[netbox] Release version 5.0.5

CHANGELOG:

- Bump base image to v3.7.2

charts/netbox/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
     - name: netbox
       image: docker.io/netboxcommunity/netbox:v3.7-2.8.0
 apiVersion: v2
-appVersion: v3.7.1
+appVersion: v3.7.2
 name: netbox
 kubeVersion: ">=1.25.0"
 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool
@@ -40,4 +40,4 @@ keywords:
   - ipam
   - netbox
 type: application
-version: 5.0.4
+version: 5.0.5

charts/netbox/docs/auth.md

@@ -48,52 +48,53 @@ extraVolumeMounts:
     readOnly: true
 ```
 
-Additional resources are necessary (please note that the client ID is necessary in the custom pipeline script):
+Put additional necessary resources on `extraDeploy` parameter.
+Note: Client ID is necessary in the custom pipeline script
 
 ```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: keycloak-client
-  namespace: netbox
-type: Opaque
-data:
-  oidc-keycloak.yaml: |
-    SOCIAL_AUTH_KEYCLOAK_KEY:               <OAUTH_CLIENT_ID>
-    SOCIAL_AUTH_KEYCLOAK_SECRET:            <OAUTH_CLIENT_SECRET>
-    SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY:        MIIB...AB
-    SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: "https://keycloak.example.com/auth/realms/master/protocol/openid-connect/auth"
-    SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL:  "https://keycloak.example.com/auth/realms/master/protocol/openid-connect/token"
-    SOCIAL_AUTH_JSONFIELD_ENABLED:          true
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: sso-pipeline-roles
-  namespace: netbox
-data:
-  sso_pipeline_roles.py: |
-    from django.contrib.auth.models import Group
-    def set_role(response, user, backend, *args, **kwargs):
-      client_id = '<OAUTH_CLIENT_ID>'
-      roles = []
-      try:
-        roles = response['resource_access'][client_id]['roles']
-      except KeyError:
-        pass
-      user.is_staff = ('admin' in roles)
-      user.is_superuser = ('superuser' in roles)
-      user.save()
-      groups = Group.objects.all()
-      for group in groups:
-        try:
-          if group.name in roles:
-            group.user_set.add(user)
-          else:
-            group.user_set.remove(user)
-        except Group.DoesNotExist:
-          continue
+extraDeploy:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: keycloak-client
+      namespace: netbox
+    type: Opaque
+    stringData:
+      oidc-keycloak.yaml: |
+        SOCIAL_AUTH_KEYCLOAK_KEY:               <OAUTH_CLIENT_ID>
+        SOCIAL_AUTH_KEYCLOAK_SECRET:            <OAUTH_CLIENT_SECRET>
+        SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY:        MIIB...AB
+        SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: "https://keycloak.example.com/realms/master/protocol/openid-connect/auth"
+        SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL:  "https://keycloak.example.com/realms/master/protocol/openid-connect/token"
+        SOCIAL_AUTH_JSONFIELD_ENABLED:          true
+
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: sso-pipeline-roles
+      namespace: netbox
+    data:
+      sso_pipeline_roles.py: |
+        from django.contrib.auth.models import Group
+        def set_role(response, user, backend, *args, **kwargs):
+          client_id = '<OAUTH_CLIENT_ID>'
+          roles = []
+          try:
+            roles = response['resource_access'][client_id]['roles']
+          except KeyError:
+            pass
+          user.is_staff = ('admin' in roles)
+          user.is_superuser = ('superuser' in roles)
+          user.save()
+          groups = Group.objects.all()
+          for group in groups:
+            try:
+              if group.name in roles:
+                group.user_set.add(user)
+              else:
+                group.user_set.remove(user)
+            except Group.DoesNotExist:
+              continue
 ```
 
 ### Example config for GitLab backend
@@ -201,8 +202,10 @@ For example:
 ```yaml
 remoteAuth:
   enabled: true
-  backend: netbox.authentication.LDAPBackend
+  backends:
+    - netbox.authentication.LDAPBackend
   ldap:
+    enabled: true
     serverUri: 'ldap://domain.com'
     startTls: true
     ignoreCertErrors: true

charts/netbox/templates/Certificate.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.tls.enabled }}
+{{- if .Values.tls.enabled -}}
 {{- if (include "common.capabilities.certManager.apiVersion" .) }}
 apiVersion: {{ include "common.capabilities.certManager.apiVersion" . }}
 kind: Certificate
@@ -64,4 +64,4 @@ spec:
     {{- end }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end -}}

charts/netbox/templates/ConfigMap/env-vars.yaml

@@ -20,4 +20,13 @@ data:
   {{- end }}
   {{- if not .Values.externalDatabase.existingSecretUserKey }}
   NETBOX_DATABASE_USER: {{ include "netbox.databaseUser" . | quote }}
-  {{- end }}
+  {{- end }}
+  test.txt: |-
+    extraConfig.volume
+    {{- include "netbox.extraConfig.volumes" . | nindent 8 }}
+
+    extraConfig.volumevolumeMounts
+    {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 }}
+
+    extraConfig.volumevolumeMounts tpl
+    {{- include "common.tplvalues.render" (dict "value" (include "netbox.extraConfig.volumeMounts" .) "context" $) | nindent 12 }}

charts/netbox/templates/CronJob.yaml

@@ -3,6 +3,7 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: {{ template "netbox.housekeeping.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.housekeeping.image "chart" .Chart ) ) }}  
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
@@ -93,6 +94,9 @@ spec:
                   name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
               {{- end }}
             {{- end }}
+            {{- if .Values.housekeeping.resources }}
+            resources: {{- toYaml .Values.housekeeping.resources | nindent 14 }}
+            {{- end }}
             volumeMounts:
             - name: config
               mountPath: /etc/netbox/config/configuration.py
@@ -110,7 +114,6 @@ spec:
             - name: secrets
               mountPath: /run/secrets/netbox
               readOnly: true
-            {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 -}}
             - name: netbox-tmp
               mountPath: /tmp
             - name: media
@@ -126,12 +129,10 @@ spec:
               mountPath: {{ .Values.scriptsPersistence.path  }}
               subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }}
             {{- end }}
+            {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 }}
             {{- if .Values.housekeeping.extraVolumeMounts }}
               {{- include "common.tplvalues.render" ( dict "value" .Values.housekeeping.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
-            {{- if .Values.housekeeping.resources }}
-            resources: {{- toYaml .Values.housekeeping.resources | nindent 14 }}
-            {{- end }}
           {{- if .Values.sidecars }}
             {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 10 }}
           {{- end }}
@@ -174,7 +175,6 @@ spec:
                   items:
                   - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }}
                     path: redis_cache_password
-          {{- include "netbox.extraConfig.volumes" . | nindent 10 -}}
           - name: netbox-tmp
             emptyDir:
               medium: Memory
@@ -200,6 +200,7 @@ spec:
             emptyDir: {}
             {{- end }}
           {{- if .Values.extraVolumes }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 10 }}
           {{- end }}
+          {{- include "netbox.extraConfig.volumes" . | nindent 10 -}}
 {{- end -}}

charts/netbox/templates/Deployment.yaml

@@ -2,6 +2,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ include "netbox.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }}  
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
@@ -177,7 +178,6 @@ spec:
             - name: secrets
               mountPath: /run/secrets/netbox
               readOnly: true
-            {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 -}}
             - name: netbox-tmp
               mountPath: /tmp
             - name: media
@@ -213,6 +213,7 @@ spec:
             - name: custom-init-scripts
               mountPath: /docker-entrypoint-initdb.d
             {{- end }}
+            {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 }}
             {{- if .Values.extraVolumeMounts }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
             {{- end }}
@@ -329,7 +330,6 @@ spec:
                 items:
                 - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }}
                   path: redis_cache_password
-        {{- include "netbox.extraConfig.volumes" . | nindent 8 -}}
         - name: netbox-tmp
           emptyDir:
             medium: Memory
@@ -366,6 +366,7 @@ spec:
           configMap:
             name: {{ include "netbox.initdbScriptsCM" . }}
         {{- end }}
+        {{- include "netbox.extraConfig.volumes" . | nindent 8 }}
         {{- if .Values.extraVolumes }}
           {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
         {{- end }}

