chore(deps): update docker.io/library/node docker tag to v23.11.0

Reviewed-on: #32

.drone.yml

@@ -1,208 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: Linters
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm lint
-  commands:
-  - helm lint
-  image: git.cryptic.systems/volker.raschek/helm:3.16.1
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: markdown lint
-  commands:
-  - markdownlint *.md
-  image: git.cryptic.systems/volker.raschek/markdownlint:0.42.0
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Unit tests
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm unittest
-  commands:
-  - helm unittest --strict --file 'unittests/**/*.yaml' ./
-  image: git.cryptic.systems/volker.raschek/helm:3.16.1
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Generate README.md
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: generate README
-  commands:
-  - npm install
-  - npm run readme:parameters
-  - npm run readme:lint
-  image: docker.io/library/node:22.11.0-alpine
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: detect diff
-  commands:
-  - git diff --exit-code --name-only README.md
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Release
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: release-helm-chart
-  commands:
-  - helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
-  - helm package --version ${DRONE_TAG} .
-  - helm cm-push ${DRONE_REPO_NAME}-${DRONE_TAG}.tgz prometheus-exporters
-  environment:
-    HELM_REPO_PASSWORD:
-      from_secret: helm_repo_password
-    HELM_REPO_USERNAME:
-      from_secret: helm_repo_username
-  image: git.cryptic.systems/volker.raschek/helm:3.16.1
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-trigger:
-  event:
-  - tag
-  repo:
-  - volker.raschek/prometheus-postgres-exporter

.gitea/workflows/generate-readme.yaml

@@ -0,0 +1,32 @@
+name: Generate README
+
+on:
+  pull_request:
+    paths: [ "README.md", "values.yaml" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "README.md", "values.yaml" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  generate-parameters:
+    container:
+      image: docker.io/library/node:23.11.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Generate parameter section in README
+      run: |
+        npm install
+        npm run readme:parameters
+    - name: Compare diff
+      run: git diff --exit-code --name-only README.md

.gitea/workflows/helm.yaml

@@ -0,0 +1,42 @@
+name: Helm
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  helm-lint:
+    container:
+      image: docker.io/volkerraschek/helm:3.17.1
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Lint helm files
+      run: |
+        helm lint --values values.yaml .
+
+  helm-unittest:
+    container:
+      image: docker.io/volkerraschek/helm:3.17.1
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Unittest
+      run: |
+        helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,46 @@
+name: Markdown linter
+
+on:
+  pull_request:
+    paths: [ "**/*.md" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "**/*.md" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  markdown-link-checker:
+    container:
+      image: docker.io/library/node:23.11.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Verify links in markdown files
+      run: |
+        npm install
+        npm run readme:link
+
+  markdown-lint:
+    container:
+      image: docker.io/library/node:23.11.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git
+    - uses: actions/checkout@v4.2.2
+    - name: Lint markdown files
+      run: |
+        npm install
+        npm run readme:lint

.gitea/workflows/release.yaml

@@ -0,0 +1,46 @@
+name: Release
+
+on:
+  push:
+    tags:
+    - "**"
+
+jobs:
+  publish-chart:
+    container:
+      image: docker.io/volkerraschek/helm:3.17.1
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install tooling
+        run: |
+          apk update
+          apk add git npm
+      - uses: actions/checkout@v4
+      - name: Package chart
+        env:
+          HELM_REPO_NAME: upload
+
+          CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
+          CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
+
+          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+          GITEA_SERVER_URL: ${{ github.server_url }}
+        run: |
+          PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
+          REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
+          REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
+
+          helm dependency build
+          helm package --version "${PACKAGE_VERSION}" ./
+
+          # chart-museum
+          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
+          helm repo remove chartmuseum
+
+          # gitea
+          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
+          helm repo remove gitea

.helmignore

@@ -26,7 +26,7 @@
 .vscode/
 
 # drone
-.drone.ya?ml
+.drone.yml
 
 # editorconfig
 .editorconfig
@@ -37,13 +37,24 @@ values2.yaml
 
 # helm packages
 *.tgz
+.helmignore
+unittests
 
 # markdownlint
 .markdownlint.yml
 .markdownlint.yaml
+.markdownlintignore
 
-# maven
+# npm
-target
+.prettierignore
+.npmrc
+package*
 
-# serviceDescriptor (uctl-cluster)
+# yamllint
-serviceDescriptor.yaml
+.yamllint.yaml
+
+# Others
+CONTRIBUTING.md
+CODEOWNERS
+Makefile
+renovate.json

.markdownlint.yaml

@@ -128,16 +128,18 @@ MD044:
   # List of proper names
   names:
     - Git
-    - Gitea
     - GitDevOps
+    - Gitea
     - GitHub
     - GitLab
     - GitOps
+    - kube-prometheus-stack
     - Memcached
     - Oracle
     - ORBIS U
     - PostgreSQL
     - Prometheus
+    - prometheus-exporter
     - SSL
     - TLS
   # Include code blocks

CONTRIBUTING.md

@@ -1 +1,82 @@
-# Contribution Guidelines
+# Contributing
+
+I am very happy if you would like to provide a pull request 👍
+
+The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
+
+1. [Valid Git commits](#valid-git-commits)
+
+## Valid Git commits
+
+### Commit message
+
+The repository is subject to a strict commit message template. This states that there are several types of commits. For
+example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
+
+| type                | description                                                       |
+| ------------------- | ----------------------------------------------------------------- |
+| `feat`              | New feature.                                                      |
+| `fix`               | Fixes a bug.                                                      |
+| `refac`             | Refactoring production code.                                      |
+| `style`             | Fixes formatting issues. No production code change.               |
+| `docs`              | Adapt documentation. No production code change.                   |
+| `test`              | Adds new or modifies existing tests. No production code change.   |
+| `chore`             | Updating grunt tasks. Is everything which the user does not see.  |
+
+Based on these types, commit messaged can then be created. Here are a few examples:
+
+```text
+style(README): Wrong indentation
+feat(deployment): support restartPolicy
+fix(my-app): Add missing volume
+docs(CONTRIBUTING): Describe how to commit correctly
+```
+
+This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
+pull request PR to be combined into one commit (squashing).
+
+### Smart commits
+
+Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
+commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
+needs to be added to the merge commit.
+
+This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
+of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
+
+```text
+* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
+|\
+| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
+| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
+| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
+|/
+* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
+```
+
+### Commit signing
+
+Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
+can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
+Linux kernel.
+
+```bash
+git config --global user.name 'Linux Torvalds'
+git config --global user.email 'torvalds@linux-foundation.org'
+```
+
+To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
+delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
+commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
+
+The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
+address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
+Otherwise will be marked the Git commit as *Unverified*.
+
+1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
+
+Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
+
+Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
+example an external USB drive.

Chart.yaml

@@ -4,7 +4,7 @@ description: Prometheus metric exporter for PostgreSQL
 type: application
 kubeVersion: ">=1.20.0"
 version: "0.1.0"
-appVersion: "0.16.0"
+appVersion: "0.17.1"
 
 # icon: https://annotations.example.com/icon.png
 

Makefile

@@ -3,43 +3,49 @@ CONTAINER_RUNTIME?=$(shell which podman)
 
 # HELM_IMAGE
 HELM_IMAGE_REGISTRY_HOST?=docker.io
-HELM_IMAGE_REPOSITORY=volkerraschek/helm
+HELM_IMAGE_REPOSITORY?=volkerraschek/helm
-HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.17.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
 HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
 
-# MARKDOWNLINKCHECKER_IMAGE
-MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST?=ghcr.io
-MARKDOWNLINKCHECK_IMAGE_REPOSITORY=tcort/markdown-link-check
-MARKDOWNLINKCHECK_IMAGE_VERSION?=3.12.2 # renovate: datasource=docker registryUrl=https://ghcr.io depName=tcort/markdown-link-check
-MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED=${MARKDOWNLINT_IMAGE_REGISTRY_HOST}/${MARKDOWNLINT_IMAGE_REPOSITORY}:${MARKDOWNLINT_IMAGE_VERSION}
-
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
-NODE_IMAGE_REPOSITORY=library/node
+NODE_IMAGE_REPOSITORY?=library/node
-NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
+NODE_IMAGE_VERSION?=22.14.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
 NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
 
-# CHART_SERVER
-CHART_SERVER_HOST?=charts.u.orbis-healthcare.com
-CHART_SERVER_NAMESPACE?=orbis-u
-CHART_SERVER_REPOSITORY?=qu-seed
-CHART_VERSION?=0.1.0
-
 # MISSING DOT
 # ==============================================================================
 missing-dot:
 	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
 
-# CONTAINER RUN - PREPARE ENVIRONMENT
+# CONTAINER RUN - README
 # ==============================================================================
 PHONY+=container-run/readme
-container-run/readme:
+container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
+
+container-run/readme/link:
 	${CONTAINER_RUNTIME} run \
 		--rm \
 		--volume $(shell pwd):$(shell pwd) \
 		--workdir $(shell pwd) \
 			${NODE_IMAGE_FULLY_QUALIFIED} \
-				npm install && npm run readme:parameters && npm run readme:lint
+				npm install && npm run readme:link
+
+container-run/readme/lint:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:lint
+
+container-run/readme/parameters:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:parameters
 
 # CONTAINER RUN - HELM UNITTESTS
 # ==============================================================================
@@ -67,19 +73,6 @@ container-run/helm-update-dependencies:
 			${HELM_IMAGE_FULLY_QUALIFIED} \
 				dependency update
 
-# CONTAINER RUN - DEPLOY2CHART-REPO
-# ==============================================================================
-container-run/deploy2chart-repo:
-	${CONTAINER_RUNTIME} run \
-		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
-		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
-		--entrypoint /bin/bash \
-		--rm \
-		--volume $(shell pwd):$(shell pwd) \
-		--workdir $(shell pwd) \
-			${HELM_IMAGE_FULLY_QUALIFIED} \
-				-c "helm repo add ${CHART_SERVER_NAMESPACE} http://${CHART_SERVER_HOST}/${CHART_SERVER_NAMESPACE} && helm package --version ${CHART_VERSION} . && helm cm-push ./${CHART_SERVER_REPOSITORY}-${CHART_VERSION}.tgz ${CHART_SERVER_NAMESPACE}"
-
 # CONTAINER RUN - MARKDOWN-LINT
 # ==============================================================================
 PHONY+=container-run/helm-lint
@@ -91,16 +84,6 @@ container-run/helm-lint:
 		${HELM_IMAGE_FULLY_QUALIFIED} \
 			lint --values values.yaml .
 
-# CONTAINER RUN - MARKDOWN-LINK-CHECK
-# ==============================================================================
-PHONY+=container-run/markdown-link-check
-container-run/markdown-link-check:
-	${CONTAINER_RUNTIME} run \
-		--rm \
-		--volume $(shell pwd):/work \
-		${MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED} \
-			*.md
-
 # PHONY
 # ==============================================================================
 # Declare the contents of the PHONY variable as phony. We keep that information

README.md

@@ -1,25 +1,26 @@
 # Prometheus PostgreSQL exporter
 
 [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-postgres-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-postgres-exporter)
-
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
-This helm chart enables the deployment of a Prometheus metrics exporter for PostgreSQL databases and allows the
-individual configuration of additional containers/initContainers, mounting of volumes, defining additional environment
-variables, apply a user-defined web-config.yaml and much more.
-
-Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure helm
-and use it to deploy the exporter. It also contains further configuration examples.
-
-Furthermore, this helm chart unit tests to detect regressions and stabilize the deployment. Additionally, this helm
-chart is tested for deployment scenarios with ArgoCD.
 
 > [!NOTE]
 > This is not the official *community* helm chart of the Prometheus metric exporter for PostgreSQL databases. You can
 > find the official community chart [here](https://github.com/prometheus-community/helm-charts).
 
+This helm chart enables the deployment of a Prometheus metrics exporter for PostgreSQL databases and allows the
+individual configuration of additional containers/initContainers, mounting of volumes, defining additional environment
+variables, apply a user-defined `webConfig.yaml` and much more.
+
+Chapter [configuration and installation](#helm-configuration-and-installation) describes the basics how to configure helm
+and use it to deploy the exporter. It also contains further configuration examples.
+
+Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
+helm chart is tested for deployment scenarios with **ArgoCD**.
+
 ## Helm: configuration and installation
 
 1. A helm chart repository must be configured, to pull the helm charts from.
-2. All available parameters are [here](#parameters) in detail document. The parameters can be defined via the helm
+2. All available parameters are [here](#parameters) in detail documented. The parameters can be defined via the helm
    `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
    repository and use the `--set` flag for a basic deployment.
 
@@ -31,7 +32,7 @@ chart is tested for deployment scenarios with ArgoCD.
 ```bash
 helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
 helm repo update
-helm install prometheus-exporters/prometheus-postgres-exporter prometheus-postgres-exporter \
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
   --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
@@ -45,7 +46,8 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-helm show values prometheus-exporters/prometheus-postgres-exporter --version 0.1.0 > values.yaml
+CHART_VERSION=0.4.2
+helm show values prometheus-exporters/prometheus-postgres-exporter --version "${CHART_VERSION}" > values.yaml
 ```
 
 A complete list of available helm chart versions can be displayed via the following command:
@@ -61,7 +63,38 @@ for customizations. These can be configured in more detail via `values.yaml`.
 
 The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
 
-### TLS authentication and encryption
+#### Avoid CPU throttling by defining a CPU limit
+
+If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
+application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
+cannot use the available CPU time to perform computing operations.
+
+The application must be informed that despite several CPUs only a part (limit) of the available computing time is
+available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
+of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
+rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
+
+Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
+
+> [!NOTE]
+> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
+> not anymore required.
+>
+> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
+
+```bash
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
+  --set 'config.database.secret.databaseUsername=postgres' \
+  --set 'config.database.secret.databasePassword=postgres' \
+  --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
+  --set 'prometheus.metrics.enabled=true' \
+  --set 'prometheus.metrics.serviceMonitor.enabled=true' \
+  --set 'deployment.postgresExporter.env.name=GOMAXPROCS' \
+  --set 'deployment.postgresExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
+  --set 'deployment.postgresExporter.resources.limits.cpu=1000m'
+```
+
+#### TLS authentication and encryption
 
 The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
 certification will be skipped by Prometheus.
@@ -71,7 +104,7 @@ certification will be skipped by Prometheus.
 > `tls.key` and `tls.crt` of the secret can be mounted into the container filesystem for TLS authentication / encryption.
 
 ```bash
-helm install prometheus-exporters/prometheus-postgres-exporter prometheus-postgres-exporter \
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
   --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
@@ -94,7 +127,7 @@ certificate for the metrics exporter - TLS certificate verification can be enabl
 replaced:
 
 ```diff
-  helm install prometheus-exporters/prometheus-postgres-exporter prometheus-postgres-exporter \
+  helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
     --set 'config.database.secret.databaseUsername=postgres' \
     --set 'config.database.secret.databasePassword=postgres' \
     --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
@@ -115,6 +148,116 @@ replaced:
 +   --set 'prometheus.metrics.serviceMonitor.tlsConfig.keyFile=/etc/prometheus/tls/tls.key'
 ```
 
+#### Grafana dashboard
+
+The helm chart includes Grafana dashboards. These can be deployed as a configMap by activating Grafana integration. It
+is assumed that the dashboard is consumed by Grafana or a sidecar container itself and that the dashboard is stored in
+the Grafana container file system so that it is subsequently available to the user. The
+[kube-prometheus-stack](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) deployment
+makes this possible.
+
+```bash
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
+  --set 'config.database.secret.databaseUsername=postgres' \
+  --set 'config.database.secret.databasePassword=postgres' \
+  --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
+  --set 'grafana.enabled=true'
+```
+
+#### Avoid deploying on same node / bare metal host as PostgresDB
+
+As a best practice, avoid running the postgres-exporter on the same node / bare-metal host as the PostgresDB. This is
+because if the postgres-exporter is running on the same node and this node fails, Prometheus can send an alert about the
+failure of the node or that the postgres-exporter cannot be reached. However, it is not possible to react based on the
+metrics that the postgres-exporter explicitly provides. Depending on the configuration of alerts, this may mean that the
+corresponding notifications are not sent to the right person or group of people.
+
+The following example prevent the postgres-exporter from running on nodes with a PostgresDB. The PostgresDB nodes has an
+additional label `database=postgres`. The configuration is carried out in `values.yaml`.
+
+```yaml
+deployment:
+  affinity:
+    nodeAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        preference:
+          matchExpressions:
+          - key: database
+            operator: NotIn
+            values:
+            - postgres
+```
+
+### Network policies
+
+Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
+network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
+
+The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example
+predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example:
+
+> [!NOTE]
+> The structure of each custom network policy must be equal like that of default. For this reason don't forget to define
+> `annotations`, `labels` and the other properties as well.
+
+```yaml
+networkPolicies:
+  enabled: false
+  default: {}
+  my-custom-network-policy: {}
+```
+
+The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow
+incoming traffic from Prometheus. Additionally two egress rules are defined, to allow the application outgoing access to
+the internal running DNS server `core-dns` and the external running postgres database listen on `10.14.243.12`.
+
+> [!IMPORTANT]
+> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
+> this reason, there is are not default network policy rules defined.
+
+```yaml
+networkPolicies:
+  enabled: true
+  default:
+    enabled: true
+    annotations: {}
+    labels: {}
+    policyTypes:
+    - Egress
+    - Ingress
+    egress:
+    - to:
+      - ipBlock:
+          cidr: 10.14.243.12/32
+      ports:
+      - port: 5432
+        protocol: TCP
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: kube-system
+        podSelector:
+          matchLabels:
+           k8s-app: kube-dns
+      ports:
+      - port: 53
+        protocol: TCP
+      - port: 53
+        protocol: UDP
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: monitoring
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: prometheus
+      ports:
+      - port: http
+        protocol: TCP
+```
+
 ## Parameters
 
 ### Global
@@ -126,32 +269,32 @@ replaced:
 
 ### Configuration
 
-| Name                                              | Description                                                                                                                                       | Value   |
+| Name                                              | Description                                                                                                                                                                            | Value   |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `config.database.existingSecret.enabled`          | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                       | `false` |
+| `config.database.existingSecret.enabled`          | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                            | `false` |
-| `config.database.existingSecret.secretName`       | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                    | `""`    |
+| `config.database.existingSecret.secretName`       | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                         | `""`    |
-| `config.database.secret.annotations`              | Additional annotations of the secret containing the database credentials.                                                                         | `{}`    |
+| `config.database.secret.annotations`              | Additional annotations of the secret containing the database credentials.                                                                                                              | `{}`    |
-| `config.database.secret.labels`                   | Additional labels of the secret containing the database credentials.                                                                              | `{}`    |
+| `config.database.secret.labels`                   | Additional labels of the secret containing the database credentials.                                                                                                                   | `{}`    |
-| `config.database.secret.databaseUsername`         | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret.                                                                 | `""`    |
+| `config.database.secret.databaseUsername`         | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret.                                                                                                      | `""`    |
-| `config.database.secret.databasePassword`         | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret.                                                                 | `""`    |
+| `config.database.secret.databasePassword`         | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret.                                                                                                      | `""`    |
-| `config.database.secret.databaseConnectionUrl`    | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret.                                                    | `""`    |
+| `config.database.secret.databaseConnectionUrl`    | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret.                                                                                         | `""`    |
-| `config.exporterConfig.existingSecret.enabled`    | Mount an existing secret containing the key `exporterConfig.yaml`.                                                                                | `false` |
+| `config.exporterConfig.existingSecret.enabled`    | Mount an existing secret containing the key `exporterConfig.yaml`.                                                                                                                     | `false` |
-| `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`.                                                                             | `""`    |
+| `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`.                                                                                                                  | `""`    |
-| `config.exporterConfig.secret.annotations`        | Additional annotations of the secret containing the `exporterConfig.yaml`.                                                                        | `{}`    |
+| `config.exporterConfig.secret.annotations`        | Additional annotations of the secret containing the `exporterConfig.yaml`.                                                                                                             | `{}`    |
-| `config.exporterConfig.secret.labels`             | Additional labels of the secret containing the `exporterConfig.yaml`.                                                                             | `{}`    |
+| `config.exporterConfig.secret.labels`             | Additional labels of the secret containing the `exporterConfig.yaml`.                                                                                                                  | `{}`    |
-| `config.exporterConfig.secret.exporterConfig`     | Content of the `exporterConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/). | `{}`    |
+| `config.exporterConfig.secret.exporterConfig`     | Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta). | `{}`    |
-| `config.webConfig.existingSecret.enabled`         | Mount an existing secret containing the key `webConfig.yaml`.                                                                                     | `false` |
+| `config.webConfig.existingSecret.enabled`         | Mount an existing secret containing the key `webConfig.yaml`.                                                                                                                          | `false` |
-| `config.webConfig.existingSecret.secretName`      | Name of the existing secret containing the key `webConfig.yaml`.                                                                                  | `""`    |
+| `config.webConfig.existingSecret.secretName`      | Name of the existing secret containing the key `webConfig.yaml`.                                                                                                                       | `""`    |
-| `config.webConfig.secret.annotations`             | Additional annotations of the secret containing the `webConfig.yaml`.                                                                             | `{}`    |
+| `config.webConfig.secret.annotations`             | Additional annotations of the secret containing the `webConfig.yaml`.                                                                                                                  | `{}`    |
-| `config.webConfig.secret.labels`                  | Additional labels of the secret containing the `webConfig.yaml`.                                                                                  | `{}`    |
+| `config.webConfig.secret.labels`                  | Additional labels of the secret containing the `webConfig.yaml`.                                                                                                                       | `{}`    |
-| `config.webConfig.secret.webConfig`               | Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).      | `{}`    |
+| `config.webConfig.secret.webConfig`               | Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).                                           | `{}`    |
 
 ### Deployment
 
 | Name                                               | Description                                                                                                | Value                                   |
 | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------------------- |
 | `deployment.annotations`                           | Additional deployment annotations.                                                                         | `{}`                                    |
-| `deployment.labels`                                | Additional ingress labels.                                                                                 | `{}`                                    |
+| `deployment.labels`                                | Additional deployment labels.                                                                              | `{}`                                    |
 | `deployment.additionalContainers`                  | List of additional containers.                                                                             | `[]`                                    |
 | `deployment.affinity`                              | Affinity for the postgres-exporter deployment.                                                             | `{}`                                    |
 | `deployment.initContainers`                        | List of additional init containers.                                                                        | `[]`                                    |
@@ -173,23 +316,26 @@ replaced:
 | `deployment.postgresExporter.volumeMounts`         | Additional volume mounts.                                                                                  | `[]`                                    |
 | `deployment.nodeSelector`                          | NodeSelector of the postgres-exporter deployment.                                                          | `{}`                                    |
 | `deployment.priorityClassName`                     | PriorityClassName of the postgres-exporter deployment.                                                     | `""`                                    |
-| `deployment.replicaCount`                          | Number of replicas for the postgres-exporter deployment.                                                   | `1`                                     |
+| `deployment.replicas`                              | Number of replicas for the postgres-exporter deployment.                                                   | `1`                                     |
 | `deployment.restartPolicy`                         | Restart policy of the postgres-exporter deployment.                                                        | `""`                                    |
 | `deployment.securityContext`                       | Security context of the postgres-exporter deployment.                                                      | `{}`                                    |
-| `deployment.strategy.type`                         | Strategy type - `Recreate` or `Rollingupdate`.                                                             | `Recreate`                              |
+| `deployment.strategy.type`                         | Strategy type - `Recreate` or `RollingUpdate`.                                                             | `RollingUpdate`                         |
 | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`                                     |
 | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`                                     |
 | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`                                    |
 | `deployment.tolerations`                           | Tolerations of the postgres-exporter deployment.                                                           | `[]`                                    |
 | `deployment.topologySpreadConstraints`             | TopologySpreadConstraints of the postgres-exporter deployment.                                             | `[]`                                    |
-| `deployment.volumes`                               | Additional volumes to mount into the pods of the Prometheus-exporter deployment.                           | `[]`                                    |
+| `deployment.volumes`                               | Additional volumes to mount into the pods of the prometheus-exporter deployment.                           | `[]`                                    |
 
 ### Grafana
 
-| Name                                 | Description                                               | Value   |
+| Name                                              | Description                                                                                              | Value       |
-| ------------------------------------ | --------------------------------------------------------- | ------- |
+| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | ----------- |
-| `grafana.enabled`                    | Enable integration into Grafana.                          | `false` |
+| `grafana.enabled`                                 | Enable integration into Grafana. Require the Prometheus operator deployment.                             | `false`     |
-| `grafana.dashboards.businessMetrics` | Enable deployment of Grafana dashboard `businessMetrics`. | `true`  |
+| `grafana.dashboardDiscoveryLabels`                | Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment. | `undefined` |
+| `grafana.dashboards.postgresExporter.enabled`     | Enable deployment of Grafana dashboard `postgresExporter`.                                               | `true`      |
+| `grafana.dashboards.postgresExporter.annotations` | Additional configmap annotations.                                                                        | `{}`        |
+| `grafana.dashboards.postgresExporter.labels`      | Additional configmap labels.                                                                             | `{}`        |
 
 ### Ingress
 
@@ -208,11 +354,17 @@ replaced:
 | --------------------- | ---------------------- | ----- |
 | `podDisruptionBudget` | Pod disruption budget. | `{}`  |
 
-### Network
+### NetworkPolicies
 
-| Name              | Description                                                                                                        | Value |
+| Name                                  | Description                                                                                           | Value   |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- |
+| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- |
-| `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}`  |
+| `networkPolicies.enabled`             | Enable network policies in general.                                                                   | `false` |
+| `networkPolicies.default.enabled`     | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
+| `networkPolicies.default.annotations` | Additional network policy annotations.                                                                | `{}`    |
+| `networkPolicies.default.labels`      | Additional network policy labels.                                                                     | `{}`    |
+| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress.                             | `[]`    |
+| `networkPolicies.default.egress`      | Concrete egress network policy implementation.                                                        | `[]`    |
+| `networkPolicies.default.ingress`     | Concrete ingress network policy implementation.                                                       | `[]`    |
 
 ### Prometheus
 
@@ -221,7 +373,7 @@ replaced:
 | `prometheus.metrics.enabled`                        | Enable of scraping metrics by Prometheus.                                                                                                    | `true`     |
 | `prometheus.metrics.podMonitor.enabled`             | Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.                                                        | `false`    |
 | `prometheus.metrics.podMonitor.annotations`         | Additional podMonitor annotations.                                                                                                           | `{}`       |
-| `prometheus.metrics.podMonitor.enableHttp2`         | Enable HTTP2.                                                                                                                                | `false`    |
+| `prometheus.metrics.podMonitor.enableHttp2`         | Enable HTTP2.                                                                                                                                | `true`     |
 | `prometheus.metrics.podMonitor.followRedirects`     | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    |
 | `prometheus.metrics.podMonitor.honorLabels`         | Honor labels.                                                                                                                                | `false`    |
 | `prometheus.metrics.podMonitor.labels`              | Additional podMonitor labels.                                                                                                                | `{}`       |
@@ -234,12 +386,11 @@ replaced:
 | `prometheus.metrics.serviceMonitor.enabled`         | Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.                                                        | `false`    |
 | `prometheus.metrics.serviceMonitor.annotations`     | Additional serviceMonitor annotations.                                                                                                       | `{}`       |
