add kfk

check-charts/harbor/templates/exporter/exporter-cm-env.yaml

@@ -0,0 +1,35 @@
+{{- if .Values.metrics.enabled}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.exporter" . }}-env"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  {{- if has "jobservice" .Values.proxy.components }}
+  HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
+  HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
+  NO_PROXY: "{{ template "harbor.noProxy" . }}"
+  {{- end }}
+  LOG_LEVEL: "{{ .Values.logLevel }}"
+  HARBOR_EXPORTER_PORT: "{{ .Values.metrics.exporter.port }}"
+  HARBOR_EXPORTER_METRICS_PATH: "{{ .Values.metrics.exporter.path }}"
+  HARBOR_EXPORTER_METRICS_ENABLED: "{{ .Values.metrics.enabled }}"
+  HARBOR_EXPORTER_CACHE_TIME: "{{ .Values.exporter.cacheDuration }}"
+  HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "{{ .Values.exporter.cacheCleanInterval }}"
+  HARBOR_METRIC_NAMESPACE: harbor
+  HARBOR_METRIC_SUBSYSTEM: exporter
+  HARBOR_REDIS_URL: "{{ template "harbor.redis.urlForJobservice" . }}"
+  HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace
+  HARBOR_REDIS_TIMEOUT: "3600"
+  HARBOR_SERVICE_SCHEME: "{{ template "harbor.component.scheme" . }}"
+  HARBOR_SERVICE_HOST: "{{ template "harbor.core" . }}"
+  HARBOR_SERVICE_PORT: "{{ template "harbor.core.servicePort" . }}"
+  HARBOR_DATABASE_HOST: "{{ template "harbor.database.host" . }}"
+  HARBOR_DATABASE_PORT: "{{ template "harbor.database.port" . }}"
+  HARBOR_DATABASE_USERNAME: "{{ template "harbor.database.username" . }}"
+  HARBOR_DATABASE_DBNAME: "{{ template "harbor.database.coreDatabase" . }}"
+  HARBOR_DATABASE_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
+  HARBOR_DATABASE_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}"
+  HARBOR_DATABASE_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}"
+{{- end}}

check-charts/harbor/templates/exporter/exporter-dpl.yaml

@@ -0,0 +1,139 @@
+{{- if .Values.metrics.enabled}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.exporter" . }}
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: exporter
+spec:
+  replicas: {{ .Values.exporter.replicas }}
+  revisionHistoryLimit: {{ .Values.exporter.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: exporter
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: exporter
+{{- if .Values.exporter.podLabels }}
+{{ toYaml .Values.exporter.podLabels | indent 8 }}
+{{- end }}
+      annotations:
+{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
+        checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
+{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
+        checksum/tls: {{ include (print $.Template.BasePath "/core/core-tls.yaml") . | sha256sum }}
+{{- end }}
+{{- if .Values.exporter.podAnnotations }}
+{{ toYaml .Values.exporter.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      securityContext:
+        runAsUser: 10000
+        fsGroup: 10000
+{{- if .Values.exporter.serviceAccountName }}
+      serviceAccountName: {{ .Values.exporter.serviceAccountName }}
+{{- end -}}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }}
+{{- with .Values.exporter.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{- range . }}
+      - {{ . | toYaml | indent 8 | trim }}
+        labelSelector:
+          matchLabels:
+{{ include "harbor.matchLabels" $ | indent 12 }}
+            component: exporter
+{{- end }}
+{{- end }}
+      containers:
+      - name: exporter
+        image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        livenessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.metrics.exporter.port }}
+          initialDelaySeconds: 300
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.metrics.exporter.port }}
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        args: ["-log-level", "{{ .Values.logLevel }}"]
+        envFrom:
+        - configMapRef:
+            name: "{{ template "harbor.exporter" . }}-env"
+        - secretRef:
+            name: "{{ template "harbor.exporter" . }}"
+        env:
+        {{- if .Values.database.external.existingSecret }}
+        - name: HARBOR_DATABASE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.external.existingSecret }}
+              key: password
+        {{- end }}
+        {{- if .Values.existingSecretAdminPassword }}
+        - name: HARBOR_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.existingSecretAdminPassword }}
+              key: {{ .Values.existingSecretAdminPasswordKey }}
+        {{- end }}
+{{- if .Values.exporter.resources }}
+        resources:
+{{ toYaml .Values.exporter.resources | indent 10 }}
+{{- end }}
+{{- with .Values.exporter.extraEnvVars }}
+        env:
+{{- toYaml . | nindent 10 }}
+{{- end }}
+        ports:
+        - containerPort: {{ template "harbor.core.containerPort" . }}
+        volumeMounts:
+        {{- if .Values.caBundleSecretName }}
+{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
+        {{- end }}
+        {{- if .Values.internalTLS.enabled }}
+        - name: core-internal-certs
+          mountPath: /etc/harbor/ssl/core
+          # There are some metric data are collectd from harbor core.
+          # When internal TLS is enabled, the Exporter need the CA file to collect these data.
+        {{- end }}
+      volumes:
+      - name: config
+        secret:
+          secretName: "{{ template "harbor.exporter" . }}"
+      {{- if .Values.internalTLS.enabled }}
+      - name: core-internal-certs
+        secret:
+          secretName: {{ template "harbor.internalTLS.core.secretName" . }}
+      {{- end }}
+      {{- if .Values.caBundleSecretName }}
+{{ include "harbor.caBundleVolume" . | indent 6 }}
+      {{- end }}
+    {{- with .Values.exporter.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.exporter.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.exporter.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- if .Values.exporter.priorityClassName }}
+      priorityClassName: {{ .Values.exporter.priorityClassName }}
+    {{- end }}
+{{ end }}

check-charts/harbor/templates/exporter/exporter-secret.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.metrics.enabled}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "harbor.exporter" . }}
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+{{- if not .Values.existingSecretAdminPassword }}
+  HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
+{{- end }}
+{{- if not .Values.database.external.existingSecret }}
+  HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
+{{- end }}
+{{- end }}

check-charts/harbor/templates/exporter/exporter-svc.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.metrics.enabled}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.exporter" . }}"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - name: {{ template "harbor.metricsPortName" . }}
+      port: {{ .Values.metrics.exporter.port }}
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: exporter
+{{ end }}