diff --git a/deploy/fail2ban-exporter.yaml b/deploy/fail2ban-exporter.yaml new file mode 100644 index 0000000..49bd279 --- /dev/null +++ b/deploy/fail2ban-exporter.yaml @@ -0,0 +1,187 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: fail2ban-prometheus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + name: fail2ban-geoip-service-account + namespace: fail2ban-prometheus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + name: fail2ban-prometheus-exporter-service-account + namespace: fail2ban-prometheus +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + name: fail2ban-geoip + namespace: fail2ban-prometheus +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + app: fail2ban-geoip + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-exporter + namespace: fail2ban-prometheus +spec: + internalTrafficPolicy: Cluster + ports: + - name: http-metrics + port: 9191 + protocol: TCP + targetPort: 9191 + selector: + app: fail2ban-prometheus-exporter + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + name: fail2ban-geoip + namespace: fail2ban-prometheus +spec: + replicas: 2 + selector: + matchLabels: + app: fail2ban-geoip + template: + metadata: + labels: + app: fail2ban-geoip + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - fail2ban-geoip + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: GEOIP_LISTEN_ADDRESS + value: :8080 + image: registry.neuber.io/country-geo-locations:latest + imagePullPolicy: IfNotPresent + name: fail2ban-geoip + ports: + - containerPort: 8080 + name: http + protocol: TCP + imagePullSecrets: + - name: tom-regcred + serviceAccountName: fail2ban-geoip-service-account +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban-prometheus-exporter + name: fail2ban-prometheus-exporter + namespace: fail2ban-prometheus +spec: + selector: + matchLabels: + app: fail2ban-prometheus-exporter + template: + metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + spec: + containers: + - env: + - name: F2B_GEOIP_SERVICE + value: fail2ban-geoip + image: registry.neuber.io/fail2ban-prometheus-exporter:latest + imagePullPolicy: IfNotPresent + name: fail2ban-prometheus-exporter + ports: + - containerPort: 9191 + name: http-metrics + protocol: TCP + volumeMounts: + - mountPath: /var/run/fail2ban/fail2ban.sock + name: fail2ban + readOnly: true + imagePullSecrets: + - name: tom-regcred + serviceAccountName: fail2ban-prometheus-exporter-service-account + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + volumes: + - hostPath: + path: /var/run/fail2ban/fail2ban.sock + type: "" + name: fail2ban +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: fail2ban-prometheus-exporter + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban + name: fail2ban-prometheus-servicemonitor + namespace: fail2ban-prometheus +spec: + attachMetadata: + node: false + endpoints: + - interval: 30s + path: /metrics + port: http-metrics + relabelings: + - action: replace + sourceLabels: + - __meta_kubernetes_endpoint_node_name + targetLabel: node + scheme: http + jobLabel: jobLabel + selector: + matchLabels: + app.kubernetes.io/instance: fail2ban + app.kubernetes.io/name: fail2ban-prometheus-exporter