 | `prometheus.metrics.serviceMonitor.labels`          | Additional serviceMonitor labels.                                                                                                            | `{}`       |
-| `prometheus.metrics.serviceMonitor.enableHttp2`     | Enable HTTP2.                                                                                                                                | `false`    |
+| `prometheus.metrics.serviceMonitor.enableHttp2`     | Enable HTTP2.                                                                                                                                | `true`     |
 | `prometheus.metrics.serviceMonitor.followRedirects` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.                                                                | `false`    |
 | `prometheus.metrics.serviceMonitor.honorLabels`     | Honor labels.                                                                                                                                | `false`    |
 | `prometheus.metrics.serviceMonitor.interval`        | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                                    | `60s`      |
 | `prometheus.metrics.serviceMonitor.path`            | HTTP path for scraping Prometheus metrics.                                                                                                   | `/metrics` |
-| `prometheus.metrics.serviceMonitor.port`            | HTTP port for scraping Prometheus metrics.                                                                                                   | `9187`     |
 | `prometheus.metrics.serviceMonitor.relabelings`     | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. | `[]`       |
 | `prometheus.metrics.serviceMonitor.scrapeTimeout`   | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                                         | `30s`      |
 | `prometheus.metrics.serviceMonitor.scheme`          | HTTP scheme to use for scraping. For example `http` or `https`.                                                                              | `http`     |

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "qu-seed-chart",
+  "name": "prometheus-postgres-exporter",
-  "homepage": "https://github.com/dedalus-cis4u/qu-seed-chart.git",
+  "homepage": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter.git",
   "license": "MIT",
   "private": true,
   "engineStrict": true,
@@ -9,11 +9,13 @@
     "npm": ">=8.0.0"
   },
   "scripts": {
+    "readme:link": "markdown-link-check *.md",
     "readme:lint": "markdownlint *.md -f",
     "readme:parameters": "readme-generator -v values.yaml -r README.md"
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
-    "markdownlint-cli": "^0.41.0"
+    "markdown-link-check": "^3.13.6",
+    "markdownlint-cli": "^0.44.0"
   }
 }

renovate.json

@@ -1,9 +1,14 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [ "volker.raschek" ],
+  "extends": [
+    "local>volker.raschek/renovate-config:default#master",
+    "local>volker.raschek/renovate-config:container#master",
+    "local>volker.raschek/renovate-config:actions#master",
+    "local>volker.raschek/renovate-config:npm#master",
+    "local>volker.raschek/renovate-config:regexp#master"
+  ],
   "customManagers": [
     {
-      "description": "Update container image reference",
       "fileMatch": [
         "^Chart\\.yaml$"
       ],
@@ -11,26 +16,53 @@
         "appVersion: \"(?<currentValue>.*?)\"\\s+"
       ],
       "datasourceTemplate": "docker",
-      "depNameTemplate": "prometheus-postgres-exporter",
+      "depNameTemplate": "prometheuscommunity/postgres-exporter",
-      "lookupNameTemplate": "quay.io/prometheuscommunity/postgres-exporter"
+      "lookupNameTemplate": "quay.io/prometheuscommunity/postgres-exporter",
-    }
+      "versioningTemplate": "semver"
-  ],
-  "labels": [ "renovate" ],
-  "packageRules": [
-    {
-      "addLabels": [ "renovate/droneci", "renovate/automerge" ],
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
     },
     {
-      "addLabels": [ "renovate/markdownlint", "renovate/automerge" ],
+      "fileMatch": ["^README\\.md$"],
-      "automerge": true,
+      "matchStrings": [
-      "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
+        "VERSION=(?<currentValue>.*)"
-      "matchManagers": [ "npm" ],
+      ],
-      "matchUpdateTypes": [ "minor", "patch"]
+      "depNameTemplate": "volker.raschek/prometheus-postgres-exporter",
+      "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
+      "datasourceTemplate": "git-tags",
+      "versioningTemplate": "semver"
     }
   ],
-  "rebaseLabel": "renovate/rebase",
+  "packageRules": [
-  "rebaseWhen": "behind-base-branch"
+    {
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/container"
+      ],
+      "automerge": true,
+      "excludePackagePatterns": [
+        "prometheuscommunity/postgres-exporter"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
+    },
+    {
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/documentation"
+      ],
+      "automerge": true,
+      "matchDepNames": [
+        "volker.raschek/prometheus-postgres-exporter"
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "patch"
+      ]
+    }
+  ]
 }

templates/prometheus-postgres-exporter/_configMap.tpl

@@ -0,0 +1,20 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+
+{{- define "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.annotations" -}}
+{{ include "prometheus-postgres-exporter.annotations" . }}
+{{- if .Values.grafana.dashboards.postgresExporter.annotations }}
+{{ toYaml .Values.grafana.dashboards.postgresExporter.annotations }}
+{{- end }}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.labels" -}}
+{{ include "prometheus-postgres-exporter.labels" . }}
+{{- if .Values.grafana.dashboards.postgresExporter.labels }}
+{{ toYaml .Values.grafana.dashboards.postgresExporter.labels }}
+{{- end }}
+{{ toYaml .Values.grafana.dashboardDiscoveryLabels }}
+{{- end }}

templates/prometheus-postgres-exporter/_deployment.tpl

@@ -9,6 +9,17 @@
 {{- end }}
 {{- end }}
 
+{{/* env */}}
+
+{{- define "prometheus-postgres-exporter.deployment.env" -}}
+{{- $env := dict "env" (.Values.deployment.postgresExporter.env | default (list) ) }}
+{{- if and (hasKey .Values.deployment.postgresExporter.resources "limits") (hasKey .Values.deployment.postgresExporter.resources.limits "cpu") }}
+{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
+{{- end }}
+{{ toYaml $env }}
+{{- end -}}
+
+
 {{/* envFrom */}}
 
 {{- define "prometheus-postgres-exporter.deployment.envFrom" -}}

templates/prometheus-postgres-exporter/_networkPolicies.tpl

@@ -0,0 +1,19 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+
+{{- define "prometheus-postgres-exporter.networkPolicies.annotations" -}}
+{{ include "prometheus-postgres-exporter.annotations" .context }}
+{{- if .networkPolicy.annotations }}
+{{ toYaml .networkPolicy.annotations }}
+{{- end }}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "prometheus-postgres-exporter.networkPolicies.labels" -}}
+{{ include "prometheus-postgres-exporter.labels" .context }}
+{{- if .networkPolicy.labels }}
+{{ toYaml .networkPolicy.labels }}
+{{- end }}
+{{- end }}

templates/prometheus-postgres-exporter/deployment.yaml

@@ -12,6 +12,7 @@ metadata:
   name: {{ include "prometheus-postgres-exporter.fullname" . }}
   namespace: {{ .Release.Namespace }}
 spec:
+  replicas: {{ .Values.deployment.replicas }}
   selector:
     matchLabels:
       {{- include "prometheus-postgres-exporter.pod.selectorLabels" . | nindent 6 }}
@@ -20,6 +21,10 @@ spec:
       labels:
         {{- include "prometheus-postgres-exporter.pod.labels" . | nindent 8 }}
     spec:
+      {{- with .Values.deployment.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: postgres-exporter
         args:
@@ -29,9 +34,10 @@ spec:
         {{- range .Values.deployment.postgresExporter.args }}
         - {{ . | quote }}
         {{- end }}
-        {{- with .Values.deployment.postgresExporter.env }}
+        {{- $env := (include "prometheus-postgres-exporter.deployment.env" . | fromYaml) }}
+        {{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
         env:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $env.env | nindent 8 }}
         {{- end }}
         {{- $envFrom := (include "prometheus-postgres-exporter.deployment.envFrom" . | fromYaml) }}
         {{- if hasKey $envFrom "envFrom" }}
@@ -120,3 +126,7 @@ spec:
       volumes:
       {{- toYaml $volumes.volumes | nindent 6 }}
       {{- end }}
+  {{- with .Values.deployment.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}

templates/prometheus-postgres-exporter/networkPolicies.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.networkPolicies.enabled }}
+{{- range $key, $value := .Values.networkPolicies -}}
+{{- if and (not (eq $key "enabled")) $value.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  {{- with (include "prometheus-postgres-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "prometheus-postgres-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ printf "%s-%s" (include "prometheus-postgres-exporter.fullname" $ ) $key }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "prometheus-postgres-exporter.pod.selectorLabels" $ | nindent 6 }}
+  {{- with $value.policyTypes }}
+  policyTypes:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with $value.egress }}
+  egress:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with $value.ingress }}
+  ingress:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

templates/prometheus-postgres-exporter/prometheusRules.yaml

@@ -16,7 +16,7 @@ metadata:
 spec:
 {{- with .Values.prometheus.rules }}
   groups:
-  - name: {{ template "prometheus-postgres-exporter.name" $ }}
+  - name: {{ template "prometheus-postgres-exporter.fullname" $ }}
     rules:
     {{ toYaml . | nindent 4 }}
 {{- end }}

templates/prometheus-postgres-exporter/serviceMonitorHTTP.yaml

@@ -25,7 +25,7 @@ spec:
       {{- toYaml . | nindent 6 }}
     {{- end }}
     scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }}
-    scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme}}
+    scheme: {{ required "The scheme of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scheme }}
     targetPort: {{ required "The port of the service is not defined!" .Values.services.http.port }}
     {{- with .Values.prometheus.metrics.serviceMonitor.tlsConfig }}
     tlsConfig:

unittests/configMaps/grafanaDashboardPostgresExporter.yaml

@@ -0,0 +1,79 @@
+chart:
+  appVersion: 0.1.0
+  version: 0.1.0
+suite: ConfigMap template (Grafana Dashboard PostgresExporter)
+release:
+  name: prometheus-postgres-exporter-unittest
+  namespace: testing
+templates:
+- templates/prometheus-postgres-exporter/configMapGrafanaDashboardPostgresExporter.yaml
+tests:
+- it: Rendering postgresExporter
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Rendering
+  set:
+    grafana.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 1
+  - containsDocument:
+      apiVersion: v1
+      kind: ConfigMap
+      name: prometheus-postgres-exporter-unittest-grafana-dashboard-postgres-exporter
+      namespace: testing
+  - notExists:
+      path: metadata.annotations
+  - equal:
+      path: metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        grafana_dashboard: "1"
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0
+  - exists:
+      path: data["postgresExporter.json"]
+
+- it: Test custom annotations and labels
+  set:
+    grafana.enabled: true
+    grafana.dashboards.postgresExporter.annotations:
+      foo: bar
+    grafana.dashboards.postgresExporter.labels:
+      bar: foo
+  asserts:
+  - equal:
+      path: metadata.annotations
+      value:
+        foo: bar
+  - equal:
+      path: metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        grafana_dashboard: "1"
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0
+        bar: foo
+
+- it: Test custom grafana discovery labels
+  set:
+    grafana.enabled: true
+    grafana.dashboardDiscoveryLabels:
+      grafana_dashboard: null
+      my-custom-discovery-label: my-value
+  asserts:
+  - equal:
+      path: metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        my-custom-discovery-label: my-value
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0

unittests/deployment/deployment.yaml

@@ -27,6 +27,11 @@ tests:
         app.kubernetes.io/name: prometheus-postgres-exporter
         app.kubernetes.io/version: 0.1.0
         helm.sh/chart: prometheus-postgres-exporter-0.1.0
+  - equal:
+      path: spec.replicas
+      value: 1
+  - notExists:
+      path: spec.template.spec.affinity
   - contains:
       path: spec.template.spec.containers[0].envFrom
       content:
@@ -90,6 +95,47 @@ tests:
       path: spec.template.spec.tolerations
   - notExists:
       path: spec.template.spec.topologySpreadConstraints
+  - equal:
+      path: spec.strategy
+      value:
+        type: "RollingUpdate"
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 1
+
+- it: Test custom replicas
+  set:
+    deployment.replicas: 3
+  asserts:
+  - equal:
+      path: spec.replicas
+      value: 3
+
+- it: Test custom affinity
+  set:
+    deployment.affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+          - matchExpressions:
+            - key: topology.kubernetes.io/zone
+              operator: In
+              values:
+              - antarctica-east1
+              - antarctica-west1
+  asserts:
+  - equal:
+      path: spec.template.spec.affinity
+      value:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: topology.kubernetes.io/zone
+                operator: In
+                values:
+                - antarctica-east1
+                - antarctica-west1
 
 - it: Test additional arguments
   set:
@@ -188,6 +234,14 @@ tests:
         cpu: 25m
         memory: 100MB
   asserts:
+  - equal:
+      path: spec.template.spec.containers[0].env
+      value:
+      - name: GOMAXPROCS
+        valueFrom:
+          resourceFieldRef:
+            divisor: "1"
+            resource: limits.cpu
   - equal:
       path: spec.template.spec.containers[0].resources
       value:

unittests/networkPolicies/default.yaml

@@ -0,0 +1,118 @@
+chart:
+  appVersion: 0.1.0
+  version: 0.1.0
+suite: NetworkPolicies template (basic)
+release:
+  name: prometheus-postgres-exporter-unittest
+  namespace: testing
+templates:
+- templates/prometheus-postgres-exporter/networkPolicies.yaml
+tests:
+- it: Skip networkPolicies in general disabled.
+  set:
+    networkPolicies.enabled: false
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Skip networkPolicy 'default' when disabled.
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: false
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Loop over networkPolicies
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: false
+    networkPolicies.nginx.enabled: true
+    networkPolicies.prometheus.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 2
+
+- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 1
+  - containsDocument:
+      apiVersion: networking.k8s.io/v1
+      kind: NetworkPolicy
+      name: prometheus-postgres-exporter-unittest-default
+      namespace: testing
+  - notExists:
+      path: metadata.annotations
+  - equal:
+      path: metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0
+  - equal:
+      path: spec.podSelector.matchLabels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/name: prometheus-postgres-exporter
+  - notExists:
+      path: spec.policyTypes
+  - notExists:
+      path: spec.egress
+  - notExists:
+      path: spec.ingress
+
+- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: true
+    networkPolicies.default.policyTypes:
+    - Egress
+    - Ingress
+    networkPolicies.default.ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: khv-production
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: prometheus
+    networkPolicies.default.egress:
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: database
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: oracle
+  asserts:
+  - equal:
+      path: spec.policyTypes
+      value:
+      - Egress
+      - Ingress
+  - equal:
+      path: spec.egress
+      value:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: database
+          podSelector:
+            matchLabels:
+              app.kubernetes.io/name: oracle
+  - equal:
+      path: spec.ingress
+      value:
+      - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: khv-production
+          podSelector:
+            matchLabels:
+              app.kubernetes.io/name: prometheus

unittests/podMonitors/podMonitorHTTP.yaml

@@ -58,7 +58,7 @@ tests:
         helm.sh/chart: prometheus-postgres-exporter-0.1.0
   - equal:
       path: spec.podMetricsEndpoints[0].enableHttp2
-      value: false
+      value: true
   - equal:
       path: spec.podMetricsEndpoints[0].followRedirects
       value: false
@@ -119,7 +119,7 @@ tests:
   set:
     prometheus.metrics.enabled: true
     prometheus.metrics.podMonitor.enabled: true
-    prometheus.metrics.podMonitor.enableHttp2: true
+    prometheus.metrics.podMonitor.enableHttp2: false
     prometheus.metrics.podMonitor.followRedirects: true
     prometheus.metrics.podMonitor.honorLabels: true
     prometheus.metrics.podMonitor.interval: "180s"
@@ -137,7 +137,7 @@ tests:
       count: 1
   - equal:
       path: spec.podMetricsEndpoints[0].enableHttp2
-      value: true
+      value: false
   - equal:
       path: spec.podMetricsEndpoints[0].followRedirects
       value: true

unittests/serviceMonitors/serviceMonitorHTTP.yaml

@@ -59,7 +59,7 @@ tests:
         helm.sh/chart: prometheus-postgres-exporter-0.1.0
   - equal:
       path: spec.endpoints[0].enableHttp2
-      value: false
+      value: true
   - equal:
       path: spec.endpoints[0].followRedirects
       value: false
@@ -121,7 +121,7 @@ tests:
   set:
     prometheus.metrics.enabled: true
     prometheus.metrics.serviceMonitor.enabled: true
-    prometheus.metrics.serviceMonitor.enableHttp2: true
+    prometheus.metrics.serviceMonitor.enableHttp2: false
     prometheus.metrics.serviceMonitor.followRedirects: true
     prometheus.metrics.serviceMonitor.honorLabels: true
     prometheus.metrics.serviceMonitor.interval: "180s"
@@ -139,7 +139,7 @@ tests:
       count: 1
   - equal:
       path: spec.endpoints[0].enableHttp2
-      value: true
+      value: false
   - equal:
       path: spec.endpoints[0].followRedirects
       value: true

values.schema.json

@@ -0,0 +1,700 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "type": "object",
+  "properties": {
+    "nameOverride": {
+      "type": "string"
+    },
+    "fullnameOverride": {
+      "type": "string"
+    },
+    "config": {
+      "type": "object",
+      "properties": {
+        "database": {
+          "type": "object",
+          "properties": {
+            "existingSecret": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "secretName": {
+                  "type": "string"
+                }
+              },
+              "required": [
+                "enabled",
+                "secretName"
+              ]
+            },
+            "secret": {
+              "type": "object",
+              "properties": {
+                "annotations": {
+                  "type": "object"
+                },
+                "labels": {
+                  "type": "object"
+                },
+                "databaseUsername": {
+                  "type": "string"
+                },
+                "databasePassword": {
+                  "type": "string"
+                },
+                "databaseConnectionUrl": {
+                  "type": "string"
+                }
+              },
+              "required": [
+                "annotations",
+                "labels",
+                "databaseUsername",
+                "databasePassword",
+                "databaseConnectionUrl"
+              ]
+            }
+          },
+          "required": [
+            "existingSecret",
+            "secret"
+          ]
+        },
+        "exporterConfig": {
+          "type": "object",
+          "properties": {
+            "existingSecret": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "secretName": {
+                  "type": "string"
+                }
+              },
+              "required": [
+                "enabled",
+                "secretName"
+              ]
+            },
+            "secret": {
+              "type": "object",
+              "properties": {
+                "annotations": {
+                  "type": "object"
+                },
+                "labels": {
+                  "type": "object"
+                },
+                "exporterConfig": {
+                  "type": "object"
+                }
+              },
+              "required": [
+                "annotations",
+                "labels",
+                "exporterConfig"
+              ]
+            }
+          },
+          "required": [
+            "existingSecret",
+            "secret"
+          ]
+        },
+        "webConfig": {
+          "type": "object",
+          "properties": {
+            "existingSecret": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "secretName": {
+                  "type": "string"
+                }
+              },
+              "required": [
+                "enabled",
+                "secretName"
+              ]
+            },
+            "secret": {
+              "type": "object",
+              "properties": {
+                "annotations": {
+                  "type": "object"
+                },
+                "labels": {
+                  "type": "object"
+                },
+                "webConfig": {
+                  "type": "object"
+                }
+              },
+              "required": [
+                "annotations",
+                "labels",
+                "webConfig"
+              ]
+            }
+          },
+          "required": [
+            "existingSecret",
+            "secret"
+          ]
+        }
+      },
+      "required": [
+        "database",
+        "exporterConfig",
+        "webConfig"
+      ]
+    },
+    "deployment": {
+      "type": "object",
+      "properties": {
+        "annotations": {
+          "type": "object"
+        },
+        "labels": {
+          "type": "object"
+        },
+        "additionalContainers": {
+          "type": "array",
+          "items": {}
+        },
+        "affinity": {
+          "type": "object"
+        },
+        "initContainers": {
+          "type": "array",
+          "items": {}
+        },
+        "dnsConfig": {
+          "type": "object"
+        },
+        "dnsPolicy": {
+          "type": "string"
+        },
+        "hostname": {
+          "type": "string"
+        },
+        "subdomain": {
+          "type": "string"
+        },
+        "hostNetwork": {
+          "type": "boolean"
+        },
+        "imagePullSecrets": {
+          "type": "array",
+          "items": {}
+        },
+        "postgresExporter": {
+          "type": "object",
+          "properties": {
+            "args": {
+              "type": "array",
+              "items": {}
+            },
+            "env": {
+              "type": "array",
+              "items": {}
+            },
+            "envFrom": {
+              "type": "array",
+              "items": {}
+            },
+            "image": {
+              "type": "object",
+              "properties": {
+                "registry": {
+                  "type": "string"
+                },
+                "repository": {
+                  "type": "string"
+                },
+                "tag": {
+                  "type": "string"
+                },
+                "pullPolicy": {
+                  "type": "string"
+                }
+              },
+              "required": [
+                "registry",
+                "repository",
+                "tag",
+                "pullPolicy"
+              ]
+            },
+            "resources": {
+              "type": "object"
+            },
+            "securityContext": {
+              "type": "object"
+            },
+            "volumeMounts": {
+              "type": "array",
+              "items": {}
+            }
+          },
+          "required": [
+            "args",
+            "env",
+            "envFrom",
+            "image",
+            "resources",
+            "securityContext",
+            "volumeMounts"
+          ]
+        },
+        "nodeSelector": {
+          "type": "object"
+        },
+        "priorityClassName": {
+          "type": "string"
+        },
+        "replicas": {
+          "type": "integer"
+        },
+        "restartPolicy": {
+          "type": "string"
+        },
+        "securityContext": {
+          "type": "object"
+        },
+        "strategy": {
+          "type": "object",
+          "properties": {
+            "type": {
+              "type": "string"
+            },
+            "rollingUpdate": {
+              "type": "object",
+              "properties": {
+                "maxSurge": {
+                  "type": "integer"
+                },
+                "maxUnavailable": {
+                  "type": "integer"
+                }
+              },
+              "required": [
+                "maxSurge",
+                "maxUnavailable"
+              ]
+            }
+          },
+          "required": [
+            "type",
+            "rollingUpdate"
+          ]
+        },
+        "terminationGracePeriodSeconds": {
+          "type": "integer"
+        },
+        "tolerations": {
+          "type": "array",
+          "items": {}
+        },
+        "topologySpreadConstraints": {
+          "type": "array",
+          "items": {}
+        },
+        "volumes": {
+          "type": "array",
+          "items": {}
+        }
+      },
+      "required": [
+        "annotations",
+        "labels",
+        "additionalContainers",
+        "affinity",
+        "initContainers",
+        "dnsConfig",
+        "dnsPolicy",
+        "hostname",
+        "subdomain",
+        "hostNetwork",
+        "imagePullSecrets",
+        "postgresExporter",
+        "nodeSelector",
+        "priorityClassName",
+        "replicas",
+        "restartPolicy",
+        "securityContext",
+        "strategy",
+        "terminationGracePeriodSeconds",
+        "tolerations",
+        "topologySpreadConstraints",
+        "volumes"
+      ]
+    },
+    "grafana": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        },
+        "dashboardDiscoveryLabels": {
+          "type": "object"
+        },
+        "dashboards": {
+          "type": "object",
+          "properties": {
+            "postgresExporter": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "annotations": {
+                  "type": "object"
+                },
+                "labels": {
+                  "type": "object"
+                }
+              },
+              "required": [
+                "enabled",
+                "annotations",
+                "labels"
+              ]
+            }
+          },
+          "required": [
+            "postgresExporter"
+          ]
+        }
+      },
+      "required": [
+        "enabled",
+        "dashboardDiscoveryLabels",
+        "dashboards"
+      ]
+    },
+    "ingress": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        },
+        "className": {
+          "type": "string"
+        },
+        "annotations": {
+          "type": "object"
+        },
+        "labels": {
+          "type": "object"
+        },
+        "hosts": {
+          "type": "array",
+          "items": {}
+        },
+        "tls": {
+          "type": "array",
+          "items": {}
+        }
+      },
+      "required": [
+        "enabled",
+        "className",
+        "annotations",
+        "labels",
+        "hosts",
+        "tls"
+      ]
+    },
+    "podDisruptionBudget": {
+      "type": "object"
+    },
+    "networkPolicies": {
+      "type": "object"
+    },
+    "prometheus": {
+      "type": "object",
+      "properties": {
+        "metrics": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "podMonitor": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "annotations": {
+                  "type": "object"
+                },
+                "enableHttp2": {
+                  "type": "boolean"
+                },
+                "followRedirects": {
+                  "type": "boolean"
+                },
+                "honorLabels": {
+                  "type": "boolean"
+                },
+                "labels": {
+                  "type": "object"
+                },
+                "interval": {
+                  "type": "string"
+                },
+                "path": {
+                  "type": "string"
+                },
+                "relabelings": {
+                  "type": "array",
+                  "items": {}
+                },
+                "scrapeTimeout": {
+                  "type": "string"
+                },
+                "scheme": {
+                  "type": "string"
+                },
+                "tlsConfig": {
+                  "type": "object"
+                }
+              },
+              "required": [
+                "enabled",
+                "annotations",
+                "enableHttp2",
+                "followRedirects",
+                "honorLabels",
+                "labels",
+                "interval",
+                "path",
+                "relabelings",
+                "scrapeTimeout",
+                "scheme",
+                "tlsConfig"
+              ]
+            },
+            "serviceMonitor": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean"
+                },
+                "annotations": {
+                  "type": "object"
+                },
+                "labels": {
+                  "type": "object"
+                },
+                "enableHttp2": {
+                  "type": "boolean"
+                },
+                "followRedirects": {
+                  "type": "boolean"
+                },
+                "honorLabels": {
+                  "type": "boolean"
+                },
+                "interval": {
+                  "type": "string"
+                },
+                "path": {
+                  "type": "string"
+                },
+                "relabelings": {
+                  "type": "array",
+                  "items": {}
+                },
+                "scrapeTimeout": {
+                  "type": "string"
+                },
+                "scheme": {
+                  "type": "string"
+                },
+                "tlsConfig": {
+                  "type": "object"
+                }
+              },
+              "required": [
+                "enabled",
+                "annotations",
+                "labels",
+                "enableHttp2",
+                "followRedirects",
+                "honorLabels",
+                "interval",
+                "path",
+                "relabelings",
+                "scrapeTimeout",
+                "scheme",
+                "tlsConfig"
+              ]
+            }
+          },
+          "required": [
+            "enabled",
+            "podMonitor",
+            "serviceMonitor"
+          ]
+        },
+        "rules": {
+          "type": "array",
+          "items": {}
+        }
+      },
+      "required": [
+        "metrics",
+        "rules"
+      ]
+    },
+    "services": {
+      "type": "object",
+      "properties": {
+        "http": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "annotations": {
+              "type": "object"
+            },
+            "externalIPs": {
+              "type": "array",
+              "items": {}
+            },
+            "externalTrafficPolicy": {
+              "type": "string"
+            },
+            "internalTrafficPolicy": {
+              "type": "string"
+            },
+            "ipFamilies": {
+              "type": "array",
+              "items": {}
+            },
+            "labels": {
+              "type": "object"
+            },
+            "loadBalancerClass": {
+              "type": "string"
+            },
+            "loadBalancerIP": {
+              "type": "string"
+            },
+            "loadBalancerSourceRanges": {
+              "type": "array",
+              "items": {}
+            },
+            "port": {
+              "type": "integer"
+            },
+            "sessionAffinity": {
+              "type": "string"
+            },
+            "sessionAffinityConfig": {
+              "type": "object"
+            },
+            "type": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "enabled",
+            "annotations",
+            "externalIPs",
+            "externalTrafficPolicy",
+            "internalTrafficPolicy",
+            "ipFamilies",
+            "labels",
+            "loadBalancerClass",
+            "loadBalancerIP",
+            "loadBalancerSourceRanges",
+            "port",
+            "sessionAffinity",
+            "sessionAffinityConfig",
+            "type"
+          ]
+        }
+      },
+      "required": [
+        "http"
+      ]
+    },
+    "serviceAccount": {
+      "type": "object",
+      "properties": {
+        "existing": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "serviceAccountName": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "enabled",
+            "serviceAccountName"
+          ]
+        },
+        "new": {
+          "type": "object",
+          "properties": {
+            "annotations": {
+              "type": "object"
+            },
+            "labels": {
+              "type": "object"
+            },
+            "automountServiceAccountToken": {
+              "type": "boolean"
+            },
+            "imagePullSecrets": {
+              "type": "array",
+              "items": {}
+            },
+            "secrets": {
+              "type": "array",
+              "items": {}
+            }
+          },
+          "required": [
+            "annotations",
+            "labels",
+            "automountServiceAccountToken",
+            "imagePullSecrets",
+            "secrets"
+          ]
+        }
+      },
+      "required": [
+        "existing",
+        "new"
+      ]
+    }
+  },
+  "required": [
+    "nameOverride",
+    "fullnameOverride",
+    "config",
+    "deployment",
+    "grafana",
+    "ingress",
+    "podDisruptionBudget",
+    "networkPolicies",
+    "prometheus",
+    "services",
+    "serviceAccount"
+  ]
+}

values.yaml

@@ -1,6 +1,3 @@
-# Default values for qu-seed.
-# This is a YAML-formatted file.
-
 # Declare variables to be passed into your templates.
 ## @section Global
 ## @param nameOverride Individual release name suffix.
@@ -38,7 +35,7 @@ config:
 
     ## @param config.exporterConfig.secret.annotations Additional annotations of the secret containing the `exporterConfig.yaml`.
     ## @param config.exporterConfig.secret.labels Additional labels of the secret containing the `exporterConfig.yaml`.
-    ## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).
+    ## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta).
     ## @skip config.exporterConfig.secret.exporterConfig Skip individual postgres exporter configuration.
     secret:
       annotations: {}
@@ -84,7 +81,7 @@ config:
 ## @section Deployment
 deployment:
   ## @param deployment.annotations Additional deployment annotations.
-  ## @param deployment.labels Additional ingress labels.
+  ## @param deployment.labels Additional deployment labels.
   annotations: {}
   labels: {}
 
@@ -96,6 +93,22 @@ deployment:
 
   ## @param deployment.affinity Affinity for the postgres-exporter deployment.
   affinity: {}
+    # nodeAffinity:
+    #   requiredDuringSchedulingIgnoredDuringExecution:
+    #     nodeSelectorTerms:
+    #     - matchExpressions:
+    #       - key: kubernetes.io/os
+    #         operator: In
+    #         values:
+    #         - linux
+    #   preferredDuringSchedulingIgnoredDuringExecution:
+    #   - weight: 20
+    #     preference:
+    #       matchExpressions:
+    #       - key: kubernetes.io/arch
+    #         operator: In
+    #         values:
+    #         - amd64
 
   ## @param deployment.initContainers List of additional init containers.
   initContainers: []
@@ -201,8 +214,8 @@ deployment:
   ## @param deployment.priorityClassName PriorityClassName of the postgres-exporter deployment.
   priorityClassName: ""
 
-  ## @param deployment.replicaCount Number of replicas for the postgres-exporter deployment.
+  ## @param deployment.replicas Number of replicas for the postgres-exporter deployment.
-  replicaCount: 1
+  replicas: 1
 
   ## @param deployment.restartPolicy Restart policy of the postgres-exporter deployment.
   restartPolicy: ""
@@ -211,11 +224,11 @@ deployment:
   securityContext: {}
     # fsGroup: 2000
 
-  ## @param deployment.strategy.type Strategy type - `Recreate` or `Rollingupdate`.
+  ## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
   ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
   ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
   strategy:
-    type: "Recreate"
+    type: "RollingUpdate"
     rollingUpdate:
       maxSurge: 1
       maxUnavailable: 1
@@ -248,12 +261,23 @@ deployment:
   #     secretName: my-secret
 
 ## @section Grafana
-## @param grafana.enabled Enable integration into Grafana.
+## @param grafana.enabled Enable integration into Grafana. Require the Prometheus operator deployment.
-## @param grafana.dashboards.businessMetrics Enable deployment of Grafana dashboard `businessMetrics`.
 grafana:
   enabled: false
+
+  ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment.
+  ## @skip grafana.dashboardDiscoveryLabels Skip individual configuration.
+  dashboardDiscoveryLabels:
+    grafana_dashboard: "1"
+
   dashboards:
-    businessMetrics: true
+    ## @param grafana.dashboards.postgresExporter.enabled Enable deployment of Grafana dashboard `postgresExporter`.
+    ## @param grafana.dashboards.postgresExporter.annotations Additional configmap annotations.
+    ## @param grafana.dashboards.postgresExporter.labels Additional configmap labels.
+    postgresExporter:
+      enabled: true
+      annotations: {}
+      labels: {}
 
 ## @section Ingress
 ingress:
@@ -287,9 +311,77 @@ podDisruptionBudget: {}
 #  maxUnavailable: 1
 #  minAvailable: 1
 
-## @section Network
+## @section NetworkPolicies
-## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
+## @param networkPolicies.enabled Enable network policies in general.
-networkPolicies: {}
+networkPolicies:
+  enabled: false
+
+  ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
+  ## @param networkPolicies.default.annotations Additional network policy annotations.
+  ## @param networkPolicies.default.labels Additional network policy labels.
+  ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
+  ## @param networkPolicies.default.egress Concrete egress network policy implementation.
+  ## @skip networkPolicies.default.egress Skip individual egress configuration.
+  ## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
+  ## @skip networkPolicies.default.ingress Skip individual ingress configuration.
+  default:
+    enabled: false
+    annotations: {}
+    labels: {}
+    policyTypes: []
+    # - Egress
+    # - Ingress
+    egress: []
+    # Allow outgoing traffic to database host
+    #
+    # - to:
+    #   - ipBlock:
+    #       cidr: 192.168.179.1/32
+    #   ports:
+    #   - port: 5432
+    #     protocol: TCP
+
+    # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
+    #
+    # - to:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: kube-system
+    #     podSelector:
+    #       matchLabels:
+    #        k8s-app: kube-dns
+    #   ports:
+    #   - port: 53
+    #     protocol: TCP
+    #   - port: 53
+    #     protocol: UDP
+
+    ingress: []
+    # Allow incoming HTTP traffic from prometheus.
+    #
+    # - from:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: monitoring
+    #     podSelector:
+    #       matchLabels:
+    #         app.kubernetes.io/name: prometheus
+    #   ports:
+    #   - port: http
+    #     protocol: TCP
+
+    # Allow incoming HTTP traffic from ingress-nginx.
+    #
+    # - from:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: ingress-nginx
+    #     podSelector:
+    #       matchLabels:
+    #         app.kubernetes.io/name: ingress-nginx
+    #   ports:
+    #   - port: http
+    #     protocol: TCP
 
 ## @section Prometheus
 prometheus:
@@ -304,7 +396,7 @@ prometheus:
     ## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
     ## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
     ## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
-    ## @param prometheus.metrics.podMonitor.path HTTP path for scraping prometheus metrics.
+    ## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics.
     ## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
     ## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
     ## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
@@ -313,7 +405,7 @@ prometheus:
     podMonitor:
       enabled: false
       annotations: {}
-      enableHttp2: false
+      enableHttp2: true
       followRedirects: false
       honorLabels: false
       labels: {}
@@ -331,7 +423,7 @@ prometheus:
     ## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
     ## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
     ## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
-    ## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping prometheus metrics.
+    ## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
     ## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
     ## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
     ## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
@@ -341,7 +433,7 @@ prometheus:
       enabled: false
       annotations: {}
       labels: {}
-      enableHttp2: false
+      enableHttp2: true
       followRedirects: false
       honorLabels: false
       interval: "60s"
@@ -351,8 +443,8 @@ prometheus:
       scheme: "http"
       tlsConfig: {}
 
-  ## @param prometheus.rules Array of prometheus rules for monitoring the application and triggering alerts.
+  ## @param prometheus.rules Array of Prometheus rules for monitoring the application and triggering alerts.
-  ## @skip prometheus.rules Skip individual prometheus rules.
+  ## @skip prometheus.rules Skip individual Prometheus rules.
   rules: []
   # - alert: ExporterErrors
   #   expr: pg_exporter_last_scrape_error == 1