[bitnami/harbor] Add scandata-pvc for harbor jobservice (bitnami#14128)

* Add scandata volume to jobservice for supporting CVE export

Signed-off-by: Rajan Gupta <rajan0493@gmail.com>

* Fix formatting issues

Signed-off-by: Rajan Gupta <rajan0493@gmail.com>

* Fix formatting issues

Signed-off-by: Rajan Gupta <rajan0493@gmail.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Fix chart lint issue

Signed-off-by: DASTC\gupta_rajan <rajan.gupta@stengg.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Rajan Gupta <rajan0493@gmail.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Signed-off-by: DASTC\gupta_rajan <rajan.gupta@stengg.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>

Author: rajan123456

bitnami/harbor/Chart.yaml

@@ -37,4 +37,4 @@ sources:
   - https://github.com/bitnami/containers/tree/main/bitnami/harbor-registry
   - https://github.com/bitnami/containers/tree/main/bitnami/harbor-registryctl
   - https://goharbor.io/
-version: 16.1.4
+version: 16.2.0

bitnami/harbor/README.md

@@ -341,6 +341,10 @@ Return whether Redis® uses password authentication or not
   {{- printf "%s-jobservice" (include "common.names.fullname" .) -}}
 {{- end -}}
 
+{{- define "harbor.jobserviceScanData" -}}
+  {{- printf "%s-jobservice-scandata" (include "common.names.fullname" .) -}}
+{{- end -}}
+
 {{- define "harbor.registry" -}}
   {{- printf "%s-registry" (include "common.names.fullname" .) -}}
 {{- end -}}

bitnami/harbor/templates/_helpers.tpl

@@ -202,6 +202,9 @@ spec:
             - name: job-logs
               mountPath: /var/log/jobs
               subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.subPath }}
+            - name: jobservice-scandata
+              mountPath: /var/scandata_exports
+              subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanData.subPath }}
             {{- if .Values.internalTLS.enabled }}
             - name: internal-tls-certs
               mountPath: /etc/harbor/ssl/jobservice
@@ -226,6 +229,13 @@ spec:
           {{- else }}
           emptyDir: {}
           {{- end }}
+        - name: jobservice-scandata
+          {{- if and .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanData.existingClaim | default (include "harbor.jobserviceScanData" .) }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
         {{- if .Values.internalTLS.caBundleSecret }}
         {{- include "harbor.caBundleVolume" . | nindent 8 }}
         {{- end }}

bitnami/harbor/templates/jobservice/jobservice-dpl.yaml

@@ -0,0 +1,34 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.persistentVolumeClaim.jobservice.scanData.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "harbor.jobserviceScanData" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+    app.kubernetes.io/component: jobservice
+  annotations:
+    {{- if eq .Values.persistence.resourcePolicy "keep" }}
+    helm.sh/resource-policy: keep
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.persistence.persistentVolumeClaim.jobservice.scanData.annotations }}
+    {{- toYaml .Values.persistence.persistentVolumeClaim.jobservice.scanData.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  accessModes:
+  {{- range .Values.persistence.persistentVolumeClaim.jobservice.scanData.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanData.size }}
+  {{- if .Values.persistence.persistentVolumeClaim.jobservice.scanData.selector }}
+  selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.persistentVolumeClaim.jobservice.scanData.selector "context" $) | nindent 2 }}
+  {{- end }}
+  {{- include "common.storage.class" ( dict "persistence" .Values.persistence.persistentVolumeClaim.jobservice.scanData "global" .Values.global ) | nindent 2 }}
+{{- end }}

bitnami/harbor/templates/jobservice/jobservice-scandata-pvc.yaml

@@ -462,6 +462,24 @@ persistence:
       size: 1Gi
       annotations: {}
       selector: {}
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.existingClaim Name of an existing PVC to use
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.storageClass PVC Storage Class for Harbor Jobservice scan data volume
+      ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.subPath The sub path used in the volume
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.accessModes The access mode of the volume
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.size The size of the volume
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.annotations Annotations for the PVC
+      ## @param persistence.persistentVolumeClaim.jobservice.scanData.selector Selector to match an existing Persistent Volume
+      ##
+      scanData:
+        existingClaim: ""
+        storageClass: ""
+        subPath: ""
+        accessModes:
+          - ReadWriteOnce
+        size: 1Gi
+        annotations: {}
+        selector: {}
     ## @param persistence.persistentVolumeClaim.chartmuseum.existingClaim Name of an existing PVC to use
     ## @param persistence.persistentVolumeClaim.chartmuseum.storageClass PVC Storage Class for Chartmuseum data volume
     ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning