1 Commits

Author SHA1 Message Date
67e6ff2355 chore(deps): update docker.io/library/node docker tag to v22.13.1
All checks were successful
Helm / helm-lint (pull_request) Successful in 16s
Helm / helm-unittest (pull_request) Successful in 17s
2025-01-22 17:39:59 +00:00
46 changed files with 337 additions and 1665 deletions

View File

@@ -1,114 +0,0 @@
#!/bin/bash
set -e
CHART_FILE="Chart.yaml"
if [ ! -f "${CHART_FILE}" ]; then
echo "ERROR: ${CHART_FILE} not found!" 1>&2
exit 1
fi
DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
if [ -z "${1}" ]; then
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
if [ -z "${OLD_TAG}" ]; then
OLD_TAG="${DEFAULT_OLD_TAG}"
fi
done
else
OLD_TAG=${1}
if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
exit 1
fi
fi
if [ -z "${2}" ]; then
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
if [ -z "${NEW_TAG}" ]; then
NEW_TAG="${DEFAULT_NEW_TAG}"
fi
done
else
NEW_TAG=${2}
if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
exit 1
fi
fi
CHANGE_LOG_YAML=$(mktemp)
echo "[]" > "${CHANGE_LOG_YAML}"
function map_type_to_kind() {
case "${1}" in
feat)
echo "added"
;;
fix)
echo "fixed"
;;
chore|style|test|ci|docs|refac)
echo "changed"
;;
revert)
echo "removed"
;;
sec)
echo "security"
;;
*)
echo "skip"
;;
esac
}
COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
while IFS= read -r line; do
if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
TYPE="${BASH_REMATCH[1]}"
KIND=$(map_type_to_kind "${TYPE}")
if [ "${KIND}" == "skip" ]; then
continue
fi
DESC="${BASH_REMATCH[3]}"
echo "- ${KIND}: ${DESC}"
jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
fi
done <<< "${COMMIT_TITLES}"
if [ -s "${CHANGE_LOG_YAML}" ]; then
yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
else
echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
exit 1
fi
rm "${CHANGE_LOG_YAML}"

View File

@@ -15,7 +15,7 @@ on:
jobs: jobs:
generate-parameters: generate-parameters:
container: container:
image: docker.io/library/node:24.10.0-alpine image: docker.io/library/node:22.13.1-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@@ -23,7 +23,7 @@ jobs:
run: | run: |
apk update apk update
apk add git npm apk add git npm
- uses: actions/checkout@v5.0.0 - uses: actions/checkout@v4.2.2
- name: Generate parameter section in README - name: Generate parameter section in README
run: | run: |
npm install npm install

View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
helm-lint: helm-lint:
container: container:
image: docker.io/volkerraschek/helm:3.19.0 image: docker.io/volkerraschek/helm:3.16.4
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@@ -21,14 +21,14 @@ jobs:
run: | run: |
apk update apk update
apk add git npm apk add git npm
- uses: actions/checkout@v5.0.0 - uses: actions/checkout@v4.2.2
- name: Lint helm files - name: Lint helm files
run: | run: |
helm lint --values values.yaml . helm lint --values values.yaml .
helm-unittest: helm-unittest:
container: container:
image: docker.io/volkerraschek/helm:3.19.0 image: docker.io/volkerraschek/helm:3.16.4
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@@ -36,7 +36,7 @@ jobs:
run: | run: |
apk update apk update
apk add git npm apk add git npm
- uses: actions/checkout@v5.0.0 - uses: actions/checkout@v4.2.2
- name: Unittest - name: Unittest
run: | run: |
helm unittest --strict --file 'unittests/**/*.yaml' ./ helm unittest --strict --file 'unittests/**/*.yaml' ./

View File

@@ -15,7 +15,7 @@ on:
jobs: jobs:
markdown-link-checker: markdown-link-checker:
container: container:
image: docker.io/library/node:24.10.0-alpine image: docker.io/library/node:22.13.1-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@@ -23,7 +23,7 @@ jobs:
run: | run: |
apk update apk update
apk add git npm apk add git npm
- uses: actions/checkout@v5.0.0 - uses: actions/checkout@v4.2.2
- name: Verify links in markdown files - name: Verify links in markdown files
run: | run: |
npm install npm install
@@ -31,7 +31,7 @@ jobs:
markdown-lint: markdown-lint:
container: container:
image: docker.io/library/node:24.10.0-alpine image: docker.io/library/node:22.13.1-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@@ -39,7 +39,7 @@ jobs:
run: | run: |
apk update apk update
apk add git apk add git
- uses: actions/checkout@v5.0.0 - uses: actions/checkout@v4.2.2
- name: Lint markdown files - name: Lint markdown files
run: | run: |
npm install npm install

