diff --git a/.github/workflows/helm-barbican-exporter.yaml b/.github/workflows/helm-barbican-exporter.yaml new file mode 100644 index 000000000..cb3e0e451 --- /dev/null +++ b/.github/workflows/helm-barbican-exporter.yaml @@ -0,0 +1,48 @@ +name: Helm GitHub Actions for Barbican Exporter + +on: + pull_request: + paths: + - base-helm-configs/barbican-exporter/** + - base-kustomize/barbican-exporter/** + - .github/workflows/helm-barbican-exporter.yaml +jobs: + helm: + strategy: + matrix: + overlays: + - base + name: Helm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: azure/setup-helm@v3 + with: + version: v3.14.3 + token: "${{ secrets.GITHUB_TOKEN }}" + id: helm + - name: Add barbican-exporter repo to helm + run: | + ${{ steps.helm.outputs.helm-path }} repo add genestack-barbician-exporter-helm-chart https://rackerlabs.github.io/genestack-barbician-exporter-helm-chart + ${{ steps.helm.outputs.helm-path }} repo update + - name: Kubectl Install + working-directory: /usr/local/bin/ + run: | + if [ ! -f /usr/local/bin/kubectl ]; then + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x ./kubectl + fi + - name: Run Helm Template + run: | + ${{ steps.helm.outputs.helm-path }} template barbican-exporter genestack-barbician-exporter-helm-chart/barbican-exporter \ + --create-namespace \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f ${{ github.workspace }}/base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml > /tmp/rendered.yaml + - name: Return helm Build + uses: actions/upload-artifact@v4 + with: + name: helm-barbican-exporter-artifact-${{ matrix.overlays }} + path: /tmp/rendered.yaml diff --git a/base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml b/base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml new file mode 100644 index 000000000..240e0bf03 --- /dev/null +++ b/base-helm-configs/barbican-exporter/barbican-exporter-helm-overrides.yaml @@ -0,0 +1,2 @@ +--- +# Helm overrides for Barbican Prometheus exporter diff --git a/base-kustomize/barbican-exporter/base/kustomization.yaml b/base-kustomize/barbican-exporter/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/barbican-exporter/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/bin/install-barbican-exporter.sh b/bin/install-barbican-exporter.sh new file mode 100644 index 000000000..585988502 --- /dev/null +++ b/bin/install-barbican-exporter.sh @@ -0,0 +1,118 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="barbican-exporter" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="genestack-barbician-exporter-helm-chart" +HELM_REPO_URL="https://github.com/rackerlabs/genestack-barbician-exporter-helm-chart" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="${GENESTACK_OVERRIDES_DIR}/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically. +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 +# exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Base Override Files: Check the standard base directory. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include Global Overrides +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including global overrides from directory: $GLOBAL_OVERRIDES" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global override directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +# Collect all --set arguments, executing commands and quoting safely +set_args=() + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" +# --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/docs/monitoring-info.md b/docs/monitoring-info.md index 6eddc10e0..1ab688894 100644 --- a/docs/monitoring-info.md +++ b/docs/monitoring-info.md @@ -163,6 +163,9 @@ use of it, so you do not need to install it unless you plan to do additional configuration beyond Genestack defaults and specifically plan to monitor some SNMP-enabled devices. +* ### Barbican Exporter: +The Barbican exporter is used for monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources. + * ### Textfile Collector: It's possible to gather node/host metrics that aren't exposed by any of the above exporters by utilizing the [Node Exporter Textfile Collector](https://github.com/prometheus/node_exporter?tab=readme-ov-file#textfile-collector). Currently, in Genestack the textfile-collector is used to collect kernel-taint stats. To view more information about the textfile-collector and how to deploy your own custom exporter view the [Custom Metrics Deployment Doc](prometheus-custom-node-metrics.md). diff --git a/docs/openstack-barbican-exporter.md b/docs/openstack-barbican-exporter.md new file mode 100644 index 000000000..1bd21a9c9 --- /dev/null +++ b/docs/openstack-barbican-exporter.md @@ -0,0 +1,12 @@ +# Barbican Exporter + +The Barbican exporter allows monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources. + +#### Install the Barbican Exporter Helm Chart + +```shell +bin/install-barbican-exporter.sh +``` + +!!! success + If the installation is successful, you should see the barbican-exporter pod running in the openstack namespace. diff --git a/mkdocs.yml b/mkdocs.yml index 1cf647fb7..afe8c9d59 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -240,6 +240,7 @@ nav: - Blackbox Exporter: prometheus-blackbox-exporter.md - Pushgateway: prometheus-pushgateway.md - SNMP Exporter: prometheus-snmp-exporter.md + - Barbican Exporter: openstack-barbican-exporter.md - Custom Node Metrics: prometheus-custom-node-metrics.md - Alert Manager Examples: - alertmanager-slack.md