apiVersion: v1 kind: ServiceAccount metadata: name: kafka-exporter-yc namespace: kafka-exporter --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kafka-exporter-yc namespace: kafka-exporter spec: dependsOn: - name: prometheus-stack namespace: prometheus-stack interval: 5m timeout: 10m chart: spec: chart: kafka-exporter-prod version: "0.27.0" sourceRef: kind: HelmRepository name: yc-oci-charts namespace: flux-system interval: 10m install: remediation: retries: 3 upgrade: remediation: retries: 3 postRenderers: - kustomize: patches: - target: group: apps version: v1 kind: Deployment name: kafka-exporter-yc patch: |- - op: add path: /spec/template/metadata/annotations value: vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: kafka-exporter-yc vault.hashicorp.com/agent-inject-secret-kafka-bootstrap: secrets/data/vault/apps/kafka-exporter-yc vault.hashicorp.com/agent-inject-template-kafka-bootstrap: |- {{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}} {{ index .Data.data "KAFKA_BOOTSTRAP" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-kafka-user: secrets/data/vault/apps/kafka-exporter-yc vault.hashicorp.com/agent-inject-template-kafka-user: |- {{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}} {{ index .Data.data "KAFKA_USER" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-kafka-password: secrets/data/vault/apps/kafka-exporter-yc vault.hashicorp.com/agent-inject-template-kafka-password: |- {{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}} {{ index .Data.data "KAFKA_PASSWORD" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-kafka-ca.pem: secrets/data/vault/apps/kafka-exporter-yc vault.hashicorp.com/agent-inject-template-kafka-ca.pem: |- {{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}} {{ index .Data.data "KAFKA_CA_PEM" }} {{- end -}} - op: add path: /spec/template/spec/serviceAccountName value: kafka-exporter-yc - op: add path: /spec/template/spec/imagePullSecrets value: - name: regcred - op: add path: /spec/template/spec/containers/0/command value: - /bin/sh - -ec - op: replace path: /spec/template/spec/containers/0/args value: - |- KAFKA_BOOTSTRAP="$(cat /vault/secrets/kafka-bootstrap)" KAFKA_USER="$(cat /vault/secrets/kafka-user)" KAFKA_PASSWORD="$(cat /vault/secrets/kafka-password)" if command -v kafka_exporter >/dev/null 2>&1; then KAFKA_EXPORTER_BIN="$(command -v kafka_exporter)" else KAFKA_EXPORTER_BIN=/bin/kafka_exporter fi OLD_IFS="${IFS}" IFS=, set -- for broker in ${KAFKA_BOOTSTRAP}; do broker="$(printf '%s' "${broker}" | tr -d '[:space:]')" if [ -n "${broker}" ]; then set -- "$@" --kafka.server="${broker}" fi done IFS="${OLD_IFS}" exec "${KAFKA_EXPORTER_BIN}" \ "$@" \ --sasl.enabled \ --sasl.username="${KAFKA_USER}" \ --sasl.password="${KAFKA_PASSWORD}" \ --sasl.mechanism=scram-sha512 \ --tls.enabled \ --tls.ca-file=/vault/secrets/kafka-ca.pem \ --kafka.labels=yc-kafka \ --topic.exclude='^__.*' \ --verbosity=0 - op: replace path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds value: 60 - op: replace path: /spec/template/spec/containers/0/livenessProbe/failureThreshold value: 6 - op: replace path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds value: 30 - op: replace path: /spec/template/spec/containers/0/readinessProbe/failureThreshold value: 6 - target: group: monitoring.coreos.com version: v1 kind: ServiceMonitor name: kafka-exporter-yc patch: |- - op: add path: /spec/selector/matchLabels/app.kubernetes.io~1instance value: kafka-exporter-yc - op: add path: /spec/endpoints/0/relabelings value: - action: replace targetLabel: kafka_instance replacement: yc-kafka - action: replace targetLabel: source_cluster replacement: yc-kafka - action: replace targetLabel: monitored_cluster replacement: yc-kafka - action: replace targetLabel: cluster replacement: brusnika-prod values: fullnameOverride: kafka-exporter-yc image: repository: danielqsj/kafka-exporter tag: latest pullPolicy: IfNotPresent kafkaExporter: kafka: servers: - kafka-bootstrap.from-vault.invalid:9091 sasl: enabled: false tls: enabled: false prometheus: serviceMonitor: enabled: true namespace: kafka-exporter interval: 30s additionalLabels: app: kafka-exporter-yc metricRelabelings: - action: replace targetLabel: kafka_instance replacement: yc-kafka - action: replace targetLabel: source_cluster replacement: yc-kafka - action: replace targetLabel: monitored_cluster replacement: yc-kafka - action: replace targetLabel: cluster replacement: brusnika-prod