View File

@@ -8,54 +8,39 @@ on:
jobs: jobs:
publish-chart: publish-chart:
container: container:
image: docker.io/volkerraschek/helm:3.19.0 image: docker.io/volkerraschek/helm:3.16.4
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install packages via apk - name: Install tooling
run: | run: |
apk update apk update
apk add git npm jq yq apk add git npm
- uses: actions/checkout@v4
- uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart - name: Package chart
run: |
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
- name: Upload Chart to ChartMuseum
env: env:
HELM_REPO_NAME: upload
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: | run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
helm dependency build
helm package --version "${PACKAGE_VERSION}" ./
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum helm repo remove chartmuseum
- name: Upload Chart to Gitea # gitea
env:
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: |
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea helm repo remove gitea

View File

@@ -1,6 +1,6 @@
{ {
"yaml.schemas": { "yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [ "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml" "/unittests/**/*.yaml"
] ]
}, },

View File

@@ -1,21 +1,19 @@
annotations:
artifacthub.io/links: |
- name: Prometheus Fail2Ban exporter (binary)
url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
- name: support
url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts/issues
apiVersion: v2 apiVersion: v2
appVersion: "0.1.1"
description: Prometheus metric exporter for Fail2Ban
# icon: https://annotations.example.com/icon.png
keywords:
- prometheus
- prometheus-exporter
- prometheus-fail2ban-exporter
- fail2ban-exporter
name: prometheus-fail2ban-exporter name: prometheus-fail2ban-exporter
sources: description: Prometheus metric exporter for Fail2Ban
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
type: application type: application
version: "0.4.1" kubeVersion: ">=1.20.0"
version: "0.1.0"
appVersion: "0.1.0"
# icon: https://annotations.example.com/icon.png
keywords:
- prometheus
- prometheus-exporter
- prometheus-fail2ban-exporter
- fail2ban-exporter
sources:
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts
- https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter

21
LICENSE
View File

@@ -1,21 +0,0 @@
MIT License
Copyright (c) 2025 Markus Pesch
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE # HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE # NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT # MISSING DOT

121
README.md
View File

@@ -1,5 +1,6 @@
# Prometheus Fail2Ban exporter # Prometheus Fail2Ban exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual This helm chart enables the deployment of a Prometheus metrics exporter for Fail2Ban and allows the individual
@@ -14,15 +15,12 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
and use it to deploy the exporter. It also contains further configuration examples. and use it to deploy the exporter. It also contains further configuration examples.
Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the helm chart is tested for deployment scenarios with **ArgoCD**.
*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
separate [chapter](#argocd).
## Helm: configuration and installation ## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from. 1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm 2. All available parameters are [here](#parameters) in detail documented. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter` `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
repository and use the `--set` flag for a basic deployment. repository and use the `--set` flag for a basic deployment.
@@ -34,8 +32,7 @@ separate [chapter](#argocd).
```bash ```bash
helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
helm repo update helm repo update
CHART_VERSION=0.4.21 helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'prometheus.metrics.enabled=true' \ --set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.serviceMonitor.enabled=true' --set 'prometheus.metrics.serviceMonitor.enabled=true'
``` ```
@@ -46,8 +43,8 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something! versions can break something!
```bash ```bash
CHART_VERSION=0.4.21 CHART_VERSION=0.1.0
helm show values --version "${CHART_VERSION}" prometheus-exporters/prometheus-fail2ban-exporter > values.yaml helm show values prometheus-exporters/prometheus-fail2ban-exporter --version "${CHART_VERSION}" > values.yaml
``` ```
A complete list of available helm chart versions can be displayed via the following command: A complete list of available helm chart versions can be displayed via the following command:
@@ -71,26 +68,22 @@ cannot use the available CPU time to perform computing operations.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS of defining `GOMAXPROCS` automatically based on the defined CPU limit like `100m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling. rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
Further information about this topic can be found in one of Kanishk's blog Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE] > [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is > The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required. > not anymore required.
>
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash ```bash
CHART_VERSION=0.4.21 helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'prometheus.metrics.enabled=true' \ --set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.serviceMonitor.enabled=true' \ --set 'prometheus.metrics.serviceMonitor.enabled=true' \
--set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \ --set 'daemonSet.fail2banExporter.env.name=GOMAXPROCS' \
--set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \ --set 'daemonSet.fail2banExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'daemonSet.fail2banExporter.resources.limits.cpu=1000m' --set 'daemonSet.fail2banExporter.resources.limits.cpu=100m'
``` ```
<!-- <!--
@@ -149,90 +142,10 @@ the Grafana container file system so that it is subsequently available to the us
makes this possible. makes this possible.
```bash ```bash
CHART_VERSION=0.4.21 helm install prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
--set 'grafana.enabled=true' --set 'grafana.enabled=true'
``` ```
### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example
predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example:
> [!NOTE]
> The structure of each custom network policy must be equal like that of default. For this reason don't forget to define
> `annotations`, `labels` and the other properties as well.
```yaml
networkPolicies:
enabled: false
default: {}
my-custom-network-policy: {}
```
The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow
incoming traffic from Prometheus.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
networkPolicies:
enabled: true
default:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress: []
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: http
protocol: TCP
```
## ArgoCD
### Daily execution of rolling updates
The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
Helm render order, different timestamps).
This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
can lead to unnecessary notifications from ArgoCD.
To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
annotations with the prefix `checksum`.
```diff
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
+ ignoreDifferences:
+ - group: apps/v1
+ kind: Deployment
+ jqPathExpressions:
+ - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
```
## Parameters ## Parameters
### Global ### Global
@@ -316,17 +229,11 @@ annotations with the prefix `checksum`.
| --------------------- | ---------------------- | ----- | | --------------------- | ---------------------- | ----- |
| `podDisruptionBudget` | Pod disruption budget. | `{}` | | `podDisruptionBudget` | Pod disruption budget. | `{}` |
### NetworkPolicies ### Network
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- |
| `networkPolicies.enabled` | Enable network policies in general. | `false` | | `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}` |
| `networkPolicies.default.enabled` | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
| `networkPolicies.default.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicies.default.labels` | Additional network policy labels. | `{}` |
| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicies.default.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicies.default.ingress` | Concrete ingress network policy implementation. | `[]` |
### Prometheus ### Prometheus

1187
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@@ -16,6 +16,6 @@
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6", "markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0" "markdownlint-cli": "^0.43.0"
} }
} }

View File

@@ -1,15 +1,8 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "assignees": [ "volker.raschek" ],
"local>volker.raschek/renovate-config:default#master",
"local>volker.raschek/renovate-config:container#master",
"local>volker.raschek/renovate-config:actions#master",
"local>volker.raschek/renovate-config:npm#master",
"local>volker.raschek/renovate-config:regexp#master"
],
"customManagers": [ "customManagers": [
{ {
"customType": "regex",
"fileMatch": [ "fileMatch": [
"^Chart\\.yaml$" "^Chart\\.yaml$"
], ],
@@ -22,61 +15,31 @@
"versioningTemplate": "semver" "versioningTemplate": "semver"
}, },
{ {
"customType": "regex",
"fileMatch": ["^README\\.md$"], "fileMatch": ["^README\\.md$"],
"matchStrings": [ "matchStrings": [
"CHART_VERSION=(?<currentValue>.*)" "VERSION=(?<currentValue>.*)"
], ],
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-charts", "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-charts",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts", "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts",
"datasourceTemplate": "git-tags", "datasourceTemplate": "git-tags",
"versioningTemplate": "semver" "versioningTemplate": "semver"
},
{
"customType": "regex",
"datasourceTemplate": "github-releases",
"fileMatch": [
".vscode/settings\\.json$"
],
"matchStrings": [
"https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
]
} }
], ],
"labels": [ "renovate" ],
"packageRules": [ "packageRules": [
{ {
"groupName": "Update docker.io/volkerraschek/helm", "addLabels": [ "renovate/automerge", "renovate/npm" ],
"matchDepNames": [
"docker.io/volkerraschek/helm",
"volkerraschek/helm"
]
},
{
"automerge": true, "automerge": true,
"groupName": "Update helm plugin 'unittest'", "matchPackageNames": [
"matchDepNames": [ "markdownlint-cli",
"helm-unittest/helm-unittest" "markdown-link-check",
"@bitnami/readme-generator-for-helm"
], ],
"matchDatasources": [ "matchManagers": [ "npm" ],
"github-releases" "matchUpdateTypes": [ "minor", "patch"]
],
"matchUpdateTypes": [
"minor",
"patch"
]
}, },
{ {
"groupName": "Update docker.io/library/node", "addLabels": [ "renovate/automerge", "renovate/container" ],
"matchDepNames": [
"docker.io/library/node",
"library/node"
]
},
{
"addLabels": [
"renovate/automerge",
"renovate/container"
],
"automerge": true, "automerge": true,
"excludePackagePatterns": [ "excludePackagePatterns": [
"volker.raschek/prometheus-fail2ban-exporter" "volker.raschek/prometheus-fail2ban-exporter"
@@ -88,21 +51,8 @@
"minor", "minor",
"patch" "patch"
] ]
},
{
"addLabels": [
"renovate/automerge",
"renovate/documentation"
],
"automerge": true,
"matchDepNames": [
"volker.raschek/prometheus-fail2ban-exporter-charts"
],
"matchUpdateTypes": [
"major",
"minor",
"patch"
]
} }
] ],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
} }

View File

@@ -1,19 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.networkPolicies.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.networkPolicies.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

View File

@@ -1,32 +0,0 @@
---
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
# The following annotations are required to trigger a rolling update. Further information can be found in the official
# documentation of helm:
#
# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
#
{{/* web config */}}
{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-web-config: {{ include (print $.Template.BasePath "/secretWebConfig.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.pod.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- end }}
{{- define "prometheus-fail2ban-exporter.pod.selectorLabels" -}}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{- end }}

View File

@@ -1,36 +0,0 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "prometheus-fail2ban-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-fail2ban-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "prometheus-fail2ban-exporter.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,17 @@
---
{{/* annotations */}}
{{- define "prometheus-fail2ban-exporter.pod.annotations" -}}
{{ include "prometheus-fail2ban-exporter.annotations" . }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-fail2ban-exporter.pod.labels" -}}
{{ include "prometheus-fail2ban-exporter.labels" . }}
{{- end }}
{{- define "prometheus-fail2ban-exporter.pod.selectorLabels" -}}
{{ include "prometheus-fail2ban-exporter.selectorLabels" . }}
{{- end }}

View File

@@ -5,7 +5,7 @@ kind: ConfigMap
metadata: metadata:
{{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.configMap.grafanaDashboards.fail2banExporter.labels" . | fromYaml) }}
labels: labels:

View File

@@ -3,7 +3,7 @@ kind: DaemonSet
metadata: metadata:
{{- with (include "prometheus-fail2ban-exporter.daemonSet.annotations" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.daemonSet.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-fail2ban-exporter.daemonSet.labels" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.daemonSet.labels" . | fromYaml) }}
labels: labels:
@@ -17,8 +17,6 @@ spec:
{{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }} {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
annotations:
{{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }}
labels: labels:
{{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }} {{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }}
spec: spec:

View File

@@ -5,7 +5,7 @@ kind: Ingress
metadata: metadata:
{{- with (include "prometheus-fail2ban-exporter.ingress.annotations" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.ingress.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-fail2ban-exporter.ingress.labels" . | fromYaml) }} {{- with (include "prometheus-fail2ban-exporter.ingress.labels" . | fromYaml) }}
labels: labels:

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/configMapGrafanaDashboardFail2BanExporter.yaml - templates/prometheus-fail2ban-exporter/configMapGrafanaDashboardFail2BanExporter.yaml
tests: tests:
- it: Rendering fail2banExporter - it: Rendering fail2banExporter
asserts: asserts:

