diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index b72c3eb7..22336db6 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -5,7 +5,7 @@ annotations: image: docker.io/netboxcommunity/netbox:v3.7-2.8.0 apiVersion: v2 name: netbox -version: 5.0.2 +version: 5.0.3 appVersion: v3.7.1 kubeVersion: ">=1.25.0" description: IP address management (IPAM) and data center infrastructure management (DCIM) tool @@ -36,4 +36,4 @@ dependencies: - name: st-common repository: https://startechnica.github.io/apps version: 0.x.x - alias: startechnica-common \ No newline at end of file + alias: startechnica-common diff --git a/charts/netbox/README.md b/charts/netbox/README.md index dcd51e04..192c8b2b 100644 --- a/charts/netbox/README.md +++ b/charts/netbox/README.md @@ -3,10 +3,8 @@ [NetBox](https://netbox.readthedocs.io/) is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. -Forked from [bootc/netbox-chart](https://github.com/bootc/netbox-chart) - **Note:** This repository was forked from [bootc/netbox-chart](https://github.com/bootc/netbox-chart) at versions -v5.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG. +v5.0.0 and up are from this fork will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG. **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/startechnica/apps/issues/new/choose)** @@ -15,12 +13,12 @@ v5.0.0 and up are from this fork and will have diverged from any changes in the ```console $ helm repo add startechnica https://startechnica.github.io/apps $ helm install netbox \ - --set postgresql.auth.postgresPassword=[password1] \ - --set postgresql.auth.password=[password2] \ - --set redis.auth.password=[password3] \ - startechnica/netbox + --set postgresql.auth.postgresPassword= \ + --set postgresql.auth.password= \ + --set redis.auth.password= \ + startechnica/netbox ``` -⚠️ **WARNING:** Please see [Production Usage](#production-usage) below before using this chart for real. +⚠️ **WARNING:** Please see [Production Usage](#production-usage) below before using this chart for production environment. ## Prerequisites @@ -32,12 +30,12 @@ $ helm install netbox \ To install the chart with the release name `my-release` and default configuration: -```shell +```console $ helm repo add startechnica https://startechnica.github.io/apps $ helm install my-release \ - --set postgresql.auth.postgresPassword=[password1] \ - --set postgresql.auth.password=[password2] \ - --set redis.auth.password=[password3] \ + --set postgresql.auth.postgresPassword= \ + --set postgresql.auth.password= \ + --set redis.auth.password= \ startechnica/netbox ``` @@ -76,9 +74,9 @@ affinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: + app.kubernetes.io/component: server app.kubernetes.io/instance: netbox app.kubernetes.io/name: netbox - app.kubernetes.io/component: netbox topologyKey: kubernetes.io/hostname ``` @@ -95,17 +93,18 @@ The command removes all the Kubernetes components associated with the chart and ## Breaking Changes * The `extraEnvs` setting has been renamed to `extraEnvVars`. * The `extraContainers` setting has been renamed to `sidecars`. - * The `extraContainers` setting has been renamed to `sidecars`. * The `extraInitContainers` setting has been renamed to `initContainers`. - * The `securityContext` setting has been renamed to `podSecurityContext` and `containerSecurityContext`. - * The `ingress.className` setting has been renamed to `ingress.ingressClassName`. * The `housekeeping.securityContext` setting has been renamed to `housekeeping.containerSecurityContext` + * The `init` setting has been renamed to `initDirs`. + * The `ingress.className` setting has been renamed to `ingress.ingressClassName`. + * The `metricsEnabled` setting has been renamed to `metrics.enabled`. + * The `securityContext` setting has been renamed to `podSecurityContext` and `containerSecurityContext`. + * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. + * The `superuser.password: admin` setting has been changed to `superuser.password: ""`. + * The `superuser.passwordSecretKey` setting has been renamed to `superuser.existingSecretPasswordKey`. * The `worker.autoscaling.targetCPUUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetCPU`. * The `worker.autoscaling.targetMemoryUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetMemory`. * The `worker.extraEnvs` setting has been renamed to `worker.extraEnvVars`. - * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. - * The `metricsEnabled` setting has been renamed to `metrics.enabled`. - * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. ## Upgrading @@ -167,6 +166,36 @@ PostgreSQL chart was upgraded from 5.x.x to 7.x.x, and Redis from 8.x.x to The following table lists the configurable parameters for this chart and their default values. +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template with a string | `""` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `schedulerName` | Name of the Kubernetes scheduler (other than default) | `""` | +| `clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `[]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `[]` | + + +### Netbox parameters + | Parameter | Description | Default | | ------------------------------------------------|---------------------------------------------------------------------|----------------------------------------------| | `replicaCount` | The desired number of NetBox pods | `1` | diff --git a/charts/netbox/templates/ConfigMap/netbox.yaml b/charts/netbox/templates/ConfigMap/netbox.yaml index 91f613fc..5ee2a977 100644 --- a/charts/netbox/templates/ConfigMap/netbox.yaml +++ b/charts/netbox/templates/ConfigMap/netbox.yaml @@ -203,14 +203,13 @@ data: ENABLE_LOCALIZATION: {{ toJson .Values.enableLocalization }} TIME_ZONE: {{ .Values.timeZone | quote }} DATE_FORMAT: {{ .Values.dateFormat | quote }} - SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} TIME_FORMAT: {{ .Values.timeFormat | quote }} - SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }} DATETIME_FORMAT: {{ .Values.dateTimeFormat | quote }} + SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} + SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }} SHORT_DATETIME_FORMAT: {{ .Values.shortDateTimeFormat | quote }} - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - + {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} ldap_config.py: |- from importlib import import_module @@ -288,15 +287,16 @@ data: AUTH_LDAP_MIRROR_GROUPS_EXCEPT: {{ toJson .Values.remoteAuth.ldap.mirrorGroupsExcept }} AUTH_LDAP_CACHE_TIMEOUT: {{ int .Values.remoteAuth.ldap.cacheTimeout }} {{- end }} - {{- if .Values.overrideUnitConfig }} + {{- if .Values.overrideUnitConfig -}} nginx-unit.json: |- {{- toPrettyJson .Values.overrideUnitConfig | nindent 4 }} - {{- end }} + {{- end -}} + {{- range $index, $config := .Values.extraConfig -}} {{- if $config.values }} extra-{{ $index }}.yaml: |- {{- toYaml $config.values | nindent 4 }} {{- end }} - {{ end -}} + {{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/HorizontalPodAutoscaler.yaml b/charts/netbox/templates/HorizontalPodAutoscaler.yaml new file mode 100644 index 00000000..c8971fe1 --- /dev/null +++ b/charts/netbox/templates/HorizontalPodAutoscaler.yaml @@ -0,0 +1,45 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "netbox.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: server + app.kubernetes.io/part-of: netbox + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ template "netbox.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if or .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ coalesce .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ coalesce .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- end }} + {{- if or .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ coalesce .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ coalesce .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/Ingress.yaml b/charts/netbox/templates/Ingress.yaml index 362db928..b5066f2c 100644 --- a/charts/netbox/templates/Ingress.yaml +++ b/charts/netbox/templates/Ingress.yaml @@ -48,7 +48,7 @@ spec: secretName: {{ printf "%s-tls" .Values.ingress.hostname }} {{- end }} {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/PersistentVolumeClaim/media.yaml b/charts/netbox/templates/PersistentVolumeClaim/media.yaml index 81cb3591..923eac6b 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/media.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/media.yaml @@ -3,25 +3,20 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-media - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.accessMode | quote }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.persistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.reportsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.persistence.selector }} selector: {{- toYaml . | nindent 4 }} diff --git a/charts/netbox/templates/PersistentVolumeClaim/reports.yaml b/charts/netbox/templates/PersistentVolumeClaim/reports.yaml index 64c24dba..91865d18 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/reports.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/reports.yaml @@ -3,27 +3,22 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-reports - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.reportsPersistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.reportsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.reportsPersistence.accessMode | quote }} + {{- range .Values.reportsPersistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.reportsPersistence.size | quote }} - {{- if .Values.reportsPersistence.storageClass }} - {{- if (eq "-" .Values.reportsPersistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.reportsPersistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.reportsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.reportsPersistence.selector }} selector: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml b/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml index 518b81ea..fb1bb86b 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml @@ -3,27 +3,22 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-scripts - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.scriptsPersistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.scriptsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.scriptsPersistence.accessMode | quote }} + {{- range .Values.scriptsPersistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.scriptsPersistence.size | quote }} - {{- if .Values.scriptsPersistence.storageClass }} - {{- if (eq "-" .Values.scriptsPersistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.scriptsPersistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.scriptsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.scriptsPersistence.selector }} selector: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/Secret/netbox.yaml b/charts/netbox/templates/Secret/netbox.yaml index 3e99cec1..13fef0ee 100644 --- a/charts/netbox/templates/Secret/netbox.yaml +++ b/charts/netbox/templates/Secret/netbox.yaml @@ -5,16 +5,16 @@ metadata: name: {{ printf "%s" (include "netbox.fullname" .) }} labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} type: Opaque data: {{ if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecretName) -}} - db_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.postgresql.fullname" .)) "key" "password" "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }} + db_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.databaseSecretName" .)) "key" (printf "%s" (include "netbox.databaseSecretPasswordKey" .)) "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }} {{ end -}} {{ if (not .Values.email.existingSecretName) -}} # email_password: {{ .Values.email.password | b64enc | quote }} - email_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "email_password" "length" 12 "providedValues" (list "email.password") "context" $) }} + email_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.email.secretName" .)) "key" (printf "%s" (include "netbox.email.secretPasswordKey" .)) "length" 12 "providedValues" (list "email.password") "context" $) }} {{ end -}} {{ if and (not .Values.redis.enabled) (not .Values.tasksRedis.existingSecretName) -}} redis_tasks_password: {{ .Values.tasksRedis.password | b64enc | quote }} @@ -26,8 +26,8 @@ data: {{- if not .Values.superuser.existingSecretName }} # superuser_password: {{ .Values.superuser.password | default (randAlphaNum 16) | b64enc }} # superuser_api_token: {{ .Values.superuser.apiToken | default uuidv4 | b64enc }} - superuser_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "superuser_password" "length" 16 "providedValues" (list "superuser.password") "context" $) }} - superuser_api_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "superuser_api_token" "length" 32 "providedValues" (list "superuser.apiToken") "context" $) }} + superuser_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.superuser.secretName" .)) "key" (printf "%s" (include "netbox.superuser.secretPasswordKey" .)) "length" 16 "providedValues" (list "superuser.password") "context" $) }} + superuser_api_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.superuser.secretName" .)) "key" (printf "%s" (include "netbox.superuser.secretApiTokenKey" .)) "length" 32 "providedValues" (list "superuser.apiToken") "context" $) }} {{- end }} {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} ldap_bind_password: {{ .Values.remoteAuth.ldap.bindPassword | b64enc | quote }} diff --git a/charts/netbox/templates/Secret/tls.yaml b/charts/netbox/templates/Secret/tls.yaml new file mode 100644 index 00000000..99798fd9 --- /dev/null +++ b/charts/netbox/templates/Secret/tls.yaml @@ -0,0 +1,65 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.tplvalues.render" ( dict "value" .certificate "context" $ ) | b64enc }} + tls.key: {{ include "common.tplvalues.render" ( dict "value" .key "context" $ ) | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "netbox-ca" 365 }} +{{- $cert := genSignedCert (tpl .Values.ingress.hostname .) nil (list (tpl .Values.ingress.hostname .)) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} +{{- if (include "netbox.tls.isCreateSecret" $) }} +{{- $secretName := printf "%s-crt" (include "netbox.fullname" .) }} +{{- $ca := genCA "netbox-ca" 365 }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: netbox + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- $replicaCount := int .Values.replicaCount }} + {{- $svcName := include "netbox.fullname" . }} + {{- $altNames := list (printf "%s.%s.svc.%s" $svcName $releaseNamespace $clusterDomain) (printf "%s.%s" $svcName $releaseNamespace) $svcName }} + {{- $cert := genSignedCert $svcName nil $altNames 365 $ca }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 60623291..49f48e4b 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -12,17 +12,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "netbox.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" }} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} + {{- end -}} +{{- end -}} +{{- end -}} {{/* Return the proper Netbox worker fullname @@ -43,7 +43,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "netbox.postgresql.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} +{{ include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) }} {{- end -}} {{/* @@ -51,7 +51,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "netbox.redis.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) -}} +{{ include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) }} {{- end -}} {{/* @@ -86,14 +86,14 @@ Return the proper Netbox init image name Return the proper PostgreSQL image name */}} {{- define "netbox.postgresql.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.postgresql.image "global" .Values.global ) -}} +{{ include "common.images.image" ( dict "imageRoot" .Values.postgresql.image "global" .Values.global ) }} {{- end -}} {{/* Return the proper Redis image name */}} {{- define "netbox.redis.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.redis.image "global" .Values.global ) -}} +{{ include "common.images.image" ( dict "imageRoot" .Values.redis.image "global" .Values.global ) }} {{- end -}} {{/* @@ -108,7 +108,7 @@ Create chart name and version as used by the chart label. */}} {{- define "netbox.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- end -}} {{/* Common labels @@ -121,7 +121,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.commonLabels }} {{ toYaml . }} {{- end }} -{{- end }} +{{- end -}} {{/* Selector labels @@ -129,18 +129,18 @@ Selector labels {{- define "netbox.selectorLabels" -}} app.kubernetes.io/name: {{ include "netbox.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} +{{- end -}} {{/* Create the name of the service account to use */}} {{- define "netbox.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.serviceAccount.create -}} {{- default (include "netbox.fullname" .) .Values.serviceAccount.name }} -{{- else }} +{{- else -}} {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Return the path Netbox is hosted on. This looks at httpRelativePath and returns it with a trailing slash. For example: @@ -152,31 +152,38 @@ Return the path Netbox is hosted on. This looks at httpRelativePath and returns {{ ternary .Values.httpRelativePath (printf "%s%s" .Values.httpRelativePath "/") (hasSuffix "/" .Values.httpRelativePath) }} {{- end -}} +{{/* +Return the Netbox secret name +*/}} +{{- define "netbox.secretName" -}} + {{ default (include "netbox.fullname" .) .Values.existingSecretName }} +{{- end -}} + {{/* Name of the Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secret" -}} - {{- if .Values.postgresql.enabled }} - {{- include "postgresql.v1.secretName" .Subcharts.postgresql -}} - {{- else if .Values.externalDatabase.existingSecretName }} +{{- if .Values.postgresql.enabled -}} + {{ include "postgresql.v1.secretName" .Subcharts.postgresql }} +{{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretName }} - {{- else }} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.postgresql.fullname" .) }} - {{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Name of the key in Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secretKey" -}} - {{- if .Values.postgresql.enabled -}} +{{- if .Values.postgresql.enabled -}} {{- include "postgresql.v1.userPasswordKey" .Subcharts.postgresql -}} - {{- else if .Values.externalDatabase.existingSecretName -}} +{{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretKey -}} - {{- else -}} - db_password - {{- end -}} -{{- end }} +{{- else -}} + {{- print "db_password" -}} +{{- end -}} +{{- end -}} {{/* Return the Redis secret name @@ -205,7 +212,7 @@ Return the Redis secret name Return the task Redis hostname */}} {{- define "netbox.tasksRedis.host" -}} -{{- if eq .Values.redis.architecture "replication" }} +{{- if eq .Values.redis.architecture "replication" -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.tasksRedis.host $) .Values.redis.enabled -}}-master {{- else -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.tasksRedis.host $) .Values.redis.enabled -}}-master @@ -216,7 +223,7 @@ Return the task Redis hostname Return the task Redis port */}} {{- define "netbox.tasksRedis.port" -}} - {{- ternary 6379 .Values.tasksRedis.port .Values.redis.enabled | int -}} + {{- ternary 6379 .Values.tasksRedis.port .Values.redis.enabled | int -}} {{- end -}} {{/* @@ -242,27 +249,27 @@ Add environment variables to configure tasks Redis values Name of the Secret that contains the Redis tasks password */}} {{- define "netbox.tasksRedis.secret" -}} - {{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- include "redis.secretName" .Subcharts.redis -}} - {{- else if .Values.tasksRedis.existingSecretName }} +{{- else if .Values.tasksRedis.existingSecretName -}} {{- .Values.tasksRedis.existingSecretName }} - {{- else }} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} - {{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Name of the key in Secret that contains the Redis tasks password */}} {{- define "netbox.tasksRedis.secretKey" -}} - {{- if .Values.redis.enabled -}} +{{- if .Values.redis.enabled -}} {{- include "redis.secretPasswordKey" .Subcharts.redis -}} - {{- else if .Values.tasksRedis.existingSecretName -}} +{{- else if .Values.tasksRedis.existingSecretName -}} {{ .Values.tasksRedis.existingSecretKey }} - {{- else -}} - redis_tasks_password - {{- end -}} -{{- end }} +{{- else -}} + {{- print "redis_tasks_password" -}} +{{- end -}} +{{- end -}} {{/* Return the Redis secret name @@ -291,7 +298,7 @@ Return the Redis secret name Return the cache Redis hostname */}} {{- define "netbox.cachingRedis.host" -}} -{{- if eq .Values.redis.architecture "replication" }} +{{- if eq .Values.redis.architecture "replication" -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.cachingRedis.host $) .Values.redis.enabled -}}-master {{- else -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.cachingRedis.host $) .Values.redis.enabled -}}-master @@ -328,27 +335,27 @@ Add environment variables to configure tasks Redis values Name of the Secret that contains the Redis cache password */}} {{- define "netbox.cachingRedis.secret" -}} - {{- if .Values.redis.enabled }} - {{- include "redis.secretName" .Subcharts.redis -}} - {{- else if .Values.cachingRedis.existingSecretName }} +{{- if .Values.redis.enabled -}} + {{ include "redis.secretName" .Subcharts.redis }} +{{- else if .Values.cachingRedis.existingSecretName -}} {{- .Values.cachingRedis.existingSecretName }} - {{- else }} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} - {{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Name of the key in Secret that contains the Redis cache password */}} {{- define "netbox.cachingRedis.secretKey" -}} - {{- if .Values.redis.enabled -}} +{{- if .Values.redis.enabled -}} {{- include "redis.secretPasswordKey" .Subcharts.redis -}} - {{- else if .Values.cachingRedis.existingSecretName -}} +{{- else if .Values.cachingRedis.existingSecretName -}} {{ .Values.cachingRedis.existingSecretKey }} - {{- else -}} +{{- else -}} redis_cache_password - {{- end -}} -{{- end }} +{{- end -}} +{{- end -}} {{/* Volumes that need to be mounted for .Values.extraConfig entries @@ -356,21 +363,21 @@ Volumes that need to be mounted for .Values.extraConfig entries {{- define "netbox.extraConfig.volumes" -}} {{- range $index, $config := .Values.extraConfig -}} - name: extra-config-{{ $index }} - {{- if $config.values }} + {{- if $config.values -}} configMap: name: {{ include "netbox.fullname" $ }} items: - key: extra-{{ $index }}.yaml path: extra-{{ $index }}.yaml - {{- else if $config.configMap }} + {{- else if $config.configMap -}} configMap: {{- toYaml $config.configMap | nindent 4 }} - {{- else if $config.secret }} + {{- else if $config.secret -}} secret: {{- toYaml $config.secret | nindent 4 }} - {{- end }} + {{- end -}} {{ end -}} -{{- end }} +{{- end -}} {{/* Volume mounts for .Values.extraConfig entries @@ -381,13 +388,13 @@ Volume mounts for .Values.extraConfig entries mountPath: /run/config/extra/{{ $index }} readOnly: true {{ end -}} -{{- end }} +{{- end -}} {{/* Return the Database hostname */}} {{- define "netbox.databaseHost" -}} -{{- if eq .Values.postgresql.architecture "replication" }} +{{- if eq .Values.postgresql.architecture "replication" -}} {{- ternary (include "netbox.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}}-primary {{- else -}} {{- ternary (include "netbox.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}} @@ -405,8 +412,8 @@ Return the Database port Return the Database database name */}} {{- define "netbox.databaseName" -}} -{{- if .Values.postgresql.enabled }} - {{- if .Values.global.postgresql }} +{{- if .Values.postgresql.enabled -}} + {{- if .Values.global.postgresql -}} {{- if .Values.global.postgresql.auth }} {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database | quote -}} {{- else -}} @@ -445,6 +452,8 @@ Return the Database encrypted password {{- define "netbox.databaseSecretName" -}} {{- if .Values.postgresql.enabled -}} {{- default (include "netbox.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} +{{- else if .Values.existingSecretName -}} + {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- default (printf "%s-externaldb" .Release.Name) (tpl .Values.externalDatabase.existingSecretName $) -}} {{- end -}} @@ -502,14 +511,16 @@ Add environment variables to configure database values Return the Redis secret name */}} {{- define "netbox.redis.secretName" -}} -{{- if .Values.redis.enabled }} - {{- if .Values.redis.auth.existingSecret }} +{{- if .Values.redis.enabled -}} + {{- if .Values.redis.auth.existingSecret -}} {{- printf "%s" .Values.redis.auth.existingSecret -}} {{- else -}} {{- printf "%s" (include "netbox.redis.fullname" .) }} {{- end -}} -{{- else if .Values.externalRedis.existingSecretName }} +{{- else if .Values.externalRedis.existingSecretName -}} {{- printf "%s" .Values.externalRedis.existingSecretName -}} +{{- else if .Values.existingSecretName -}} + {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- printf "%s" (include "netbox.redis.fullname" .) -}} {{- end -}} @@ -538,7 +549,7 @@ Return the Redis secret key Return whether Redis uses password authentication or not */}} {{- define "netbox.redis.auth.enabled" -}} -{{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (and (not .Values.redis.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecretName)) }} +{{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (and (not .Values.redis.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecretName)) -}} {{- true -}} {{- end -}} {{- end -}} @@ -547,7 +558,7 @@ Return whether Redis uses password authentication or not Return the Redis hostname */}} {{- define "netbox.redisHost" -}} -{{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- printf "%s-master" (include "netbox.redis.fullname" .) -}} {{- else if .Values.externalRedis.host -}} {{- .Values.externalRedis.host -}} @@ -560,7 +571,7 @@ Return the Redis hostname Return the Redis port */}} {{- define "netbox.redisPort" -}} -{{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- .Values.redis.master.service.ports.redis -}} {{- else if .Values.externalRedis.port -}} {{- .Values.externalRedis.port -}} @@ -569,97 +580,96 @@ Return the Redis port {{- end -}} {{- end -}} - {{/* -Return the secret containing the Netbox superuser password +Return the secret name containing the Netbox superuser password */}} -{{- define "netbox.secretName" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} +{{- define "netbox.superuser.secretName" -}} +{{- if .Values.superuser.existingSecretName -}} + {{- printf "%s" .Values.superuser.existingSecretName -}} {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} {{- end -}} {{- end -}} {{/* Return the secret key that contains the Netbox superuser password */}} -{{- define "netbox.secretKey" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if and $secretName .Values.superuser.existingSecretPasswordKey -}} - {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} +{{- define "netbox.superuser.secretPasswordKey" -}} +{{- if .Values.superuser.existingSecretName -}} + {{- if .Values.superuser.existingSecretPasswordKey -}} + {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} + {{- else -}} + {{- printf "%s" "superuser-password" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} + {{- printf "%s" "superuser-password" -}} {{- else -}} - {{- print "superuser_password" -}} + {{- printf "%s" "superuser_password" -}} {{- end -}} {{- end -}} {{/* -Return the secret name containing the Netbox superuser password +Return the secret key that contains the Netbox superuser API token */}} -{{- define "netbox.superuser.secretName" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} +{{- define "netbox.superuser.secretApiTokenKey" -}} +{{- if .Values.superuser.existingSecretName -}} + {{- if .Values.superuser.existingSecretApiTokenKey -}} + {{- printf "%s" .Values.superuser.existingSecretApiTokenKey -}} + {{- else -}} + {{- printf "%s" "superuser-api-token" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} + {{- printf "%s" "superuser-api-token" -}} {{- else -}} - {{- printf "%s-su" (include "netbox.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- printf "%s" "superuser_api_token" -}} {{- end -}} {{- end -}} {{/* -Return the secret key that contains the Netbox superuser password +Return the secret name containing email server */}} -{{- define "netbox.superuser.secretPasswordKey" -}} -{{- if .Values.existingSecretName -}} - {{- printf "%s" "superuser-password" -}} +{{- define "netbox.email.secretName" -}} +{{- if .Values.email.existingSecretName -}} + {{- printf "%s" .Values.email.existingSecretName -}} {{- else -}} - {{- if .Values.superuser.existingSecretName -}} - {{- if .Values.superuser.existingSecretPasswordKey -}} - {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} - {{- else -}} - {{- printf "%s" "superuser-password" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "superuser_password" -}} - {{- end -}} + {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} {{- end -}} {{- end -}} {{/* -Return the secret key that contains the Netbox superuser API token +Return the secret key that contains the Netbox email password */}} -{{- define "netbox.superuser.secretApiTokenKey" -}} -{{- if .Values.existingSecretName -}} - {{- printf "%s" "superuser-api-token" -}} +{{- define "netbox.email.secretPasswordKey" -}} +{{- if .Values.email.existingSecretName -}} + {{- if .Values.email.existingSecretPasswordKey -}} + {{- printf "%s" .Values.email.existingSecretPasswordKey -}} + {{- else -}} + {{- printf "%s" "email-password" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} + {{- printf "%s" "email-password" -}} {{- else -}} - {{- if .Values.superuser.existingSecretName -}} - {{- if .Values.superuser.existingSecretApiTokenKey -}} - {{- printf "%s" .Values.superuser.existingSecretApiTokenKey -}} - {{- else -}} - {{- printf "%s" "superuser-api-token" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "superuser_api_token" -}} - {{- end -}} + {{- printf "%s" "email_password" -}} {{- end -}} {{- end -}} {{/* -Return the secret key that contains the Netbox email password +Return the secret name containing remote auth */}} -{{- define "netbox.email.secretPasswordKey" -}} -{{- if .Values.existingSecretName -}} - {{- printf "%s" "email-password" -}} +{{- define "netbox.remoteAuth.secretName" -}} +{{- if .Values.remoteAuth.existingSecretName -}} + {{- printf "%s" .Values.remoteAuth.existingSecretName -}} {{- else -}} - {{- if .Values.email.existingSecretName -}} - {{- if .Values.email.existingSecretPasswordKey -}} - {{- printf "%s" .Values.email.existingSecretPasswordKey -}} - {{- else -}} - {{- printf "%s" "email-password" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "email_password" -}} - {{- end -}} + {{ include "netbox.secretName" . }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "netbox.tls.isCreateSecret" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} + {{- true -}} {{- end -}} {{- end -}} diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 159a467f..7d0b79ce 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -28,20 +28,28 @@ spec: metadata: {{- if .Values.podAnnotations }} annotations: - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.podAnnotations "context" $) | nindent 12 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 12 }} app.kubernetes.io/component: housekeeping app.kubernetes.io/part-of: netbox spec: + automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }} {{- include "netbox.imagePullSecrets" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 10 }} + {{- end }} + restartPolicy: {{ .Values.housekeeping.restartPolicy }} + {{- if .Values.housekeeping.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} serviceAccountName: {{ include "netbox.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }} - securityContext: - {{- toYaml .Values.housekeeping.podSecurityContext | nindent 12 }} - {{- with .Values.housekeeping.extraInitContainers }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 10 }} + {{- end }} + {{- if .Values.initContainers }} initContainers: - {{- toYaml . | nindent 10 }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 10 }} {{- end }} containers: - name: housekeeping @@ -53,22 +61,21 @@ spec: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping - {{- include "netbox.imagePullSecrets" . | nindent 12 }} - {{- with .Values.housekeeping.extraEnvs }} + {{- if .Values.housekeeping.extraEnvVars }} env: - {{- toYaml . | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvVars "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: config mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true @@ -79,27 +86,26 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.path | quote }} subPath: {{ .Values.persistence.subPath | default "" | quote }} {{- if .Values.reportsPersistence.enabled }} - name: reports - mountPath: /opt/netbox/netbox/reports + mountPath: {{ .Values.reportsPersistence.path }} subPath: {{ .Values.reportsPersistence.subPath | default "" | quote }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts - mountPath: /opt/netbox/netbox/scripts + mountPath: {{ .Values.scriptsPersistence.path }} subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }} {{- end }} {{- with .Values.housekeeping.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.housekeeping.resources }} - resources: - {{- toYaml .Values.housekeeping.resources | nindent 14 }} + resources: {{- toYaml .Values.housekeeping.resources | nindent 14 }} {{- end }} - {{- with .Values.housekeeping.extraContainers }} - {{- toYaml . | nindent 10 }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 10 }} {{- end }} volumes: - name: config @@ -109,17 +115,22 @@ spec: projected: sources: - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} + name: {{ include "netbox.secretName" . | quote }} items: # Used by our configuration - key: {{ include "netbox.email.secretPasswordKey" . | quote }} path: email_password - key: secret_key path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - - key: ldap_bind_password - path: ldap_bind_password - {{- end }} + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + - key: ldap_bind_password + path: ldap_bind_password + {{- end }} + {{- end }} - secret: name: {{ include "netbox.databaseSecretName" . | quote }} items: @@ -156,20 +167,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf "%s-scripts" (include "netbox.fullname" .)) }} {{- end }} - {{- with .Values.housekeeping.extraVolumes }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.housekeeping.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- with .Values.housekeeping.affinity }} affinity: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.housekeeping.tolerations }} - tolerations: - {{- toYaml . | nindent 10 }} - {{- end }} - restartPolicy: {{ .Values.housekeeping.restartPolicy }} {{- end -}} diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 463c3239..99b3aaed 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,12 +158,12 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true @@ -174,7 +174,7 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.path | quote }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath | quote }} {{- end }} @@ -275,22 +275,30 @@ spec: projected: sources: - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} + name: {{ include "netbox.secretName" . | quote }} items: - # Used by netbox-docker entry scripts - - key: {{ include "netbox.superuser.secretPasswordKey" . | quote }} - path: superuser_password - - key: {{ include "netbox.superuser.secretApiTokenKey" . | quote }} - path: superuser_api_token # Used by our configuration - key: {{ include "netbox.email.secretPasswordKey" . | quote }} path: email_password - key: secret_key path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} + {{- end }} + - secret: + name: {{ include "netbox.superuser.secretName" . | quote }} + items: + # Used by netbox-docker entry scripts + - key: {{ include "netbox.superuser.secretPasswordKey" . | quote }} + path: superuser_password + - key: {{ include "netbox.superuser.secretApiTokenKey" . | quote }} + path: superuser_api_token - secret: name: {{ include "netbox.databaseSecretName" . | quote }} items: diff --git a/charts/netbox/templates/hpa.yaml b/charts/netbox/templates/hpa.yaml deleted file mode 100644 index dde6ad85..00000000 --- a/charts/netbox/templates/hpa.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "netbox.fullname" . }} - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} - app.kubernetes.io/component: netbox -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "netbox.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/netbox/templates/PrometheusRule.yaml b/charts/netbox/templates/metrics/PrometheusRule.yaml similarity index 100% rename from charts/netbox/templates/PrometheusRule.yaml rename to charts/netbox/templates/metrics/PrometheusRule.yaml diff --git a/charts/netbox/templates/metrics/Service.yaml b/charts/netbox/templates/metrics/Service.yaml new file mode 100644 index 00000000..2d66a6d3 --- /dev/null +++ b/charts/netbox/templates/metrics/Service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "netbox.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: http-metrics + port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }} + protocol: TCP + targetPort: http + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: server +{{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/metrics/ServiceMonitor.yaml b/charts/netbox/templates/metrics/ServiceMonitor.yaml new file mode 100644 index 00000000..d3275dfb --- /dev/null +++ b/charts/netbox/templates/metrics/ServiceMonitor.yaml @@ -0,0 +1,55 @@ +{{- if and (or .Values.metrics.enabled .Values.worker.metrics.enabled) .Values.metrics.serviceMonitor.enabled }} +{{- if not (eq (include "common.capabilities.coreosMonitoring.apiVersion" .) "false") }} +apiVersion: {{ include "common.capabilities.coreosMonitoring.apiVersion" . }} +kind: ServiceMonitor +metadata: + name: {{ template "netbox.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: server + app.kubernetes.io/part-of: netbox + {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} + {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + {{- $defaultEndpoint := pick .Values.metrics.serviceMonitor "port" "interval" "scrapeTimeout" "relabelings" "metricRelabelings" "honorLabels" }} + {{- $endpoints := ternary (.Values.metrics.serviceMonitor.endpoints) (list (dict "path" .Values.metrics.serviceMonitor.path)) (empty .Values.metrics.serviceMonitor.path) }} + {{- range $endpoints }} + {{- $endpoint := merge . $defaultEndpoint }} + - port: {{ $endpoint.port | quote }} + path: {{ include "common.tplvalues.render" ( dict "value" $endpoint.path "context" $) }} + {{- if $endpoint.interval }} + interval: {{ $endpoint.interval }} + {{- end }} + {{- if $endpoint.scrapeTimeout }} + scrapeTimeout: {{ $endpoint.scrapeTimeout }} + {{- end }} + {{- if $endpoint.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if $endpoint.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if $endpoint.honorLabels }} + honorLabels: {{ $endpoint.honorLabels }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: netbox +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/servicemonitor.yaml b/charts/netbox/templates/servicemonitor.yaml deleted file mode 100644 index f25f93e3..00000000 --- a/charts/netbox/templates/servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and (or .Values.metrics.enabled .Values.metricsEnabled) (or .Values.metrics.serviceMonitor.enabled .Values.serviceMonitor.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "netbox.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "netbox.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Release.Name }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "netbox.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: /metrics - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} -{{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index b635cbca..4bdaf1b9 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -94,12 +94,12 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true @@ -110,7 +110,7 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.path | quote }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath | quote }} {{- end }} @@ -191,33 +191,38 @@ spec: - name: secrets projected: sources: - - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} - items: - # Used by our configuration - - key: {{ include "netbox.email.secretPasswordKey" . | quote }} - path: email_password - - key: secret_key - path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - - key: ldap_bind_password - path: ldap_bind_password - {{- end }} - - secret: - name: {{ include "netbox.databaseSecretName" . | quote }} - items: - - key: {{ include "netbox.databaseSecretPasswordKey" . | quote }} - path: db_password - - secret: - name: {{ include "netbox.tasksRedis.secretName" . | quote }} - items: - - key: {{ include "netbox.tasksRedis.secretPasswordKey" . | quote }} - path: redis_tasks_password - - secret: - name: {{ include "netbox.cachingRedis.secretName" . | quote }} - items: - - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }} - path: redis_cache_password + - secret: + name: {{ include "netbox.secretName" . | quote }} + items: + # Used by our configuration + - key: {{ include "netbox.email.secretPasswordKey" . | quote }} + path: email_password + - key: secret_key + path: secret_key + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} + - key: ldap_bind_password + path: ldap_bind_password + {{- end }} + {{- end }} + - secret: + name: {{ include "netbox.databaseSecretName" . | quote }} + items: + - key: {{ include "netbox.databaseSecretPasswordKey" . | quote }} + path: db_password + - secret: + name: {{ include "netbox.tasksRedis.secretName" . | quote }} + items: + - key: {{ include "netbox.tasksRedis.secretPasswordKey" . | quote }} + path: redis_tasks_password + - secret: + name: {{ include "netbox.cachingRedis.secretName" . | quote }} + items: + - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }} + path: redis_cache_password {{- include "netbox.extraConfig.volumes" . | nindent 8 -}} - name: netbox-tmp emptyDir: diff --git a/charts/netbox/templates/worker/NetworkPolicy.yaml b/charts/netbox/templates/worker/NetworkPolicy.yaml index 11f12602..e89c7916 100644 --- a/charts/netbox/templates/worker/NetworkPolicy.yaml +++ b/charts/netbox/templates/worker/NetworkPolicy.yaml @@ -24,6 +24,13 @@ spec: protocol: UDP - port: 53 protocol: TCP + # Allow to Redis and PostgreSQL + - ports: + - port: {{ include "netbox.redisPort" . }} + protocol: TCP + - ports: + - port: {{ include "netbox.databasePort" . }} + protocol: TCP # Allow outbound connections to other cluster pods - ports: - port: {{ .Values.service.ports.http }} @@ -32,7 +39,7 @@ spec: - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} {{- if .Values.worker.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.worker.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- include "common.tplvalues.render" ( dict "value" .Values.worker.networkPolicy.extraEgress "context" $ ) | nindent 4 }} {{- end }} ingress: - ports: diff --git a/charts/netbox/templates/worker/Service.yaml b/charts/netbox/templates/worker/Service.yaml index 01ac2283..dd447365 100644 --- a/charts/netbox/templates/worker/Service.yaml +++ b/charts/netbox/templates/worker/Service.yaml @@ -35,7 +35,7 @@ spec: {{- end }} ports: {{- if .Values.worker.service.http.enabled }} - - name: http + - name: http-metrics port: {{ coalesce .Values.worker.service.ports.http .Values.worker.service.port }} protocol: TCP targetPort: http diff --git a/charts/netbox/templates/worker/ServiceMonitor.yaml b/charts/netbox/templates/worker/ServiceMonitor.yaml index 4b823b5b..3a23903c 100644 --- a/charts/netbox/templates/worker/ServiceMonitor.yaml +++ b/charts/netbox/templates/worker/ServiceMonitor.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: worker app.kubernetes.io/part-of: netbox endpoints: - - port: http + - port: http-metrics {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index 67caef0f..036f67a0 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -1,6 +1,13 @@ -netbox: - postgresql: +postgresql: + enabled: true + # auth: + # username: netbox_user + # password: "mRY5pxyx1aiDZPKHSCcdjXqSXLSYkA" + +metrics: + enabled: true + serviceMonitor: enabled: true - auth: - username: netbox_user - password: "mRY5pxyx1aiDZPKHSCcdjXqSXLSYkA" \ No newline at end of file + interval: 30s + labels: + release: kube-prometheus-stack \ No newline at end of file diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index e2772f65..963159ad 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -388,17 +388,15 @@ superuser: email: admin@example.com ## @param superuser.password Netbox administrator password for the new superuser ## - password: admin + password: "" ## @param superuser.apiToken Netbox administrator superuser token ## apiToken: "" ## @param superuser.existingSecretName Existing secret containing Netbox superuser password ## existingSecretName: "" - ## @param superuser.passwordSecretKey Key where the Netbox superuser password is being stored inside the existing secret. ## @param superuser.existingSecretPasswordKey Key where the Netbox superuser password is being stored inside the existing secret. ## - passwordSecretKey: "" existingSecretPasswordKey: "" ## @param superuser.annotations Additional custom annotations for Netbox superuser secret object ## @@ -603,9 +601,10 @@ mapsUrl: 'https://maps.google.com/?q=' # all objects by specifying "?limit=0". maxPageSize: 1000 -# By default uploaded media is stored in an attached volume. Using -# Django-storages is also supported. Provide the class path of the storage -# driver in storageBackend and any configuration options in storageConfig. +## @param storageBackend By default uploaded media is stored in an attached volume. Using +## Django-storages is also supported. Provide the class path of the storage +## driver in storageBackend and any configuration options in storageConfig. +## storageBackend: null # storages.backends.s3boto3.S3Boto3Storage storageConfig: {} # AWS_ACCESS_KEY_ID: 'Key ID' @@ -649,14 +648,13 @@ rackElevationDefaultUnitWidth: 220 ## @section Authentication parameters -## -## remoteAuth: ## @param remoteAuth.enabled Enable remote authentication support ## enabled: false backends: - netbox.authentication.RemoteUserBackend + - social_core.backends.keycloak.KeycloakOAuth2 header: HTTP_REMOTE_USER userFirstName: HTTP_REMOTE_USER_FIRST_NAME userLastName: HTTP_REMOTE_USER_LAST_NAME @@ -676,42 +674,46 @@ remoteAuth: ## existingSecretName: "" - # The following options are specific for backend "netbox.authentication.LDAPBackend" - # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" - # see https://django-auth-ldap.readthedocs.io - # - # When enabling LDAP support please see "Using LDAP Authentication" in README.md and - # uncomment ALL of the configuration settings below, or your configuration will be invalid. - # - # ldap: - # serverUri: 'ldap://domain.com' - # startTls: true - # ignoreCertErrors: false - # bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com' - # bindPassword: 'TopSecretPassword' - # userDnTemplate: null - # userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com' - # userSearchAttr: 'sAMAccountName' - # groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com' - # groupSearchClass: 'group' - # groupType: 'GroupOfNamesType' - # requireGroupDn: '' - # findGroupPerms: true - # mirrorGroups: true - # mirrorGroupsExcept: null - # cacheTimeout: 3600 - # isAdminDn: 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com' - # isSuperUserDn: 'CN=Domain Admins,CN=Users,DC=domain,dc=com' - # attrFirstName: 'givenName' - # attrLastName: 'sn' - # attrMail: 'mail' + ## The following options are specific for backend "netbox.authentication.LDAPBackend" + ## you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" + ## see https://django-auth-ldap.readthedocs.io + ## + ## When enabling LDAP support please see "Using LDAP Authentication" in README.md and + ## set enabled to true. + ## + ldap: + ## @param remoteAuth.ldap.enabled Enable LDAP remote auth backend + ## + enabled: false + serverUri: 'ldap://domain.com' + startTls: true + ignoreCertErrors: false + bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com' + bindPassword: 'TopSecretPassword' + userDnTemplate: null + userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com' + userSearchAttr: 'sAMAccountName' + groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com' + groupSearchClass: 'group' + groupType: 'GroupOfNamesType' + requireGroupDn: '' + findGroupPerms: true + mirrorGroups: true + mirrorGroupsExcept: null + cacheTimeout: 3600 + isAdminDn: 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com' + isSuperUserDn: 'CN=Domain Admins,CN=Users,DC=domain,dc=com' + attrFirstName: 'givenName' + attrLastName: 'sn' + attrMail: 'mail' releaseCheck: - # This repository is used to check whether there is a new release of NetBox - # available. Set to null to disable the version check or use the URL below to - # check for release in the official NetBox repository. + ## This repository is used to check whether there is a new release of NetBox + ## available. Set to null to disable the version check or use the URL below to + ## check for release in the official NetBox repository. + ## url: https://api.github.com/repos/netbox-community/netbox/releases + ## url: null - # url: https://api.github.com/repos/netbox-community/netbox/releases # Maximum execution time for background tasks, in seconds. rqDefaultTimeout: 300 # 5 mins @@ -756,7 +758,7 @@ extraConfig: [] ## @param secretKey If provided, this should be a 50+ character string of random characters. It ## will be randomly generated if left blank. -## You can also use an existing secret with "secret_key" instead of "secretKey" +## You can also use an existing secret with "secret-key" instead of "secretKey" ## See `existingSecretName` for details ## secretKey: "" @@ -771,6 +773,8 @@ secretKey: "" ## redis.enabled is false and tasksRedis.existingSecretName is blank) ## - redis-cache-password: Redis password for caching Redis instance (if ## redis.enabled is false and cachingRedis.existingSecretName is blank) +## - redis-password: Redis password for caching and tasks Redis instance (if +## redis.enabled is false, cachingRedis.existingSecretName and tasksRedis.existingSecretName is blank) ## - secret-key: session encryption token (50+ random characters) ## - superuser-password: Password for the initial super-user account ## - superuser-api-token: API token created for the initial super-user account @@ -828,7 +832,7 @@ imagePullSecrets: [] ## Specifies whether a ServiceAccount should be created ## serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Netbox pods ## create: true ## @param serviceAccount.name Name of the created ServiceAccount @@ -885,7 +889,7 @@ persistence: ## @param persistence.path The path the volume will be mounted at on Redis master containers ## NOTE: Useful when using different Redis images ## - path: /opt/netbox/netbox/reports + path: /opt/netbox/netbox/media ## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## subPath: "" @@ -1093,7 +1097,7 @@ service: nodePorts: http: "" https: "" - ## @param service.clusterIP Keycloak service clusterIP IP + ## @param service.clusterIP Netbox service clusterIP IP ## e.g: ## clusterIP: None ## @@ -1127,7 +1131,7 @@ service: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] - ## @param service.annotations Additional custom annotations for Keycloak service + ## @param service.annotations Additional custom annotations for Netbox service ## Example: ## annotations: ## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http @@ -1135,7 +1139,7 @@ service: ## service.beta.kubernetes.io/aws-load-balancer-ssl-ports: http ## annotations: {} - ## @param service.extraPorts Extra port to expose on Keycloak service + ## @param service.extraPorts Extra port to expose on Netbox service ## extraPorts: [] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin @@ -1198,7 +1202,7 @@ ingress: ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: - ## - name: airflow.local + ## - name: netbox.local ## path: / ## extraHosts: [] @@ -1216,8 +1220,8 @@ ingress: ## e.g: ## extraTls: ## - hosts: - ## - airflow.local - ## secretName: airflow.local-tls + ## - netbox.local + ## secretName: netbox.local-tls ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets @@ -1229,7 +1233,7 @@ ingress: ## Please see README.md for more information ## e.g: ## secrets: - ## - name: airflow.local-tls + ## - name: netbox.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... @@ -1334,17 +1338,43 @@ housekeeping: ## Set to true if you would like to see extra information on logs ## debug: false - - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 5 - restartPolicy: OnFailure - schedule: '0 0 * * *' - successfulJobsHistoryLimit: 5 - suspend: false - - podAnnotations: {} - + ## @param housekeeping.command Override default container command (useful when using custom images) + ## + command: [] + ## @param housekeeping.args Override default container args (useful when using custom images) + ## + args: [] + ## @param housekeeping.extraEnvVars Array with extra environment variables to add to Netbox worker nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param housekeeping.podLabels Extra labels for Netbox housekeeping pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## podLabels: {} + ## @param housekeeping.podAnnotations Annotations for Netbox housekeeping pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## Netbox housekeeping resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param housekeeping.resources.limits The resources limits for the Netbox housekeeping containers + ## @param housekeeping.resources.requests The requested resources for the Netbox housekeeping containers + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + resources: {} ## Configure Netbox housekeeping Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param housekeeping.podSecurityContext.enabled Enabled Netbox housekeeping pods' Security Context @@ -1354,6 +1384,7 @@ housekeeping: ## @param housekeeping.podSecurityContext.fsGroup Set Netbox housekeeping pod's Security Context fsGroup ## podSecurityContext: + enabled: true fsGroup: 1000 runAsNonRoot: true # runAsUser: 1000 @@ -1382,61 +1413,65 @@ housekeeping: drop: - ALL - # Set this to true to automatically mount the service account token in the housekeeping container + ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod + ## automountServiceAccountToken: false - ## Netbox housekeeping resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param housekeeping.resources.limits The resources limits for the Netbox housekeeping containers - ## @param housekeeping.resources.requests The requested resources for the Netbox housekeeping containers - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## requests: - ## cpu: 100m - ## memory: 128Mi + ## @param housekeeping.affinity Affinity for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `housekeeping.podAffinityPreset`, `housekeeping.podAntiAffinityPreset`, and `housekeeping.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param housekeeping.nodeSelector Node labels for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## - resources: {} - nodeSelector: {} - + ## @param housekeeping.tolerations Tolerations for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] - - affinity: {} - - ## Additional environment variables to set - extraEnvs: [] - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - ## Additional volumes to mount - extraVolumeMounts: [] - # - name: extra-volume - # mountPath: /run/secrets/super-secret - # readOnly: true - + ## @param housekeeping.extraVolumes Optionally specify extra list of additional volumes for the Netbox housekeeping pod(s) + ## extraVolumes: + ## - name: extra-volume + ## secret: + ## secretName: super-secret + ## extraVolumes: [] - # - name: extra-volume - # secret: - # secretName: super-secret - - ## Additional containers to be added to the NetBox pod. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest + ## @param housekeeping.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Netbox housekeeping container(s) + ## extraVolumeMounts: + ## - name: extra-volume + ## mountPath: /run/secrets/super-secret + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param housekeeping.sidecars Add additional sidecar containers to the Netbox housekeeping pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param housekeeping.initContainers Add additional init containers to the Netbox housekeeping pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] - ## Containers which are run before the NetBox containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + restartPolicy: OnFailure + schedule: '0 0 * * *' + successfulJobsHistoryLimit: 5 + suspend: false ## @section Netbox worker parameters @@ -1831,17 +1866,6 @@ worker: ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Additional containers to be added to the NetBox pod. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - - ## Containers which are run before the NetBox containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - ## Netbox worker Service configuration ## service: @@ -1852,6 +1876,13 @@ worker: ## type: ClusterIP + ## Netbox worker Prometheus Exporter / Metrics + ## + metrics: + ## @param worker.metrics.enabled Enable metrics + ## + enabled: false + ## HTTPS settings ## tls: @@ -1896,12 +1927,37 @@ metrics: ## @param metrics.enabled Enable metrics ## enabled: false + ## Netbox metrics service parameters + ## + service: + ## @param metrics.service.ports.http Metrics service HTTP port + ## + ports: + http: 8080 + ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.http }}" + ## @param metrics.service.extraPorts [array] Add additional ports to the netbox metrics service (i.e. admin port 9000) + ## + extraPorts: [] ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator ## enabled: false + ## @param metrics.serviceMonitor.port Metrics service HTTP port + ## + port: http-metrics + ## @param metrics.serviceMonitor.endpoints [array] The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. + ## + endpoints: + - path: /metrics + ## @param metrics.serviceMonitor.path Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead + ## + path: "" ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) ## namespace: "" @@ -2055,9 +2111,9 @@ postgresql: ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host ## @param externalDatabase.port Database port number -## @param externalDatabase.user Non-root username for Keycloak -## @param externalDatabase.password Password for the non-root username for Keycloak -## @param externalDatabase.database Keycloak database name +## @param externalDatabase.user Non-root username for Netbox +## @param externalDatabase.password Password for the non-root username for Netbox +## @param externalDatabase.database Netbox database name ## @param externalDatabase.existingSecretName Name of an existing secret resource containing the database credentials ## @param externalDatabase.existingSecretHostKey Name of an existing secret key containing the database host name ## @param externalDatabase.existingSecretPortKey Name of an existing secret key containing the database port