feat(helmfile): Add openDesk specific alerts

2025-12-06 07:21:36 +01:00 · 2024-12-03 12:03:28 +01:00
parent 508e286232
commit f630a369da
6 changed files with 89 additions and 1 deletions
--- a/docs/monitoring.md
+++ b/docs/monitoring.md
@@ -46,7 +46,10 @@ prometheus:

 # Alerts

-Some Helm charts provide a default set of prometheusRules for alerting; enable it by:
+openDesk ships with a set of Prometheus alerting rules that are specific to the operation of openDesk.
+Some of these are created by our partners while others are defined in [opendesk-alerts](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-alerts).
+
+All alert rules are deployed as [PrometheusRule](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PrometheusRule) and can be enabled like this:

 ```yaml
 prometheus:
--- a/helmfile/apps/services/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/services/helmfile-child.yaml.gotmpl
@@ -89,6 +89,16 @@ repositories:
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}"

+  # openDesk Alerts
+  # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-alerts
+  - name: "opendesk-alerts-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.opendeskAlerts.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskAlerts.registry }}/{{ .Values.charts.opendeskAlerts.repository }}"
+
  # VMWare Bitnami
  # Source: https://github.com/bitnami/charts/
  - name: "memcached-repo"
@@ -158,6 +168,17 @@ releases:
    installed: {{ .Values.certificates.enabled }}
    timeout: 900

+  - name: "opendesk-alerts"
+    chart: "opendesk-alerts-repo/{{ .Values.charts.opendeskAlerts.name }}"
+    version: "{{ .Values.charts.opendeskAlerts.version }}"
+    values:
+      - "values-opendesk-alerts.yaml.gotmpl"
+      {{ range .Values.customization.release.opendeskAlerts}}
+      - {{ . }}
+      {{ end }}
+    installed: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
+    timeout: 900
+
  - name: "redis"
    chart: "redis-repo/{{ .Values.charts.redis.name }}"
    version: "{{ .Values.charts.redis.version }}"
--- a/helmfile/apps/services/values-opendesk-alerts.yaml.gotmpl
+++ b/helmfile/apps/services/values-opendesk-alerts.yaml.gotmpl
@@ -0,0 +1,52 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+additionalAnnotations:
+  {{ .Values.monitoring.prometheus.prometheusRules.annotations | toYaml | nindent 2 }}
+additionalLabels:
+  {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 2 }}
+
+config:
+  collabora:
+    enable: {{ .Values.collabora.enabled }}
+    selectors:
+      namespace: {{ .Values.collabora.namespace | quote }}
+  matrix:
+    enable: {{ .Values.element.enabled }}
+    selectors:
+      namespace: {{ .Values.element.namespace | quote }}
+  diagrams:
+    enable: {{ .Values.cryptpad.enabled }}
+    selectors:
+      namespace: {{ .Values.cryptpad.namespace | quote }}
+  nextcloud:
+    enable: {{ .Values.nextcloud.enabled }}
+    selectors:
+      namespace: {{ .Values.nextcloud.namespace | quote }}
+  openXChange:
+    enable: {{ .Values.oxAppSuite.enabled }}
+    selectors:
+      namespace: {{ .Values.oxAppSuite.namespace | quote }}
+  xwiki:
+    enable: {{ .Values.xwiki.enabled }}
+    selectors:
+      namespace: {{ .Values.xwiki.namespace | quote }}
+  nubus:
+    enable: {{ .Values.nubus.enabled }}
+    selectors:
+      namespace: {{ .Values.nubus.namespace | quote }}
+  openProject:
+    enable: {{ .Values.openproject.enabled }}
+    selectors:
+      namespace: {{ .Values.openproject.namespace | quote }}
+  jitsi:
+    enable: {{ .Values.jitsi.enabled }}
+    selectors:
+      namespace: {{ .Values.jitsi.namespace | quote }}
+  collabora:
+    enable: {{ .Values.collabora.enabled }}
+    selectors:
+      namespace: {{ .Values.collabora.namespace | quote }}
+
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -296,6 +296,16 @@ charts:
    name: "nubus"
    version: "0.64.2"
    verify: true
+  opendeskAlerts:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-alerts"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-alerts"
+    name: "opendesk-alerts"
+    version: "1.1.0"
+    verify: true
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/customization.yaml
+++ b/helmfile/environments/default/customization.yaml
@@ -52,6 +52,7 @@ customization:
    opendeskOtterize: {}
    opendeskHome: {}
    opendeskCertificates: {}
+    opendeskAlerts: {}
    redis: {}
    memcached: {}
    postgresql: {}
--- a/helmfile/environments/default/monitoring.yaml
+++ b/helmfile/environments/default/monitoring.yaml
@@ -13,6 +13,7 @@ monitoring:
        release: "kube-prometheus-stack"
    prometheusRules:
      enabled: false
+      annotations: {}
      labels:
        release: "kube-prometheus-stack"