diff --git a/.github/workflows/helm-barbican-exporter.yaml b/.github/workflows/helm-barbican-exporter.yaml new file mode 100644 index 000000000..6d0a3f15a --- /dev/null +++ b/.github/workflows/helm-barbican-exporter.yaml @@ -0,0 +1,44 @@ +name: Helm GitHub Actions for Barbican Exporter + +on: + pull_request: + paths: + - base-helm-configs/barbican-exporter/** + - base-kustomize/barbican-exporter/** + - .github/workflows/helm-barbican-exporter.yaml +jobs: + helm: + strategy: + matrix: + overlays: + - base + name: Helm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: azure/setup-helm@v3 + with: + version: latest + token: "${{ secrets.GITHUB_TOKEN }}" + id: helm + - name: Kubectl Install + working-directory: /usr/local/bin/ + run: | + if [ ! -f /usr/local/bin/kubectl ]; then + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x ./kubectl + fi + - name: Run Helm Template + run: | + ${{ steps.helm.outputs.helm-path }} template barbican-exporter ${{ github.workspace }}/base-helm-configs/barbican-exporter \ + --create-namespace \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f ${{ github.workspace }}/base-helm-configs/barbican-exporter/values.yaml > /tmp/rendered.yaml + - name: Return helm Build + uses: actions/upload-artifact@v4 + with: + name: helm-barbican-exporter-artifact-${{ matrix.overlays }} + path: /tmp/rendered.yaml diff --git a/base-helm-configs/barbican-exporter/Chart.yaml b/base-helm-configs/barbican-exporter/Chart.yaml new file mode 100644 index 000000000..367d957b6 --- /dev/null +++ b/base-helm-configs/barbican-exporter/Chart.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v2 +name: barbican-exporter +description: A Helm chart for OpenStack Barbican Exporter +type: application +version: 0.1.0 +appVersion: "1.0" diff --git a/base-helm-configs/barbican-exporter/values.yaml b/base-helm-configs/barbican-exporter/values.yaml new file mode 100644 index 000000000..65e84f369 --- /dev/null +++ b/base-helm-configs/barbican-exporter/values.yaml @@ -0,0 +1,17 @@ +--- +# Helm overrides for Barbican Prometheus exporter +image: + repository: ghcr.io/rackerlabs/genestack-images/barbican-exporter + tag: "sha-6c19bf7" + pullPolicy: IfNotPresent +serviceMonitor: + enabled: true + interval: 30s + scrapeTimeout: 10s + namespace: openstack + labels: {} +nodeSelector: + openstack-control-plane: enabled +env: + - name: BARBICAN_API_URL + value: "http://barbican-api.openstack.svc.cluster.local:9311" diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-deployment.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-deployment.yaml new file mode 100644 index 000000000..736162822 --- /dev/null +++ b/base-kustomize/barbican-exporter/base/barbican-exporter-deployment.yaml @@ -0,0 +1,92 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: barbican-exporter + namespace: openstack + labels: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter + template: + metadata: + labels: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter + spec: + nodeSelector: + openstack-control-plane: enabled + containers: + - name: barbican-exporter + image: quay.io/rackspace/barbican-exporter:latest + imagePullPolicy: IfNotPresent + env: + - name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_AUTH_URL + - name: OS_USERNAME + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_USERNAME + - name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_PASSWORD + - name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_PROJECT_NAME + - name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_PROJECT_DOMAIN_NAME + - name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_USER_DOMAIN_NAME + - name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_REGION_NAME + - name: OS_INTERFACE + valueFrom: + secretKeyRef: + name: keystone-keystone-admin + key: OS_INTERFACE + - name: BARBICAN_API_URL + value: "http://barbican-api.openstack.svc.cluster.local:9311" + ports: + - name: metrics + containerPort: 9100 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-service.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-service.yaml new file mode 100644 index 000000000..c83e8eb18 --- /dev/null +++ b/base-kustomize/barbican-exporter/base/barbican-exporter-service.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: barbican-exporter + namespace: openstack + labels: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter +spec: + selector: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter + ports: + - name: metrics + port: 9100 + targetPort: metrics + protocol: TCP diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-servicemonitor.