rackerlabs · niti6869 · Nov 17, 2025 · Nov 17, 2025 · Nov 17, 2025 · rackerchris
diff --git a/.github/workflows/helm-barbican-exporter.yaml b/.github/workflows/helm-barbican-exporter.yaml
@@ -0,0 +1,44 @@
+name: Helm GitHub Actions for Barbican Exporter
+
+on:
+  pull_request:
+    paths:
+      - base-helm-configs/barbican-exporter/**
+      - base-kustomize/barbican-exporter/**
+      - .github/workflows/helm-barbican-exporter.yaml
+jobs:
+  helm:
+    strategy:
+      matrix:
+        overlays:
+          - base
+    name: Helm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kubectl Install
+        working-directory: /usr/local/bin/
+        run: |
+            if [ ! -f /usr/local/bin/kubectl ]; then
+              curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+              chmod +x ./kubectl
+            fi
+      - name: Run Helm Template
+        run: |
+          ${{ steps.helm.outputs.helm-path }} template barbican-exporter ${{ github.workspace }}/base-helm-configs/barbican-exporter \
+            --create-namespace \
+            --namespace=openstack \
+            --wait \
+            --timeout 120m \
+            -f ${{ github.workspace }}/base-helm-configs/barbican-exporter/values.yaml > /tmp/rendered.yaml
+      - name: Return helm Build
+        uses: actions/upload-artifact@v4
+        with:
+          name: helm-barbican-exporter-artifact-${{ matrix.overlays }}
+          path: /tmp/rendered.yaml
diff --git a/base-helm-configs/barbican-exporter/Chart.yaml b/base-helm-configs/barbican-exporter/Chart.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v2
+name: barbican-exporter
+description: A Helm chart for OpenStack Barbican Exporter
+type: application
+version: 0.1.0
+appVersion: "1.0"
diff --git a/base-helm-configs/barbican-exporter/values.yaml b/base-helm-configs/barbican-exporter/values.yaml
@@ -0,0 +1,17 @@
+---
+# Helm overrides for Barbican Prometheus exporter
+image:
+  repository: ghcr.io/rackerlabs/genestack-images/barbican-exporter
+  tag: "sha-6c19bf7"
+  pullPolicy: IfNotPresent
+serviceMonitor:
+  enabled: true
+  interval: 30s
+  scrapeTimeout: 10s
+  namespace: openstack
+  labels: {}
+nodeSelector:
+  openstack-control-plane: enabled
+env:
+  - name: BARBICAN_API_URL
+    value: "http://barbican-api.openstack.svc.cluster.local:9311"
diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-deployment.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-deployment.yaml
@@ -0,0 +1,92 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: barbican-exporter
+  namespace: openstack
+  labels:
+    app.kubernetes.io/name: barbican-exporter
+    app.kubernetes.io/instance: barbican-exporter
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: barbican-exporter
+      app.kubernetes.io/instance: barbican-exporter
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: barbican-exporter
+        app.kubernetes.io/instance: barbican-exporter
+    spec:
+      nodeSelector:
+        openstack-control-plane: enabled
+      containers:
+        - name: barbican-exporter
+          image: quay.io/rackspace/barbican-exporter:latest
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: OS_AUTH_URL
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_AUTH_URL
+            - name: OS_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_USERNAME
+            - name: OS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_PASSWORD
+            - name: OS_PROJECT_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_PROJECT_NAME
+            - name: OS_PROJECT_DOMAIN_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_PROJECT_DOMAIN_NAME
+            - name: OS_USER_DOMAIN_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_USER_DOMAIN_NAME
+            - name: OS_REGION_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_REGION_NAME
+            - name: OS_INTERFACE
+              valueFrom:
+                secretKeyRef:
+                  name: keystone-keystone-admin
+                  key: OS_INTERFACE
+            - name: BARBICAN_API_URL
+              value: "http://barbican-api.openstack.svc.cluster.local:9311"
+          ports:
+            - name: metrics
+              containerPort: 9100
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: metrics
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: metrics
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 50m
+              memory: 64Mi
+            limits:
+              cpu: 100m
+              memory: 128Mi
diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-service.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-service.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: barbican-exporter
+  namespace: openstack
+  labels:
+    app.kubernetes.io/name: barbican-exporter
+    app.kubernetes.io/instance: barbican-exporter
+spec:
+  selector:
+    app.kubernetes.io/name: barbican-exporter
+    app.kubernetes.io/instance: barbican-exporter
+  ports:
+    - name: metrics
+      port: 9100
+      targetPort: metrics
+      protocol: TCP
diff --git a/base-kustomize/barbican-exporter/base/barbican-exporter-servicemonitor.yaml b/base-kustomize/barbican-exporter/base/barbican-exporter-servicemonitor.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: barbican-exporter
+  namespace: openstack
+spec:
+  endpoints:
+    - interval: 30s
+      scrapeTimeout: 10s
+      path: /metrics
+      port: metrics
+  namespaceSelector:
+    matchNames:
+      - openstack
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: barbican-exporter
+      app.kubernetes.io/instance: barbican-exporter
diff --git a/base-kustomize/barbican-exporter/base/kustomization.yaml b/base-kustomize/barbican-exporter/base/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+sortOptions:
+  order: fifo
+resources:
+  - barbican-exporter-deployment.yaml
+  - barbican-exporter-service.yaml
+  - barbican-exporter-servicemonitor.yaml
+  - all.yaml
diff --git a/bin/install-barbican-exporter.sh b/bin/install-barbican-exporter.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+set -e  # Exit on error
+
+# Variables
+CHART_DIR="/opt/genestack/base-helm-configs/barbican-exporter"
+NAMESPACE="openstack"
+RELEASE_NAME="barbican-exporter"
+
+# Check if chart directory exists
+if [ ! -d "${CHART_DIR}" ]; then
+    echo "Chart directory ${CHART_DIR} does not exist!"
+    exit 1
+fi
+
+# Ensure namespace exists
+if ! kubectl get namespace ${NAMESPACE} >/dev/null 2>&1; then
+    echo "Namespace ${NAMESPACE} does not exist. Creating..."
+    kubectl create namespace ${NAMESPACE}
+fi
+
+# Check if release already exists
+if helm list -n ${NAMESPACE} | grep -q ${RELEASE_NAME}; then
+    echo "Release ${RELEASE_NAME} already exists!"
+    exit 1
+fi
+
+# Install Helm chart with dynamic values
+echo "Installing Helm chart..."
+helm install ${RELEASE_NAME} ${CHART_DIR} \
+    --namespace ${NAMESPACE} || {
+        echo "Helm installation failed!"
+        exit 1
+    }
+
+# Verify deployment
+echo "Verifying deployment..."
+kubectl get pods -n ${NAMESPACE}
+kubectl get svc -n ${NAMESPACE}
+kubectl get servicemonitor -n ${NAMESPACE}
+
+echo "Installation complete for $RELEASE_NAME!"
diff --git a/docs/monitoring-info.md b/docs/monitoring-info.md
@@ -163,6 +163,9 @@ use of it, so you do not need to install it unless you plan to do additional
 configuration beyond Genestack defaults and specifically plan to monitor some
 SNMP-enabled devices.
 
+* ### Barbican Exporter:
+The Barbican exporter is used for monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources.
+
 * ### Textfile Collector:
 It's possible to gather node/host metrics that aren't exposed by any of the above exporters by utilizing the [Node Exporter Textfile Collector](https://github.com/prometheus/node_exporter?tab=readme-ov-file#textfile-collector).
 Currently, in Genestack the textfile-collector is used to collect kernel-taint stats. To view more information about the textfile-collector and how to deploy your own custom exporter view the [Custom Metrics Deployment Doc](prometheus-custom-node-metrics.md).

diff --git a/docs/openstack-barbican-exporter.md b/docs/openstack-barbican-exporter.md
@@ -0,0 +1,12 @@
+# Barbican Exporter
+
+The Barbican exporter allows monitoring of OpenStack's Key Management Service (Barbican) by exposing metrics to Prometheus. It collects metrics about secrets, containers, and other Barbican-specific resources.
+
+#### Install the Barbican Exporter Helm Chart
+
+```shell
+bin/install-barbican-exporter.sh
+```
+
+!!! success
+    If the installation is successful, you should see the barbican-exporter pod running in the openstack namespace.
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -240,6 +240,7 @@ nav:
               - Blackbox Exporter: prometheus-blackbox-exporter.md
               - Pushgateway: prometheus-pushgateway.md
               - SNMP Exporter: prometheus-snmp-exporter.md
+              - Barbican Exporter: openstack-barbican-exporter.md
               - Custom Node Metrics: prometheus-custom-node-metrics.md
               - Alert Manager Examples:
                   - alertmanager-slack.md