diff --git a/app-files/apps.yaml b/app-files/apps.yaml index aa3ab42..d8660a7 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -72,3 +72,24 @@ spec: automated: selfHeal: false prune: false +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fail2ban-prometheus + namespace: argocd +spec: + project: default + source: + repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: fail2ban-exporter + destination: + server: https://kubernetes.default.svc + namespace: fail2ban-prometheus + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: false + prune: true diff --git a/fail2ban-exporter/daemonset.yaml b/fail2ban-exporter/daemonset.yaml new file mode 100644 index 0000000..690d60f --- /dev/null +++ b/fail2ban-exporter/daemonset.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-exporter + namespace: fail2ban-prometheus +spec: + selector: + matchLabels: + app: fail2ban-prometheus-exporter + template: + metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban-prometheus-exporter + spec: + containers: + - env: + - name: F2B_GEOIP_SERVICE + value: fail2ban-geoip + image: git.ar21.de/yolokube/fail2ban-prometheus-exporter:40 + imagePullPolicy: IfNotPresent + name: fail2ban-prometheus-exporter + ports: + - containerPort: 9191 + name: http-metrics + protocol: TCP + resources: + limits: + cpu: 800m + memory: 128Mi + requests: + cpu: 200m + memory: 32Mi + volumeMounts: + - mountPath: /var/run/fail2ban/fail2ban.sock + name: fail2ban + readOnly: true + serviceAccountName: fail2ban-prometheus-exporter-service-account + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + volumes: + - hostPath: + path: /var/run/fail2ban/fail2ban.sock + type: "" + name: fail2ban diff --git a/fail2ban-exporter/deployment.yaml b/fail2ban-exporter/deployment.yaml new file mode 100644 index 0000000..ae060bd --- /dev/null +++ b/fail2ban-exporter/deployment.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-geoip + name: fail2ban-geoip + namespace: fail2ban-prometheus +spec: + replicas: 2 + selector: + matchLabels: + app: fail2ban-geoip + template: + metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-geoip + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - fail2ban-geoip + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: GEOIP_LISTEN_ADDRESS + value: :8080 + - name: GEOIP_DATA_URL + value: https://data.neuber.io/data.csv + image: git.ar21.de/yolokube/country-geo-locations:25 + imagePullPolicy: IfNotPresent + name: fail2ban-geoip + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + httpHeaders: + - name: Accept + value: application/json + path: /api/v1/location/1.1.1.1 + port: http + initialDelaySeconds: 3 + periodSeconds: 2 + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1.5" + memory: 3.5Gi + serviceAccountName: fail2ban-geoip-service-account diff --git a/fail2ban-exporter/kustomization.yaml b/fail2ban-exporter/kustomization.yaml new file mode 100644 index 0000000..bf2166a --- /dev/null +++ b/fail2ban-exporter/kustomization.yaml @@ -0,0 +1,14 @@ +--- +resources: +- ./daemonset.yaml +- ./deployment.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: git.ar21.de/yolokube/country-geo-locations + newName: git.ar21.de/yolokube/country-geo-locations + newTag: "25" +- name: git.ar21.de/yolokube/fail2ban-prometheus-exporter + newName: git.ar21.de/yolokube/fail2ban-prometheus-exporter + newTag: "40" +namespace: fail2ban-prometheus diff --git a/fail2ban-exporter/namespace.yaml b/fail2ban-exporter/namespace.yaml new file mode 100644 index 0000000..efd9083 --- /dev/null +++ b/fail2ban-exporter/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: fail2ban-prometheus + prometheus: yolokube + name: fail2ban-prometheus diff --git a/fail2ban-exporter/service.yaml b/fail2ban-exporter/service.yaml new file mode 100644 index 0000000..b1447f5 --- /dev/null +++ b/fail2ban-exporter/service.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-geoip + name: fail2ban-geoip + namespace: fail2ban-prometheus +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + app: fail2ban-geoip + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-exporter + namespace: fail2ban-prometheus +spec: + internalTrafficPolicy: Cluster + ports: + - name: http-metrics + port: 9191 + protocol: TCP + targetPort: 9191 + selector: + app: fail2ban-prometheus-exporter + type: ClusterIP diff --git a/fail2ban-exporter/serviceaccount.yaml b/fail2ban-exporter/serviceaccount.yaml new file mode 100644 index 0000000..d62a1fc --- /dev/null +++ b/fail2ban-exporter/serviceaccount.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-geoip + name: fail2ban-geoip-service-account + namespace: fail2ban-prometheus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-exporter-service-account + namespace: fail2ban-prometheus diff --git a/fail2ban-exporter/servicemonitor.yaml b/fail2ban-exporter/servicemonitor.yaml new file mode 100644 index 0000000..b275fa8 --- /dev/null +++ b/fail2ban-exporter/servicemonitor.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-servicemonitor + namespace: fail2ban-prometheus +spec: + attachMetadata: + node: false + endpoints: + - interval: 30s + path: /metrics + port: http-metrics + relabelings: + - action: replace + sourceLabels: + - __meta_kubernetes_endpoint_node_name + targetLabel: node + scheme: http + jobLabel: jobLabel + selector: + matchLabels: + app.kubernetes.io/instance: fail2ban-prometheus + app.kubernetes.io/name: fail2ban-prometheus-exporter