feat(monitoring): Add opendesk-exporter

The opendesk-exporter provides a builtin way for openDesk to expose prometheus metrics to an operator.
See the applications repository for detailed information:
https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter

docs/getting-started.md

@@ -65,7 +65,7 @@ For your convenience, we recommend creating a `*.domain.tld` A-Record for your c
 | Record name                   | Type | Value                                              | Additional information                                            |
 |-------------------------------|------|----------------------------------------------------|-------------------------------------------------------------------|
 | *.domain.tld                  | A    | IPv4 address of your Ingress Controller            |                                                                   |
-| *.domain.tld                  | AAAA | IPv6 address of your Ingress Controller            | Optional                                                          |
+| *.domain.tld                  | AAAA | IPv6 address of your Ingress Controller            |                                                                   |
 | mail.domain.tld               | A    | IPv4 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
 | mail.domain.tld               | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
 | domain.tld                    | MX   | `10 mail.domain.tld`                               |                                                                   |

docs/monitoring.md

@@ -23,7 +23,8 @@ openDesk includes integration with Prometheus-based monitoring.
 
 Together with [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), you can easily leverage the full potential of the open-source cloud-native observability stack.
 
-Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack repository which should at least include the Prometheus Operator.
+Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack
+repository or Prometheus operator.
 
 # Defaults
 
@@ -32,16 +33,24 @@ All configurable options and their defaults can be found in
 
 # Metrics
 
-To deploy `podMonitor` and `serviceMonitor` custom resources, enable them by:
+To deploy `podMonitor` and `serviceMonitor` custom resources, enable it by:
 
 ```yaml
-monitoring:
 prometheus:
   serviceMonitors:
     enabled: true
   podMonitors:
     enabled: true
 ```
+
+For many applications, an external prometheus exporter must be deployed as well.
+These are often integrated into openDesk and can be enabled via the following snippet:
+
+```yaml
+monitoring:
+  prometheus:
+    exporter:
+      global: true
 ```
 
 # Alerts
@@ -52,7 +61,6 @@ Some of these are created by our partners while others are defined in [opendesk-
 All alert rules are deployed as [PrometheusRule](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PrometheusRule) and can be enabled like this:
 
 ```yaml
-monitoring:
 prometheus:
   prometheusRules:
     enabled: true
@@ -60,12 +68,9 @@ monitoring:
 
 # Dashboards for Grafana
 
-If your Grafana instance is deployed via kube-prometheus-stack, or you have deployed the [Sidecar for datasources](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md#sidecar-for-datasources), openDesk can make dashboards available via ConfigMap resources. 
+To deploy optional Grafana dashboards with ConfigMaps, enable the functionality with:
-
-Enable the functionality with the following snippet:
 
 ```yaml
-monitoring:
 grafana:
   dashboards:
     enabled: true

helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl

@@ -52,6 +52,14 @@ repositories:
     oci: true
     url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendeskDashboards.registry }}/{{ .Values.charts.opendeskDashboards.repository }}"
 
+  - name: "opendesk-exporter-repo"
+    keyring: "../../files/gpg-subkeys/opencode.gpg"
+    verify: {{ .Values.charts.prometheusOpendeskExporter.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.prometheusOpendeskExporter.registry }}/{{ .Values.charts.prometheusOpendeskExporter.repository }}"
+
     # openDesk Static Files
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-static-files
   - name: "opendesk-static-files-repo"
@@ -117,6 +125,18 @@ releases:
     installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
     timeout: 900
 
+  # opendesk-exporter
+  - name: "opendesk-exporter"
+    chart: "opendesk-exporter/{{ .Values.charts.prometheusOpendeskExporter.name }}"
+    version: "{{ .Values.charts.prometheusOpendeskExporter.version }}"
+    values:
+      - "values-opendesk-exporter.yaml.gotmpl"
+      {{- range .Values.customization.release.prometheusOpendeskExporter }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ eq .Values.monitoring.prometheus.exporters.overrides.opendeskExporter nil | ternary .Values.monitoring.prometheus.exporters.global .Values.monitoring.prometheus.exporters.overrides.opendeskExporter }}
+    timeout: 900
+
   - name: "opendesk-static-files"
     chart: "opendesk-static-files-repo/{{ .Values.charts.opendeskStaticFiles.name }}"
     version: "{{ .Values.charts.opendeskStaticFiles.version }}"

helmfile/apps/opendesk-services/values-opendesk-exporter.yaml.gotmpl

@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+global:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  imagePullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - {{ . | quote }}
+    {{- end }}
+
+image:
+  registry: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.prometheusOpendeskExporter.registry }}"
+  repository: "{{ .Values.images.prometheusOpendeskExporter.repository }}"
+  tag: "{{ .Values.images.prometheusOpendeskExporter.tag }}"
+
+resources:
+  {{ .Values.resources.prometheusOpendeskExporter | toYaml | nindent 2 }}
+
+serviceMonitor:
+  create: "{{ .Values.monitoring.prometheus.serviceMonitors.enabled }}"
+
+opendeskExporter:
+  config:
+    opendesk_exporter:
+      collectors:
+        enabled: [ "opendesk_users", "opendesk_version_info" ]
+        opendesk_version_info:
+          version: "{{ .Values.global.systemInformation.releaseVersion }}"
+          git_commit: "{{ exec "git" (list "rev-parse" "HEAD") | trim }}"
+          git_tree_state: "{{ exec "sh" (list "-c" "git diff --quiet && echo 'clean' || echo 'dirty'") | trim }}"
+
+        # opendesk_users configures itself automatically based on ConfigMaps used by the primary opendesk resources
+        # if desired, it can be overridden via a customization
+

helmfile/environments/default/charts.yaml.gotmpl

@@ -139,7 +139,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "intercom-service"
-    version: "2.22.0"
+    version: "2.19.5"
     verify: true
   jitsi:
     # providerCategory: "Platform"
@@ -449,6 +449,16 @@ charts:
     name: "postgresql"
     version: "2.1.2"
     verify: true
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-exporter"
+    name: "opendesk-exporter"
+    version: "1.5.1"
+    verify: true
   redis:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"

helmfile/environments/default/customization.yaml.gotmpl

@@ -79,6 +79,7 @@ customization:
     redis: {}
     memcached: {}
     postgresql: {}
+    prometheusOpendeskExporter: {}
     mariadb: {}
     postfix: {}
     opendeskDkimpyMilter: {}

helmfile/environments/default/images.yaml.gotmpl

@@ -158,7 +158,7 @@ images:
     # upstreamMirrorStartFrom: ["2", "1", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "2.22.0@sha256:0049fc70c03d42780630c2b9915172086ce0cf8f936daeb04e625270a50d0126"
+    tag: "2.19.5@sha256:4f1bccfd29889e1edd093c8e35c9486919984faf55ca92b787a6a7aca3729e47"
   jibri:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -931,6 +931,14 @@ images:
     registry: "registry-1.docker.io"
     repository: "library/postgres"
     tag: "15.13-alpine3.20@sha256:f7de0e2497b9a3b027d41377606f94bb0140a034ed303f6de690aa77637bfbc9"
+  prometheusOpendeskExporter:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk
+    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/images/opendesk-exporter"
+    tag: "1.3.3@sha256:744c13b7882e066bf3213de70c3513020800657b0ebee3c3b2b26bebe3ea3244"
   prosody:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"

helmfile/environments/default/monitoring.yaml.gotmpl

@@ -17,6 +17,15 @@ monitoring:
       labels:
         release: "kube-prometheus-stack"
 
+    # Prometheus exporter deployment toggles for openDesk
+    exporters:
+      # Global switch for all optional exporters
+      global: false
+      # Per-exporter overrides (take precedence over "global")
+      overrides:
+        # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-exporter
+        opendeskExporter: ~
+
   grafana:
     dashboards:
       enabled: false

helmfile/environments/default/resources.yaml.gotmpl

@@ -437,6 +437,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  prometheusOpendeskExporter:
+    limits:
+      cpu: 1
+      memory: "512Mi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
   prosody:
     limits:
       cpu: 99