feat(monitoring): Add opendesk-exporter

The opendesk-exporter provides a builtin way for openDesk to expose prometheus metrics to an operator.
See the applications repository for detailed information:
https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter

.gitlab-ci.yml

@@ -767,17 +767,33 @@ import-default-accounts:
     - "echo \"Starting default account import for ${DOMAIN}\""
     - "cd /app"
     - |
-      ./user_import_udm_rest_api.py \
+      set +e
-        --import_domain ${DOMAIN} \
+      success=0
-        --udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
+      for i in {1..5}; do
-        --set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
+        echo "Attempt $i/5..."
-        --import_filename ./template.ods \
+        ./user_import_udm_rest_api.py \
-        --admin_enable_fileshare True \
+          --import_domain ${DOMAIN} \
-        --admin_enable_knowledgemanagement True \
+          --udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
-        --admin_enable_projectmanagement True \
+          --set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
-        --create_admin_accounts True \
+          --import_filename ./template.ods \
-        --create_maildomains True \
+          --admin_enable_fileshare True \
-        --verify_certificate False
+          --admin_enable_knowledgemanagement True \
+          --admin_enable_projectmanagement True \
+          --create_admin_accounts True \
+          --create_maildomains True \
+          --verify_certificate False
+        if [ $? -eq 0 ]; then
+          echo "Script succeeded on attempt $i."
+          success=1
+          break
+        fi
+        echo "Script failed. Waiting 60 seconds before retry..."
+        sleep 60
+      done
+      if [ "$success" -ne 1 ]; then
+        echo "Script failed after 5 attempts."
+        exit 1
+      fi
 
 run-tests:
   stage: "post-execute"

CHANGELOG.md

@@ -1,3 +1,30 @@
+# [1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.9.0...v1.10.0) (2025-11-24)
+
+
+### Bug Fixes
+
+* **collabora:** Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 ([d25c95f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d25c95f06bc199d09aa6ea4dc09c10e95153de38))
+* **collabora:** Update from 25.04.5 to 25.04.6 ([8de0f5d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8de0f5de7277ad726588d7de2d06cb3e9376c993))
+* **external-services:** Create `nubus_authsession` database ([ec72602](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/ec72602cdd3207f73ff806a26bfe7b9fd32b8634))
+* **helmfile:** Enable verification for XWiki Helm chart ([5104793](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/51047936de102c610adc00f4dff12d2eb8e945b0))
+* **helmfile:** Streamline annotations ([7aa717c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7aa717c0509a731c060c58a1b5877e1d9899406f))
+* **nubus:** Remove legacy `UMC` Keycloak client that was used for SAML connection with the Nubus portal ([152221f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/152221fa7976bfa942d5e9e9b8f78cc8e65765c0))
+* **open-xchange:** Only enable `smtpSASLAuthEnable` when `relayHost` is set ([70bbbf3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/70bbbf311fcba57c31f535be7d0d453f4a945cee))
+* **open-xchange:** Optimize Dovecot Pro full-text search caches; review `migrations.md` for required upgrade steps ([f3f707c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f3f707c9eee8edf3ad61834d87b5c059f31b0e26))
+* **open-xchange:** Template SASL security options ([684c6d4](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/684c6d4f29dd447872ebe582eef43c04034896f7))
+* **open-xchange:** Update Dovecot configuration based on supplier's best practise review ([850761e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/850761e0475b2f281fb23f6972d5c74fbdaa3a61))
+* **opendesk-static-files:** [[#260](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/260)] Fix doublette creation of configmap `data` keys when the same file is referenced multiple times for a component ([b5a76be](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b5a76bea57ef7b136c54d1bc95c40f0a0c3f9716))
+* **openproject:** Update from 16.6.0 to 16.6.1 ([62fae99](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/62fae9976a731c00700d56ce8fab198bb2531d20))
+* **xwiki:** Update XWiki from 17.4.4 to 17.4.7 ([02a3b77](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/02a3b7711490394690df70ca92bab58b253e34f5))
+
+
+### Features
+
+* **jitsi:** Update from 2.0.10431 to 2.0.10590 ([f5aad1f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f5aad1fa47559f0d3941c233c7d40029a9e83281))
+* **nubus:** Update from v1.14.0 to v1.15.2 ([12379d6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/12379d67e07936496fe31276b2052406e0137db6))
+* **open-xchange:** Support for LDAP group based mailing lists ([cc94f0c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/cc94f0c66df098d0a20f7f0d4a6af5e791557981))
+* **openproject:** Update OpenProject from 16.5.1 to 16.6.0 ([19438c0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/19438c02817875bd408c5d6cf423d7bfb61f907f))
+
 # [1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.8.0...v1.9.0) (2025-11-07)
 
 

docs/migrations.md

@@ -10,8 +10,12 @@ SPDX-License-Identifier: Apache-2.0
 * [Deprecation warnings](#deprecation-warnings)
 * [Overview and mandatory upgrade path](#overview-and-mandatory-upgrade-path)
 * [Manual checks/actions](#manual-checksactions)
+  * [Versions ≥ v1.11.0](#versions--v1110)
+    * [Pre-upgrade to versions ≥ v1.11.0](#pre-upgrade-to-versions--v1110)
+      * [Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)](#helmfile-new-option-annotations-for-external-services-dovecot-jitsi-jvb-postfix)
   * [Versions ≥ v1.10.0](#versions--v1100)
     * [Pre-upgrade to versions ≥ v1.10.0](#pre-upgrade-to-versions--v1100)
+      * [Deployment cleanup: Collabora Controller](#deployment-cleanup-collabora-controller)
       * [Helmfile new secret: `secrets.nubus.ldapSearch.postfix`](#helmfile-new-secret-secretsnubusldapsearchpostfix)
       * [Helmfile new secret: `secrets.doveocot.sharedMailboxesMasterPassword`](#helmfile-new-secret-secretsdoveocotsharedmailboxesmasterpassword)
       * [New Helmfile default: Nubus provisioning debug container no longer deployed](#new-helmfile-default-nubus-provisioning-debug-container-no-longer-deployed)
@@ -181,10 +185,58 @@ If you would like more details about the automated migrations, please read secti
 > listed no extra manual steps are required when upgrading to that version, e.g. in the case of an update from
 > version 1.7.0 to version 1.7.1.
 
+## Versions ≥ v1.11.0
+
+### Pre-upgrade to versions ≥ v1.11.0
+
+#### Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)
+
+**Target group:** Existing deployments using `service` annotations.
+
+The three non-HTTP external services support now explicit annotations.
+See [`annotations.yaml.gomtpl`](../helmfile/environments/default/annotations.yaml.gotmpl) for reference.
+
+**Jitsi JVB**
+
+The already existing annotation key `annotations.jitsiJVB.service` has been renamed to
+`annotations.jitsiJVB.serviceExternal` be in line with the newly added ones for Postfix and Dovecot.
+If you make use of the JVB service annotation please rename the attribute to the new `serviceExternal` standard.
+
+**Dovecot**
+
+Setting service annotation by `annotations.openxchangeDovecot.service` applied the annotations to the internal
+and external service. This key now only sets annotations for the internal service. If you want to set
+annotations for the external service use the newly introduced key `annotations.openxchangeDovecot.serviceExternal`.
+
+**Postfix**
+
+Setting service annotation by `annotations.openxchangePostfix.service` applied the annotations to the internal
+and external service. This key now only sets annotations for the internal service. If you want to set
+annotations for the external service use the newly introduced key `annotations.openxchangePostfix.serviceExternal`.
+
 ## Versions ≥ v1.10.0
 
 ### Pre-upgrade to versions ≥ v1.10.0
 
+#### Deployment cleanup: Collabora Controller
+
+**Target group:** Existing openDesk Enterprise deployments using Collabora Controller. Actually only long running
+deployments are affected, but following the instructions won't hurt.
+
+As per upstream release notes for [Collabora Online Controller 1.1.4](https://www.collaboraonline.com/cool-controller-release-notes/)
+you have to remove the existing leases of the Controller. You can do so by setting `<your_namespace>` and executing
+the commands below.
+
+```shell
+export NAMESPACE=<your_namespace>
+export COLLABORA_CONTROLLER_DEPLOYMENT_NAME=collabora-controller-cool-controller
+kubectl -n ${NAMESPACE} scale deployment/${COLLABORA_CONTROLLER_DEPLOYMENT_NAME} --replicas=0
+kubectl -n ${NAMESPACE} delete -n collabora leases.coordination.k8s.io collabora-online
+```
+
+> [!note]
+> The Collabora Online Controller is not scaled up again, as this would happen as part of the upgrade deployment.
+
 #### Helmfile new secret: `secrets.nubus.ldapSearch.postfix`
 
 **Target group:** All existing deployments that use self-defined secrets.

docs/monitoring.md

@@ -43,6 +43,16 @@ prometheus:
     enabled: true
 ```
 
+For many applications, an external prometheus exporter must be deployed as well.
+These are often integrated into openDesk and can be enabled via the following snippet:
+
+```yaml
+monitoring:
+  prometheus:
+    exporter:
+      global: true
+```
+
 # Alerts
 
 openDesk ships with a set of Prometheus alerting rules that are specific to the operation of openDesk.

docs/requirements.md

@@ -29,14 +29,14 @@ openDesk is a Kubernetes-only solution and requires an existing Kubernetes (K8s)
 - K8s cluster >= v1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
 - Domain and DNS Service
 - Ingress controller (Ingress NGINX) >= [4.11.5/1.11.5](https://github.com/kubernetes/ingress-nginx/releases)
-- [Helm](https://helm.sh/) >= v3.17.3, but not v3.18.0[^1]
+- [Helm](https://helm.sh/) >= v3.17.3 (but not v3.18.0[^1]) and < v4[^2],
 - [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= v1.0.0
 - [HelmDiff](https://github.com/databus23/helm-diff) >= v3.11.0
-- Volume provisioner supporting RWO (read-write-once)[^2]
+- Volume provisioner supporting RWO (read-write-once)[^3]
 - Certificate handling with [cert-manager](https://cert-manager.io/)
 
 **Additional openDesk Enterprise requirements**
-- [OpenKruise](https://openkruise.io/)[^3] >= v1.6
+- [OpenKruise](https://openkruise.io/)[^4] >= v1.6
 
 # Hardware
 
@@ -138,8 +138,11 @@ Helmfile requires [HelmDiff](https://github.com/databus23/helm-diff) to compare
 
 # Footnotes
 
-[^1]: Due to a [Helm bug](https://github.com/helm/helm/issues/30890) Helm 3.18.0 is not supported.
+[^1]: Due to a [Helm bug](https://github.com/helm/helm/issues/30890) Helm v3.18.0 is not supported.
 
-[^2]: Due to [restrictions on Kubernetes `emptyDir`](https://github.com/kubernetes/kubernetes/pull/130277) you need a volume provisioner that has sticky bit support, otherwise the OpenProject seeder job will fail. E.g. the `local-path-provisioner` does not have sticky bit support.
+[^2]: Helm v4 introduced stricter flag grouping that is not yet supported by the helmdiff plugin.
+
+[^3]: Due to [restrictions on Kubernetes `emptyDir`](https://github.com/kubernetes/kubernetes/pull/130277) you need a volume provisioner that has sticky bit support, otherwise the OpenProject seeder job will fail. E.g. the `local-path-provisioner` does not have sticky bit support.
+
+[^4]: Required for Dovecot Pro as part of openDesk Enterprise Edition.
 
-[^3]: Required for Dovecot Pro as part of openDesk Enterprise Edition.

helmfile/apps/jitsi/values-jitsi.yaml.gotmpl

@@ -248,9 +248,9 @@ jitsi:
       {{ .Values.resources.jvb | toYaml | nindent 6 }}
     service:
       type: {{ coalesce .Values.service.type.jitsiVideoBridge .Values.cluster.service.type | quote }}
-    {{- if .Values.annotations.jitsiJvb.service }}
+    {{- if .Values.annotations.jitsiJvb.serviceExternal }}
       annotations:
-        {{ .Values.annotations.jitsiJvb.service | toYaml | nindent 8 }}
+        {{ .Values.annotations.jitsiJvb.serviceExternal | toYaml | nindent 8 }}
     {{- end }}
     securityContext:
       allowPrivilegeEscalation: false

helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl

@@ -140,6 +140,8 @@ service:
     {{ .Values.annotations.openxchangeDovecot.service | toYaml | nindent 4 }}
   external:
     enabled: true
+    annotations:
+      {{ .Values.annotations.openxchangeDovecot.serviceExternal | toYaml | nindent 6 }}
     type: {{ coalesce .Values.service.type.dovecot .Values.cluster.service.type | quote }}
 {{- end }}
 

helmfile/apps/open-xchange/values-postfix.yaml.gotmpl

@@ -129,6 +129,8 @@ service:
     {{ .Values.annotations.openxchangePostfix.service | toYaml | nindent 4 }}
   external:
     enabled: true
+    annotations:
+      {{ .Values.annotations.openxchangePostfix.serviceExternal | toYaml | nindent 6 }}
     type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }}
 {{- end }}
 ...

helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl

@@ -52,6 +52,14 @@ repositories:
     oci: true
     url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendeskDashboards.registry }}/{{ .Values.charts.opendeskDashboards.repository }}"
 
+  - name: "opendesk-exporter-repo"
+    keyring: "../../files/gpg-subkeys/opencode.gpg"
+    verify: {{ .Values.charts.prometheusOpendeskExporter.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.prometheusOpendeskExporter.registry }}/{{ .Values.charts.prometheusOpendeskExporter.repository }}"
+
     # openDesk Static Files
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-static-files
   - name: "opendesk-static-files-repo"
@@ -117,6 +125,18 @@ releases:
     installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
     timeout: 900
 
+  # opendesk-exporter
+  - name: "opendesk-exporter"
+    chart: "opendesk-exporter/{{ .Values.charts.prometheusOpendeskExporter.name }}"
+    version: "{{ .Values.charts.prometheusOpendeskExporter.version }}"
+    values:
+      - "values-opendesk-exporter.yaml.gotmpl"
+      {{- range .Values.customization.release.prometheusOpendeskExporter }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ eq .Values.monitoring.prometheus.exporters.overrides.opendeskExporter nil | ternary .Values.monitoring.prometheus.exporters.global .Values.monitoring.prometheus.exporters.overrides.opendeskExporter }}
+    timeout: 900
+
   - name: "opendesk-static-files"
     chart: "opendesk-static-files-repo/{{ .Values.charts.opendeskStaticFiles.name }}"
     version: "{{ .Values.charts.opendeskStaticFiles.version }}"

helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl

@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+global:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  imagePullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - {{ . | quote }}
+    {{- end }}
+
+image:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  repository: "{{ .Values.images.prometheusOpendeskExporter.repository }}"
+  tag: "{{ .Values.images.prometheusOpendeskExporter.tag }}"
+
+resources:
+  {{ .Values.resources.prometheusOpendeskExporter | toYaml | nindent 2 }}
+
+serviceMonitor:
+  create: "{{ .Values.monitoring.prometheus.serviceMonitors.enabled }}"
+
+opendeskExporter:
+  config:
+    opendesk_exporter:
+      collectors:
+        enabled: [ "opendesk_users", "opendesk_version_info" ]
+        opendesk_version_info:
+          version: "{{ .Values.global.systemInformation.releaseVersion }}"
+          git_commit: "{{ exec "git" (list "rev-parse" "HEAD") | trim }}"
+          git_tree_state: "{{ exec "sh" (list "-c" "git diff --quiet && echo 'clean' || echo 'dirty'") | trim }}"
+
+        # opendesk_users configures itself automatically based on ConfigMaps used by the primary opendesk resources
+        # if desired, it can be overridden via a customization
+

helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl

@@ -28,7 +28,7 @@ clamd:
   podAnnotations:
     intents.otterize.com/service-name: "clamav-distributed"
     {{- with .Values.annotations.servicesExternalClamavDistributed.clamdPod }}
-    {{ .  | toYaml | nindent 4 }}
+    {{ . | toYaml | nindent 4 }}
     {{- end }}
   podSecurityContext:
     enabled: true

helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl

@@ -46,7 +46,7 @@ persistence:
 podAnnotations:
   intents.otterize.com/service-name: "clamav-simple"
   {{- with .Values.annotations.servicesExternalClamavSimple.pod }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end }}
 
 podSecurityContext:

helmfile/apps/services-external/values-dkimpy.yaml.gotmpl

@@ -32,7 +32,7 @@ image:
 podAnnotations:
   intents.otterize.com/service-name: "dkimpy-milter"
   {{- with .Values.annotations.servicesExternalDkimpy.service }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end }}
 
 podSecurityContext:

helmfile/apps/services-external/values-memcached.yaml.gotmpl

@@ -36,7 +36,7 @@ image:
 podAnnotations:
   intents.otterize.com/service-name: "memcached"
   {{- with .Values.annotations.servicesExternalMemcached.pod }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end}}
 replicaCount: {{ .Values.replicas.memcached }}
 

helmfile/apps/services-external/values-minio.yaml.gotmpl

@@ -136,7 +136,7 @@ provisioning:
   podAnnotations:
     intents.otterize.com/service-name: "minio-provisioning"
     {{- with .Values.annotations.servicesExternalMinio.provisioningPod }}
-    {{ .  | toYaml | nindent 4}}
+    {{ . | toYaml | nindent 4}}
     {{- end }}
   policies:
     - name: "migrations-bucket-policy"

helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl

@@ -6,7 +6,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
     name: "dovecot"
-    version: "3.2.1"
+    version: "3.3.0"
     verify: true
   oxAppSuite:
     registry: "registry.opencode.de"

helmfile/environments/default/annotations.yaml.gotmpl

@@ -95,7 +95,7 @@ annotations:
     serviceAccount: ~
   jitsiJvb:
     pod: ~
-    service: ~
+    serviceExternal: ~
     metricsPrometheus: ~
     metricsGrafana: ~
   jitsiProsody:
@@ -360,6 +360,7 @@ annotations:
     pod: ~
     service: ~
     serviceAccount: ~
+    serviceExternal: ~
   openxchangeEnterpriseContactPicker:
     appsuiteCoreMw:
     appsuiteCoreMwPod: ~
@@ -369,6 +370,7 @@ annotations:
   openxchangePostfix:
     pod: ~
     service: ~
+    serviceExternal: ~
   openxchangePublicSectorUi:
     pod: ~
   servicesExternalClamavDistributed:

helmfile/environments/default/charts.yaml.gotmpl

@@ -97,7 +97,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "3.2.1"
+    version: "3.3.0"
     verify: true
   element:
     # providerCategory: "Platform"
@@ -437,7 +437,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
     name: "postfix"
-    version: "5.0.2"
+    version: "5.1.0"
     verify: true
   postgresql:
     # providerCategory: "Platform"
@@ -449,6 +449,16 @@ charts:
     name: "postgresql"
     version: "2.1.2"
     verify: true
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    name: "opendesk-exporter"
+    version: "1.5.1"
+    verify: true
   redis:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"

helmfile/environments/default/customization.yaml.gotmpl

@@ -79,6 +79,7 @@ customization:
     redis: {}
     memcached: {}
     postgresql: {}
+    prometheusOpendeskExporter: {}
     mariadb: {}
     postfix: {}
     opendeskDkimpyMilter: {}

helmfile/environments/default/global.generated.yaml.gotmpl

@@ -3,5 +3,5 @@
 ---
 global:
   systemInformation:
-    releaseVersion: "v1.9.0"
+    releaseVersion: "v1.10.0"
 ...

helmfile/environments/default/images.yaml.gotmpl

@@ -931,6 +931,14 @@ images:
     registry: "registry-1.docker.io"
     repository: "library/postgres"
     tag: "15.13-alpine3.20@sha256:f7de0e2497b9a3b027d41377606f94bb0140a034ed303f6de690aa77637bfbc9"
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    tag: "1.3.3@sha256:744c13b7882e066bf3213de70c3513020800657b0ebee3c3b2b26bebe3ea3244"
   prosody:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"

helmfile/environments/default/monitoring.yaml.gotmpl

@@ -17,6 +17,15 @@ monitoring:
       labels:
         release: "kube-prometheus-stack"
 
+    # Prometheus exporter deployment toggles for openDesk
+    exporters:
+      # Global switch for all optional exporters
+      global: false
+      # Per-exporter overrides (take precedence over "global")
+      overrides:
+        # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
+        opendeskExporter: ~
+
   grafana:
     dashboards:
       enabled: false

helmfile/environments/default/replicas.yaml.gotmpl

@@ -146,7 +146,7 @@ replicas:
   # -- scalable: tbd
   jitsiKeycloakAdapter: 1
   # -- scalable: tbd
-  jvb: 2
+  jvb: 1
 
   # -- component: Persistence Layer
   # -- scalable: false

helmfile/environments/default/resources.yaml.gotmpl

@@ -437,6 +437,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  prometheusOpendeskExporter:
+    limits:
+      cpu: 1
+      memory: "512Mi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
   prosody:
     limits:
       cpu: 99

publiccode.yml

@@ -22,8 +22,8 @@ name: "openDesk"
 platforms:
   - "web"
 developmentStatus: "stable"
-softwareVersion: "1.9.0"
+softwareVersion: "1.10.0"
-releaseDate: "2025-11-07"
+releaseDate: "2025-11-24"
 softwareType: "standalone/web"
 url: "https://gitlab.opencode.de/bmi/opendesk/"
 logo: ".opencode/openDesk-logo-rgb-color.svg"