volker.raschek/prometheus-postgres-exporter
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:0.5.1
Branches Tags
volker.raschek:master
volker.raschek:0.5.3 volker.raschek:0.5.2 volker.raschek:0.5.1 volker.raschek:0.5.0 volker.raschek:0.4.2 volker.raschek:0.4.1 volker.raschek:0.4.0 volker.raschek:0.3.2 volker.raschek:0.3.1 volker.raschek:0.3.0 volker.raschek:0.2.6 volker.raschek:0.2.5 volker.raschek:0.2.4 volker.raschek:0.2.3 volker.raschek:0.2.2 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.11 volker.raschek:0.1.10 volker.raschek:0.1.9 volker.raschek:0.1.8 volker.raschek:0.1.7 volker.raschek:0.1.6 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
..
compare: volker.raschek:5b2c089d6f70095280689e3a33a6cbd9c85644c2
Branches Tags
volker.raschek:master
volker.raschek:0.5.3 volker.raschek:0.5.2 volker.raschek:0.5.1 volker.raschek:0.5.0 volker.raschek:0.4.2 volker.raschek:0.4.1 volker.raschek:0.4.0 volker.raschek:0.3.2 volker.raschek:0.3.1 volker.raschek:0.3.0 volker.raschek:0.2.6 volker.raschek:0.2.5 volker.raschek:0.2.4 volker.raschek:0.2.3 volker.raschek:0.2.2 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.11 volker.raschek:0.1.10 volker.raschek:0.1.9 volker.raschek:0.1.8 volker.raschek:0.1.7 volker.raschek:0.1.6 volker.raschek:0.1.5 volker.raschek:0.1.4 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

28 Commits
0.5.1 ... 5b2c089d6f

Author SHA1 Message Date
Markus Pesch
5b2c089d6f asdasd
Some checks failed
Helm / helm-lint (pull_request) Successful in 14s
Details
Helm / helm-unittest (pull_request) Successful in 17s
Details
Helm / helm-lint (push) Successful in 14s
Details
Helm / helm-unittest (push) Successful in 15s
Details
Release / generate-chart-publish (push) Failing after 29s
Details
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2025-01-12 15:27:25 +01:00
Markus Pesch
aede99f3f2 asdasd 2025-01-12 15:27:25 +01:00
Markus Pesch
0a72c4bb58 fix: only on yaml 2025-01-12 15:27:25 +01:00
Markus Pesch
378e799afa wip 2025-01-12 15:27:25 +01:00
Markus Pesch
89c43d7fb4 fix 2025-01-12 15:27:25 +01:00
Markus Pesch
7265403bd9 faasd 2025-01-12 15:27:25 +01:00
Markus Pesch
7937f9edf2 asd 2025-01-12 15:27:25 +01:00
Markus Pesch
fe2ab4417f wip 2025-01-12 15:27:25 +01:00
Markus Pesch
a9abdccaa3 wip 2025-01-12 15:27:25 +01:00
Markus Pesch
b52a4982a6 test 2025-01-12 15:27:25 +01:00
Markus Pesch
cc33ca2e0c fix 2025-01-12 15:27:25 +01:00
Markus Pesch
cc955c6178 asdas 2025-01-12 15:27:24 +01:00
Markus Pesch
e1f37b8ac9 asd 2025-01-12 15:27:24 +01:00
Markus Pesch
3e868aad35 fix 2025-01-12 15:27:24 +01:00
Markus Pesch
208acd6d96 fix 2025-01-12 15:27:24 +01:00
Markus Pesch
3be3977233 fix 2025-01-12 15:27:24 +01:00
Markus Pesch
1e0cdc6dfd asdasd 2025-01-12 15:27:24 +01:00
Markus Pesch
86bbd6f1d2 fix 2025-01-12 15:27:24 +01:00
Markus Pesch
6f6ad61352 test 2025-01-12 15:27:24 +01:00
Markus Pesch
bde198ab0f wip 2025-01-12 15:27:24 +01:00
Markus Pesch
22f0fd4176 fix: container runtime 2025-01-12 15:27:24 +01:00
Markus Pesch
c0aadbfa52 WIP 2025-01-12 15:27:24 +01:00
Markus Pesch
5744511f6e WIP 2025-01-12 15:27:24 +01:00
Markus Pesch
de3c85ba4d WIP 2025-01-12 15:27:24 +01:00
Markus Pesch
da18fbf50c WIP 2025-01-12 15:27:24 +01:00
Markus Pesch
0cc2323eb1 WIP 2025-01-12 15:27:24 +01:00
Markus Pesch
a3358b0be5 wip 2025-01-12 15:27:24 +01:00
Markus Pesch
a53ab3b2a0 wip(ci): run gitea action 2025-01-12 15:27:24 +01:00
21 changed files with 528 additions and 1705 deletions
Expand all files Collapse all files

200
.drone.yml Normal file
View File

@ -0,0 +1,200 @@
---
kind: pipeline
type: kubernetes
name: Linters
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone repository
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: helm lint
commands:
- helm lint
image: git.cryptic.systems/volker.raschek/helm:3.16.4
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: Unit tests
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone repository
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: helm unittest
commands:
- helm unittest --strict --file 'unittests/**/*.yaml' ./
image: git.cryptic.systems/volker.raschek/helm:3.16.4
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: Generate, compare and lint README.md
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone repository
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: execute NPM modules
commands:
- npm install
- npm run readme:link
- npm run readme:lint
- npm run readme:parameters
image: docker.io/library/node:23.6.0-alpine
resources:
limits:
cpu: 150
memory: 150M
- name: detect diff
commands:
- git diff --exit-code --name-only README.md
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
# ---
# kind: pipeline
# type: kubernetes
# name: Release
# clone:
# disable: true
# platform:
# os: linux
# steps:
# - name: clone repository
# image: git.cryptic.systems/volker.raschek/git:1.4.0
# - name: release-helm-chart
# commands:
# - helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
# - helm package --version ${DRONE_TAG} .
# - helm cm-push ${DRONE_REPO_NAME}-${DRONE_TAG}.tgz prometheus-exporters
# environment:
# HELM_REPO_PASSWORD:
# from_secret: helm_repo_password
# HELM_REPO_USERNAME:
# from_secret: helm_repo_username
# image: git.cryptic.systems/volker.raschek/helm:3.16.4
# resources:
# limits:
# cpu: 150
# memory: 150M
# trigger:
# event:
# - tag
# repo:
# - volker.raschek/prometheus-postgres-exporter

8
.gitea/workflows/generate-readme.yaml
View File

@ -5,24 +5,20 @@ on:
paths: [ "README.md", "values.yaml" ] paths: [ "README.md", "values.yaml" ]
types: [ "opened", "reopened", "synchronize" ] types: [ "opened", "reopened", "synchronize" ]
push: push:
branches:
- '**'
paths: [ "README.md", "values.yaml" ] paths: [ "README.md", "values.yaml" ]
tags-ignore:
- '**'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
generate-parameters: generate-parameters:
container: container:
image: docker.io/library/node:24.1.0-alpine image: docker.io/library/node:22.9.0-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
run: | run: |
apk update apk update
apk add git npm apk add git
- uses: actions/checkout@v4.2.2 - uses: actions/checkout@v4.2.2
- name: Generate parameter section in README - name: Generate parameter section in README
run: | run: |

10
.gitea/workflows/helm.yaml
View File

@ -3,17 +3,13 @@ name: Helm
on: on:
pull_request: pull_request:
types: [ "opened", "reopened", "synchronize" ] types: [ "opened", "reopened", "synchronize" ]
push: push: {}
branches:
- '**'
tags-ignore:
- '**'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
helm-lint: helm-lint:
container: container:
image: docker.io/volkerraschek/helm:3.18.0 image: docker.io/volkerraschek/helm:3.16.1
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
@ -28,7 +24,7 @@ jobs:
helm-unittest: helm-unittest:
container: container:
image: docker.io/volkerraschek/helm:3.18.0 image: docker.io/volkerraschek/helm:3.16.1
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:

10
.gitea/workflows/markdown-linters.yaml
View File

@ -5,24 +5,20 @@ on:
paths: [ "**/*.md" ] paths: [ "**/*.md" ]
types: [ "opened", "reopened", "synchronize" ] types: [ "opened", "reopened", "synchronize" ]
push: push:
branches:
- '**'
paths: [ "**/*.md" ] paths: [ "**/*.md" ]
tags-ignore:
- '**'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
markdown-link-checker: markdown-link-checker:
container: container:
image: docker.io/library/node:24.1.0-alpine image: docker.io/library/node:22.9.0-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:
- name: Install tooling - name: Install tooling
run: | run: |
apk update apk update
apk add git npm apk add git
- uses: actions/checkout@v4.2.2 - uses: actions/checkout@v4.2.2
- name: Verify links in markdown files - name: Verify links in markdown files
run: | run: |
@ -31,7 +27,7 @@ jobs:
markdown-lint: markdown-lint:
container: container:
image: docker.io/library/node:24.1.0-alpine image: docker.io/library/node:22.9.0-alpine
runs-on: runs-on:
- ubuntu-latest - ubuntu-latest
steps: steps:

52
.gitea/workflows/release.yaml
View File

@ -3,44 +3,38 @@ name: Release
on: on:
push: push:
tags: tags:
- "**" - "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.16.4"
jobs: jobs:
publish-chart: generate-chart-publish:
container: container:
image: docker.io/volkerraschek/helm:3.18.0 image: docker.io/volkerraschek/helm:3.16.1
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install tooling
run: |
apk update
apk add git npm
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Package chart # - name: Import GPG key
# id: import_gpg
# uses: https://github.com/crazy-max/ghaction-import-gpg@v6
# with:
# gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
# passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
# fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: package chart
env: env:
HELM_REPO_NAME: upload HELM_REPO_NAME: test
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
GITEA_SERVER_URL: ${{ github.server_url }}
run: | run: |
PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2) REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1) PACKAGE_VERSION=${GITHUB_REF#refs/tags/v}
helm repo add ${HELM_REPO_NAME} https://charts.cryptic.systems/${HELM_REPO_NAME}
helm dependency build helm dependency build
helm package --version "${PACKAGE_VERSION}" ./ helm package --version "${PACKAGE_VERSION}" ./
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz ${HELM_REPO_NAME}
# chart-museum
helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
helm repo remove chartmuseum
# gitea
helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
helm repo remove gitea

2
Chart.yaml
View File

@ -4,7 +4,7 @@ description: Prometheus metric exporter for PostgreSQL
type: application type: application
kubeVersion: ">=1.20.0" kubeVersion: ">=1.20.0"
version: "0.1.0" version: "0.1.0"
appVersion: "0.17.1" appVersion: "0.16.0"
# icon: https://annotations.example.com/icon.png # icon: https://annotations.example.com/icon.png

4
Makefile
View File

@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE # HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY?=volkerraschek/helm HELM_IMAGE_REPOSITORY?=volkerraschek/helm
HELM_IMAGE_VERSION?=3.18.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# NODE_IMAGE # NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY?=library/node NODE_IMAGE_REPOSITORY?=library/node
NODE_IMAGE_VERSION?=24.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT # MISSING DOT

166
README.md
View File

@ -1,12 +1,11 @@
# Prometheus PostgreSQL exporter # Prometheus PostgreSQL exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-postgres-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-postgres-exporter)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/prometheus-exporters)](https://artifacthub.io/packages/search?repo=prometheus-exporters)
> [!NOTE] > [!NOTE]
> This is not the official *community* helm chart of the Prometheus metric exporter for PostgreSQL databases. If you are > This is not the official *community* helm chart of the Prometheus metric exporter for PostgreSQL databases. You can
> looking for the official helm chart, checkout the GitHub project > find the official community chart [here](https://github.com/prometheus-community/helm-charts).
> [helm-charts](https://github.com/prometheus-community/helm-charts) of the [Prometheus
> community](https://github.com/prometheus-community).
This helm chart enables the deployment of a Prometheus metrics exporter for PostgreSQL databases and allows the This helm chart enables the deployment of a Prometheus metrics exporter for PostgreSQL databases and allows the
individual configuration of additional containers/initContainers, mounting of volumes, defining additional environment individual configuration of additional containers/initContainers, mounting of volumes, defining additional environment
@ -21,7 +20,7 @@ helm chart is tested for deployment scenarios with **ArgoCD**.
## Helm: configuration and installation ## Helm: configuration and installation
1. A helm chart repository must be configured, to pull the helm charts from. 1. A helm chart repository must be configured, to pull the helm charts from.
2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm 2. All available parameters are [here](#parameters) in detail document. The parameters can be defined via the helm
`--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter` `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
repository and use the `--set` flag for a basic deployment. repository and use the `--set` flag for a basic deployment.
@ -47,7 +46,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
versions can break something! versions can break something!
```bash ```bash
CHART_VERSION=0.4.2 CHART_VERSION=0.1.0
helm show values prometheus-exporters/prometheus-postgres-exporter --version "${CHART_VERSION}" > values.yaml helm show values prometheus-exporters/prometheus-postgres-exporter --version "${CHART_VERSION}" > values.yaml
``` ```
@ -64,38 +63,6 @@ for customizations. These can be configured in more detail via `values.yaml`.
The following examples serve as individual configurations and as inspiration for how deployment problems can be solved. The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
#### Avoid CPU throttling by defining a CPU limit
If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
cannot use the available CPU time to perform computing operations.
The application must be informed that despite several CPUs only a part (limit) of the available computing time is
available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
of defining `GOMAXPROCS` automatically based on the defined CPU limit like `1000m`. Please keep in mind, that the CFS
rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
Further information about this topic can be found in one of Kanishk's blog
[posts](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
> [!NOTE]
> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
> not anymore required.
>
> Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
```bash
helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
--set 'config.database.secret.databaseUsername=postgres' \
--set 'config.database.secret.databasePassword=postgres' \
--set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
--set 'prometheus.metrics.enabled=true' \
--set 'prometheus.metrics.serviceMonitor.enabled=true' \
--set 'deployment.postgresExporter.env.name=GOMAXPROCS' \
--set 'deployment.postgresExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
--set 'deployment.postgresExporter.resources.limits.cpu=1000m'
```
#### TLS authentication and encryption #### TLS authentication and encryption
The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
@ -191,75 +158,6 @@ deployment:
- postgres - postgres
``` ```
### Network policies
Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
network policy implementation of CNI plugins. It's support only the official API resource of `networking.k8s.io/v1`.
The object networkPolicies can contains multiple networkPolicy definitions. There is currently only one example
predefined - it's named `default`. Further networkPolicy rules can easy be added by defining additional objects. For example:
> [!NOTE]
> The structure of each custom network policy must be equal like that of default. For this reason don't forget to define
> `annotations`, `labels` and the other properties as well.
```yaml
networkPolicies:
enabled: false
default: {}
my-custom-network-policy: {}
```
The example below is an excerpt of the `values.yaml` file. The network policy `default` contains ingress rules to allow
incoming traffic from Prometheus. Additionally two egress rules are defined, to allow the application outgoing access to
the internal running DNS server `core-dns` and the external running postgres database listen on `10.14.243.12`.
> [!IMPORTANT]
> Please keep in mind, that the namespace and pod selector labels can be different from environment to environment. For
> this reason, there is are not default network policy rules defined.
```yaml
networkPolicies:
enabled: true
default:
enabled: true
annotations: {}
labels: {}
policyTypes:
- Egress
- Ingress
egress:
- to:
- ipBlock:
cidr: 10.14.243.12/32
ports:
- port: 5432
protocol: TCP
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: http
protocol: TCP
```
## Parameters ## Parameters
### Global ### Global
@ -271,25 +169,25 @@ networkPolicies:
### Configuration ### Configuration
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `config.database.existingSecret.enabled` | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables. | `false` | | `config.database.existingSecret.enabled` | Mount an existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables. | `false` |
| `config.database.existingSecret.secretName` | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables. | `""` | | `config.database.existingSecret.secretName` | Name of the existing secret containing the application specific `DATA_SOURCE_` prefixed environment variables. | `""` |
| `config.database.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` | | `config.database.secret.annotations` | Additional annotations of the secret containing the database credentials. | `{}` |
| `config.database.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` | | `config.database.secret.labels` | Additional labels of the secret containing the database credentials. | `{}` |
| `config.database.secret.databaseUsername` | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret. | `""` | | `config.database.secret.databaseUsername` | Database username. Will be defined as env `DATA_SOURCE_USER` as part of a secret. | `""` |
| `config.database.secret.databasePassword` | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret. | `""` | | `config.database.secret.databasePassword` | Database password. Will be defined as env `DATA_SOURCE_PASS` as part of a secret. | `""` |
| `config.database.secret.databaseConnectionUrl` | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret. | `""` | | `config.database.secret.databaseConnectionUrl` | Complex database connection URL. Will be defined as env `DATA_SOURCE_URI` as part of a secret. | `""` |
| `config.exporterConfig.existingSecret.enabled` | Mount an existing secret containing the key `exporterConfig.yaml`. | `false` | | `config.exporterConfig.existingSecret.enabled` | Mount an existing secret containing the key `exporterConfig.yaml`. | `false` |
| `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`. | `""` | | `config.exporterConfig.existingSecret.secretName` | Name of the existing secret containing the key `exporterConfig.yaml`. | `""` |
| `config.exporterConfig.secret.annotations` | Additional annotations of the secret containing the `exporterConfig.yaml`. | `{}` | | `config.exporterConfig.secret.annotations` | Additional annotations of the secret containing the `exporterConfig.yaml`. | `{}` |
| `config.exporterConfig.secret.labels` | Additional labels of the secret containing the `exporterConfig.yaml`. | `{}` | | `config.exporterConfig.secret.labels` | Additional labels of the secret containing the `exporterConfig.yaml`. | `{}` |
| `config.exporterConfig.secret.exporterConfig` | Content of the `exporterConfig.yaml`. Further information can be found in the [README](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta) file of the Postgres exporter binary. | `{}` | | `config.exporterConfig.secret.exporterConfig` | Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta). | `{}` |
| `config.webConfig.existingSecret.enabled` | Mount an existing secret containing the key `webConfig.yaml`. | `false` | | `config.webConfig.existingSecret.enabled` | Mount an existing secret containing the key `webConfig.yaml`. | `false` |
| `config.webConfig.existingSecret.secretName` | Name of the existing secret containing the key `webConfig.yaml`. | `""` | | `config.webConfig.existingSecret.secretName` | Name of the existing secret containing the key `webConfig.yaml`. | `""` |
| `config.webConfig.secret.annotations` | Additional annotations of the secret containing the `webConfig.yaml`. | `{}` | | `config.webConfig.secret.annotations` | Additional annotations of the secret containing the `webConfig.yaml`. | `{}` |
| `config.webConfig.secret.labels` | Additional labels of the secret containing the `webConfig.yaml`. | `{}` | | `config.webConfig.secret.labels` | Additional labels of the secret containing the `webConfig.yaml`. | `{}` |
| `config.webConfig.secret.webConfig` | Content of the `webConfig.yaml`. Further [documentation](https://prometheus.io/docs/prometheus/latest/configuration/https/) is available on the official Prometheus website. | `{}` | | `config.webConfig.secret.webConfig` | Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/). | `{}` |
### Deployment ### Deployment
@ -321,7 +219,7 @@ networkPolicies:
| `deployment.replicas` | Number of replicas for the postgres-exporter deployment. | `1` | | `deployment.replicas` | Number of replicas for the postgres-exporter deployment. | `1` |
| `deployment.restartPolicy` | Restart policy of the postgres-exporter deployment. | `""` | | `deployment.restartPolicy` | Restart policy of the postgres-exporter deployment. | `""` |
| `deployment.securityContext` | Security context of the postgres-exporter deployment. | `{}` | | `deployment.securityContext` | Security context of the postgres-exporter deployment. | `{}` |
| `deployment.strategy.type` | Strategy type - `Recreate` or `RollingUpdate`. | `RollingUpdate` | | `deployment.strategy.type` | Strategy type - `Recreate` or `Rollingupdate`. | `Recreate` |
| `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` | | `deployment.strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1` |
| `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` | | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update. | `1` |
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` | | `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod. | `60` |
@ -356,17 +254,11 @@ networkPolicies:
| --------------------- | ---------------------- | ----- | | --------------------- | ---------------------- | ----- |
| `podDisruptionBudget` | Pod disruption budget. | `{}` | | `podDisruptionBudget` | Pod disruption budget. | `{}` |
### NetworkPolicies ### Network
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------- | | ----------------- | ------------------------------------------------------------------------------------------------------------------ | ----- |
| `networkPolicies.enabled` | Enable network policies in general. | `false` | | `networkPolicies` | Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave. | `{}` |
| `networkPolicies.default.enabled` | Enable the network policy for accessing the application by default. For example to scape the metrics. | `false` |
| `networkPolicies.default.annotations` | Additional network policy annotations. | `{}` |
| `networkPolicies.default.labels` | Additional network policy labels. | `{}` |
| `networkPolicies.default.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]` |
| `networkPolicies.default.egress` | Concrete egress network policy implementation. | `[]` |
| `networkPolicies.default.ingress` | Concrete ingress network policy implementation. | `[]` |
### Prometheus ### Prometheus

1183
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
package.json
View File

@ -16,6 +16,6 @@
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0", "@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6", "markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.45.0" "markdownlint-cli": "^0.43.0"
} }
} }

60
renovate.json
View File

@ -1,14 +1,9 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "assignees": [ "volker.raschek" ],
"local>volker.raschek/renovate-config:default#master",
"local>volker.raschek/renovate-config:container#master",
"local>volker.raschek/renovate-config:actions#master",
"local>volker.raschek/renovate-config:npm#master",
"local>volker.raschek/renovate-config:regexp#master"
],
"customManagers": [ "customManagers": [
{ {
"description": "Update container image reference",
"fileMatch": [ "fileMatch": [
"^Chart\\.yaml$" "^Chart\\.yaml$"
], ],
@ -21,48 +16,35 @@
"versioningTemplate": "semver" "versioningTemplate": "semver"
}, },
{ {
"fileMatch": ["^README\\.md$"], "description": "Detect helm chart version in README",
"matchStrings": [ "fileMatch": [
"VERSION=(?<currentValue>.*)" "^README\\.md$"
],
"matchStrings": [
"^CHART_VERSION=(?<currentValue>.*)$"
], ],
"depNameTemplate": "volker.raschek/prometheus-postgres-exporter",
"packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
"datasourceTemplate": "git-tags", "datasourceTemplate": "git-tags",
"depNameTemplate": "volker.raschek/prometheus-postgres-exporter",
"packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
"versioningTemplate": "semver" "versioningTemplate": "semver"
} }
], ],
"labels": [ "renovate" ],
"packageRules": [ "packageRules": [
{ {
"addLabels": [ "addLabels": [ "renovate/automerge", "renovate/droneci" ],
"renovate/automerge",
"renovate/container"
],
"automerge": true, "automerge": true,
"excludePackagePatterns": [ "matchManagers": "droneci",
"prometheuscommunity/postgres-exporter" "matchUpdateTypes": [ "minor", "patch"]
],
"matchDatasources": [
"docker"
],
"matchUpdateTypes": [
"minor",
"patch"
]
}, },
{ {
"addLabels": [ "addLabels": [ "renovate/automerge", "renovate/npm" ],
"renovate/automerge",
"renovate/documentation"
],
"automerge": true, "automerge": true,
"matchDepNames": [ "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
"volker.raschek/prometheus-postgres-exporter" "matchManagers": [ "npm" ],
], "matchUpdateTypes": [ "minor", "patch"]
"matchUpdateTypes": [
"major",
"minor",
"patch"
]
} }
] ],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
} }

11
templates/prometheus-postgres-exporter/_deployment.tpl
View File

@ -9,17 +9,6 @@
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* env */}}
{{- define "prometheus-postgres-exporter.deployment.env" -}}
{{- $env := dict "env" (.Values.deployment.postgresExporter.env | default (list) ) }}
{{- if and (hasKey .Values.deployment.postgresExporter.resources "limits") (hasKey .Values.deployment.postgresExporter.resources.limits "cpu") }}
{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
{{- end }}
{{ toYaml $env }}
{{- end -}}
{{/* envFrom */}} {{/* envFrom */}}
{{- define "prometheus-postgres-exporter.deployment.envFrom" -}} {{- define "prometheus-postgres-exporter.deployment.envFrom" -}}

19
templates/prometheus-postgres-exporter/_networkPolicies.tpl
View File

@ -1,19 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* annotations */}}
{{- define "prometheus-postgres-exporter.networkPolicies.annotations" -}}
{{ include "prometheus-postgres-exporter.annotations" .context }}
{{- if .networkPolicy.annotations }}
{{ toYaml .networkPolicy.annotations }}
{{- end }}
{{- end }}
{{/* labels */}}
{{- define "prometheus-postgres-exporter.networkPolicies.labels" -}}
{{ include "prometheus-postgres-exporter.labels" .context }}
{{- if .networkPolicy.labels }}
{{ toYaml .networkPolicy.labels }}
{{- end }}
{{- end }}

31
templates/prometheus-postgres-exporter/_pod.tpl
View File

@ -4,37 +4,6 @@
{{- define "prometheus-postgres-exporter.pod.annotations" -}} {{- define "prometheus-postgres-exporter.pod.annotations" -}}
{{ include "prometheus-postgres-exporter.annotations" . }} {{ include "prometheus-postgres-exporter.annotations" . }}
# The following annotations are required to trigger a rolling update. Further information can be found in the official
# documentation of helm:
#
# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
#
{{/* database */}}
{{- if and .Values.config.database.existingSecret.enabled .Values.config.database.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.database.existingSecret.secretName ) }}
checksum/secret-database: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-database: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretDatabase.yaml") . | sha256sum }}
{{- end }}
{{/* exporter config */}}
{{- if and .Values.config.exporterConfig.existingSecret.enabled .Values.config.exporterConfig.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.exporterConfig.existingSecret.secretName ) }}
checksum/secret-exporter-config: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-exporter-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretExporterConfig.yaml") . | sha256sum }}
{{- end }}
{{/* web config */}}
{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
{{- else }}
checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretWebConfig.yaml") . | sha256sum }}
{{- end }}
{{- end }} {{- end }}
{{/* labels */}} {{/* labels */}}

2
templates/prometheus-postgres-exporter/configMapGrafanaDashboardPostgresExporter.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata: metadata:
{{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.annotations" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.labels" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.configMap.grafanaDashboards.postgresExporter.labels" . | fromYaml) }}
labels: labels:

13
templates/prometheus-postgres-exporter/deployment.yaml
View File

@ -3,7 +3,7 @@ kind: Deployment
metadata: metadata:
{{- with (include "prometheus-postgres-exporter.deployment.annotations" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.deployment.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-postgres-exporter.deployment.labels" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.deployment.labels" . | fromYaml) }}
labels: labels:
@ -18,8 +18,6 @@ spec:
{{- include "prometheus-postgres-exporter.pod.selectorLabels" . | nindent 6 }} {{- include "prometheus-postgres-exporter.pod.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
annotations:
{{- include "prometheus-postgres-exporter.pod.annotations" . | nindent 8 }}
labels: labels:
{{- include "prometheus-postgres-exporter.pod.labels" . | nindent 8 }} {{- include "prometheus-postgres-exporter.pod.labels" . | nindent 8 }}
spec: spec:
@ -36,10 +34,9 @@ spec:
{{- range .Values.deployment.postgresExporter.args }} {{- range .Values.deployment.postgresExporter.args }}
- {{ . | quote }} - {{ . | quote }}
{{- end }} {{- end }}
{{- $env := (include "prometheus-postgres-exporter.deployment.env" . | fromYaml) }} {{- with .Values.deployment.postgresExporter.env }}
{{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
env: env:
{{- toYaml $env.env | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- $envFrom := (include "prometheus-postgres-exporter.deployment.envFrom" . | fromYaml) }} {{- $envFrom := (include "prometheus-postgres-exporter.deployment.envFrom" . | fromYaml) }}
{{- if hasKey $envFrom "envFrom" }} {{- if hasKey $envFrom "envFrom" }}
@ -128,7 +125,3 @@ spec:
volumes: volumes:
{{- toYaml $volumes.volumes | nindent 6 }} {{- toYaml $volumes.volumes | nindent 6 }}
{{- end }} {{- end }}
{{- with .Values.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

2
templates/prometheus-postgres-exporter/ingress.yaml
View File

@ -5,7 +5,7 @@ kind: Ingress
metadata: metadata:
{{- with (include "prometheus-postgres-exporter.ingress.annotations" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.ingress.annotations" . | fromYaml) }}
annotations: annotations:
{{- tpl (toYaml .) $ | nindent 4 }} {{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }} {{- end }}
{{- with (include "prometheus-postgres-exporter.ingress.labels" . | fromYaml) }} {{- with (include "prometheus-postgres-exporter.ingress.labels" . | fromYaml) }}
labels: labels:

36
templates/prometheus-postgres-exporter/networkPolicies.yaml
View File

@ -1,36 +0,0 @@
{{- if .Values.networkPolicies.enabled }}
{{- range $key, $value := .Values.networkPolicies -}}
{{- if and (not (eq $key "enabled")) $value.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
{{- with (include "prometheus-postgres-exporter.networkPolicies.annotations" (dict "networkPolicy" $value "context" $) | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "prometheus-postgres-exporter.networkPolicies.labels" (dict "networkPolicy" $value "context" $) | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ printf "%s-%s" (include "prometheus-postgres-exporter.fullname" $ ) $key }}
namespace: {{ $.Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "prometheus-postgres-exporter.pod.selectorLabels" $ | nindent 6 }}
{{- with $value.policyTypes }}
policyTypes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.egress }}
egress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $value.ingress }}
ingress:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

218
unittests/deployment/deployment.yaml
View File

@ -7,29 +7,18 @@ release:
namespace: testing namespace: testing
templates: templates:
- templates/prometheus-postgres-exporter/deployment.yaml - templates/prometheus-postgres-exporter/deployment.yaml
- templates/prometheus-postgres-exporter/secretDatabase.yaml
- templates/prometheus-postgres-exporter/secretExporterConfig.yaml
- templates/prometheus-postgres-exporter/secretWebConfig.yaml
tests: tests:
- it: Rendering default - it: Rendering default
set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
asserts: asserts:
- hasDocuments: - hasDocuments:
count: 1 count: 1
template: templates/prometheus-postgres-exporter/deployment.yaml
- containsDocument: - containsDocument:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
name: prometheus-postgres-exporter-unittest name: prometheus-postgres-exporter-unittest
namespace: testing namespace: testing
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: metadata.annotations.checksum/secret-database path: metadata.annotations
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: metadata.labels path: metadata.labels
value: value:
@ -38,51 +27,27 @@ tests:
app.kubernetes.io/name: prometheus-postgres-exporter app.kubernetes.io/name: prometheus-postgres-exporter
app.kubernetes.io/version: 0.1.0 app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-postgres-exporter-0.1.0 helm.sh/chart: prometheus-postgres-exporter-0.1.0
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.replicas path: spec.replicas
value: 1 value: 1
template: templates/prometheus-postgres-exporter/deployment.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-database
template: templates/prometheus-postgres-exporter/deployment.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-exporter-config
template: templates/prometheus-postgres-exporter/deployment.yaml
- exists:
path: spec.template.metadata.annotations.checksum/secret-web-config
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-postgres-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-postgres-exporter-0.1.0
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.affinity path: spec.template.spec.affinity
template: templates/prometheus-postgres-exporter/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].envFrom path: spec.template.spec.containers[0].envFrom
content: content:
secretRef: secretRef:
name: prometheus-postgres-exporter-unittest-database-env name: prometheus-postgres-exporter-unittest-database-env
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].args path: spec.template.spec.containers[0].args
value: value:
- --config.file=/etc/prometheus-postgres-exporter/config.d/exporterConfig.yaml - --config.file=/etc/prometheus-postgres-exporter/config.d/exporterConfig.yaml
- --web.config.file=/etc/prometheus-postgres-exporter/config.d/webConfig.yaml - --web.config.file=/etc/prometheus-postgres-exporter/config.d/webConfig.yaml
- --web.listen-address=:9187 - --web.listen-address=:9187
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].volumeMounts path: spec.template.spec.containers[0].volumeMounts
value: value:
- mountPath: /etc/prometheus-postgres-exporter/config.d - mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d name: config-d
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@ -94,91 +59,53 @@ tests:
name: prometheus-postgres-exporter-unittest-exporter-config name: prometheus-postgres-exporter-unittest-exporter-config
- secret: - secret:
name: prometheus-postgres-exporter-unittest-web-config name: prometheus-postgres-exporter-unittest-web-config
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: quay.io/prometheuscommunity/postgres-exporter:v0.1.0 value: quay.io/prometheuscommunity/postgres-exporter:v0.1.0
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent value: IfNotPresent
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.containers[0].securityContext path: spec.template.spec.containers[0].securityContext
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.dnsConfig path: spec.template.spec.dnsConfig
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.hostname path: spec.template.spec.hostname
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: false value: false
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.imagePullSecrets path: spec.template.spec.imagePullSecrets
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 60 value: 60
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.tolerations path: spec.template.spec.tolerations
template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists: - notExists:
path: spec.template.spec.topologySpreadConstraints path: spec.template.spec.topologySpreadConstraints
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.strategy
value:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom replicas - it: Test custom replicas
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.replicas: 3 deployment.replicas: 3
asserts: asserts:
- equal: - equal:
path: spec.replicas path: spec.replicas
value: 3 value: 3
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom affinity - it: Test custom affinity
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.affinity: deployment.affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@ -202,16 +129,9 @@ tests:
values: values:
- antarctica-east1 - antarctica-east1
- antarctica-west1 - antarctica-west1
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test additional arguments - it: Test additional arguments
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.args: deployment.postgresExporter.args:
- "--foo=bar" - "--foo=bar"
- "--bar=foo" - "--bar=foo"
@ -224,42 +144,26 @@ tests:
- --web.listen-address=:9187 - --web.listen-address=:9187
- --foo=bar - --foo=bar
- --bar=foo - --bar=foo
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom imageRegistry and imageRepository - it: Test custom imageRegistry and imageRepository
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.image.registry: registry.example.local deployment.postgresExporter.image.registry: registry.example.local
deployment.postgresExporter.image.repository: path/special/prometheus-postgres-exporter deployment.postgresExporter.image.repository: path/special/prometheus-postgres-exporter
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-postgres-exporter:v0.1.0 value: registry.example.local/path/special/prometheus-postgres-exporter:v0.1.0
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom imagePullPolicy - it: Test custom imagePullPolicy
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.image.pullPolicy: Always deployment.postgresExporter.image.pullPolicy: Always
asserts: asserts:
- equal: - equal:
path: spec.template.spec.containers[0].imagePullPolicy path: spec.template.spec.containers[0].imagePullPolicy
value: Always value: Always
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.database.existingSecret - it: Test config.database.existingSecret
set: set:
# Normal test values
config.database.existingSecret.enabled: true config.database.existingSecret.enabled: true
config.database.existingSecret.secretName: custom-database-secret config.database.existingSecret.secretName: custom-database-secret
asserts: asserts:
@ -268,16 +172,9 @@ tests:
content: content:
secretRef: secretRef:
name: custom-database-secret name: custom-database-secret
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.exporterConfig.existingSecret - it: Test config.exporterConfig.existingSecret
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
config.exporterConfig.existingSecret.enabled: true config.exporterConfig.existingSecret.enabled: true
config.exporterConfig.existingSecret.secretName: exporter-config-secret config.exporterConfig.existingSecret.secretName: exporter-config-secret
asserts: asserts:
@ -286,7 +183,6 @@ tests:
value: value:
- mountPath: /etc/prometheus-postgres-exporter/config.d - mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d name: config-d
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@ -298,16 +194,9 @@ tests:
name: exporter-config-secret name: exporter-config-secret
- secret: - secret:
name: prometheus-postgres-exporter-unittest-web-config name: prometheus-postgres-exporter-unittest-web-config
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.webConfig.existingSecret - it: Test config.webConfig.existingSecret
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
config.webConfig.existingSecret.enabled: true config.webConfig.existingSecret.enabled: true
config.webConfig.existingSecret.secretName: web-config-secret config.webConfig.existingSecret.secretName: web-config-secret
asserts: asserts:
@ -316,7 +205,6 @@ tests:
value: value:
- mountPath: /etc/prometheus-postgres-exporter/config.d - mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d name: config-d
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@ -328,16 +216,9 @@ tests:
name: prometheus-postgres-exporter-unittest-exporter-config name: prometheus-postgres-exporter-unittest-exporter-config
- secret: - secret:
name: web-config-secret name: web-config-secret
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom resource limits and requests - it: Test custom resource limits and requests
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.resources: deployment.postgresExporter.resources:
limits: limits:
cpu: 100m cpu: 100m
@ -346,15 +227,6 @@ tests:
cpu: 25m cpu: 25m
memory: 100MB memory: 100MB
asserts: asserts:
- equal:
path: spec.template.spec.containers[0].env
value:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.containers[0].resources path: spec.template.spec.containers[0].resources
value: value:
@ -364,16 +236,9 @@ tests:
requests: requests:
cpu: 25m cpu: 25m
memory: 100MB memory: 100MB
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom securityContext - it: Test custom securityContext
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.securityContext: deployment.postgresExporter.securityContext:
capabilities: capabilities:
add: add:
@ -397,16 +262,9 @@ tests:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test dnsConfig - it: Test dnsConfig
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.dnsConfig: deployment.dnsConfig:
nameservers: nameservers:
- "8.8.8.8" - "8.8.8.8"
@ -418,31 +276,17 @@ tests:
nameservers: nameservers:
- "8.8.8.8" - "8.8.8.8"
- "8.8.4.4" - "8.8.4.4"
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test dnsPolicy - it: Test dnsPolicy
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.dnsPolicy: ClusterFirst deployment.dnsPolicy: ClusterFirst
asserts: asserts:
- equal: - equal:
path: spec.template.spec.dnsPolicy path: spec.template.spec.dnsPolicy
value: ClusterFirst value: ClusterFirst
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test hostNetwork, hostname, subdomain - it: Test hostNetwork, hostname, subdomain
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.hostNetwork: true deployment.hostNetwork: true
deployment.hostname: pg-exporter deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal deployment.subdomain: exporters.internal
@ -450,24 +294,15 @@ tests:
- equal: - equal:
path: spec.template.spec.hostNetwork path: spec.template.spec.hostNetwork
value: true value: true
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.hostname path: spec.template.spec.hostname
value: pg-exporter value: pg-exporter
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.subdomain path: spec.template.spec.subdomain
value: exporters.internal value: exporters.internal
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test imagePullSecrets - it: Test imagePullSecrets
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.imagePullSecrets: deployment.imagePullSecrets:
- name: my-pull-secret - name: my-pull-secret
- name: my-special-secret - name: my-special-secret
@ -477,16 +312,9 @@ tests:
value: value:
- name: my-pull-secret - name: my-pull-secret
- name: my-special-secret - name: my-special-secret
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test nodeSelector - it: Test nodeSelector
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.nodeSelector: deployment.nodeSelector:
foo: bar foo: bar
asserts: asserts:
@ -494,61 +322,33 @@ tests:
path: spec.template.spec.nodeSelector path: spec.template.spec.nodeSelector
value: value:
foo: bar foo: bar
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test priorityClassName - it: Test priorityClassName
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.priorityClassName: my-priority deployment.priorityClassName: my-priority
asserts: asserts:
- equal: - equal:
path: spec.template.spec.priorityClassName path: spec.template.spec.priorityClassName
value: my-priority value: my-priority
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test restartPolicy - it: Test restartPolicy
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.restartPolicy: Always deployment.restartPolicy: Always
asserts: asserts:
- equal: - equal:
path: spec.template.spec.restartPolicy path: spec.template.spec.restartPolicy
value: Always value: Always
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test terminationGracePeriodSeconds - it: Test terminationGracePeriodSeconds
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.terminationGracePeriodSeconds: 120 deployment.terminationGracePeriodSeconds: 120
asserts: asserts:
- equal: - equal:
path: spec.template.spec.terminationGracePeriodSeconds path: spec.template.spec.terminationGracePeriodSeconds
value: 120 value: 120
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test tolerations - it: Test tolerations
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.tolerations: deployment.tolerations:
- key: database/type - key: database/type
operator: Equal operator: Equal
@ -562,16 +362,9 @@ tests:
operator: Equal operator: Equal
value: postgres value: postgres
effect: NoSchedule effect: NoSchedule
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test topologySpreadConstraints - it: Test topologySpreadConstraints
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.topologySpreadConstraints: deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname - topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule whenUnsatisfiable: DoNotSchedule
@ -587,16 +380,9 @@ tests:
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/instance: prometheus-postgres-exporter app.kubernetes.io/instance: prometheus-postgres-exporter
template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test additional volumeMounts and volumes - it: Test additional volumeMounts and volumes
set: set:
# Ensure that the secrets and config maps are well configured.
config.database.secret.databaseUsername: "postgres"
config.database.secret.databasePassword: "postgres"
config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
# Normal test values
deployment.postgresExporter.volumeMounts: deployment.postgresExporter.volumeMounts:
- name: data - name: data
mountPath: /usr/lib/prometheus-postgres-exporter/data mountPath: /usr/lib/prometheus-postgres-exporter/data
@ -612,7 +398,6 @@ tests:
mountPath: /usr/lib/prometheus-postgres-exporter/data mountPath: /usr/lib/prometheus-postgres-exporter/data
- name: config-d - name: config-d
mountPath: /etc/prometheus-postgres-exporter/config.d mountPath: /etc/prometheus-postgres-exporter/config.d
template: templates/prometheus-postgres-exporter/deployment.yaml
- equal: - equal:
path: spec.template.spec.volumes path: spec.template.spec.volumes
value: value:
@ -627,4 +412,3 @@ tests:
name: prometheus-postgres-exporter-unittest-exporter-config name: prometheus-postgres-exporter-unittest-exporter-config
- secret: - secret:
name: prometheus-postgres-exporter-unittest-web-config name: prometheus-postgres-exporter-unittest-web-config
template: templates/prometheus-postgres-exporter/deployment.yaml

118
unittests/networkPolicies/default.yaml
View File

@ -1,118 +0,0 @@
chart:
appVersion: 0.1.0
version: 0.1.0
suite: NetworkPolicies template (basic)
release:
name: prometheus-postgres-exporter-unittest
namespace: testing
templates:
- templates/prometheus-postgres-exporter/networkPolicies.yaml
tests:
- it: Skip networkPolicies in general disabled.
set:
networkPolicies.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Skip networkPolicy 'default' when disabled.
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Loop over networkPolicies
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: false
networkPolicies.nginx.enabled: true
networkPolicies.prometheus.enabled: true
asserts:
- hasDocuments:
count: 2
- it: Template networkPolicy 'default' without policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: prometheus-postgres-exporter-unittest-default
namespace: testing
- notExists:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-postgres-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-postgres-exporter-0.1.0
- equal:
path: spec.podSelector.matchLabels
value:
app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
app.kubernetes.io/name: prometheus-postgres-exporter
- notExists:
path: spec.policyTypes
- notExists:
path: spec.egress
- notExists:
path: spec.ingress
- it: Template networkPolicy 'default' with policyTypes, egress and ingress configuration
set:
networkPolicies.enabled: true
networkPolicies.default.enabled: true
networkPolicies.default.policyTypes:
- Egress
- Ingress
networkPolicies.default.ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
networkPolicies.default.egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
asserts:
- equal:
path: spec.policyTypes
value:
- Egress
- Ingress
- equal:
path: spec.egress
value:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: database
podSelector:
matchLabels:
app.kubernetes.io/name: oracle
- equal:
path: spec.ingress
value:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: khv-production
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus

84
values.yaml
View File

@ -35,7 +35,7 @@ config:
## @param config.exporterConfig.secret.annotations Additional annotations of the secret containing the `exporterConfig.yaml`. ## @param config.exporterConfig.secret.annotations Additional annotations of the secret containing the `exporterConfig.yaml`.
## @param config.exporterConfig.secret.labels Additional labels of the secret containing the `exporterConfig.yaml`. ## @param config.exporterConfig.secret.labels Additional labels of the secret containing the `exporterConfig.yaml`.
## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found in the [README](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta) file of the Postgres exporter binary. ## @param config.exporterConfig.secret.exporterConfig Content of the `exporterConfig.yaml`. Further information can be found [here](https://github.com/prometheus-community/postgres_exporter?tab=readme-ov-file#multi-target-support-beta).
## @skip config.exporterConfig.secret.exporterConfig Skip individual postgres exporter configuration. ## @skip config.exporterConfig.secret.exporterConfig Skip individual postgres exporter configuration.
secret: secret:
annotations: {} annotations: {}
@ -59,7 +59,7 @@ config:
## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`. ## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`. ## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`.
## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`. Further [documentation](https://prometheus.io/docs/prometheus/latest/configuration/https/) is available on the official Prometheus website. ## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`. Further information can be found [here](https://prometheus.io/docs/prometheus/latest/configuration/https/).
## @skip config.webConfig.secret.webConfig Skip individual web configuration. ## @skip config.webConfig.secret.webConfig Skip individual web configuration.
secret: secret:
annotations: {} annotations: {}
@ -224,11 +224,11 @@ deployment:
securityContext: {} securityContext: {}
# fsGroup: 2000 # fsGroup: 2000
## @param deployment.strategy.type Strategy type - `Recreate` or `RollingUpdate`. ## @param deployment.strategy.type Strategy type - `Recreate` or `Rollingupdate`.
## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update. ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
strategy: strategy:
type: "RollingUpdate" type: "Recreate"
rollingUpdate: rollingUpdate:
maxSurge: 1 maxSurge: 1
maxUnavailable: 1 maxUnavailable: 1
@ -266,7 +266,7 @@ grafana:
enabled: false enabled: false
## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment. ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment.
## @skip grafana.dashboardDiscoveryLabels Skip individual configuration. ## @skip grafana.dashboardDiscoveryLabels
dashboardDiscoveryLabels: dashboardDiscoveryLabels:
grafana_dashboard: "1" grafana_dashboard: "1"
@ -311,77 +311,9 @@ podDisruptionBudget: {}
# maxUnavailable: 1 # maxUnavailable: 1
# minAvailable: 1 # minAvailable: 1
## @section NetworkPolicies ## @section Network
## @param networkPolicies.enabled Enable network policies in general. ## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
networkPolicies: networkPolicies: {}
enabled: false
## @param networkPolicies.default.enabled Enable the network policy for accessing the application by default. For example to scape the metrics.
## @param networkPolicies.default.annotations Additional network policy annotations.
## @param networkPolicies.default.labels Additional network policy labels.
## @param networkPolicies.default.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
## @param networkPolicies.default.egress Concrete egress network policy implementation.
## @skip networkPolicies.default.egress Skip individual egress configuration.
## @param networkPolicies.default.ingress Concrete ingress network policy implementation.
## @skip networkPolicies.default.ingress Skip individual ingress configuration.
default:
enabled: false
annotations: {}
labels: {}
policyTypes: []
# - Egress
# - Ingress
egress: []
# Allow outgoing traffic to database host
#
# - to:
# - ipBlock:
# cidr: 192.168.179.1/32
# ports:
# - port: 5432
# protocol: TCP
# Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
#
# - to:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: kube-system
# podSelector:
# matchLabels:
# k8s-app: kube-dns
# ports:
# - port: 53
# protocol: TCP
# - port: 53
# protocol: UDP
ingress: []
# Allow incoming HTTP traffic from prometheus.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: monitoring
# podSelector:
# matchLabels:
# app.kubernetes.io/name: prometheus
# ports:
# - port: http
# protocol: TCP
# Allow incoming HTTP traffic from ingress-nginx.
#
# - from:
# - namespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: ingress-nginx
# podSelector:
# matchLabels:
# app.kubernetes.io/name: ingress-nginx
# ports:
# - port: http
# protocol: TCP
## @section Prometheus ## @section Prometheus
prometheus: prometheus: