From c774fa085cfc070c5c290229efbbb2cdac8f3b75 Mon Sep 17 00:00:00 2001
From: Lilly Sell <sell@b1-systems.de>
Date: Wed, 3 Dec 2025 09:29:39 +0100
Subject: [PATCH] feat(monitoring): Add opendesk-exporter

The opendesk-exporter provides a builtin way for openDesk to expose prometheus metrics to an operator.
See the applications repository for detailed information:
https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
---
 docs/monitoring.md                            | 10 ++++++
 .../helmfile-child.yaml.gotmpl                | 20 +++++++++++
 .../values-opendesk-exporter.yaml.gotmpl      | 34 +++++++++++++++++++
 .../environments/default/charts.yaml.gotmpl   | 10 ++++++
 .../default/customization.yaml.gotmpl         |  1 +
 .../environments/default/images.yaml.gotmpl   |  8 +++++
 .../default/monitoring.yaml.gotmpl            |  9 +++++
 .../default/resources.yaml.gotmpl             |  7 ++++
 8 files changed, 99 insertions(+)
 create mode 100644 helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl

diff --git a/docs/monitoring.md b/docs/monitoring.md
index 922b4aa1..4533ebc4 100644
--- a/docs/monitoring.md
+++ b/docs/monitoring.md
@@ -43,6 +43,16 @@ prometheus:
     enabled: true
 ```
 
+For many applications, an external prometheus exporter must be deployed as well.
+These are often integrated into openDesk and can be enabled via the following snippet:
+
+```yaml
+monitoring:
+  prometheus:
+    exporter:
+      global: true
+```
+
 # Alerts
 
 openDesk ships with a set of Prometheus alerting rules that are specific to the operation of openDesk.
diff --git a/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl b/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
index 8f3cfb01..9fd601f7 100644
--- a/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
@@ -52,6 +52,14 @@ repositories:
     oci: true
     url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendeskDashboards.registry }}/{{ .Values.charts.opendeskDashboards.repository }}"
 
+  - name: "opendesk-exporter-repo"
+    keyring: "../../files/gpg-subkeys/opencode.gpg"
+    verify: {{ .Values.charts.prometheusOpendeskExporter.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.prometheusOpendeskExporter.registry }}/{{ .Values.charts.prometheusOpendeskExporter.repository }}"
+
     # openDesk Static Files
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-static-files
   - name: "opendesk-static-files-repo"
@@ -117,6 +125,18 @@ releases:
     installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
     timeout: 900
 
+  # opendesk-exporter
+  - name: "opendesk-exporter"
+    chart: "opendesk-exporter/{{ .Values.charts.prometheusOpendeskExporter.name }}"
+    version: "{{ .Values.charts.prometheusOpendeskExporter.version }}"
+    values:
+      - "values-opendesk-exporter.yaml.gotmpl"
+      {{- range .Values.customization.release.prometheusOpendeskExporter }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ eq .Values.monitoring.prometheus.exporters.overrides.opendeskExporter nil | ternary .Values.monitoring.prometheus.exporters.global .Values.monitoring.prometheus.exporters.overrides.opendeskExporter }}
+    timeout: 900
+
   - name: "opendesk-static-files"
     chart: "opendesk-static-files-repo/{{ .Values.charts.opendeskStaticFiles.name }}"
     version: "{{ .Values.charts.opendeskStaticFiles.version }}"
diff --git a/helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl b/helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl
new file mode 100644
index 00000000..a9108bb3
--- /dev/null
+++ b/helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+global:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  imagePullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - {{ . | quote }}
+    {{- end }}
+
+image:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  repository: "{{ .Values.images.prometheusOpendeskExporter.repository }}"
+  tag: "{{ .Values.images.prometheusOpendeskExporter.tag }}"
+
+resources:
+  {{ .Values.resources.prometheusOpendeskExporter | toYaml | nindent 2 }}
+
+serviceMonitor:
+  create: "{{ .Values.monitoring.prometheus.serviceMonitors.enabled }}"
+
+opendeskExporter:
+  config:
+    opendesk_exporter:
+      collectors:
+        enabled: [ "opendesk_users", "opendesk_version_info" ]
+        opendesk_version_info:
+          version: "{{ .Values.global.systemInformation.releaseVersion }}"
+          git_commit: "{{ exec "git" (list "rev-parse" "HEAD") | trim }}"
+          git_tree_state: "{{ exec "sh" (list "-c" "git diff --quiet && echo 'clean' || echo 'dirty'") | trim }}"
+
+        # opendesk_users configures itself automatically based on ConfigMaps used by the primary opendesk resources
+        # if desired, it can be overridden via a customization
+
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index 93608a70..1888f035 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -449,6 +449,16 @@ charts:
     name: "postgresql"
     version: "2.1.2"
     verify: true
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    name: "opendesk-exporter"
+    version: "1.5.1"
+    verify: true
   redis:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
diff --git a/helmfile/environments/default/customization.yaml.gotmpl b/helmfile/environments/default/customization.yaml.gotmpl
index 3a4388c5..38edf265 100644
--- a/helmfile/environments/default/customization.yaml.gotmpl
+++ b/helmfile/environments/default/customization.yaml.gotmpl
@@ -79,6 +79,7 @@ customization:
     redis: {}
     memcached: {}
     postgresql: {}
+    prometheusOpendeskExporter: {}
     mariadb: {}
     postfix: {}
     opendeskDkimpyMilter: {}
diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl
index 093d9833..b269b41a 100644
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -931,6 +931,14 @@ images:
     registry: "registry-1.docker.io"
     repository: "library/postgres"
     tag: "15.13-alpine3.20@sha256:f7de0e2497b9a3b027d41377606f94bb0140a034ed303f6de690aa77637bfbc9"
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    tag: "1.3.3@sha256:744c13b7882e066bf3213de70c3513020800657b0ebee3c3b2b26bebe3ea3244"
   prosody:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
diff --git a/helmfile/environments/default/monitoring.yaml.gotmpl b/helmfile/environments/default/monitoring.yaml.gotmpl
index 9f19dfdd..8173f826 100644
--- a/helmfile/environments/default/monitoring.yaml.gotmpl
+++ b/helmfile/environments/default/monitoring.yaml.gotmpl
@@ -17,6 +17,15 @@ monitoring:
       labels:
         release: "kube-prometheus-stack"
 
+    # Prometheus exporter deployment toggles for openDesk
+    exporters:
+      # Global switch for all optional exporters
+      global: false
+      # Per-exporter overrides (take precedence over "global")
+      overrides:
+        # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
+        opendeskExporter: ~
+
   grafana:
     dashboards:
       enabled: false
diff --git a/helmfile/environments/default/resources.yaml.gotmpl b/helmfile/environments/default/resources.yaml.gotmpl
index 125e5178..dbf0a5e8 100644
--- a/helmfile/environments/default/resources.yaml.gotmpl
+++ b/helmfile/environments/default/resources.yaml.gotmpl
@@ -437,6 +437,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  prometheusOpendeskExporter:
+    limits:
+      cpu: 1
+      memory: "512Mi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
   prosody:
     limits:
       cpu: 99