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-servicemonitor.yaml new file mode 100644 index 000000000..04fd17d56 --- /dev/null +++ b/base-kustomize/barbican-exporter/base/barbican-exporter-servicemonitor.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: barbican-exporter + namespace: openstack +spec: + endpoints: + - interval: 30s + scrapeTimeout: 10s + path: /metrics + port: metrics + namespaceSelector: + matchNames: + - openstack + selector: + matchLabels: + app.kubernetes.io/name: barbican-exporter + app.kubernetes.io/instance: barbican-exporter diff --git a/base-kustomize/barbican-exporter/base/kustomization.yaml b/base-kustomize/barbican-exporter/base/kustomization.yaml new file mode 100644 index 000000000..a4122b68c --- /dev/null +++ b/base-kustomize/barbican-exporter/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +sortOptions: + order: fifo +resources: + - barbican-exporter-deployment.yaml + - barbican-exporter-service.yaml + - barbican-exporter-servicemonitor.yaml + - all.yaml diff --git a/bin/install-barbican-exporter.sh b/bin/install-barbican-exporter.sh new file mode 100644 index 000000000..e4ebe5a19 --- /dev/null +++ b/bin/install-barbican-exporter.sh @@ -0,0 +1,41 @@ +#!/bin/bash +set -e # Exit on error + +# Variables +CHART_DIR="/opt/genestack/base-helm-configs/barbican-exporter" +NAMESPACE="openstack" +RELEASE_NAME="barbican-exporter" + +# Check if chart directory exists +if [ ! -d "${CHART_DIR}" ]; then + echo "Chart directory ${CHART_DIR} does not exist!" + exit 1 +fi + +# Ensure namespace exists +if ! kubectl get namespace ${NAMESPACE} >/dev/null 2>&1; then + echo "Namespace ${NAMESPACE} does not exist. Creating..." + kubectl create namespace ${NAMESPACE} +fi + +# Check if release already exists +if helm list -n ${NAMESPACE} | grep -q ${RELEASE_NAME}; then + echo "Release ${RELEASE_NAME} already exists!" + exit 1 +fi + +# Install Helm chart with dynamic values +echo "Installing Helm chart..." +helm install ${RELEASE_NAME} ${CHART_DIR} \ + --namespace ${NAMESPACE} || { + echo "Helm installation failed!" + exit 1 + } + +# Verify deployment +echo "Verifying deployment..." +kubectl get pods -n ${NAMESPACE} +kubectl get svc -n ${NAMESPACE} +kubectl get servicemonitor -n ${NAMESPACE} + +echo "Installation complete for $RELEASE_NAME!" diff --git a/docs/monitoring-info.md b/docs/monitoring-info.md index 6eddc10e0..1ab688894 100644 --- a/docs/monitoring-info.md +++ b/docs/monitoring-info.md @@ -163,6 +163,9 @@ use of it, so you do not need to install it unless you plan to do additional configuration beyond Genestack defaults and specifically plan to monitor some SNMP-enabled devices. +* ### Barbican Exporter: +The Barbican exporter is used for monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources. + * ### Textfile Collector: It's possible to gather node/host metrics that aren't exposed by any of the above exporters by utilizing the [Node Exporter Textfile Collector](https://github.com/prometheus/node_exporter?tab=readme-ov-file#textfile-collector). Currently, in Genestack the textfile-collector is used to collect kernel-taint stats. To view more information about the textfile-collector and how to deploy your own custom exporter view the [Custom Metrics Deployment Doc](prometheus-custom-node-metrics.md). diff --git a/docs/openstack-barbican-exporter.md b/docs/openstack-barbican-exporter.md new file mode 100644 index 000000000..1bd21a9c9 --- /dev/null +++ b/docs/openstack-barbican-exporter.md @@ -0,0 +1,12 @@ +# Barbican Exporter + +The Barbican exporter allows monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources. + +#### Install the Barbican Exporter Helm Chart + +```shell +bin/install-barbican-exporter.sh +``` + +!!! success + If the installation is successful, you should see the barbican-exporter pod running in the openstack namespace. diff --git a/mkdocs.yml b/mkdocs.yml index 0d6da10d4..30ac57279 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -240,6 +240,7 @@ nav: - Blackbox Exporter: prometheus-blackbox-exporter.md - Pushgateway: prometheus-pushgateway.md - SNMP Exporter: prometheus-snmp-exporter.md + - Barbican Exporter: openstack-barbican-exporter.md - Custom Node Metrics: prometheus-custom-node-metrics.md - Alert Manager Examples: - alertmanager-slack.md