Update(helm): provide a chart for dnsbl-exporter

Resolves: #168

.github/workflows/chart.yml

@@ -0,0 +1,19 @@
+name: chart
+
+on:
+ pull_request:
+
+jobs:
+ helm:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: yokawasa/action-setup-kube-tools@v0.10.0
+ with:
+ setup-tools: |
+ helm
+ - run: helm lint --strict --quiet ./chart
+ - name: default install with unbound
+ run: helm template --debug ./chart
+ - name: install without unbound
+ run: helm template --debug --set unbound.enabled=false --set config.resolver=system ./chart

Makefile

@@ -22,7 +22,7 @@ snapshot:
 
 .PHONY: test
 test:
- act "pull_request" -j test
+ act "pull_request"
 
 .PHONY: build-unbound
 build-unbound:

README.md

@@ -75,6 +75,22 @@ ADD my-target.ini /etc/dnsbl-exporter/target.ini
 ADD my-rbls.ini /etc/dnsbl-exporter/rbls.ini
 ```
 
+#### Helm
+
+Additional, a helm chart is provided to run the exporter on Kubernetes.
+
+To get started quickly, an unbound container is installed into the pod alongside the exporter. You may turn this off with `unbound.enabled=false`.
+
+To customize the chart, copy [`chart/values.yaml`](chart/values.yaml) to `values.local.yaml` and edit the file; for example, to turn off the included unbound and to supply your own resolver.
+
+The following command creates a `dnsbl-exporter` release which is installed into a namespace called `my-namespace`:
+
+```sh
+helm upgrade --install --namespace my-namespace \
+ -f ./chart/values.yaml \
+ -f ./values.local.yaml \
+ dnsbl-exporter ./chart
+```
 
 #### Querying
 

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: dnsbl-exporter
+description: A Helm chart to run dnsbl-exporter on Kubernetes
+type: application
+version: 0.1.0
+appVersion: "v0.7.0-rc2"
+keywords:
+- prometheus
+- exporter
+- dnsbl
+- dns
+- mail
+- smtp
+- monitoring
+maintainers:
+- name: Till Klampaeckel
+ url: https://github.com/till

chart/templates/NOTES.txt

@@ -0,0 +1,25 @@
+1. Get the application URL by running these commands:
+
+{{- if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dnsbl-exporter.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dnsbl-exporter.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dnsbl-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dnsbl-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9211:$CONTAINER_PORT
+{{- end }}
+
+{{- if .Values.unbound.enabled }}
+2. Unbound is running in a container inside the pod, to see logs:
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dnsbl-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ kubectl --namespace {{ .Release.Namespace }} logs -c unbound $POD_NAME
+{{- else}}
+2. Unbound is not enabled, please ensure your resolver is working.
+{{- end}}

chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dnsbl-exporter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dnsbl-exporter.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dnsbl-exporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "dnsbl-exporter.labels" -}}
+helm.sh/chart: {{ include "dnsbl-exporter.chart" . }}
+{{ include "dnsbl-exporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "dnsbl-exporter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dnsbl-exporter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dnsbl-exporter.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "dnsbl-exporter.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

chart/templates/configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 4 }}
+data:
+ targets.ini: |-
+ [targets]
+ {{- range $value := .Values.config.targets }}
+ server={{ $value }}
+ {{- end }}
+ rbls.ini: |-
+ [rbl]
+ {{- range $value := .Values.config.rbls }}
+ server={{ $value }}
+ {{- end }}

chart/templates/deployment.yaml

@@ -0,0 +1,123 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 4 }}
+spec:
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "dnsbl-exporter.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ automountServiceAccountToken: false
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ {{- if .Values.unbound.enabled }}
+ - name: unbound
+ securityContext:
+ {{- toYaml .Values.unbound.securityContext | nindent 12 }}
+ image: "{{ .Values.unbound.image.repository }}:{{ .Values.unbound.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.unbound.image.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.unbound.config.port }}
+ protocol: UDP
+ livenessProbe:
+ exec:
+ command:
+ - "unbound-host"
+ - "-4"
+ - "-C"
+ - "/etc/unbound/unbound.conf"
+ - "{{ .Values.unbound.config.check_target }}"
+ initialDelaySeconds: 10
+ timeoutSeconds: 2
+ readinessProbe:
+ exec:
+ command:
+ - "unbound-host"
+ - "-4"
+ - "-C"
+ - "/etc/unbound/unbound.conf"
+ - "{{ .Values.unbound.config.check_target }}"
+ initialDelaySeconds: 10
+ timeoutSeconds: 2
+ resources:
+ requests:
+ cpu: "0.1"
+ memory: "32Mi"
+ limits:
+ cpu: "0.2"
+ memory: "200Mi"
+ {{- end }}
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http-9211
+ containerPort: 9211
+ protocol: TCP
+ livenessProbe:
+ {{- toYaml .Values.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.readinessProbe | nindent 12 }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumeMounts:
+ - name: dnsbl-config
+ mountPath: /etc/dnsbl-exporter
+ {{- with .Values.volumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: DNSBL_EXP_RBLS
+ value: /etc/dnsbl-exporter/rbls.ini
+ - name: DNSBL_EXP_TARGETS
+ value: /etc/dnsbl-exporter/targets.ini
+ - name: DNSBL_EXP_LISTEN
+ value: 0.0.0.0:9211
+ - name: DNSBL_EXP_RESOLVER
+ {{- if .Values.unbound.enabled }}
+ value: 127.0.0.1:{{ .Values.unbound.config.port }}
+ {{- else }}
+ value: {{ .Values.config.resolver }}
+ {{- end }}
+ volumes:
+ - name: dnsbl-config
+ configMap:
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ {{- with .Values.volumes }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}

chart/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}

chart/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "dnsbl-exporter.fullname" . }}
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http-9211
+ protocol: TCP
+ name: svc-9211
+ selector:
+ {{- include "dnsbl-exporter.selectorLabels" . | nindent 4 }}

chart/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "dnsbl-exporter.fullname" . }}-test-connection"
+ labels:
+ {{- include "dnsbl-exporter.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "dnsbl-exporter.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never

chart/values.dev.yml

@@ -0,0 +1,3 @@
+unbound:
+ image:
+ tag: dev