add TLS, deployment, and helm chart

Author: nidzrai

.github/workflows/build-ironic-hardware-exporter.yaml

@@ -0,0 +1,91 @@
+---
+name: build-ironic-hardware-exporter-images
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - ironic-hardware-exporter-v*
+    paths:
+      - "go/ironic-hardware-exporter/**"
+
+jobs:
+  build-ironic-hardware-exporter:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
+        with:
+          go-version: '1.25'
+          cache: true
+          cache-dependency-path: 'go/ironic-hardware-exporter/go.sum'
+
+      - name: Install syft
+        uses: anchore/sbom-action/download-syft@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
+
+      - name: Login to ghcr.io
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
+        with:
+          registry: "ghcr.io"
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract tag name
+        id: extract_tag
+        run: echo "tag=${GITHUB_REF#refs/tags/ironic-hardware-exporter-v}" >> $GITHUB_OUTPUT
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6
+        with:
+          distribution: goreleaser
+          version: "~> v2"
+          args: release --clean --skip=validate
+          workdir: go/ironic-hardware-exporter
+        env:
+          GIT_REPO: ${{ github.repository }}
+          CUSTOM_TAG: ${{ steps.extract_tag.outputs.tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  chart:
+    runs-on: ubuntu-latest
+    needs:
+      - build-ironic-hardware-exporter
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - name: Log in to ghcr.io
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
+        with:
+          registry: ghcr.io
+          username: '${{ github.actor }}'
+          password: '${{ secrets.GITHUB_TOKEN }}'
+      - name: Package and push Helm chart
+        working-directory: go/ironic-hardware-exporter
+        env:
+          PKG_VER: '${{ github.ref_name }}'
+        run: |
+          PKG_VER=${PKG_VER#ironic-hardware-exporter-v}
+          yq -i ".version = \"${PKG_VER}\"" helm/Chart.yaml
+          yq -i ".appVersion = \"${PKG_VER}\"" helm/Chart.yaml
+          yq helm/Chart.yaml
+          helm package -u -d ${{ github.workspace }} helm
+          helm push ${{ github.workspace }}/ironic-hardware-exporter-${PKG_VER}.tgz \
+            oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts

go/ironic-hardware-exporter/.goreleaser.Dockerfile

@@ -0,0 +1,4 @@
+FROM gcr.io/distroless/base-debian12:nonroot
+COPY --chmod=555 ironic-hardware-exporter /usr/local/bin/ironic-hardware-exporter
+USER 65532:65532
+ENTRYPOINT ["/usr/local/bin/ironic-hardware-exporter"]

go/ironic-hardware-exporter/.goreleaser.yaml

@@ -0,0 +1,95 @@
+project_name: "ironic-hardware-exporter"
+version: 2
+
+before:
+  hooks:
+    - go mod tidy
+
+env:
+  - CUSTOM_TAG={{ .Env.CUSTOM_TAG }}
+  - GIT_REPO={{ .Env.GIT_REPO }}
+
+builds:
+  - main: main.go
+    dir: ./cmd/ironic-hardware-exporter
+    binary: ironic-hardware-exporter
+    goos: ["linux"]
+    goarch: ["amd64", "arm64"]
+    flags:
+      - -trimpath
+    ldflags:
+      - -s
+      - -w
+      - -X main.version={{.Version}}
+      - -X main.commit={{.ShortCommit}}
+    env:
+      - CGO_ENABLED=0
+
+changelog:
+  disable: true
+
+dockers:
+  - skip_push: false
+    use: buildx
+    dockerfile: .goreleaser.Dockerfile
+    image_templates:
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+    build_flag_templates:
+      - --platform=linux/amd64
+      - --label=org.opencontainers.image.version={{ .Env.CUSTOM_TAG }}
+      - --label=org.opencontainers.image.revision={{ .Commit }}
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.created={{ .Date }}
+      - --label=org.opencontainers.image.description=Prometheus exporter for Ironic bare-metal hardware metrics
+      - --label=org.opencontainers.image.vendor=rackspace
+      - --label=org.opencontainers.image.licenses=Apache License 2.0
+      - --label=org.opencontainers.image.source=https://rackspace.com/
+      - --label=org.opencontainers.image.authors=Rackspace
+  - skip_push: false
+    goarch: arm64
+    use: buildx
+    dockerfile: .goreleaser.Dockerfile
+    image_templates:
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+    build_flag_templates:
+      - --platform=linux/arm64
+      - --label=org.opencontainers.image.version={{ .Env.CUSTOM_TAG }}
+      - --label=org.opencontainers.image.revision={{ .Commit }}
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.created={{ .Date }}
+      - --label=org.opencontainers.image.description=Prometheus exporter for Ironic bare-metal hardware metrics
+      - --label=org.opencontainers.image.vendor=rackspace
+      - --label=org.opencontainers.image.licenses=Apache License 2.0
+      - --label=org.opencontainers.image.source=https://rackspace.com/
+      - --label=org.opencontainers.image.authors=Rackspace
+
+docker_manifests:
+  - name_template: ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}
+    image_templates:
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+  - name_template: ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:latest
+    image_templates:
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-amd64
+      - ghcr.io/{{ .Env.GIT_REPO }}/{{ .ProjectName }}:{{ .Env.CUSTOM_TAG }}-arm64
+
+signs:
+  - cmd: cosign
+    signature: "${artifact}.sigstore.json"
+    output: true
+    artifacts: checksum
+    args:
+      - sign-blob
+      - "--bundle=${signature}"
+      - "${artifact}"
+      - --yes
+
+docker_signs:
+  - cmd: cosign
+    artifacts: manifests
+    output: true
+    args:
+      - "sign"
+      - "--oidc-provider=github-actions"
+      - "${artifact}@${digest}"
+      - --yes

go/ironic-hardware-exporter/Dockerfile

@@ -0,0 +1,24 @@
+FROM golang:1.25 AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY go.mod go.mod
+COPY go.sum go.sum
+RUN go mod download
+
+COPY cmd/ cmd/
+COPY internal/ internal/
+
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o ironic-hardware-exporter cmd/ironic-hardware-exporter/main.go
+
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/ironic-hardware-exporter .
+USER 65532:65532
+
+ENTRYPOINT ["/ironic-hardware-exporter"]

go/ironic-hardware-exporter/cmd/ironic-hardware-exporter/main.go

@@ -36,7 +36,11 @@ func main() {
 	}
 	defer statesConsumer.Close()
 
-	srv := server.New(store, cfg.Server.Port, sensorConsumer.IsReady)
+	// both consumers must be up for the pod to be considered ready
+	bothReady := func() bool {
+		return sensorConsumer.IsReady() && statesConsumer.IsReady()
+	}
+	srv := server.New(store, cfg.Server.Port, bothReady)
 	go func() {
 		if err := srv.Start(); err != nil {
 			log.Fatalf("HTTP server failed: %v", err)

go/ironic-hardware-exporter/helm/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: ironic-hardware-exporter
+description: Prometheus exporter for Ironic bare-metal hardware metrics via RabbitMQ
+type: application
+version: 0.1.0
+appVersion: 0.1.0

go/ironic-hardware-exporter/helm/templates/NOTES.txt

@@ -0,0 +1,11 @@
+ironic-hardware-exporter has been deployed.
+
+Prometheus metrics:
+  kubectl port-forward svc/{{ include "ironic-hardware-exporter.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }}
+  curl http://localhost:{{ .Values.service.port }}/metrics
+
+Health check:
+  curl http://localhost:{{ .Values.service.port }}/health
+
+Readiness check (503 if RabbitMQ connection is lost):
+  curl http://localhost:{{ .Values.service.port }}/ready

go/ironic-hardware-exporter/helm/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ironic-hardware-exporter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ironic-hardware-exporter.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ironic-hardware-exporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ironic-hardware-exporter.labels" -}}
+helm.sh/chart: {{ include "ironic-hardware-exporter.chart" . }}
+{{ include "ironic-hardware-exporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ironic-hardware-exporter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ironic-hardware-exporter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}