fix(deployment): add missing rolling release strategy

Reviewed-on: #17

.drone.yml

@@ -1,200 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: Linters
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm lint
-  commands:
-  - helm lint
-  image: git.cryptic.systems/volker.raschek/helm:3.16.4
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Unit tests
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: helm unittest
-  commands:
-  - helm unittest --strict --file 'unittests/**/*.yaml' ./
-  image: git.cryptic.systems/volker.raschek/helm:3.16.4
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Generate, compare and lint README.md
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: execute NPM modules
-  commands:
-  - npm install
-  - npm run readme:link
-  - npm run readme:lint
-  - npm run readme:parameters
-  image: docker.io/library/node:23.5.0-alpine
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: detect diff
-  commands:
-  - git diff --exit-code --name-only README.md
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: Release
-
-clone:
-  disable: true
-
-platform:
-  os: linux
-
-steps:
-- name: clone repository
-  image: git.cryptic.systems/volker.raschek/git:1.4.0
-
-- name: release-helm-chart
-  commands:
-  - helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
-  - helm package --version ${DRONE_TAG} .
-  - helm cm-push ${DRONE_REPO_NAME}-${DRONE_TAG}.tgz prometheus-exporters
-  environment:
-    HELM_REPO_PASSWORD:
-      from_secret: helm_repo_password
-    HELM_REPO_USERNAME:
-      from_secret: helm_repo_username
-  image: git.cryptic.systems/volker.raschek/helm:3.16.4
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-trigger:
-  event:
-  - tag
-  repo:
-  - volker.raschek/prometheus-postgres-exporter

.gitea/workflows/generate-readme.yaml

@@ -5,20 +5,24 @@ on:
     paths: [ "README.md", "values.yaml" ]
     types: [ "opened", "reopened", "synchronize" ]
   push:
+    branches:
+    - '**'
     paths: [ "README.md", "values.yaml" ]
+    tags-ignore:
+    - '**'
   workflow_dispatch: {}
 
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:22.9.0-alpine
+      image: docker.io/library/node:23.6.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
-        apk add git
+        apk add git npm
     - uses: actions/checkout@v4.2.2
     - name: Generate parameter section in README
       run: |

.gitea/workflows/helm.yaml

@@ -3,13 +3,17 @@ name: Helm
 on:
   pull_request:
     types: [ "opened", "reopened", "synchronize" ]
-  push: {}
+  push:
+    branches:
+    - '**'
+    tags-ignore:
+    - '**'
   workflow_dispatch: {}
 
 jobs:
   helm-lint:
     container:
-      image: docker.io/volkerraschek/helm:3.16.1
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on:
     - ubuntu-latest
     steps:
@@ -17,17 +21,6 @@ jobs:
       run: |
         apk update
         apk add git npm
-    - name: Check if files were touched
-      uses: dorny/paths-filter@v3.0.2
-      id: changes
-      with:
-        filters: |
-          yaml:
-          - '**/*.yaml'
-          - '**/*.yml'
-    - name: Skip further steps, when condition is not met
-      if: steps.filter.outputs.yaml == 'false'
-      run: exit 0
     - uses: actions/checkout@v4.2.2
     - name: Lint helm files
       run: |
@@ -35,7 +28,7 @@ jobs:
 
   helm-unittest:
     container:
-      image: docker.io/volkerraschek/helm:3.16.1
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on:
     - ubuntu-latest
     steps:
@@ -44,17 +37,6 @@ jobs:
         apk update
         apk add git npm
     - uses: actions/checkout@v4.2.2
-    - name: Check if files were touched
-      uses: dorny/paths-filter@v3.0.2
-      id: changes
-      with:
-        filters: |
-          yaml:
-          - '**/*.yaml'
-          - '**/*.yml'
-    - name: Skip further steps, when condition is not met
-      if: steps.filter.outputs.yaml == 'false'
-      run: exit 0
     - name: Unittest
       run: |
         helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -5,20 +5,24 @@ on:
     paths: [ "**/*.md" ]
     types: [ "opened", "reopened", "synchronize" ]
   push:
+    branches:
+    - '**'
     paths: [ "**/*.md" ]
+    tags-ignore:
+    - '**'
   workflow_dispatch: {}
 
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:22.9.0-alpine
+      image: docker.io/library/node:23.6.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
-        apk add git
+        apk add git npm
     - uses: actions/checkout@v4.2.2
     - name: Verify links in markdown files
       run: |
@@ -27,7 +31,7 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:22.9.0-alpine
+      image: docker.io/library/node:23.6.0-alpine
     runs-on:
     - ubuntu-latest
     steps:

.gitea/workflows/release.yaml

@@ -3,46 +3,44 @@ name: Release
 on:
   push:
     tags:
-    - "*"
-
-env:
-  # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.16.4"
+    - "**"
 
 jobs:
-  generate-chart-publish:
+  publish-chart:
+    container:
+      image: docker.io/volkerraschek/helm:3.16.4
     runs-on: ubuntu-latest
     steps:
+      - name: Install tooling
+        run: |
+          apk update
+          apk add git npm
       - uses: actions/checkout@v4
-      - name: install tools
-        run: |
-          apt update --yes
-          apt install --yes curl ca-certificates curl gnupg
-          # helm
-          curl --location --output helm-v${HELM_VERSION}-linux-amd64.tar.gz https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz
-          tar --extract --gzip --file helm-v${HELM_VERSION}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${HELM_VERSION}-linux-amd64.tar.gz
-          helm version
+      - name: Package chart
+        env:
+          HELM_REPO_NAME: upload
 
-      # - name: Import GPG key
-      #   id: import_gpg
-      #   uses: https://github.com/crazy-max/ghaction-import-gpg@v6
-      #   with:
-      #     gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-      #     passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      #     fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
+          CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
+          CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
 
-      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-      - name: package chart
+          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+          GITEA_SERVER_URL: ${{ github.server_url }}
         run: |
+          PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
+          REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
+          REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
+
           helm dependency build
-          helm package --version "${GITHUB_REF#refs/tags/v}" ./
-        #  mkdir gitea
-        #  mv gitea*.tgz gitea/
-        #  curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-        #  helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
-        #  # push to dockerhub
-        #  echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
-        #  helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
-        #  helm registry logout registry-1.docker.io
+          helm package --version "${PACKAGE_VERSION}" ./
+
+          # chart-museum
+          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
+          helm repo remove chartmuseum
+
+          # gitea
+          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
+          helm repo remove gitea

README.md

@@ -46,7 +46,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-CHART_VERSION=0.1.0
+CHART_VERSION=0.3.1
 helm show values prometheus-exporters/prometheus-postgres-exporter --version "${CHART_VERSION}" > values.yaml
 ```
 
@@ -63,6 +63,35 @@ for customizations. These can be configured in more detail via `values.yaml`.
 
 The following examples serve as individual configurations and as inspiration for how deployment problems can be solved.
 
+#### Avoid CPU throttling by defining a CPU limit
+
+If the application is deployed with a CPU resource limit, Prometheus may throw a CPU throttling warning for the
+application. This has more or less to do with the fact that the application finds the number of CPUs of the host, but
+cannot use the available CPU time to perform computing operations.
+
+The application must be informed that despite several CPUs only a part (limit) of the available computing time is
+available. As this is a Golang application, this can be implemented using `GOMAXPROCS`. The following example is one way
+of defining `GOMAXPROCS` automatically based on the defined CPU limit like `100m`. Please keep in mind, that the CFS
+rate of `100ms` - default on each kubernetes node, is also very important to avoid CPU throttling.
+
+Further information about this topic can be found [here](https://kanishk.io/posts/cpu-throttling-in-containerized-go-apps/).
+
+> [!NOTE]
+> The environment variable `GOMAXPROCS` is set automatically, when a CPU limit is defined. An explicit configuration is
+> not anymore required.
+
+```bash
+helm install prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
+  --set 'config.database.secret.databaseUsername=postgres' \
+  --set 'config.database.secret.databasePassword=postgres' \
+  --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
+  --set 'prometheus.metrics.enabled=true' \
+  --set 'prometheus.metrics.serviceMonitor.enabled=true' \
+  --set 'deployment.postgresExporter.env.name=GOMAXPROCS' \
+  --set 'deployment.postgresExporter.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
+  --set 'deployment.postgresExporter.resources.limits.cpu=100m'
+```
+
 #### TLS authentication and encryption
 
 The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
@@ -219,7 +248,7 @@ deployment:
 | `deployment.replicas`                              | Number of replicas for the postgres-exporter deployment.                                                   | `1`                                     |
 | `deployment.restartPolicy`                         | Restart policy of the postgres-exporter deployment.                                                        | `""`                                    |
 | `deployment.securityContext`                       | Security context of the postgres-exporter deployment.                                                      | `{}`                                    |
-| `deployment.strategy.type`                         | Strategy type - `Recreate` or `Rollingupdate`.                                                             | `Recreate`                              |
+| `deployment.strategy.type`                         | Strategy type - `Recreate` or `Rollingupdate`.                                                             | `Rollingupdate`                         |
 | `deployment.strategy.rollingUpdate.maxSurge`       | The maximum number of pods that can be scheduled above the desired number of pods during a rolling update. | `1`                                     |
 | `deployment.strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during a rolling update.                                | `1`                                     |
 | `deployment.terminationGracePeriodSeconds`         | How long to wait until forcefully kill the pod.                                                            | `60`                                    |

renovate.json

@@ -3,7 +3,6 @@
   "assignees": [ "volker.raschek" ],
   "customManagers": [
     {
-      "description": "Update container image reference",
       "fileMatch": [
         "^Chart\\.yaml$"
       ],
@@ -16,33 +15,50 @@
       "versioningTemplate": "semver"
     },
     {
-      "description": "Detect helm chart version in README",
-      "fileMatch": [
-        "^README\\.md$"
-      ],
+      "fileMatch": ["^README\\.md$"],
       "matchStrings": [
-        "^CHART_VERSION=(?<currentValue>.*)$"
+        "VERSION=(?<currentValue>.*)"
       ],
-      "datasourceTemplate": "git-tags",
       "depNameTemplate": "volker.raschek/prometheus-postgres-exporter",
-      "packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
+      "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
+      "datasourceTemplate": "git-tags",
       "versioningTemplate": "semver"
     }
   ],
   "labels": [ "renovate" ],
   "packageRules": [
-    {
-      "addLabels": [ "renovate/automerge", "renovate/droneci" ],
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    },
     {
       "addLabels": [ "renovate/automerge", "renovate/npm" ],
       "automerge": true,
       "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
       "matchManagers": [ "npm" ],
       "matchUpdateTypes": [ "minor", "patch"]
+    },
+    {
+      "addLabels": [ "renovate/automerge", "renovate/container" ],
+      "automerge": true,
+      "excludePackagePatterns": [
+        "prometheuscommunity/postgres-exporter"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
+    },
+    {
+      "addLabels": [ "renovate/automerge", "renovate/documentation" ],
+      "automerge": true,
+      "matchDepNames": [
+        "volker.raschek/prometheus-postgres-exporter"
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "patch"
+      ]
     }
   ],
   "rebaseLabel": "renovate/rebase",

templates/prometheus-postgres-exporter/_deployment.tpl

@@ -9,6 +9,17 @@
 {{- end }}
 {{- end }}
 
+{{/* env */}}
+
+{{- define "prometheus-postgres-exporter.deployment.env" -}}
+{{- $env := dict "env" (.Values.deployment.postgresExporter.env | default (list) ) }}
+{{- if and (hasKey .Values.deployment.postgresExporter.resources "limits") (hasKey .Values.deployment.postgresExporter.resources.limits "cpu") }}
+{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
+{{- end }}
+{{ toYaml $env }}
+{{- end -}}
+
+
 {{/* envFrom */}}
 
 {{- define "prometheus-postgres-exporter.deployment.envFrom" -}}

templates/prometheus-postgres-exporter/deployment.yaml

@@ -34,9 +34,10 @@ spec:
         {{- range .Values.deployment.postgresExporter.args }}
         - {{ . | quote }}
         {{- end }}
-        {{- with .Values.deployment.postgresExporter.env }}
+        {{- $env := (include "prometheus-postgres-exporter.deployment.env" . | fromYaml) }}
+        {{- if and (hasKey $env "env") (gt (len $env.env) 0) }}
         env:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $env.env | nindent 8 }}
         {{- end }}
         {{- $envFrom := (include "prometheus-postgres-exporter.deployment.envFrom" . | fromYaml) }}
         {{- if hasKey $envFrom "envFrom" }}
@@ -125,3 +126,7 @@ spec:
       volumes:
       {{- toYaml $volumes.volumes | nindent 6 }}
       {{- end }}
+  {{- with .Values.deployment.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}

unittests/deployment/deployment.yaml

@@ -95,6 +95,13 @@ tests:
       path: spec.template.spec.tolerations
   - notExists:
       path: spec.template.spec.topologySpreadConstraints
+  - equal:
+      path: spec.strategy
+      value:
+        type: "Rollingupdate"
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 1
 
 - it: Test custom replicas
   set:
@@ -227,6 +234,14 @@ tests:
         cpu: 25m
         memory: 100MB
   asserts:
+  - equal:
+      path: spec.template.spec.containers[0].env
+      value:
+      - name: GOMAXPROCS
+        valueFrom:
+          resourceFieldRef:
+            divisor: "1"
+            resource: limits.cpu
   - equal:
       path: spec.template.spec.containers[0].resources
       value:

values.yaml

@@ -228,7 +228,7 @@ deployment:
   ## @param deployment.strategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
   ## @param deployment.strategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
   strategy:
-    type: "Recreate"
+    type: "Rollingupdate"
     rollingUpdate:
       maxSurge: 1
       maxUnavailable: 1
@@ -266,7 +266,7 @@ grafana:
   enabled: false
 
   ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana deployment.
-  ## @skip grafana.dashboardDiscoveryLabels
+  ## @skip grafana.dashboardDiscoveryLabels Skip individual configuration.
   dashboardDiscoveryLabels:
     grafana_dashboard: "1"