From c645409c5b9b18521a4c06cda31e1609ed8cb300 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:53:05 +0700 Subject: [PATCH 01/36] Fix netpol to allow redis and database --- charts/netbox/templates/worker/NetworkPolicy.yaml | 9 ++++++++- charts/netbox/values-test.yaml | 12 ++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/charts/netbox/templates/worker/NetworkPolicy.yaml b/charts/netbox/templates/worker/NetworkPolicy.yaml index 11f12602..e89c7916 100644 --- a/charts/netbox/templates/worker/NetworkPolicy.yaml +++ b/charts/netbox/templates/worker/NetworkPolicy.yaml @@ -24,6 +24,13 @@ spec: protocol: UDP - port: 53 protocol: TCP + # Allow to Redis and PostgreSQL + - ports: + - port: {{ include "netbox.redisPort" . }} + protocol: TCP + - ports: + - port: {{ include "netbox.databasePort" . }} + protocol: TCP # Allow outbound connections to other cluster pods - ports: - port: {{ .Values.service.ports.http }} @@ -32,7 +39,7 @@ spec: - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} {{- if .Values.worker.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.worker.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- include "common.tplvalues.render" ( dict "value" .Values.worker.networkPolicy.extraEgress "context" $ ) | nindent 4 }} {{- end }} ingress: - ports: diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index 67caef0f..523e1882 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -1,6 +1,6 @@ -netbox: - postgresql: - enabled: true - auth: - username: netbox_user - password: "mRY5pxyx1aiDZPKHSCcdjXqSXLSYkA" \ No newline at end of file +postgresql: + enabled: true + # auth: + # username: netbox_user + # password: "mRY5pxyx1aiDZPKHSCcdjXqSXLSYkA" + From 24238c4483cca40f4c97b592e3408ab1893c0160 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 10:54:59 +0700 Subject: [PATCH 02/36] Fix serviceMonitor --- charts/netbox/README.md | 9 ++- .../PersistentVolumeClaim/media.yaml | 21 +++---- .../PersistentVolumeClaim/reports.yaml | 23 +++----- .../PersistentVolumeClaim/scripts.yaml | 23 +++----- .../{ => metrics}/PrometheusRule.yaml | 0 .../templates/metrics/ServiceMonitor.yaml | 55 +++++++++++++++++++ charts/netbox/templates/servicemonitor.yaml | 29 ---------- charts/netbox/values-test.yaml | 4 ++ charts/netbox/values.yaml | 17 ++++++ 9 files changed, 106 insertions(+), 75 deletions(-) rename charts/netbox/templates/{ => metrics}/PrometheusRule.yaml (100%) create mode 100644 charts/netbox/templates/metrics/ServiceMonitor.yaml delete mode 100644 charts/netbox/templates/servicemonitor.yaml diff --git a/charts/netbox/README.md b/charts/netbox/README.md index dcd51e04..30e42055 100644 --- a/charts/netbox/README.md +++ b/charts/netbox/README.md @@ -95,17 +95,16 @@ The command removes all the Kubernetes components associated with the chart and ## Breaking Changes * The `extraEnvs` setting has been renamed to `extraEnvVars`. * The `extraContainers` setting has been renamed to `sidecars`. - * The `extraContainers` setting has been renamed to `sidecars`. * The `extraInitContainers` setting has been renamed to `initContainers`. * The `securityContext` setting has been renamed to `podSecurityContext` and `containerSecurityContext`. - * The `ingress.className` setting has been renamed to `ingress.ingressClassName`. * The `housekeeping.securityContext` setting has been renamed to `housekeeping.containerSecurityContext` + * The `init` setting has been renamed to `initDirs`. + * The `ingress.className` setting has been renamed to `ingress.ingressClassName`. + * The `metricsEnabled` setting has been renamed to `metrics.enabled`. + * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. * The `worker.autoscaling.targetCPUUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetCPU`. * The `worker.autoscaling.targetMemoryUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetMemory`. * The `worker.extraEnvs` setting has been renamed to `worker.extraEnvVars`. - * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. - * The `metricsEnabled` setting has been renamed to `metrics.enabled`. - * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. ## Upgrading diff --git a/charts/netbox/templates/PersistentVolumeClaim/media.yaml b/charts/netbox/templates/PersistentVolumeClaim/media.yaml index 81cb3591..923eac6b 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/media.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/media.yaml @@ -3,25 +3,20 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-media - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.accessMode | quote }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.persistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.reportsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.persistence.selector }} selector: {{- toYaml . | nindent 4 }} diff --git a/charts/netbox/templates/PersistentVolumeClaim/reports.yaml b/charts/netbox/templates/PersistentVolumeClaim/reports.yaml index 64c24dba..91865d18 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/reports.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/reports.yaml @@ -3,27 +3,22 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-reports - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.reportsPersistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.reportsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.reportsPersistence.accessMode | quote }} + {{- range .Values.reportsPersistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.reportsPersistence.size | quote }} - {{- if .Values.reportsPersistence.storageClass }} - {{- if (eq "-" .Values.reportsPersistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.reportsPersistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.reportsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.reportsPersistence.selector }} selector: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml b/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml index 518b81ea..fb1bb86b 100644 --- a/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml +++ b/charts/netbox/templates/PersistentVolumeClaim/scripts.yaml @@ -3,27 +3,22 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "netbox.fullname" . }}-scripts - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.scriptsPersistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.scriptsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.scriptsPersistence.accessMode | quote }} + {{- range .Values.scriptsPersistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.scriptsPersistence.size | quote }} - {{- if .Values.scriptsPersistence.storageClass }} - {{- if (eq "-" .Values.scriptsPersistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.scriptsPersistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.scriptsPersistence "global" .Values.global) | nindent 2 }} {{- with .Values.scriptsPersistence.selector }} selector: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/PrometheusRule.yaml b/charts/netbox/templates/metrics/PrometheusRule.yaml similarity index 100% rename from charts/netbox/templates/PrometheusRule.yaml rename to charts/netbox/templates/metrics/PrometheusRule.yaml diff --git a/charts/netbox/templates/metrics/ServiceMonitor.yaml b/charts/netbox/templates/metrics/ServiceMonitor.yaml new file mode 100644 index 00000000..d3275dfb --- /dev/null +++ b/charts/netbox/templates/metrics/ServiceMonitor.yaml @@ -0,0 +1,55 @@ +{{- if and (or .Values.metrics.enabled .Values.worker.metrics.enabled) .Values.metrics.serviceMonitor.enabled }} +{{- if not (eq (include "common.capabilities.coreosMonitoring.apiVersion" .) "false") }} +apiVersion: {{ include "common.capabilities.coreosMonitoring.apiVersion" . }} +kind: ServiceMonitor +metadata: + name: {{ template "netbox.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: server + app.kubernetes.io/part-of: netbox + {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} + {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + {{- $defaultEndpoint := pick .Values.metrics.serviceMonitor "port" "interval" "scrapeTimeout" "relabelings" "metricRelabelings" "honorLabels" }} + {{- $endpoints := ternary (.Values.metrics.serviceMonitor.endpoints) (list (dict "path" .Values.metrics.serviceMonitor.path)) (empty .Values.metrics.serviceMonitor.path) }} + {{- range $endpoints }} + {{- $endpoint := merge . $defaultEndpoint }} + - port: {{ $endpoint.port | quote }} + path: {{ include "common.tplvalues.render" ( dict "value" $endpoint.path "context" $) }} + {{- if $endpoint.interval }} + interval: {{ $endpoint.interval }} + {{- end }} + {{- if $endpoint.scrapeTimeout }} + scrapeTimeout: {{ $endpoint.scrapeTimeout }} + {{- end }} + {{- if $endpoint.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if $endpoint.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" $endpoint.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if $endpoint.honorLabels }} + honorLabels: {{ $endpoint.honorLabels }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: netbox +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/servicemonitor.yaml b/charts/netbox/templates/servicemonitor.yaml deleted file mode 100644 index f25f93e3..00000000 --- a/charts/netbox/templates/servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and (or .Values.metrics.enabled .Values.metricsEnabled) (or .Values.metrics.serviceMonitor.enabled .Values.serviceMonitor.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "netbox.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "netbox.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Release.Name }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "netbox.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: /metrics - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} -{{- end }} diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index 523e1882..b6b6456c 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -4,3 +4,7 @@ postgresql: # username: netbox_user # password: "mRY5pxyx1aiDZPKHSCcdjXqSXLSYkA" +metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index e2772f65..a8cf6133 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -1852,6 +1852,13 @@ worker: ## type: ClusterIP + ## Netbox worker Prometheus Exporter / Metrics + ## + metrics: + ## @param worker.metrics.enabled Enable metrics + ## + enabled: false + ## HTTPS settings ## tls: @@ -1902,6 +1909,16 @@ metrics: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator ## enabled: false + ## @param metrics.serviceMonitor.port Metrics service HTTP port + ## + port: http + ## @param metrics.serviceMonitor.endpoints [array] The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. + ## + endpoints: + - path: /metrics + ## @param metrics.serviceMonitor.path Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead + ## + path: "" ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) ## namespace: "" From 121dd69a6c0df95382fc359d7aed02fc11d8a017 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 11:38:42 +0700 Subject: [PATCH 03/36] Fix Secret --- charts/netbox/templates/Secret/netbox.yaml | 14 ++-- charts/netbox/templates/_helpers.tpl | 76 ++++++++++++---------- charts/netbox/values.yaml | 2 + 3 files changed, 50 insertions(+), 42 deletions(-) diff --git a/charts/netbox/templates/Secret/netbox.yaml b/charts/netbox/templates/Secret/netbox.yaml index 3e99cec1..fe235a54 100644 --- a/charts/netbox/templates/Secret/netbox.yaml +++ b/charts/netbox/templates/Secret/netbox.yaml @@ -5,16 +5,16 @@ metadata: name: {{ printf "%s" (include "netbox.fullname" .) }} labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} type: Opaque data: - {{ if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecretName) -}} - db_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.postgresql.fullname" .)) "key" "password" "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }} - {{ end -}} + # {{ if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecretName) -}} + db_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.databaseSecretName" .)) "key" (printf "%s" (include "netbox.databaseSecretPasswordKey" .)) "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }} + # {{ end -}} {{ if (not .Values.email.existingSecretName) -}} # email_password: {{ .Values.email.password | b64enc | quote }} - email_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "email_password" "length" 12 "providedValues" (list "email.password") "context" $) }} + email_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.email.secretName" .)) "key" (printf "%s" (include "netbox.email.secretPasswordKey" .)) "length" 12 "providedValues" (list "email.password") "context" $) }} {{ end -}} {{ if and (not .Values.redis.enabled) (not .Values.tasksRedis.existingSecretName) -}} redis_tasks_password: {{ .Values.tasksRedis.password | b64enc | quote }} @@ -26,8 +26,8 @@ data: {{- if not .Values.superuser.existingSecretName }} # superuser_password: {{ .Values.superuser.password | default (randAlphaNum 16) | b64enc }} # superuser_api_token: {{ .Values.superuser.apiToken | default uuidv4 | b64enc }} - superuser_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "superuser_password" "length" 16 "providedValues" (list "superuser.password") "context" $) }} - superuser_api_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.fullname" .)) "key" "superuser_api_token" "length" 32 "providedValues" (list "superuser.apiToken") "context" $) }} + superuser_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.superuser.secretName" .)) "key" (printf "%s" (include "netbox.superuser.secretPasswordKey" .)) "length" 16 "providedValues" (list "superuser.password") "context" $) }} + superuser_api_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.superuser.secretName" .)) "key" (printf "%s" (include "netbox.superuser.secretApiTokenKey" .)) "length" 32 "providedValues" (list "superuser.apiToken") "context" $) }} {{- end }} {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} ldap_bind_password: {{ .Values.remoteAuth.ldap.bindPassword | b64enc | quote }} diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 60623291..a0410454 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -445,6 +445,8 @@ Return the Database encrypted password {{- define "netbox.databaseSecretName" -}} {{- if .Values.postgresql.enabled -}} {{- default (include "netbox.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} +{{- else if .Values.existingSecretName }} + {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- default (printf "%s-externaldb" .Release.Name) (tpl .Values.externalDatabase.existingSecretName $) -}} {{- end -}} @@ -510,6 +512,8 @@ Return the Redis secret name {{- end -}} {{- else if .Values.externalRedis.existingSecretName }} {{- printf "%s" .Values.externalRedis.existingSecretName -}} +{{- else if .Values.existingSecretName }} + {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- printf "%s" (include "netbox.redis.fullname" .) -}} {{- end -}} @@ -598,30 +602,26 @@ Return the secret key that contains the Netbox superuser password Return the secret name containing the Netbox superuser password */}} {{- define "netbox.superuser.secretName" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} +{{- if .Values.superuser.existingSecretName -}} + {{- printf "%s" .Values.superuser.existingSecretName -}} {{- else -}} - {{- printf "%s-su" (include "netbox.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} + {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} {{- end -}} {{/* Return the secret key that contains the Netbox superuser password */}} {{- define "netbox.superuser.secretPasswordKey" -}} -{{- if .Values.existingSecretName -}} +{{- if .Values.superuser.existingSecretName -}} + {{- if .Values.superuser.existingSecretPasswordKey -}} + {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} + {{- else -}} + {{- printf "%s" "superuser-password" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} {{- printf "%s" "superuser-password" -}} {{- else -}} - {{- if .Values.superuser.existingSecretName -}} - {{- if .Values.superuser.existingSecretPasswordKey -}} - {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} - {{- else -}} - {{- printf "%s" "superuser-password" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "superuser_password" -}} - {{- end -}} + {{- printf "%s" "superuser_password" -}} {{- end -}} {{- end -}} @@ -629,37 +629,43 @@ Return the secret key that contains the Netbox superuser password Return the secret key that contains the Netbox superuser API token */}} {{- define "netbox.superuser.secretApiTokenKey" -}} -{{- if .Values.existingSecretName -}} +{{- if .Values.superuser.existingSecretName -}} + {{- if .Values.superuser.existingSecretApiTokenKey -}} + {{- printf "%s" .Values.superuser.existingSecretApiTokenKey -}} + {{- else -}} + {{- printf "%s" "superuser-api-token" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} {{- printf "%s" "superuser-api-token" -}} {{- else -}} - {{- if .Values.superuser.existingSecretName -}} - {{- if .Values.superuser.existingSecretApiTokenKey -}} - {{- printf "%s" .Values.superuser.existingSecretApiTokenKey -}} - {{- else -}} - {{- printf "%s" "superuser-api-token" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "superuser_api_token" -}} - {{- end -}} + {{- printf "%s" "superuser_api_token" -}} {{- end -}} {{- end -}} +{{/* +Return the secret name containing email server +*/}} +{{- define "netbox.email.secretName" -}} +{{- if .Values.email.existingSecretName -}} + {{- printf "%s" .Values.email.existingSecretName -}} +{{- else -}} + {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} +{{- end -}} + {{/* Return the secret key that contains the Netbox email password */}} {{- define "netbox.email.secretPasswordKey" -}} -{{- if .Values.existingSecretName -}} +{{- if .Values.email.existingSecretName -}} + {{- if .Values.email.existingSecretPasswordKey -}} + {{- printf "%s" .Values.email.existingSecretPasswordKey -}} + {{- else -}} + {{- printf "%s" "email-password" -}} + {{- end -}} +{{- else if .Values.existingSecretName -}} {{- printf "%s" "email-password" -}} {{- else -}} - {{- if .Values.email.existingSecretName -}} - {{- if .Values.email.existingSecretPasswordKey -}} - {{- printf "%s" .Values.email.existingSecretPasswordKey -}} - {{- else -}} - {{- printf "%s" "email-password" -}} - {{- end -}} - {{- else -}} - {{- printf "%s" "email_password" -}} - {{- end -}} + {{- printf "%s" "email_password" -}} {{- end -}} {{- end -}} diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index a8cf6133..a80adcdb 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -771,6 +771,8 @@ secretKey: "" ## redis.enabled is false and tasksRedis.existingSecretName is blank) ## - redis-cache-password: Redis password for caching Redis instance (if ## redis.enabled is false and cachingRedis.existingSecretName is blank) +## - redis-password: Redis password for caching and tasks Redis instance (if +## redis.enabled is false, cachingRedis.existingSecretName and tasksRedis.existingSecretName is blank) ## - secret-key: session encryption token (50+ random characters) ## - superuser-password: Password for the initial super-user account ## - superuser-api-token: API token created for the initial super-user account From 0139a87894cd2bf616838833a910c083e861a9fc Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 11:42:22 +0700 Subject: [PATCH 04/36] Fix helper typo --- charts/netbox/templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index a0410454..cf48477c 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -607,6 +607,7 @@ Return the secret name containing the Netbox superuser password {{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} {{- end -}} +{{- end -}} {{/* Return the secret key that contains the Netbox superuser password From 9e893d7b9c659bc9fa165402e0fe8ab81db6367f Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 11:51:35 +0700 Subject: [PATCH 05/36] Fix helper --- charts/netbox/templates/_helpers.tpl | 41 ++++++++++++++-------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index cf48477c..a6d5df7c 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -163,20 +163,20 @@ Name of the Secret that contains the PostgreSQL password {{- else }} {{- .Values.existingSecretName | default (include "netbox.postgresql.fullname" .) }} {{- end }} -{{- end }} +{{- end -}} {{/* Name of the key in Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secretKey" -}} - {{- if .Values.postgresql.enabled -}} +{{- if .Values.postgresql.enabled -}} {{- include "postgresql.v1.userPasswordKey" .Subcharts.postgresql -}} - {{- else if .Values.externalDatabase.existingSecretName -}} +{{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretKey -}} - {{- else -}} - db_password - {{- end -}} -{{- end }} +{{- else -}} + {{- print "db_password" -}} +{{- end -}} +{{- end -}} {{/* Return the Redis secret name @@ -242,14 +242,14 @@ Add environment variables to configure tasks Redis values Name of the Secret that contains the Redis tasks password */}} {{- define "netbox.tasksRedis.secret" -}} - {{- if .Values.redis.enabled }} + {{- if .Values.redis.enabled -}} {{- include "redis.secretName" .Subcharts.redis -}} - {{- else if .Values.tasksRedis.existingSecretName }} + {{- else if .Values.tasksRedis.existingSecretName -}} {{- .Values.tasksRedis.existingSecretName }} - {{- else }} + {{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} - {{- end }} -{{- end }} + {{- end -}} +{{- end -}} {{/* Name of the key in Secret that contains the Redis tasks password @@ -262,7 +262,7 @@ Name of the key in Secret that contains the Redis tasks password {{- else -}} redis_tasks_password {{- end -}} -{{- end }} +{{- end -}} {{/* Return the Redis secret name @@ -348,7 +348,7 @@ Name of the key in Secret that contains the Redis cache password {{- else -}} redis_cache_password {{- end -}} -{{- end }} +{{- end -}} {{/* Volumes that need to be mounted for .Values.extraConfig entries @@ -370,7 +370,7 @@ Volumes that need to be mounted for .Values.extraConfig entries {{- toYaml $config.secret | nindent 4 }} {{- end }} {{ end -}} -{{- end }} +{{- end -}} {{/* Volume mounts for .Values.extraConfig entries @@ -381,7 +381,7 @@ Volume mounts for .Values.extraConfig entries mountPath: /run/config/extra/{{ $index }} readOnly: true {{ end -}} -{{- end }} +{{- end -}} {{/* Return the Database hostname @@ -405,8 +405,8 @@ Return the Database port Return the Database database name */}} {{- define "netbox.databaseName" -}} -{{- if .Values.postgresql.enabled }} - {{- if .Values.global.postgresql }} +{{- if .Values.postgresql.enabled -}} + {{- if .Values.global.postgresql -}} {{- if .Values.global.postgresql.auth }} {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database | quote -}} {{- else -}} @@ -551,7 +551,7 @@ Return whether Redis uses password authentication or not Return the Redis hostname */}} {{- define "netbox.redisHost" -}} -{{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- printf "%s-master" (include "netbox.redis.fullname" .) -}} {{- else if .Values.externalRedis.host -}} {{- .Values.externalRedis.host -}} @@ -564,7 +564,7 @@ Return the Redis hostname Return the Redis port */}} {{- define "netbox.redisPort" -}} -{{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- .Values.redis.master.service.ports.redis -}} {{- else if .Values.externalRedis.port -}} {{- .Values.externalRedis.port -}} @@ -573,7 +573,6 @@ Return the Redis port {{- end -}} {{- end -}} - {{/* Return