Merge pull request 'chore: move fail2ban-exporter-deployment to core-deployments' (#233) from tn-move-fail2ban-exporter-deployment-to-core-deployments into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful

Reviewed-on: #233
Reviewed-by: Aaron Riedel <git@ar21.de>
This commit is contained in:
Tom Neuber 2024-10-31 14:07:34 +01:00
commit e84b8529c5
8 changed files with 251 additions and 0 deletions

View file

@ -72,3 +72,24 @@ spec:
automated:
selfHeal: false
prune: false
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: fail2ban-prometheus
namespace: argocd
spec:
project: default
source:
repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: fail2ban-exporter
destination:
server: https://kubernetes.default.svc
namespace: fail2ban-prometheus
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: false
prune: true

View file

@ -0,0 +1,56 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: fail2ban-prometheus-exporter
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter
name: fail2ban-prometheus-exporter
namespace: fail2ban-prometheus
spec:
selector:
matchLabels:
app: fail2ban-prometheus-exporter
template:
metadata:
labels:
app: fail2ban-prometheus-exporter
app.kubernetes.io/instance: fail2ban
app.kubernetes.io/name: fail2ban-prometheus-exporter
spec:
containers:
- env:
- name: F2B_GEOIP_SERVICE
value: fail2ban-geoip
image: git.ar21.de/yolokube/fail2ban-prometheus-exporter:latest
imagePullPolicy: IfNotPresent
name: fail2ban-prometheus-exporter
ports:
- containerPort: 9191
name: http-metrics
protocol: TCP
resources:
limits:
cpu: 800m
memory: 128Mi
requests:
cpu: 200m
memory: 32Mi
volumeMounts:
- mountPath: /var/run/fail2ban/fail2ban.sock
name: fail2ban
readOnly: true
serviceAccountName: fail2ban-prometheus-exporter-service-account
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /var/run/fail2ban/fail2ban.sock
type: ""
name: fail2ban

View file

@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: fail2ban-geoip
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip
name: fail2ban-geoip
namespace: fail2ban-prometheus
spec:
replicas: 2
selector:
matchLabels:
app: fail2ban-geoip
template:
metadata:
labels:
app: fail2ban-geoip
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fail2ban-geoip
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: GEOIP_LISTEN_ADDRESS
value: :8080
- name: GEOIP_DATA_URL
value: https://data.neuber.io/data.csv
image: git.ar21.de/yolokube/country-geo-locations:latest
imagePullPolicy: IfNotPresent
name: fail2ban-geoip
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
httpHeaders:
- name: Accept
value: application/json
path: /api/v1/location/1.1.1.1
port: http
initialDelaySeconds: 3
periodSeconds: 2
resources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: "1.5"
memory: 3.5Gi
serviceAccountName: fail2ban-geoip-service-account

View file

@ -0,0 +1,18 @@
---
resources:
- ./namespace.yaml
- ./serviceaccount.yaml
- ./daemonset.yaml
- ./deployment.yaml
- ./service.yaml
- ./servicemonitor.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/country-geo-locations
newName: git.ar21.de/yolokube/country-geo-locations
newTag: "25"
- name: git.ar21.de/yolokube/fail2ban-prometheus-exporter
newName: git.ar21.de/yolokube/fail2ban-prometheus-exporter
newTag: "40"
namespace: fail2ban-prometheus

View file

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: fail2ban-prometheus
prometheus: yolokube
name: fail2ban-prometheus

View file

@ -0,0 +1,38 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: fail2ban-geoip
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip
name: fail2ban-geoip
namespace: fail2ban-prometheus
spec:
ports:
- name: http
port: 80
targetPort: http
selector:
app: fail2ban-geoip
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: fail2ban-prometheus-exporter
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter
name: fail2ban-prometheus-exporter
namespace: fail2ban-prometheus
spec:
internalTrafficPolicy: Cluster
ports:
- name: http-metrics
port: 9191
protocol: TCP
targetPort: 9191
selector:
app: fail2ban-prometheus-exporter
type: ClusterIP

View file

@ -0,0 +1,18 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip
name: fail2ban-geoip-service-account
namespace: fail2ban-prometheus
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter
name: fail2ban-prometheus-exporter-service-account
namespace: fail2ban-prometheus

View file

@ -0,0 +1,28 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: fail2ban-prometheus-exporter
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter
name: fail2ban-prometheus-servicemonitor
namespace: fail2ban-prometheus
spec:
attachMetadata:
node: false
endpoints:
- interval: 30s
path: /metrics
port: http-metrics
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_endpoint_node_name
targetLabel: node
scheme: http
jobLabel: jobLabel
selector:
matchLabels:
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter