feat(monitoring): Add opendesk-exporter

The opendesk-exporter provides a builtin way for openDesk to expose prometheus metrics to an operator. See the applications repository for detailed information: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
2025-12-06 07:21:36 +01:00 · 2025-12-04 10:25:52 +01:00
9 changed files with 115 additions and 21 deletions
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -65,7 +65,7 @@ For your convenience, we recommend creating a `*.domain.tld` A-Record for your c
 | Record name                   | Type | Value                                              | Additional information                                            |
 |-------------------------------|------|----------------------------------------------------|-------------------------------------------------------------------|
 | *.domain.tld                  | A    | IPv4 address of your Ingress Controller            |                                                                   |
-| *.domain.tld                  | AAAA | IPv6 address of your Ingress Controller            | Optional                                                          |
+| *.domain.tld                  | AAAA | IPv6 address of your Ingress Controller            |                                                                   |
 | mail.domain.tld               | A    | IPv4 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
 | mail.domain.tld               | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
 | domain.tld                    | MX   | `10 mail.domain.tld`                               |                                                                   |
--- a/docs/monitoring.md
+++ b/docs/monitoring.md
@@ -23,7 +23,8 @@ openDesk includes integration with Prometheus-based monitoring.

 Together with [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), you can easily leverage the full potential of the open-source cloud-native observability stack.

-Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack repository which should at least include the Prometheus Operator.
+Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack
+repository or Prometheus operator.

 # Defaults

@@ -32,16 +33,24 @@ All configurable options and their defaults can be found in

 # Metrics

-To deploy `podMonitor` and `serviceMonitor` custom resources, enable them by:
+To deploy `podMonitor` and `serviceMonitor` custom resources, enable it by:
+
+```yaml
+prometheus:
+  serviceMonitors:
+    enabled: true
+  podMonitors:
+    enabled: true
+```
+
+For many applications, an external prometheus exporter must be deployed as well.
+These are often integrated into openDesk and can be enabled via the following snippet:

 ```yaml
 monitoring:
  prometheus:
-    serviceMonitors:
-      enabled: true
-    podMonitors:
-      enabled: true
-```
+    exporter:
+      global: true
 ```

 # Alerts
@@ -52,23 +61,19 @@ Some of these are created by our partners while others are defined in [opendesk-
 All alert rules are deployed as [PrometheusRule](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PrometheusRule) and can be enabled like this:

 ```yaml
-monitoring:
-  prometheus:
-    prometheusRules:
-      enabled: true
+prometheus:
+  prometheusRules:
+    enabled: true
 ```

 # Dashboards for Grafana

-If your Grafana instance is deployed via kube-prometheus-stack, or you have deployed the [Sidecar for datasources](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md#sidecar-for-datasources), openDesk can make dashboards available via ConfigMap resources. 
-
-Enable the functionality with the following snippet:
+To deploy optional Grafana dashboards with ConfigMaps, enable the functionality with:

 ```yaml
-monitoring:
-  grafana:
-    dashboards:
-      enabled: true
+grafana:
+  dashboards:
+    enabled: true
 ```

 Please find further details in the [related Helm chart](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dashboards).
--- a/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
@@ -52,6 +52,14 @@ repositories:
    oci: true
    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendeskDashboards.registry }}/{{ .Values.charts.opendeskDashboards.repository }}"

+  - name: "opendesk-exporter-repo"
+    keyring: "../../files/gpg-subkeys/opencode.gpg"
+    verify: {{ .Values.charts.prometheusOpendeskExporter.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.prometheusOpendeskExporter.registry }}/{{ .Values.charts.prometheusOpendeskExporter.repository }}"
+
    # openDesk Static Files
  # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-static-files
  - name: "opendesk-static-files-repo"
@@ -117,6 +125,18 @@ releases:
    installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
    timeout: 900

+  # opendesk-exporter
+  - name: "opendesk-exporter"
+    chart: "opendesk-exporter/{{ .Values.charts.prometheusOpendeskExporter.name }}"
+    version: "{{ .Values.charts.prometheusOpendeskExporter.version }}"
+    values:
+      - "values-opendesk-exporter.yaml.gotmpl"
+      {{- range .Values.customization.release.prometheusOpendeskExporter }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ eq .Values.monitoring.prometheus.exporters.overrides.opendeskExporter nil | ternary .Values.monitoring.prometheus.exporters.global .Values.monitoring.prometheus.exporters.overrides.opendeskExporter }}
+    timeout: 900
+
  - name: "opendesk-static-files"
    chart: "opendesk-static-files-repo/{{ .Values.charts.opendeskStaticFiles.name }}"
    version: "{{ .Values.charts.opendeskStaticFiles.version }}"
--- a/helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+global:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  imagePullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - {{ . | quote }}
+    {{- end }}
+
+image:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  repository: "{{ .Values.images.prometheusOpendeskExporter.repository }}"
+  tag: "{{ .Values.images.prometheusOpendeskExporter.tag }}"
+
+resources:
+  {{ .Values.resources.prometheusOpendeskExporter | toYaml | nindent 2 }}
+
+serviceMonitor:
+  create: "{{ .Values.monitoring.prometheus.serviceMonitors.enabled }}"
+
+opendeskExporter:
+  config:
+    opendesk_exporter:
+      collectors:
+        enabled: [ "opendesk_users", "opendesk_version_info" ]
+        opendesk_version_info:
+          version: "{{ .Values.global.systemInformation.releaseVersion }}"
+          git_commit: "{{ exec "git" (list "rev-parse" "HEAD") | trim }}"
+          git_tree_state: "{{ exec "sh" (list "-c" "git diff --quiet && echo 'clean' || echo 'dirty'") | trim }}"
+
+        # opendesk_users configures itself automatically based on ConfigMaps used by the primary opendesk resources
+        # if desired, it can be overridden via a customization
+
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -139,7 +139,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "intercom-service"
-    version: "2.22.0"
+    version: "2.19.5"
    verify: true
  jitsi:
    # providerCategory: "Platform"
@@ -449,6 +449,16 @@ charts:
    name: "postgresql"
    version: "2.1.2"
    verify: true
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    name: "opendesk-exporter"
+    version: "1.5.1"
+    verify: true
  redis:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/customization.yaml.gotmpl
+++ b/helmfile/environments/default/customization.yaml.gotmpl
@@ -79,6 +79,7 @@ customization:
    redis: {}
    memcached: {}
    postgresql: {}
+    prometheusOpendeskExporter: {}
    mariadb: {}
    postfix: {}
    opendeskDkimpyMilter: {}
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -158,7 +158,7 @@ images:
    # upstreamMirrorStartFrom: ["2", "1", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "2.22.0@sha256:0049fc70c03d42780630c2b9915172086ce0cf8f936daeb04e625270a50d0126"
+    tag: "2.19.5@sha256:4f1bccfd29889e1edd093c8e35c9486919984faf55ca92b787a6a7aca3729e47"
  jibri:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
@@ -931,6 +931,14 @@ images:
    registry: "registry-1.docker.io"
    repository: "library/postgres"
    tag: "15.13-alpine3.20@sha256:f7de0e2497b9a3b027d41377606f94bb0140a034ed303f6de690aa77637bfbc9"
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    tag: "1.3.3@sha256:744c13b7882e066bf3213de70c3513020800657b0ebee3c3b2b26bebe3ea3244"
  prosody:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
--- a/helmfile/environments/default/monitoring.yaml.gotmpl
+++ b/helmfile/environments/default/monitoring.yaml.gotmpl
@@ -17,6 +17,15 @@ monitoring:
      labels:
        release: "kube-prometheus-stack"

+    # Prometheus exporter deployment toggles for openDesk
+    exporters:
+      # Global switch for all optional exporters
+      global: false
+      # Per-exporter overrides (take precedence over "global")
+      overrides:
+        # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
+        opendeskExporter: ~
+
  grafana:
    dashboards:
      enabled: false
--- a/helmfile/environments/default/resources.yaml.gotmpl
+++ b/helmfile/environments/default/resources.yaml.gotmpl
@@ -437,6 +437,13 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
+  prometheusOpendeskExporter:
+    limits:
+      cpu: 1
+      memory: "512Mi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
  prosody:
    limits:
      cpu: 99