagePullSecrets Secret to use for pulling the image.
 imagePullSecrets: []
 
+## @section Ingress
+## @skip ingress Skip individual ingress configuration.
 ingress:
   enabled: false
   className: "nginx"
@@ -58,15 +71,25 @@ ingress:
     hosts:
     - "your-hostname"
 
+## @section NodeSelector
+## @skip nodeSelector Skip individual nodeSelector configuration.
 nodeSelector: {}
 
+## @section PodAnnotations
+## @skip podAnnotations Skip individual podAnnotations configuration.
 podAnnotations: {}
 
+## @section PodPriorityClassName
+## @skip podPriorityClassName Skip individual podPriorityClassName configuration.
 podPriorityClassName: ""
 
+## @section PodSecurityContext
+## @skip podSecurityContext Skip individual PodSecurityContext configuration.
 podSecurityContext: {}
   # fsGroup: 2000
 
+## @section Resources
+## @skip resources Skip individual resource configuration.
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
@@ -79,6 +102,8 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
+## @section SecurityContext
+## @skip securityContext Skip individual securityContext configuration.
 securityContext: {}
   # capabilities:
   #   drop:
@@ -87,12 +112,14 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
+## @section Service
+## @skip service Skip individual service configuration.
 service:
   type: ClusterIP
   port: 9191
 
-# Deploy a serviceMonitor to scrape the metrics automatically via prometheus
+## @section ServiceMonitor
-# operator.
+## @skip serviceMonitor Skip individual serviceMonitor configuration.
 serviceMonitor:
   enabled: false
   annotations: {}
@@ -104,12 +131,18 @@ serviceMonitor:
   tlsConfig:
     insecureSkipVerify: false
 
+## @section Tolerations
+## @skip tolerations Skip individual tolerations configuration.
 tolerations: []
 
+## @section VolumeMounts
+## @skip volumeMounts Skip individual volumeMounts configuration.
 volumeMounts:
 - name: socket
   mountPath: /var/run/fail2ban/fail2ban.sock
 
+## @section Volume
+## @skip volumes Skip individual volume configuration.
 volumes:
 - name: socket
   hostPath: