# Declare variables to be passed into your templates. ## @section Global ## @param nameOverride Individual release name suffix. ## @param fullnameOverride Override the complete release name logic. nameOverride: "" fullnameOverride: "" ## @section Configuration config: webConfig: ## @param config.webConfig.existingSecret.enabled Mount an existing secret containing the key `webConfig.yaml`. ## @param config.webConfig.existingSecret.secretName Name of the existing secret containing the key `webConfig.yaml`. existingSecret: enabled: false secretName: "" ## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`. ## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`. ## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`. ## @skip config.webConfig.secret.webConfig Skip individual web configuration. secret: annotations: {} labels: {} webConfig: {} # basic_auth_users: # prom: # http_server_config: # http2: true # tls_server_config: # cert_file: /path/to/cert.pem # client_allowed_sans: # - fail2ban.example.local # client_ca_file: /path/to/ca.pem # key_file: /path/to/key.pem # max_version: TLS13 # min_version: TLS12 ## @section Daemonset daemonSet: ## @param daemonSet.annotations Additional deployment annotations. ## @param daemonSet.labels Additional deployment labels. annotations: {} labels: {} ## @param daemonSet.additionalContainers List of additional containers. additionalContainers: [] # - command: [ "sh", "-c", "echo hello world" ] # image: "docker.io/library/busybox:latest" # name: side-car ## @param daemonSet.affinity Affinity for the fail2ban-exporter daemonSet. affinity: {} # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: kubernetes.io/os # operator: In # values: # - linux # preferredDuringSchedulingIgnoredDuringExecution: # - weight: 20 # preference: # matchExpressions: # - key: kubernetes.io/arch # operator: In # values: # - amd64 ## @param daemonSet.initContainers List of additional init containers. initContainers: [] # - command: [ "sh", "-c", "echo hello world" ] # image: "docker.io/library/busybox:latest" # name: init ## @param daemonSet.dnsConfig dnsConfig of the fail2ban-exporter daemonSet. dnsConfig: {} # nameservers: # - 192.0.2.1 # this is an example # searches: # - ns1.svc.cluster-domain.example # - my.dns.search.suffix # options: # - name: ndots # value: "2" # - name: edns0 ## @param daemonSet.dnsPolicy dnsPolicy of the fail2ban-exporter daemonSet. dnsPolicy: "" ## @param daemonSet.hostname Individual hostname of the pod. ## @param daemonSet.subdomain Individual domain of the pod. hostname: "" subdomain: "" ## @param daemonSet.hostNetwork Use the kernel network namespace of the host system. hostNetwork: false ## @param daemonSet.imagePullSecrets Secret to use for pulling the image. imagePullSecrets: [] # - name: "my-custom-secret" fail2banExporter: ## @param daemonSet.fail2banExporter.args Arguments passed to the fail2ban-exporter container. args: [] ## @param daemonSet.fail2banExporter.env List of environment variables for the fail2ban-exporter container. env: [] # - name: SPECIAL_ENV_A # value: special-key # - name: SPECIAL_ENV # valueFrom: # configMapKeyRef: # name: special-config # key: special-key # - name: SPECIAL_ENV # valueFrom: # secretKeyRef: # name: special-secret # key: special-key ## @param daemonSet.fail2banExporter.envFrom List of environment variables mounted from configMaps or secrets for the fail2ban-exporter container. envFrom: [] # - configMapRef: # name: special-config # - secretRef: # name: special-secret ## @param daemonSet.fail2banExporter.image.registry Image registry, eg. `docker.io`. ## @param daemonSet.fail2banExporter.image.repository Image repository, eg. `library/busybox`. ## @param daemonSet.fail2banExporter.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`. ## @param daemonSet.fail2banExporter.image.pullPolicy Image pull policy. image: registry: git.cryptic.systems repository: volker.raschek/prometheus-fail2ban-exporter tag: "" pullPolicy: IfNotPresent ## @param daemonSet.fail2banExporter.resources CPU and memory resources of the pod. resources: {} # limits: # cpu: # ephemeral-storage: # memory: # requests: # cpu: # ephemeral-storage: # memory: ## @param daemonSet.fail2banExporter.securityContext Security context of the container of the daemonSet. securityContext: {} # capabilities: # add: # - NET_RAW # drop: # - ALL # privileged: false # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 ## @param daemonSet.fail2banExporter.volumeMounts Additional volume mounts. ## @skip daemonSet.fail2banExporter.volumeMounts Skip individual volume mounts configuration. volumeMounts: - name: socket mountPath: /var/run/fail2ban ## @param daemonSet.nodeSelector NodeSelector of the fail2ban-exporter daemonSet. nodeSelector: {} ## @param daemonSet.priorityClassName PriorityClassName of the fail2ban-exporter daemonSet. priorityClassName: "" ## @param daemonSet.restartPolicy Restart policy of the fail2ban-exporter daemonSet. restartPolicy: "" ## @param daemonSet.securityContext Security context of the fail2ban-exporter daemonSet. securityContext: {} # fsGroup: 2000 ## @param daemonSet.updateStrategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. ## @param daemonSet.updateStrategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update. ## @param daemonSet.updateStrategy.type Strategy type - `OnDelete` or `RollingUpdate`. updateStrategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: "RollingUpdate" ## @param daemonSet.terminationGracePeriodSeconds How long to wait until forcefully kill the pod. terminationGracePeriodSeconds: 60 ## @param daemonSet.tolerations Tolerations of the fail2ban-exporter daemonSet. tolerations: [] # - key: database/type # operator: Equal # value: fail2ban # effect: NoSchedule ## @param daemonSet.topologySpreadConstraints TopologySpreadConstraints of the fail2ban-exporter daemonSet. topologySpreadConstraints: [] # - topologyKey: kubernetes.io/hostname # whenUnsatisfiable: DoNotSchedule # labelSelector: # matchLabels: # app.kubernetes.io/instance: prometheus-fail2ban-exporter ## @param daemonSet.volumes Additional volumes to mount into the pods of the prometheus-exporter daemonset. ## @skip daemonSet.volumes Skip individual volumes configuration. volumes: - name: socket hostPath: path: /var/run/fail2ban type: Directory # - name: my-configmap-volume # config: # name: my-configmap # - name: my-secret-volume # secret: # secretName: my-secret ## @section Grafana ## @param grafana.enabled Enable integration into Grafana. Require the Prometheus operator daemonSet. grafana: enabled: false ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana daemonSet. ## @skip grafana.dashboardDiscoveryLabels dashboardDiscoveryLabels: grafana_dashboard: "1" dashboards: ## @param grafana.dashboards.fail2banExporter.enabled Enable deployment of Grafana dashboard `fail2banExporter`. ## @param grafana.dashboards.fail2banExporter.annotations Additional configmap annotations. ## @param grafana.dashboards.fail2banExporter.labels Additional configmap labels. fail2banExporter: enabled: true annotations: {} labels: {} ## @section Ingress ingress: ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled. ## @param ingress.className Ingress class. ## @param ingress.annotations Additional ingress annotations. ## @param ingress.labels Additional ingress labels. enabled: false className: "nginx" annotations: {} labels: {} ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. ## @skip ingress.hosts Skip individual host configuration. hosts: [] # - host: fail2ban-exporter.example.local # paths: # - path: / # pathType: Prefix ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. ## @skip ingress.tls Skip individual TLS configuration. tls: [] # - secretName: fail2ban-exporter-http-tls # hosts: # - fail2ban-exporter.example.local ## @section Pod disruption ## @param podDisruptionBudget Pod disruption budget. podDisruptionBudget: {} # maxUnavailable: 1 # minAvailable: 1 ## @section Network ## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. networkPolicies: {} ## @section Prometheus prometheus: ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus. metrics: enabled: true ## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource. ## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations. ## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2. ## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. ## @param prometheus.metrics.podMonitor.honorLabels Honor labels. ## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels. ## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. ## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics. ## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. ## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. ## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. ## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. ## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration. podMonitor: enabled: false annotations: {} enableHttp2: true followRedirects: false honorLabels: false labels: {} interval: "60s" path: "/metrics" relabelings: [] scrapeTimeout: "30s" scheme: "http" tlsConfig: {} ## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource. ## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations. ## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels. ## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2. ## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. ## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels. ## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. ## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics. ## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. ## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. ## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. ## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. ## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration. serviceMonitor: enabled: false annotations: {} labels: {} enableHttp2: true followRedirects: false honorLabels: false interval: "60s" path: "/metrics" relabelings: [] scrapeTimeout: "30s" scheme: "http" tlsConfig: {} ## @param prometheus.rules Array of Prometheus rules for monitoring the application and triggering alerts. ## @skip prometheus.rules Skip individual Prometheus rules. rules: [] ## @section Service ## @param services.http.enabled Enable the service. ## @param services.http.annotations Additional service annotations. ## @param services.http.externalIPs External IPs for the service. ## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. ## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. ## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. ## @param services.http.labels Additional service labels. ## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. ## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. ## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. ## @param services.http.port Port to forward the traffic to. ## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. ## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. ## @param services.http.type Kubernetes service type for the traffic. services: http: enabled: true annotations: {} externalIPs: [] externalTrafficPolicy: "Cluster" internalTrafficPolicy: "Cluster" ipFamilies: [] labels: {} loadBalancerClass: "" loadBalancerIP: "" loadBalancerSourceRanges: [] port: 9191 sessionAffinity: "None" sessionAffinityConfig: {} type: "ClusterIP" ## @section ServiceAccount serviceAccount: ## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations. ## @param serviceAccount.existing.serviceAccountName Name of the existing service account. existing: enabled: false serviceAccountName: "" ## @param serviceAccount.new.annotations Additional service account annotations. ## @param serviceAccount.new.labels Additional service account labels. ## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token. ## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount. ## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. new: annotations: {} labels: {} automountServiceAccountToken: true imagePullSecrets: [] # - name: "my-image-pull-secret" secrets: [] # - name: "my-secret" # namespace: "my-namespace" # fieldPath: "my-field"