View File

@@ -6,23 +6,19 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/daemonSet.yaml - templates/prometheus-fail2ban-exporter/daemonSet.yaml
- templates/secretWebConfig.yaml
tests: tests:
- it: Rendering default - it: Rendering default
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/daemonSet.yaml
- containsDocument: - containsDocument:
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
template: templates/daemonSet.yaml
- notExists: - notExists:
path: metadata.annotations path: metadata.annotations
template: templates/daemonSet.yaml
- equal: - equal:
path: metadata.labels path: metadata.labels
value: value:
@@ -31,31 +27,15 @@ tests:
app.kubernetes.io/name: prometheus-fail2ban-exporter app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0 app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/daemonSet.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-web-config
template: templates/daemonSet.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.affinity path: spec.template.spec.affinity
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].envFrom path: spec.template.spec.containers[0].envFrom
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].args path: spec.template.spec.containers[0].args
value: value:
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml # - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
- --web.listen-address=:9191 - --web.listen-address=:9191
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
value: value:
@@ -63,7 +43,6 @@ tests:
name: socket name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d - mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d name: config-d
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -74,59 +53,42 @@ tests:
- name: config-d - name: config-d
secret: secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0 value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent value: IfNotPresent
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].securityContext path: spec.template.spec.containers[0].securityContext
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.dnsConfig path: spec.template.spec.dnsConfig
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.hostname path: spec.template.spec.hostname
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: false value: false
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.imagePullSecrets path: spec.template.spec.imagePullSecrets
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 60 value: 60
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.tolerations path: spec.template.spec.tolerations
template: templates/daemonSet.yaml
- notExists: - notExists:
path: spec.template.spec.topologySpreadConstraints path: spec.template.spec.topologySpreadConstraints
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.updateStrategy path: spec.updateStrategy
value: value:
@@ -134,7 +96,6 @@ tests:
maxSurge: 1 maxSurge: 1
maxUnavailable: 0 maxUnavailable: 0
type: "RollingUpdate" type: "RollingUpdate"
template: templates/daemonSet.yaml
- it: Test custom affinity - it: Test custom affinity
set: set:
@@ -161,7 +122,6 @@ tests:
values: values:
- antarctica-east1 - antarctica-east1
- antarctica-west1 - antarctica-west1
template: templates/daemonSet.yaml
- it: Test additional arguments - it: Test additional arguments
set: set:
@@ -176,7 +136,6 @@ tests:
- --web.listen-address=:9191 - --web.listen-address=:9191
- --foo=bar - --foo=bar
- --bar=foo - --bar=foo
template: templates/daemonSet.yaml
- it: Test custom imageRegistry and imageRepository - it: Test custom imageRegistry and imageRepository
set: set:
@@ -186,7 +145,6 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0 value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
template: templates/daemonSet.yaml
- it: Test custom imagePullPolicy - it: Test custom imagePullPolicy
set: set:
@@ -195,7 +153,6 @@ tests:
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: Always value: Always
template: templates/daemonSet.yaml
- it: Test config.webConfig.existingSecret - it: Test config.webConfig.existingSecret
set: set:
@@ -209,7 +166,6 @@ tests:
name: socket name: socket
- mountPath: /etc/prometheus-fail2ban-exporter/config.d - mountPath: /etc/prometheus-fail2ban-exporter/config.d
name: config-d name: config-d
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -220,7 +176,6 @@ tests:
- name: config-d - name: config-d
secret: secret:
secretName: web-config-secret secretName: web-config-secret
template: templates/daemonSet.yaml
- it: Test custom resource limits and requests - it: Test custom resource limits and requests
set: set:
@@ -240,7 +195,6 @@ tests:
resourceFieldRef: resourceFieldRef:
divisor: "1" divisor: "1"
resource: limits.cpu resource: limits.cpu
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
value: value:
@@ -250,7 +204,6 @@ tests:
requests: requests:
cpu: 25m cpu: 25m
memory: 100MB memory: 100MB
template: templates/daemonSet.yaml
- it: Test custom securityContext - it: Test custom securityContext
set: set:
@@ -277,7 +230,6 @@ tests:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
template: templates/daemonSet.yaml
- it: Test dnsConfig - it: Test dnsConfig
set: set:
@@ -292,7 +244,6 @@ tests:
nameservers: nameservers:
- "8.8.8.8" - "8.8.8.8"
- "8.8.4.4" - "8.8.4.4"
template: templates/daemonSet.yaml
- it: Test dnsPolicy - it: Test dnsPolicy
set: set:
@@ -301,7 +252,6 @@ tests:
- equal: - equal:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
value: ClusterFirst value: ClusterFirst
template: templates/daemonSet.yaml
- it: Test hostNetwork, hostname, subdomain - it: Test hostNetwork, hostname, subdomain
set: set:
@@ -312,15 +262,12 @@ tests:
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: true value: true
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.hostname path: spec.template.spec.hostname
value: pg-exporter value: pg-exporter
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
value: exporters.internal value: exporters.internal
template: templates/daemonSet.yaml
- it: Test imagePullSecrets - it: Test imagePullSecrets
set: set:
@@ -333,7 +280,6 @@ tests:
value: value:
- name: my-pull-secret - name: my-pull-secret
- name: my-special-secret - name: my-special-secret
template: templates/daemonSet.yaml
- it: Test nodeSelector - it: Test nodeSelector
set: set:
@@ -344,7 +290,6 @@ tests:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
value: value:
foo: bar foo: bar
template: templates/daemonSet.yaml
- it: Test priorityClassName - it: Test priorityClassName
set: set:
@@ -353,7 +298,6 @@ tests:
- equal: - equal:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
value: my-priority value: my-priority
template: templates/daemonSet.yaml
- it: Test restartPolicy - it: Test restartPolicy
set: set:
@@ -362,7 +306,6 @@ tests:
- equal: - equal:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
value: Always value: Always
template: templates/daemonSet.yaml
- it: Test terminationGracePeriodSeconds - it: Test terminationGracePeriodSeconds
set: set:
@@ -371,7 +314,6 @@ tests:
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 120 value: 120
template: templates/daemonSet.yaml
- it: Test tolerations - it: Test tolerations
set: set:
@@ -388,7 +330,6 @@ tests:
operator: Equal operator: Equal
value: fail2ban value: fail2ban
effect: NoSchedule effect: NoSchedule
template: templates/daemonSet.yaml
- it: Test topologySpreadConstraints - it: Test topologySpreadConstraints
set: set:
@@ -407,7 +348,6 @@ tests:
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/instance: prometheus-fail2ban-exporter app.kubernetes.io/instance: prometheus-fail2ban-exporter
template: templates/daemonSet.yaml
- it: Test additional volumeMounts and volumes - it: Test additional volumeMounts and volumes
set: set:
@@ -426,7 +366,6 @@ tests:
mountPath: /usr/lib/prometheus-fail2ban-exporter/data mountPath: /usr/lib/prometheus-fail2ban-exporter/data
- name: config-d - name: config-d
mountPath: /etc/prometheus-fail2ban-exporter/config.d mountPath: /etc/prometheus-fail2ban-exporter/config.d
template: templates/daemonSet.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@@ -436,4 +375,3 @@ tests:
- name: config-d - name: config-d
secret: secret:
secretName: prometheus-fail2ban-exporter-unittest-web-config secretName: prometheus-fail2ban-exporter-unittest-web-config
template: templates/daemonSet.yaml

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/ingress.yaml - templates/prometheus-fail2ban-exporter/ingress.yaml
tests: tests:
- it: Skip ingress by default. - it: Skip ingress by default.
asserts: asserts:

View File

@@ -1,118 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicies template (basic)
release:
name: prometheus-fail2ban-exporter-unittest
namespace: testing
templates:
- templates/networkPolicies.yaml
tests:
- it: Skip networkPolicies in general disabled.
set:
networkPolicies.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip networkPolicy 'default' when disabled.
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: prometheus-fail2ban-exporter-unittest-default
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-fail2ban-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
app.kubernetes.io/name: prometheus-fail2ban-exporter
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
networkPolicies.default.policyTypes:
- Egress
- Ingress
networkPolicies.default.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicies.default.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/podMonitor.yaml - templates/prometheus-fail2ban-exporter/podMonitor.yaml
tests: tests:
- it: Skip podMonitor when metrics are disabled. - it: Skip podMonitor when metrics are disabled.
set: set:

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/secretWebConfig.yaml - templates/prometheus-fail2ban-exporter/secretWebConfig.yaml
tests: tests:
- it: Rendering default secret. - it: Rendering default secret.
asserts: asserts:

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/serviceAccount.yaml - templates/prometheus-fail2ban-exporter/serviceAccount.yaml
tests: tests:
- it: Skip rendering. - it: Skip rendering.
set: set:

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/serviceMonitorHTTP.yaml - templates/prometheus-fail2ban-exporter/serviceMonitorHTTP.yaml
tests: tests:
- it: Skip serviceMonitor when service is disabled. - it: Skip serviceMonitor when service is disabled.
set: set:

View File

@@ -6,7 +6,7 @@ release:
name: prometheus-fail2ban-exporter-unittest name: prometheus-fail2ban-exporter-unittest
namespace: testing namespace: testing
templates: templates:
- templates/serviceHTTP.yaml - templates/prometheus-fail2ban-exporter/serviceHTTP.yaml
tests: tests:
- it: Skip service when disabled. - it: Skip service when disabled.
set: set:

View File

@@ -270,53 +270,9 @@ podDisruptionBudget: {}
# maxUnavailable: 1 # maxUnavailable: 1
# minAvailable: 1 # minAvailable: 1
## @section NetworkPolicies ## @section Network
## @param networkPolicies.enabled Enable network policies in general. ## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
networkPolicies: networkPolicies: {}
enabled: false
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
## @param networkPolicies.default.annotations Additional network policy annotations.
## @param networkPolicies.default.labels Additional network policy labels.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.egress Skip individual egress configuration.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
default:
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Prometheus ## @section Prometheus
prometheus: prometheus: