apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: fail2ban-prometheus
  name: fail2ban-prometheus
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-geoip
  name: fail2ban-geoip-service-account
  namespace: fail2ban-prometheus
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-prometheus-exporter
  name: fail2ban-prometheus-exporter-service-account
  namespace: fail2ban-prometheus
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: fail2ban-geoip
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-geoip
  name: fail2ban-geoip
  namespace: fail2ban-prometheus
spec:
  ports:
  - name: http
    port: 80
    targetPort: http
  selector:
    app: fail2ban-geoip
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: fail2ban-prometheus-exporter
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-prometheus-exporter
  name: fail2ban-prometheus-exporter
  namespace: fail2ban-prometheus
spec:
  internalTrafficPolicy: Cluster
  ports:
  - name: http-metrics
    port: 9191
    protocol: TCP
    targetPort: 9191
  selector:
    app: fail2ban-prometheus-exporter
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: fail2ban-geoip
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-geoip
  name: fail2ban-geoip
  namespace: fail2ban-prometheus
spec:
  replicas: 2
  selector:
    matchLabels:
      app: fail2ban-geoip
  template:
    metadata:
      labels:
        app: fail2ban-geoip
        app.kubernetes.io/instance: fail2ban-prometheus
        app.kubernetes.io/name: fail2ban-geoip
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - fail2ban-geoip
              topologyKey: kubernetes.io/hostname
            weight: 1
      containers:
      - env:
        - name: GEOIP_LISTEN_ADDRESS
          value: :8080
        - name: GEOIP_DATA_URL
          value: https://data.neuber.io/data.csv
        image: git.ar21.de/yolokube/country-geo-locations:17
        imagePullPolicy: IfNotPresent
        name: fail2ban-geoip
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        readinessProbe:
          httpGet:
            httpHeaders:
            - name: Accept
              value: application/json
            path: /api/v1/location/1.1.1.1
            port: http
          initialDelaySeconds: 3
          periodSeconds: 2
        resources:
          limits:
            cpu: "2"
            memory: 4Gi
          requests:
            cpu: "1.5"
            memory: 3.5Gi
      serviceAccountName: fail2ban-geoip-service-account
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: fail2ban-prometheus-exporter
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-prometheus-exporter
  name: fail2ban-prometheus-exporter
  namespace: fail2ban-prometheus
spec:
  selector:
    matchLabels:
      app: fail2ban-prometheus-exporter
  template:
    metadata:
      labels:
        app: fail2ban-prometheus-exporter
        app.kubernetes.io/instance: fail2ban
        app.kubernetes.io/name: fail2ban-prometheus-exporter
    spec:
      containers:
      - env:
        - name: F2B_GEOIP_SERVICE
          value: fail2ban-geoip
        image: git.ar21.de/yolokube/fail2ban-prometheus-exporter:25
        imagePullPolicy: IfNotPresent
        name: fail2ban-prometheus-exporter
        ports:
        - containerPort: 9191
          name: http-metrics
          protocol: TCP
        resources:
          limits:
            cpu: 800m
            memory: 128Mi
          requests:
            cpu: 200m
            memory: 32Mi
        volumeMounts:
        - mountPath: /var/run/fail2ban/fail2ban.sock
          name: fail2ban
          readOnly: true
      serviceAccountName: fail2ban-prometheus-exporter-service-account
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists
      volumes:
      - hostPath:
          path: /var/run/fail2ban/fail2ban.sock
          type: ""
        name: fail2ban
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    app: fail2ban-prometheus-exporter
    app.kubernetes.io/instance: fail2ban-prometheus
    app.kubernetes.io/name: fail2ban-prometheus-exporter
  name: fail2ban-prometheus-servicemonitor
  namespace: fail2ban-prometheus
spec:
  attachMetadata:
    node: false
  endpoints:
  - interval: 30s
    path: /metrics
    port: http-metrics
    relabelings:
    - action: replace
      sourceLabels:
      - __meta_kubernetes_endpoint_node_name
      targetLabel: node
    scheme: http
  jobLabel: jobLabel
  selector:
    matchLabels:
      app.kubernetes.io/instance: fail2ban-prometheus
      app.kubernetes.io/name: fail2ban-prometheus-exporter