apiVersion: v1 kind: Namespace metadata: name: fail2ban-prometheus --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban name: fail2ban-geoip-service-account namespace: fail2ban-prometheus --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban name: fail2ban-prometheus-exporter-service-account namespace: fail2ban-prometheus --- apiVersion: v1 kind: Service metadata: labels: app: fail2ban-geoip app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban name: fail2ban-geoip namespace: fail2ban-prometheus spec: ports: - name: http port: 80 targetPort: http selector: app: fail2ban-geoip type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app: fail2ban-prometheus-exporter app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban-prometheus-exporter name: fail2ban-prometheus-exporter namespace: fail2ban-prometheus spec: internalTrafficPolicy: Cluster ports: - name: http-metrics port: 9191 protocol: TCP targetPort: 9191 selector: app: fail2ban-prometheus-exporter type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: fail2ban-geoip app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban name: fail2ban-geoip namespace: fail2ban-prometheus spec: replicas: 2 selector: matchLabels: app: fail2ban-geoip template: metadata: labels: app: fail2ban-geoip app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - fail2ban-geoip topologyKey: kubernetes.io/hostname weight: 1 containers: - env: - name: GEOIP_LISTEN_ADDRESS value: :8080 image: registry.neuber.io/country-geo-locations:latest imagePullPolicy: IfNotPresent name: fail2ban-geoip ports: - containerPort: 8080 name: http protocol: TCP imagePullSecrets: - name: tom-regcred serviceAccountName: fail2ban-geoip-service-account --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app: fail2ban-prometheus-exporter app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban-prometheus-exporter name: fail2ban-prometheus-exporter namespace: fail2ban-prometheus spec: selector: matchLabels: app: fail2ban-prometheus-exporter template: metadata: labels: app: fail2ban-prometheus-exporter app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban spec: containers: - env: - name: F2B_GEOIP_SERVICE value: fail2ban-geoip image: registry.neuber.io/fail2ban-prometheus-exporter:latest imagePullPolicy: IfNotPresent name: fail2ban-prometheus-exporter ports: - containerPort: 9191 name: http-metrics protocol: TCP volumeMounts: - mountPath: /var/run/fail2ban/fail2ban.sock name: fail2ban readOnly: true imagePullSecrets: - name: tom-regcred serviceAccountName: fail2ban-prometheus-exporter-service-account tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists volumes: - hostPath: path: /var/run/fail2ban/fail2ban.sock type: "" name: fail2ban --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: app: fail2ban-prometheus-exporter app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban name: fail2ban-prometheus-servicemonitor namespace: fail2ban-prometheus spec: attachMetadata: node: false endpoints: - interval: 30s path: /metrics port: http-metrics relabelings: - action: replace sourceLabels: - __meta_kubernetes_endpoint_node_name targetLabel: node scheme: http jobLabel: jobLabel selector: matchLabels: app.kubernetes.io/instance: fail2ban app.kubernetes.io/name: fail2ban-prometheus-exporter