charts/netbox/templates/Secret/external-db.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ printf "%s-external-db" .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
   {{- if or .Values.externalDatabase.annotations .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.merge" (dict "values" (list .Values.externalDatabase.annotations .Values.commonAnnotations) "context" $) | nindent 4 }}

charts/netbox/templates/Secret/external-redis.yaml

@@ -1,4 +1,4 @@
-{{- if and (not .Values.redis.enabled) (not .Values.tasksRedis.existingSecretName) (not .Values.cachingRedis.existingSecretName) (not .Values.redis.existingSecret) }}
+{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecretName) (not .Values.tasksRedis.existingSecretName) (not .Values.cachingRedis.existingSecretName) (not .Values.redis.existingSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,6 +10,6 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  redis-cache-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-external-redis" .Release.Name) "key" "redis-cache-password" "length" 12 "providedValues" (list "cachingRedis.password") "context" $) }}
-  redis-tasks-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-external-redis" .Release.Name) "key" "redis-tasks-password" "length" 12 "providedValues" (list "tasksRedis.password") "context" $) }}
+  {{ include "netbox.cachingRedis.secretPasswordKey" . }}: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-external-redis" .Release.Name) "key" "redis-cache-password" "length" 12 "providedValues" (list "cachingRedis.password") "context" $) }}
+  {{ include "netbox.tasksRedis.secretPasswordKey" . }}: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-external-redis" .Release.Name) "key" (include "netbox.tasksRedis.secretPasswordKey" .) "length" 12 "providedValues" (list "tasksRedis.password") "context" $) }}
 {{- end }}

charts/netbox/templates/Secret/netbox.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ printf "%s" (include "netbox.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}

charts/netbox/templates/Secret/tls.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled }}
+{{- if .Values.ingress.enabled -}}
 {{- if .Values.ingress.secrets }}
 {{- range .Values.ingress.secrets }}
 apiVersion: v1
@@ -62,4 +62,4 @@ data:
   tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
   tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
   ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
-{{- end }}
+{{- end -}}

charts/netbox/templates/serviceaccount.yaml → charts/netbox/templates/ServiceAccount.yaml

@@ -4,6 +4,7 @@ kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ include "netbox.serviceAccountName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
@@ -13,4 +14,4 @@ metadata:
 imagePullSecrets:
   {{- toYaml . | nindent 2 }}
 {{- end }}
-{{- end }}
+{{- end -}}

charts/netbox/templates/_helpers.tpl

@@ -352,19 +352,19 @@ Volumes that need to be mounted for .Values.extraConfig entries
 {{- define "netbox.extraConfig.volumes" -}}
 {{- range $index, $config := .Values.extraConfig -}}
 - name: extra-config-{{ $index }}
-  {{- if $config.values -}}
+  {{- if $config.values }}
   configMap:
-    name: {{ include "netbox.fullname" $ }}
+    name: {{ printf "%s" (include "netbox.fullname" $) }}
     items:
     - key: extra-{{ $index }}.yaml
       path: extra-{{ $index }}.yaml
-  {{- else if $config.configMap -}}
+  {{- else if $config.configMap }}
   configMap:
     {{- toYaml $config.configMap | nindent 4 }}
-  {{- else if $config.secret -}}
+  {{- else if $config.secret }}
   secret:
     {{- toYaml $config.secret | nindent 4 }}
-  {{- end -}}
+  {{- end }}
 {{ end -}}
 {{- end -}}
 

charts/netbox/templates/extraDeploy.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

charts/netbox/templates/istio/ServiceEntry.yaml

@@ -0,0 +1,19 @@
+{{- if (include "common.capabilities.istioNetworking.apiVersion" .) -}}
+apiVersion: {{ include "common.capabilities.istioNetworking.apiVersion" . }}
+kind: ServiceEntry
+metadata:
+  name: {{ include "netbox.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+spec:
+  hosts:
+    - netbox.dev
+  location: MESH_EXTERNAL
+  ports:
+    - number: 80
+      name: http
+      protocol: HTTP
+    - number: 443
+      name: https
+      protocol: TLS
+  resolution: DNS
+{{- end -}}