docs(README): set correct chart version

This reverts commit 5bd349472c.

.drone.yml

@@ -1,200 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: Linters
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm lint
-  commands:
-  - helm lint
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Unit tests
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm unittest
-  commands:
-  - helm unittest --strict --file 'unittests/**/*.yaml' ./
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Generate, compare and lint README.md
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: execute NPM modules
-  commands:
-  - npm install
-  - npm run readme:link
-  - npm run readme:lint
-  - npm run readme:parameters
-  image: docker.io/library/node:23.3.0-alpine
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: detect diff
-  commands:
-  - git diff --exit-code --name-only README.md
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Release
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: release-helm-chart
-  commands:
-  - helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
-  - helm package --version ${DRONE_TAG} .
-  - helm cm-push ${DRONE_REPO_NAME}-${DRONE_TAG}.tgz prometheus-exporters
-  environment:
-    HELM_REPO_PASSWORD:
-      from_secret: helm_repo_password
-    HELM_REPO_USERNAME:
-      from_secret: helm_repo_username
-  image: git.cryptic.systems/volker.raschek/helm:3.16.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-trigger:
-  event:
-  - tag
-  repo:
-  - volker.raschek/prometheus-postgres-exporter

.gitea/scripts/add-annotations.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+set -e
+
+CHART_FILE="Chart.yaml"
+if [ ! -f "${CHART_FILE}" ]; then
+  echo "ERROR: ${CHART_FILE} not found!" 1>&2
+  exit 1
+fi
+
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+
+if [ -z "${1}" ]; then
+  read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+  if [ -z "${OLD_TAG}" ]; then
+    OLD_TAG="${DEFAULT_OLD_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+    if [ -z "${OLD_TAG}" ]; then
+      OLD_TAG="${DEFAULT_OLD_TAG}"
+    fi
+  done
+else
+  OLD_TAG=${1}
+  if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+if [ -z "${2}" ]; then
+  read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+  if [ -z "${NEW_TAG}" ]; then
+    NEW_TAG="${DEFAULT_NEW_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+    if [ -z "${NEW_TAG}" ]; then
+      NEW_TAG="${DEFAULT_NEW_TAG}"
+    fi
+  done
+else
+  NEW_TAG=${2}
+
+  if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+CHANGE_LOG_YAML=$(mktemp)
+echo "[]" > "${CHANGE_LOG_YAML}"
+
+function map_type_to_kind() {
+  case "${1}" in
+    feat)
+      echo "added"
+    ;;
+    fix)
+      echo "fixed"
+    ;;
+    chore|style|test|ci|docs|refac)
+      echo "changed"
+    ;;
+    revert)
+      echo "removed"
+    ;;
+    sec)
+      echo "security"
+    ;;
+    *)
+      echo "skip"
+    ;;
+  esac
+}
+
+COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
+
+echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
+
+while IFS= read -r line; do
+  if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
+    TYPE="${BASH_REMATCH[1]}"
+    KIND=$(map_type_to_kind "${TYPE}")
+
+    if [ "${KIND}" == "skip" ]; then
+      continue
+    fi
+
+    DESC="${BASH_REMATCH[3]}"
+
+    echo "- ${KIND}: ${DESC}"
+
+    jq --arg kind changed --arg description "$DESC" '. += [ $ARGS.named ]' < ${CHANGE_LOG_YAML} > ${CHANGE_LOG_YAML}.new
+    mv ${CHANGE_LOG_YAML}.new ${CHANGE_LOG_YAML}
+
+  fi
+done <<< "${COMMIT_TITLES}"
+
+if [ -s "${CHANGE_LOG_YAML}" ]; then
+  yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
+  yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
+else
+  echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
+  exit 1
+fi
+
+rm "${CHANGE_LOG_YAML}"

.gitea/workflows/generate-readme.yaml

@@ -0,0 +1,32 @@
+name: Generate README
+
+on:
+  pull_request:
+    paths: [ "README.md", "values.yaml" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "README.md", "values.yaml" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  generate-parameters:
+    container:
+      image: docker.io/library/node:24.1.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Generate parameter section in README
+      run: |
+        npm install
+        npm run readme:parameters
+    - name: Compare diff
+      run: git diff --exit-code --name-only README.md

.gitea/workflows/helm.yaml

@@ -0,0 +1,42 @@
+name: Helm
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  helm-lint:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.2
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Lint helm files
+      run: |
+        helm lint --values values.yaml .
+
+  helm-unittest:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.2
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Unittest
+      run: |
+        helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,46 @@
+name: Markdown linter
+
+on:
+  pull_request:
+    paths: [ "**/*.md" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "**/*.md" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  markdown-link-checker:
+    container:
+      image: docker.io/library/node:24.1.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Verify links in markdown files
+      run: |
+        npm install
+        npm run readme:link
+
+  markdown-lint:
+    container:
+      image: docker.io/library/node:24.1.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git
+    - uses: actions/checkout@v4.2.2
+    - name: Lint markdown files
+      run: |
+        npm install
+        npm run readme:lint

.gitea/workflows/release.yaml

@@ -0,0 +1,61 @@
+name: Release
+
+on:
+  push:
+    tags:
+    - "**"
+
+jobs:
+  publish-chart:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.2
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install packages via apk
+        run: |
+          apk update
+          apk add git npm jq yq
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Add Artifacthub.io annotations
+        run: |
+          NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
+
+      - name: Extract meta information
+        run: |
+          echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+          echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
+          echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
+
+      - name: Update Helm Chart version in README.md
+        run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
+
+      - name: Package chart
+        run: |
+          helm dependency build
+          helm package --version "${PACKAGE_VERSION}" ./
+
+      - name: Upload Chart to ChartMuseum
+        env:
+          CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
+          CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
+        run: |
+          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
+          helm repo remove chartmuseum
+
+      - name: Upload Chart to Gitea
+        env:
+          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+          GITEA_SERVER_URL: ${{ github.server_url }}
+        run: |
+          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
+          helm repo remove gitea

Chart.yaml

@@ -1,10 +1,15 @@
+annotations:
+  artifacthub.io/links: |
+    - name: Prometheus PostgreSQL exporter (binary)
+      url: https://github.com/prometheus-community/postgres_exporter
+    - name: support
+      url: https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter/issues
 apiVersion: v2
 name: prometheus-postgres-exporter
 description: Prometheus metric exporter for PostgreSQL
 type: application
-kubeVersion: ">=1.20.0"
 version: "0.1.0"
-appVersion: "0.16.0"
+appVersion: "0.17.1"
 
 # icon: https://annotations.example.com/icon.png
 

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Markus Pesch
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -3,20 +3,14 @@ CONTAINER_RUNTIME?=$(shell which podman)
 
 # HELM_IMAGE
 HELM_IMAGE_REGISTRY_HOST?=docker.io
-HELM_IMAGE_REPOSITORY=volkerraschek/helm
-HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_REPOSITORY?=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.18.2 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
 HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
 
-# MARKDOWNLINKCHECKER_IMAGE
-MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST?=ghcr.io
-MARKDOWNLINKCHECK_IMAGE_REPOSITORY=tcort/markdown-link-check
-MARKDOWNLINKCHECK_IMAGE_VERSION?=3.12.2 # renovate: datasource=docker registryUrl=https://ghcr.io depName=tcort/markdown-link-check
-MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED=${MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST}/${MARKDOWNLINKCHECK_IMAGE_REPOSITORY}:${MARKDOWNLINKCHECK_IMAGE_VERSION}
-
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
-NODE_IMAGE_REPOSITORY=library/node
-NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
+NODE_IMAGE_REPOSITORY?=library/node
+NODE_IMAGE_VERSION?=24.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
 NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
 
 # MISSING DOT
@@ -90,16 +84,6 @@ container-run/helm-lint:
 		${HELM_IMAGE_FULLY_QUALIFIED} \
 			lint --values values.yaml .
 
-# CONTAINER RUN - MARKDOWN-LINK-CHECK
-# ==============================================================================
-PHONY+=container-run/markdown-link-check
-container-run/markdown-link-check:
-	${CONTAINER_RUNTIME} run \
-		--rm \
-		--volume $(shell pwd):/work \
-		${MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED} \
-			*.md
-
 # PHONY
 # ==============================================================================
 # Declare the contents of the PHONY variable as phony. We keep that information

README.md

@@ -1,11 +1,12 @@
 # Prometheus PostgreSQL exporter
 
-[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-postgres-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-postgres-exporter)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
 
 > [!NOTE]
-> This is not the official *community* helm chart of the Prometheus metric exporter for PostgreSQL databases. You can
-> find the official community chart [here](https://github.com/prometheus-community/helm-charts).
+> This is not the official *community* helm chart of the Prometheus metric exporter for PostgreSQL databases. If you are
+> looking for the official helm chart, checkout the GitHub project
+> [helm-charts](https://github.com/prometheus-community/helm-charts) of the [Prometheus
+> community](https://github.com/prometheus-community).
 
 This helm chart enables the deployment of a Prometheus metrics exporter for PostgreSQL databases and allows the
 individual configuration of additional containers/initContainers, mounting of volumes, defining additional environment
@@ -20,7 +21,7 @@ helm chart is tested for deployment scenarios with **ArgoCD**.
 ## Helm: configuration and installation
 
 1. A helm chart repository must be configured, to pull the helm charts from.
-2. All available parameters are [here](#parameters) in detail document. The parameters can be defined via the helm
+2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
    `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
    repository and use the `--set` flag for a basic deployment.
 
@@ -46,7 +47,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-CHART_VERSION=0.1.0
+CHART_VERSION=0.5.1
 helm show values prometheus-exporters/prometheus-postgres-exporter --version "${CHART_VERSION}" > values.yaml
 ```
 
@@ -63,6 +64,38 @@ for customizations. These can be configured in more detail via `values.yaml`.
 
 The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
 
+#### Avoid CPU throttling by defining a CPU limit
+
+If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
+application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
+cannot use the available CPU time to perform computing operations.
+
+The application must be informed that despite several CPUs only a part (limit) of the available computing time is
+available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
+of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
+rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
+
+Further information about this topic can be found in one of Kanishk's blog
+[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
+
+> [!NOTE]
+> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
+> not anymore required.
+>
+> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
+
+```bash
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
+  --set 'config.database.secret.databaseUsername=postgres' \
+  --set 'config.database.secret.databasePassword=postgres' \
+  --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
+  --set 'prometheus.metrics.enabled=true' \
+  --set 'prometheus.metrics.serviceMonitor.enabled=true' \
+  --set 'deployment.postgresExporter.env.name=GOMAXPROCS' \
+  --set 'deployment.postgresExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
+  --set 'deployment.postgresExporter.resources.limits.cpu=1000m'
+```
+
 #### TLS authentication and encryption
 
 The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
@@ -158,6 +191,75 @@ deployment:
             - postgres
 ```
 
+### Network policies
+
+Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
+network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
+
+The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example
+predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example:
+
+> [!NOTE]
+> The structure of each custom network policy must be equal like that of default. For this reason don't forget to define
+> `annotations`, `labels` and the other properties as well.
+
+```yaml
+networkPolicies:
+  enabled: false
+  default: {}
+  my-custom-network-policy: {}
+```
+
+The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow
+incoming traffic from Prometheus. Additionally two egress rules are defined, to allow the application outgoing access to
+the internal running DNS server `core-dns` and the external running postgres database listen on `10.14.243.12`.
+
+> [!IMPORTANT]
+> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
+> this reason, there is are not default network policy rules defined.
+
+```yaml
+networkPolicies:
+  enabled: true
+  default:
+    enabled: true
+    annotations: {}
+    labels: {}
+    policyTypes:
+    - Egress
+    - Ingress
+    egress:
+    - to:
+      - ipBlock:
+          cidr: 10.14.243.12/32
+      ports:
+      - port: 5432
+        protocol: TCP
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: kube-system
+        podSelector:
+          matchLabels:
+           k8s-app: kube-dns
+      ports:
+      - port: 53
+        protocol: TCP
+      - port: 53
+        protocol: UDP
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: monitoring
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: prometheus
+      ports:
+      - port: http
+        protocol: TCP
+```
+
 ## Parameters
 
 ### Global
@@ -169,25 +271,25 @@ deployment:
 
 ### Configuration
 
-| Name                                              | Description                                                                                                                                                                            | Value   |
-| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `config.database.existingSecret.enabled`          | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                            | `false` |
-| `config.database.existingSecret.secretName`       | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                         | `""`    |
-| `config.database.secret.annotations`              | Additional annotations of the secret containing the database credentials.                                                                                                              | `{}`    |
-| `config.database.secret.labels`                   | Additional labels of the secret containing the database credentials.                                                                                                                   | `{}`    |
-| `config.database.secret.databaseUsername`         | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret.                                                                                                      | `""`    |
-| `config.database.secret.databasePassword`         | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret.                                                                                                      | `""`    |
-| `config.database.secret.databaseConnectionUrl`    | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret.                                                                                         | `""`    |
-| `config.exporterConfig.existingSecret.enabled`    | Mount an existing secret containing the key `exporterConfig.yaml`.                                                                                                                     | `false` |
-| `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`.                                                                                                                  | `""`    |
-| `config.exporterConfig.secret.annotations`        | Additional annotations of the secret containing the `exporterConfig.yaml`.                                                                                                             | `{}`    |
-| `config.exporterConfig.secret.labels`             | Additional labels of the secret containing the `exporterConfig.yaml`.                                                                                                                  | `{}`    |
-| `config.exporterConfig.secret.exporterConfig`     | Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta). | `{}`    |
-| `config.webConfig.existingSecret.enabled`         | Mount an existing secret containing the key `webConfig.yaml`.                                                                                                                          | `false` |
-| `config.webConfig.existingSecret.secretName`      | Name of the existing secret containing the key `webConfig.yaml`.                                                                                                                       | `""`    |
-| `config.webConfig.secret.annotations`             | Additional annotations of the secret containing the `webConfig.yaml`.                                                                                                                  | `{}`    |
-| `config.webConfig.secret.labels`                  | Additional labels of the secret containing the `webConfig.yaml`.                                                                                                                       | `{}`    |
-| `config.webConfig.secret.webConfig`               | Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).                                           | `{}`    |
+| Name                                              | Description                                                                                                                                                                                                                          | Value   |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
+| `config.database.existingSecret.enabled`          | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                                                                          | `false` |
+| `config.database.existingSecret.secretName`       | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables.                                                                                                                       | `""`    |
+| `config.database.secret.annotations`              | Additional annotations of the secret containing the database credentials.                                                                                                                                                            | `{}`    |
+| `config.database.secret.labels`                   | Additional labels of the secret containing the database credentials.                                                                                                                                                                 | `{}`    |
+| `config.database.secret.databaseUsername`         | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret.                                                                                                                                                    | `""`    |
+| `config.database.secret.databasePassword`         | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret.                                                                                                                                                    | `""`    |
+| `config.database.secret.databaseConnectionUrl`    | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret.                                                                                                                                       | `""`    |
+| `config.exporterConfig.existingSecret.enabled`    | Mount an existing secret containing the key `exporterConfig.yaml`.                                                                                                                                                                   | `false` |
+| `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`.                                                                                                                                                                | `""`    |
+| `config.exporterConfig.secret.annotations`        | Additional annotations of the secret containing the `exporterConfig.yaml`.                                                                                                                                                           | `{}`    |
+| `config.exporterConfig.secret.labels`             | Additional labels of the secret containing the `exporterConfig.yaml`.                                                                                                                                                                | `{}`    |
+| `config.exporterConfig.secret.exporterConfig`     | Content of the `exporterConfig.yaml`. Further information can be found in the [README](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta) file of the Postgres exporter binary. | `{}`    |
+| `config.webConfig.existingSecret.enabled`         | Mount an existing secret containing the key `webConfig.yaml`.                                                                                                                                                                        | `false` |
+| `config.webConfig.existingSecret.secretName`      | Name of the existing secret containing the key `webConfig.yaml`.                                                                                                                                                                     | `""`    |
+| `config.webConfig.secret.annotations`             | Additional annotations of the secret containing the `webConfig.yaml`.                                                                                                                                                                | `{}`    |
+| `config.webConfig.secret.labels`                  | Additional labels of the secret containing the `webConfig.yaml`.                                                                                                                                                                     | `{}`    |
+| `config.webConfig.secret.webConfig`               | Content of the `webConfig.yaml`. Further [documentation](https://prometheus.io/docs/prometheus/latest/configuration/https/) is available on the official Prometheus website.                                                         | `{}`    |
 
 ### Deployment
 
@@ -219,7 +321,7 @@ deployment:
 | `deployment.replicas`                              | Number of replicas for the postgres-exporter deployment.                                                   | `1`                                     |
 | `deployment.restartPolicy`                         | Restart policy of the postgres-exporter deployment.                                                        | `""`                                    |
 | `deployment.securityContext`                       | Security context of the postgres-exporter deployment.                                                      | `{}`                                    |
-| `deployment.strategy.type`                         | Strategy type - `Recreate` or `Rollingupdate`.                                                             | `Recreate`                              |
+| `deployment.strategy.type`                         | Strategy type - `Recreate` or `RollingUpdate`.                                                             | `RollingUpdate`                         |
 | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`                                     |
 | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`                                     |
 | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`                                    |
@@ -254,11 +356,17 @@ deployment:
 | --------------------- | ---------------------- | ----- |
 | `podDisruptionBudget` | Pod disruption budget. | `{}`  |
 
-### Network
+### NetworkPolicies
 
-| Name              | Description                                                                                                        | Value |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- |
-| `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}`  |
+| Name                                  | Description                                                                                           | Value   |
+| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- |
+| `networkPolicies.enabled`             | Enable network policies in general.                                                                   | `false` |
+| `networkPolicies.default.enabled`     | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
+| `networkPolicies.default.annotations` | Additional network policy annotations.                                                                | `{}`    |
+| `networkPolicies.default.labels`      | Additional network policy labels.                                                                     | `{}`    |
+| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress.                             | `[]`    |
+| `networkPolicies.default.egress`      | Concrete egress network policy implementation.                                                        | `[]`    |
+| `networkPolicies.default.ingress`     | Concrete ingress network policy implementation.                                                       | `[]`    |
 
 ### Prometheus
 

package.json

@@ -16,6 +16,6 @@
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
     "markdown-link-check": "^3.13.6",
-    "markdownlint-cli": "^0.43.0"
+    "markdownlint-cli": "^0.45.0"
   }
 }

renovate.json

@@ -1,9 +1,14 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [ "volker.raschek" ],
+  "extends": [
+    "local>volker.raschek/renovate-config:default#master",
+    "local>volker.raschek/renovate-config:container#master",
+    "local>volker.raschek/renovate-config:actions#master",
+    "local>volker.raschek/renovate-config:npm#master",
+    "local>volker.raschek/renovate-config:regexp#master"
+  ],
   "customManagers": [
     {
-      "description": "Update container image reference",
       "fileMatch": [
         "^Chart\\.yaml$"
       ],
@@ -16,35 +21,48 @@
       "versioningTemplate": "semver"
     },
     {
-      "description": "Detect helm chart version in README",
-      "fileMatch": [
-        "^README\\.md$"
-      ],
+      "fileMatch": ["^README\\.md$"],
       "matchStrings": [
-        "^CHART_VERSION=(?<currentValue>.*)$"
+        "VERSION=(?<currentValue>.*)"
       ],
-      "datasourceTemplate": "git-tags",
       "depNameTemplate": "volker.raschek/prometheus-postgres-exporter",
-      "packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
+      "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
+      "datasourceTemplate": "git-tags",
       "versioningTemplate": "semver"
     }
   ],
-  "labels": [ "renovate" ],
   "packageRules": [
     {
-      "addLabels": [ "renovate/automerge", "renovate/droneci" ],
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/container"
+      ],
       "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
+      "excludePackagePatterns": [
+        "prometheuscommunity/postgres-exporter"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
     },
     {
-      "addLabels": [ "renovate/automerge", "renovate/npm" ],
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/documentation"
+      ],
       "automerge": true,
-      "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
-      "matchManagers": [ "npm" ],
-      "matchUpdateTypes": [ "minor", "patch"]
+      "matchDepNames": [
+        "volker.raschek/prometheus-postgres-exporter"
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "patch"
+      ]
     }
-  ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch"
+  ]
 }

templates/prometheus-postgres-exporter/_deployment.tpl

@@ -9,6 +9,17 @@
 {{- end }}
 {{- end }}
 
+{{/* env */}}
+
+{{- define "prometheus-postgres-exporter.deployment.env" -}}
+{{- $env := dict "env" (.Values.deployment.postgresExporter.env | default (list) ) }}
+{{- if and (hasKey .Values.deployment.postgresExporter.resources "limits") (hasKey .Values.deployment.postgresExporter.resources.limits "cpu") }}
+{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
+{{- end }}
+{{ toYaml $env }}
+{{- end -}}
+
+
 {{/* envFrom */}}
 
 {{- define "prometheus-postgres-exporter.deployment.envFrom" -}}

templates/prometheus-postgres-exporter/_networkPolicies.tpl

@@ -0,0 +1,19 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+
+{{- define "prometheus-postgres-exporter.networkPolicies.annotations" -}}
+{{ include "prometheus-postgres-exporter.annotations" .context }}
+{{- if .networkPolicy.annotations }}
+{{ toYaml .networkPolicy.annotations }}
+{{- end }}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "prometheus-postgres-exporter.networkPolicies.labels" -}}
+{{ include "prometheus-postgres-exporter.labels" .context }}
+{{- if .networkPolicy.labels }}
+{{ toYaml .networkPolicy.labels }}
+{{- end }}
+{{- end }}

templates/prometheus-postgres-exporter/_pod.tpl

@@ -4,6 +4,37 @@
 
 {{- define "prometheus-postgres-exporter.pod.annotations" -}}
 {{ include "prometheus-postgres-exporter.annotations" . }}
+
+# The following annotations are required to trigger a rolling update. Further information can be found in the official
+# documentation of helm:
+#
+#   https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
+#
+
+{{/* database */}}
+{{- if and .Values.config.database.existingSecret.enabled .Values.config.database.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.database.existingSecret.secretName ) }}
+checksum/secret-database: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-database: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretDatabase.yaml") . | sha256sum }}
+{{- end }}
+
+{{/* exporter config */}}
+{{- if and .Values.config.exporterConfig.existingSecret.enabled .Values.config.exporterConfig.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.exporterConfig.existingSecret.secretName ) }}
+checksum/secret-exporter-config: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-exporter-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretExporterConfig.yaml") . | sha256sum }}
+{{- end }}
+
+{{/* web config */}}
+{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
+checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretWebConfig.yaml") . | sha256sum }}
+{{- end }}
+
 {{- end }}
 
 {{/* labels */}}

templates/prometheus-postgres-exporter/configMapGrafanaDashboardPostgresExporter.yaml

@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   {{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.annotations" . | fromYaml) }}
   annotations:
-    {{- tpl (. | toYaml) $ | nindent 4 }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
   {{- end }}
   {{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.labels" . | fromYaml) }}
   labels:

templates/prometheus-postgres-exporter/deployment.yaml

@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   {{- with (include "prometheus-postgres-exporter.deployment.annotations" . | fromYaml) }}
   annotations:
-    {{- tpl (. | toYaml) $ | nindent 4 }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
   {{- end }}
   {{- with (include "prometheus-postgres-exporter.deployment.labels" . | fromYaml) }}
   labels:
@@ -18,6 +18,8 @@ spec:
       {{- include "prometheus-postgres-exporter.pod.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      annotations:
+        {{- include "prometheus-postgres-exporter.pod.annotations" . | nindent 8 }}
       labels:
         {{- include "prometheus-postgres-exporter.pod.labels" . | nindent 8 }}
     spec:
@@ -34,9 +36,10 @@ spec:
         {{- range .Values.deployment.postgresExporter.args }}
         - {{ . | quote }}
         {{- end }}
-        {{- with .Values.deployment.postgresExporter.env }}
+        {{- $env := (include "prometheus-postgres-exporter.deployment.env" . | fromYaml) }}
+        {{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
         env:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $env.env | nindent 8 }}
         {{- end }}
         {{- $envFrom := (include "prometheus-postgres-exporter.deployment.envFrom" . | fromYaml) }}
         {{- if hasKey $envFrom "envFrom" }}
@@ -125,3 +128,7 @@ spec:
       volumes:
       {{- toYaml $volumes.volumes | nindent 6 }}
       {{- end }}
+  {{- with .Values.deployment.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}

templates/prometheus-postgres-exporter/ingress.yaml

@@ -5,7 +5,7 @@ kind: Ingress
 metadata:
   {{- with (include "prometheus-postgres-exporter.ingress.annotations" . | fromYaml) }}
   annotations:
-    {{- tpl (. | toYaml) $ | nindent 4 }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
   {{- end }}
   {{- with (include "prometheus-postgres-exporter.ingress.labels" . | fromYaml) }}
   labels:

templates/prometheus-postgres-exporter/networkPolicies.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.networkPolicies.enabled }}
+{{- range $key, $value := .Values.networkPolicies -}}
+{{- if and (not (eq $key "enabled")) $value.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  {{- with (include "prometheus-postgres-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "prometheus-postgres-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ printf "%s-%s" (include "prometheus-postgres-exporter.fullname" $ ) $key }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "prometheus-postgres-exporter.pod.selectorLabels" $ | nindent 6 }}
+  {{- with $value.policyTypes }}
+  policyTypes:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with $value.egress }}
+  egress:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with $value.ingress }}
+  ingress:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

unittests/deployment/deployment.yaml

@@ -7,18 +7,29 @@ release:
   namespace: testing
 templates:
 - templates/prometheus-postgres-exporter/deployment.yaml
+- templates/prometheus-postgres-exporter/secretDatabase.yaml
+- templates/prometheus-postgres-exporter/secretExporterConfig.yaml
+- templates/prometheus-postgres-exporter/secretWebConfig.yaml
 tests:
 - it: Rendering default
+  set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
   asserts:
   - hasDocuments:
       count: 1
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - containsDocument:
       apiVersion: apps/v1
       kind: Deployment
       name: prometheus-postgres-exporter-unittest
       namespace: testing
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: metadata.annotations
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: metadata.labels
       value:
@@ -27,27 +38,51 @@ tests:
         app.kubernetes.io/name: prometheus-postgres-exporter
         app.kubernetes.io/version: 0.1.0
         helm.sh/chart: prometheus-postgres-exporter-0.1.0
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.replicas
       value: 1
+    template: templates/prometheus-postgres-exporter/deployment.yaml
+  - exists:
+      path: spec.template.metadata.annotations.checksum/secret-database
+    template: templates/prometheus-postgres-exporter/deployment.yaml
+  - exists:
+      path: spec.template.metadata.annotations.checksum/secret-exporter-config
+    template: templates/prometheus-postgres-exporter/deployment.yaml
+  - exists:
+      path: spec.template.metadata.annotations.checksum/secret-web-config
+    template: templates/prometheus-postgres-exporter/deployment.yaml
+  - equal:
+      path: spec.template.metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.affinity
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - contains:
       path: spec.template.spec.containers[0].envFrom
       content:
         secretRef:
           name: prometheus-postgres-exporter-unittest-database-env
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.containers[0].args
       value:
       - --config.file=/etc/prometheus-postgres-exporter/config.d/exporterConfig.yaml
       - --web.config.file=/etc/prometheus-postgres-exporter/config.d/webConfig.yaml
       - --web.listen-address=:9187
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.containers[0].volumeMounts
       value:
       - mountPath: /etc/prometheus-postgres-exporter/config.d
         name: config-d
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.volumes
       value:
@@ -59,53 +94,91 @@ tests:
               name: prometheus-postgres-exporter-unittest-exporter-config
           - secret:
               name: prometheus-postgres-exporter-unittest-web-config
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.containers[0].image
       value: quay.io/prometheuscommunity/postgres-exporter:v0.1.0
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.containers[0].imagePullPolicy
       value: IfNotPresent
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.containers[0].resources
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.containers[0].securityContext
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.dnsConfig
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.dnsPolicy
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.hostname
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.hostNetwork
       value: false
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.imagePullSecrets
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.nodeSelector
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.priorityClassName
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.restartPolicy
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.subdomain
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.terminationGracePeriodSeconds
       value: 60
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.tolerations
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - notExists:
       path: spec.template.spec.topologySpreadConstraints
+    template: templates/prometheus-postgres-exporter/deployment.yaml
+  - equal:
+      path: spec.strategy
+      value:
+        type: "RollingUpdate"
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 1
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom replicas
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.replicas: 3
   asserts:
   - equal:
       path: spec.replicas
       value: 3
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom affinity
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.affinity:
       nodeAffinity:
         requiredDuringSchedulingIgnoredDuringExecution:
@@ -129,9 +202,16 @@ tests:
                 values:
                 - antarctica-east1
                 - antarctica-west1
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test additional arguments
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.args:
     - "--foo=bar"
     - "--bar=foo"
@@ -144,26 +224,42 @@ tests:
       - --web.listen-address=:9187
       - --foo=bar
       - --bar=foo
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom imageRegistry and imageRepository
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.image.registry: registry.example.local
     deployment.postgresExporter.image.repository: path/special/prometheus-postgres-exporter
   asserts:
   - equal:
       path: spec.template.spec.containers[0].image
       value: registry.example.local/path/special/prometheus-postgres-exporter:v0.1.0
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom imagePullPolicy
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.image.pullPolicy: Always
   asserts:
   - equal:
       path: spec.template.spec.containers[0].imagePullPolicy
       value: Always
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test config.database.existingSecret
   set:
+    # Normal test values
     config.database.existingSecret.enabled: true
     config.database.existingSecret.secretName: custom-database-secret
   asserts:
@@ -172,9 +268,16 @@ tests:
       content:
         secretRef:
           name: custom-database-secret
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test config.exporterConfig.existingSecret
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     config.exporterConfig.existingSecret.enabled: true
     config.exporterConfig.existingSecret.secretName: exporter-config-secret
   asserts:
@@ -183,6 +286,7 @@ tests:
       value:
       - mountPath: /etc/prometheus-postgres-exporter/config.d
         name: config-d
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.volumes
       value:
@@ -194,9 +298,16 @@ tests:
               name: exporter-config-secret
           - secret:
               name: prometheus-postgres-exporter-unittest-web-config
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test config.webConfig.existingSecret
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     config.webConfig.existingSecret.enabled: true
     config.webConfig.existingSecret.secretName: web-config-secret
   asserts:
@@ -205,6 +316,7 @@ tests:
       value:
       - mountPath: /etc/prometheus-postgres-exporter/config.d
         name: config-d
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.volumes
       value:
@@ -216,9 +328,16 @@ tests:
               name: prometheus-postgres-exporter-unittest-exporter-config
           - secret:
               name: web-config-secret
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom resource limits and requests
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.resources:
       limits:
         cpu: 100m
@@ -227,6 +346,15 @@ tests:
         cpu: 25m
         memory: 100MB
   asserts:
+  - equal:
+      path: spec.template.spec.containers[0].env
+      value:
+      - name: GOMAXPROCS
+        valueFrom:
+          resourceFieldRef:
+            divisor: "1"
+            resource: limits.cpu
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.containers[0].resources
       value:
@@ -236,9 +364,16 @@ tests:
         requests:
           cpu: 25m
           memory: 100MB
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test custom securityContext
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.securityContext:
       capabilities:
         add:
@@ -262,9 +397,16 @@ tests:
         readOnlyRootFilesystem: true
         runAsNonRoot: true
         runAsUser: 1000
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test dnsConfig
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.dnsConfig:
       nameservers:
       - "8.8.8.8"
@@ -276,17 +418,31 @@ tests:
         nameservers:
         - "8.8.8.8"
         - "8.8.4.4"
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test dnsPolicy
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.dnsPolicy: ClusterFirst
   asserts:
   - equal:
       path: spec.template.spec.dnsPolicy
       value: ClusterFirst
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test hostNetwork, hostname, subdomain
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.hostNetwork: true
     deployment.hostname: pg-exporter
     deployment.subdomain: exporters.internal
@@ -294,15 +450,24 @@ tests:
   - equal:
       path: spec.template.spec.hostNetwork
       value: true
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.hostname
       value: pg-exporter
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.subdomain
       value: exporters.internal
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test imagePullSecrets
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.imagePullSecrets:
     - name: my-pull-secret
     - name: my-special-secret
@@ -312,9 +477,16 @@ tests:
       value:
       - name: my-pull-secret
       - name: my-special-secret
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test nodeSelector
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.nodeSelector:
       foo: bar
   asserts:
@@ -322,33 +494,61 @@ tests:
       path: spec.template.spec.nodeSelector
       value:
         foo: bar
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test priorityClassName
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.priorityClassName: my-priority
   asserts:
   - equal:
       path: spec.template.spec.priorityClassName
       value: my-priority
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test restartPolicy
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.restartPolicy: Always
   asserts:
   - equal:
       path: spec.template.spec.restartPolicy
       value: Always
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test terminationGracePeriodSeconds
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.terminationGracePeriodSeconds: 120
   asserts:
   - equal:
       path: spec.template.spec.terminationGracePeriodSeconds
       value: 120
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test tolerations
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.tolerations:
     - key: database/type
       operator: Equal
@@ -362,9 +562,16 @@ tests:
         operator: Equal
         value: postgres
         effect: NoSchedule
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test topologySpreadConstraints
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.topologySpreadConstraints:
     - topologyKey: kubernetes.io/hostname
       whenUnsatisfiable: DoNotSchedule
@@ -380,9 +587,16 @@ tests:
         labelSelector:
           matchLabels:
             app.kubernetes.io/instance: prometheus-postgres-exporter
+    template: templates/prometheus-postgres-exporter/deployment.yaml
 
 - it: Test additional volumeMounts and volumes
   set:
+    # Ensure that the secrets and config maps are well configured.
+    config.database.secret.databaseUsername: "postgres"
+    config.database.secret.databasePassword: "postgres"
+    config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+    # Normal test values
     deployment.postgresExporter.volumeMounts:
     - name: data
       mountPath: /usr/lib/prometheus-postgres-exporter/data
@@ -398,6 +612,7 @@ tests:
         mountPath: /usr/lib/prometheus-postgres-exporter/data
       - name: config-d
         mountPath: /etc/prometheus-postgres-exporter/config.d
+    template: templates/prometheus-postgres-exporter/deployment.yaml
   - equal:
       path: spec.template.spec.volumes
       value:
@@ -412,3 +627,4 @@ tests:
               name: prometheus-postgres-exporter-unittest-exporter-config
           - secret:
               name: prometheus-postgres-exporter-unittest-web-config
+    template: templates/prometheus-postgres-exporter/deployment.yaml

unittests/networkPolicies/default.yaml

@@ -0,0 +1,118 @@
+chart:
+  appVersion: 0.1.0
+  version: 0.1.0
+suite: NetworkPolicies template (basic)
+release:
+  name: prometheus-postgres-exporter-unittest
+  namespace: testing
+templates:
+- templates/prometheus-postgres-exporter/networkPolicies.yaml
+tests:
+- it: Skip networkPolicies in general disabled.
+  set:
+    networkPolicies.enabled: false
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Skip networkPolicy 'default' when disabled.
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: false
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Loop over networkPolicies
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: false
+    networkPolicies.nginx.enabled: true
+    networkPolicies.prometheus.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 2
+
+- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 1
+  - containsDocument:
+      apiVersion: networking.k8s.io/v1
+      kind: NetworkPolicy
+      name: prometheus-postgres-exporter-unittest-default
+      namespace: testing
+  - notExists:
+      path: metadata.annotations
+  - equal:
+      path: metadata.labels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: prometheus-postgres-exporter
+        app.kubernetes.io/version: 0.1.0
+        helm.sh/chart: prometheus-postgres-exporter-0.1.0
+  - equal:
+      path: spec.podSelector.matchLabels
+      value:
+        app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+        app.kubernetes.io/name: prometheus-postgres-exporter
+  - notExists:
+      path: spec.policyTypes
+  - notExists:
+      path: spec.egress
+  - notExists:
+      path: spec.ingress
+
+- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
+  set:
+    networkPolicies.enabled: true
+    networkPolicies.default.enabled: true
+    networkPolicies.default.policyTypes:
+    - Egress
+    - Ingress
+    networkPolicies.default.ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: khv-production
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: prometheus
+    networkPolicies.default.egress:
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: database
+        podSelector:
+          matchLabels:
+            app.kubernetes.io/name: oracle
+  asserts:
+  - equal:
+      path: spec.policyTypes
+      value:
+      - Egress
+      - Ingress
+  - equal:
+      path: spec.egress
+      value:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: database
+          podSelector:
+            matchLabels:
+              app.kubernetes.io/name: oracle
+  - equal:
+      path: spec.ingress
+      value:
+      - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: khv-production
+          podSelector:
+            matchLabels:
+              app.kubernetes.io/name: prometheus

values.yaml

@@ -35,7 +35,7 @@ config:
 
     ## @param config.exporterConfig.secret.annotations Additional annotations of the secret containing the `exporterConfig.yaml`.
     ## @param config.exporterConfig.secret.labels Additional labels of the secret containing the `exporterConfig.yaml`.
-    ## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta).
+    ## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found in the [README](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta) file of the Postgres exporter binary.
     ## @skip config.exporterConfig.secret.exporterConfig Skip individual postgres exporter configuration.
     secret:
       annotations: {}
@@ -59,7 +59,7 @@ config:
 
     ## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`.
     ## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`.
-    ## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).
+    ## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`. Further [documentation](https://prometheus.io/docs/prometheus/latest/configuration/https/) is available on the official Prometheus website.
     ## @skip config.webConfig.secret.webConfig Skip individual web configuration.
     secret:
       annotations: {}
@@ -93,6 +93,22 @@ deployment:
 
   ## @param deployment.affinity Affinity for the postgres-exporter deployment.
   affinity: {}
+    # nodeAffinity:
+    #   requiredDuringSchedulingIgnoredDuringExecution:
+    #     nodeSelectorTerms:
+    #     - matchExpressions:
+    #       - key: kubernetes.io/os
+    #         operator: In
+    #         values:
+    #         - linux
+    #   preferredDuringSchedulingIgnoredDuringExecution:
+    #   - weight: 20
+    #     preference:
+    #       matchExpressions:
+    #       - key: kubernetes.io/arch
+    #         operator: In
+    #         values:
+    #         - amd64
 
   ## @param deployment.initContainers List of additional init containers.
   initContainers: []
@@ -208,11 +224,11 @@ deployment:
   securityContext: {}
     # fsGroup: 2000
 
-  ## @param deployment.strategy.type Strategy type - `Recreate` or `Rollingupdate`.
+  ## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`.
   ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
   ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
   strategy:
-    type: "Recreate"
+    type: "RollingUpdate"
     rollingUpdate:
       maxSurge: 1
       maxUnavailable: 1
@@ -250,7 +266,7 @@ grafana:
   enabled: false
 
   ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment.
-  ## @skip grafana.dashboardDiscoveryLabels
+  ## @skip grafana.dashboardDiscoveryLabels Skip individual configuration.
   dashboardDiscoveryLabels:
     grafana_dashboard: "1"
 
@@ -295,9 +311,77 @@ podDisruptionBudget: {}
 #  maxUnavailable: 1
 #  minAvailable: 1
 
-## @section Network
-## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
-networkPolicies: {}
+## @section NetworkPolicies
+## @param networkPolicies.enabled Enable network policies in general.
+networkPolicies:
+  enabled: false
+
+  ## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
+  ## @param networkPolicies.default.annotations Additional network policy annotations.
+  ## @param networkPolicies.default.labels Additional network policy labels.
+  ## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
+  ## @param networkPolicies.default.egress Concrete egress network policy implementation.
+  ## @skip networkPolicies.default.egress Skip individual egress configuration.
+  ## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
+  ## @skip networkPolicies.default.ingress Skip individual ingress configuration.
+  default:
+    enabled: false
+    annotations: {}
+    labels: {}
+    policyTypes: []
+    # - Egress
+    # - Ingress
+    egress: []
+    # Allow outgoing traffic to database host
+    #
+    # - to:
+    #   - ipBlock:
+    #       cidr: 192.168.179.1/32
+    #   ports:
+    #   - port: 5432
+    #     protocol: TCP
+
+    # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
+    #
+    # - to:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: kube-system
+    #     podSelector:
+    #       matchLabels:
+    #        k8s-app: kube-dns
+    #   ports:
+    #   - port: 53
+    #     protocol: TCP
+    #   - port: 53
+    #     protocol: UDP
+
+    ingress: []
+    # Allow incoming HTTP traffic from prometheus.
+    #
+    # - from:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: monitoring
+    #     podSelector:
+    #       matchLabels:
+    #         app.kubernetes.io/name: prometheus
+    #   ports:
+    #   - port: http
+    #     protocol: TCP
+
+    # Allow incoming HTTP traffic from ingress-nginx.
+    #
+    # - from:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         kubernetes.io/metadata.name: ingress-nginx
+    #     podSelector:
+    #       matchLabels:
+    #         app.kubernetes.io/name: ingress-nginx
+    #   ports:
+    #   - port: http
+    #     protocol: TCP
 
 ## @section Prometheus
 prometheus: