feat: OSPC-1365: Adding barbican exporter to provide barbican metrics/stats

Author: niti6869

.github/workflows/helm-barbican-exporter.yaml

@@ -0,0 +1,48 @@
+name: Helm GitHub Actions for Barbican Exporter
+
+on:
+  pull_request:
+    paths:
+      - base-helm-configs/barbican-exporter/**
+      - base-kustomize/barbican-exporter/**
+      - .github/workflows/helm-barbican-exporter.yaml
+jobs:
+  helm:
+    strategy:
+      matrix:
+        overlays:
+          - base
+    name: Helm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Add barbican-exporter repo to helm
+        run: |
+            ${{ steps.helm.outputs.helm-path }} repo add genestack-barbician-exporter-helm-chart https://github.com/rackerlabs/genestack-barbician-exporter-helm-chart
+            ${{ steps.helm.outputs.helm-path }} repo update
+      - name: Kubectl Install
+        working-directory: /usr/local/bin/
+        run: |
+            if [ ! -f /usr/local/bin/kubectl ]; then
+              curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+              chmod +x ./kubectl
+            fi
+      - name: Run Helm Template
+        run: |
+          ${{ steps.helm.outputs.helm-path }} template barbican-exporter genestack-barbician-exporter-helm-chart/barbican-exporter \
+            --create-namespace \
+            --namespace=openstack \
+            --wait \
+            --timeout 120m \
+            -f ${{ github.workspace }}/base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml > /tmp/rendered.yaml
+      - name: Return helm Build
+        uses: actions/upload-artifact@v4
+        with:
+          name: helm-barbican-exporter-artifact-${{ matrix.overlays }}
+          path: /tmp/rendered.yaml

base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml

@@ -0,0 +1,2 @@
+---
+# Helm overrides for Barbican Prometheus exporter

base-kustomize/barbican-exporter/base/kustomization.yaml

@@ -0,0 +1,4 @@
+sortOptions:
+  order: fifo
+resources:
+  - all.yaml

bin/install-barbican-exporter.sh

@@ -0,0 +1,118 @@
+#!/bin/bash
+# Description: Fetches the version for SERVICE_NAME from the specified
+# YAML file and executes a helm upgrade/install command with dynamic values files.
+
+# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval)
+# shellcheck disable=SC2124,SC2145,SC2294
+
+# Service
+SERVICE_NAME="barbican-exporter"
+SERVICE_NAMESPACE="openstack"
+
+# Helm
+HELM_REPO_NAME="genestack-barbician-exporter-helm-chart"
+HELM_REPO_URL="https://github.com/rackerlabs/genestack-barbician-exporter-helm-chart"
+
+# Base directories provided by the environment
+GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}"
+GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}"
+
+# Define service-specific override directories based on the framework
+SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}"
+SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}"
+
+# Define the Global Overrides directory used in the original script
+GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides"
+
+# Read the desired chart version from VERSION_FILE
+VERSION_FILE="${GENESTACK_OVERRIDES_DIR}/helm-chart-versions.yaml"
+
+if [ ! -f "$VERSION_FILE" ]; then
+    echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2
+    exit 1
+fi
+
+# Extract version dynamically.
+SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//")
+
+if [ -z "$SERVICE_VERSION" ]; then
+    echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2
+#    exit 1
+fi
+
+echo "Found version for $SERVICE_NAME: $SERVICE_VERSION"
+
+# Prepare an array to collect -f arguments
+overrides_args=()
+
+# Base Override Files: Check the standard base directory.
+if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then
+    echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES"
+    for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do
+        # Check that there is at least one match
+        if [[ -e "$file" ]]; then
+            echo " - $file"
+            overrides_args+=("-f" "$file")
+        fi
+    done
+else
+    echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES"
+fi
+
+# Include Global Overrides
+if [[ -d "$GLOBAL_OVERRIDES" ]]; then
+    echo "Including global overrides from directory: $GLOBAL_OVERRIDES"
+    for file in "$GLOBAL_OVERRIDES"/*.yaml; do
+        if [[ -e "$file" ]]; then
+            echo " - $file"
+            overrides_args+=("-f" "$file")
+        fi
+    done
+else
+    echo "Warning: Global override directory not found: $GLOBAL_OVERRIDES"
+fi
+
+# Include all YAML files from the custom SERVICE configuration directory
+if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then
+    echo "Including overrides from config directory:"
+    for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do
+        if [[ -e "$file" ]]; then
+            echo " - $file"
+            overrides_args+=("-f" "$file")
+        fi
+    done
+else
+    echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES"
+fi
+
+echo
+
+# --- Helm Repository and Execution ---
+helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL"
+helm repo update
+
+# Collect all --set arguments, executing commands and quoting safely
+set_args=()
+
+helm_command=(
+    helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME"
+#    --version "${SERVICE_VERSION}"
+    --namespace="$SERVICE_NAMESPACE"
+    --timeout 120m
+    --create-namespace
+
+    "${overrides_args[@]}"
+    "${set_args[@]}"
+
+    # Post-renderer configuration
+    --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh"
+    --post-renderer-args "$SERVICE_NAME/overlay"
+    "$@"
+)
+
+echo "Executing Helm command (arguments are quoted safely):"
+printf '%q ' "${helm_command[@]}"
+echo
+
+# Execute the command directly from the array
+"${helm_command[@]}"

docs/monitoring-info.md

@@ -163,6 +163,9 @@ use of it, so you do not need to install it unless you plan to do additional
 configuration beyond Genestack defaults and specifically plan to monitor some
 SNMP-enabled devices.
 
+* ### Barbican Exporter:
+The Barbican exporter is used for monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources.
+
 * ### Textfile Collector:
 It's possible to gather node/host metrics that aren't exposed by any of the above exporters by utilizing the [Node Exporter Textfile Collector](https://github.com/prometheus/node_exporter?tab=readme-ov-file#textfile-collector).
 Currently, in Genestack the textfile-collector is used to collect kernel-taint stats. To view more information about the textfile-collector and how to deploy your own custom exporter view the [Custom Metrics Deployment Doc](prometheus-custom-node-metrics.md).

docs/openstack-barbican-exporter.md

@@ -0,0 +1,12 @@
+# Barbican Exporter
+
+The Barbican exporter allows monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources.
+
+#### Install the Barbican Exporter Helm Chart
+
+```shell
+bin/install-barbican-exporter.sh
+```
+
+!!! success
+    If the installation is successful, you should see the barbican-exporter pod running in the openstack namespace.

mkdocs.yml

@@ -240,6 +240,7 @@ nav:
               - Blackbox Exporter: prometheus-blackbox-exporter.md
               - Pushgateway: prometheus-pushgateway.md
               - SNMP Exporter: prometheus-snmp-exporter.md
+              - Barbican Exporter: openstack-barbican-exporter.md
               - Custom Node Metrics: prometheus-custom-node-metrics.md
               - Alert Manager Examples:
                   - alertmanager-slack.md