the secret containing the Netbox superuser password */}} From 061c5a794a7d2ae5962b83475e653ef8f2753e1e Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:04:52 +0700 Subject: [PATCH 06/36] Fix helper --- charts/netbox/templates/Secret/netbox.yaml | 4 +- charts/netbox/templates/_helpers.tpl | 86 +++++++++++----------- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/charts/netbox/templates/Secret/netbox.yaml b/charts/netbox/templates/Secret/netbox.yaml index fe235a54..13fef0ee 100644 --- a/charts/netbox/templates/Secret/netbox.yaml +++ b/charts/netbox/templates/Secret/netbox.yaml @@ -9,9 +9,9 @@ metadata: {{- end }} type: Opaque data: - # {{ if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecretName) -}} + {{ if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecretName) -}} db_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.databaseSecretName" .)) "key" (printf "%s" (include "netbox.databaseSecretPasswordKey" .)) "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }} - # {{ end -}} + {{ end -}} {{ if (not .Values.email.existingSecretName) -}} # email_password: {{ .Values.email.password | b64enc | quote }} email_password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "netbox.email.secretName" .)) "key" (printf "%s" (include "netbox.email.secretPasswordKey" .)) "length" 12 "providedValues" (list "email.password") "context" $) }} diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index a6d5df7c..0ae8b9ec 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -12,17 +12,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "netbox.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" }} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} + {{- end -}} +{{- end -}} +{{- end -}} {{/* Return the proper Netbox worker fullname @@ -108,7 +108,7 @@ Create chart name and version as used by the chart label. */}} {{- define "netbox.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- end -}} {{/* Common labels @@ -121,7 +121,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.commonLabels }} {{ toYaml . }} {{- end }} -{{- end }} +{{- end -}} {{/* Selector labels @@ -129,18 +129,18 @@ Selector labels {{- define "netbox.selectorLabels" -}} app.kubernetes.io/name: {{ include "netbox.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} +{{- end -}} {{/* Create the name of the service account to use */}} {{- define "netbox.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} +{{- if .Values.serviceAccount.create -}} {{- default (include "netbox.fullname" .) .Values.serviceAccount.name }} -{{- else }} +{{- else -}} {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Return the path Netbox is hosted on. This looks at httpRelativePath and returns it with a trailing slash. For example: @@ -156,13 +156,13 @@ Return the path Netbox is hosted on. This looks at httpRelativePath and returns Name of the Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secret" -}} - {{- if .Values.postgresql.enabled }} + {{- if .Values.postgresql.enabled -}} {{- include "postgresql.v1.secretName" .Subcharts.postgresql -}} - {{- else if .Values.externalDatabase.existingSecretName }} + {{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretName }} - {{- else }} + {{- else -}} {{- .Values.existingSecretName | default (include "netbox.postgresql.fullname" .) }} - {{- end }} + {{- end -}} {{- end -}} {{/* @@ -260,7 +260,7 @@ Name of the key in Secret that contains the Redis tasks password {{- else if .Values.tasksRedis.existingSecretName -}} {{ .Values.tasksRedis.existingSecretKey }} {{- else -}} - redis_tasks_password + {{- print "redis_tasks_password" -}} {{- end -}} {{- end -}} @@ -328,26 +328,26 @@ Add environment variables to configure tasks Redis values Name of the Secret that contains the Redis cache password */}} {{- define "netbox.cachingRedis.secret" -}} - {{- if .Values.redis.enabled }} +{{- if .Values.redis.enabled -}} {{- include "redis.secretName" .Subcharts.redis -}} - {{- else if .Values.cachingRedis.existingSecretName }} +{{- else if .Values.cachingRedis.existingSecretName -}} {{- .Values.cachingRedis.existingSecretName }} - {{- else }} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} - {{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Name of the key in Secret that contains the Redis cache password */}} {{- define "netbox.cachingRedis.secretKey" -}} - {{- if .Values.redis.enabled -}} +{{- if .Values.redis.enabled -}} {{- include "redis.secretPasswordKey" .Subcharts.redis -}} - {{- else if .Values.cachingRedis.existingSecretName -}} +{{- else if .Values.cachingRedis.existingSecretName -}} {{ .Values.cachingRedis.existingSecretKey }} - {{- else -}} +{{- else -}} redis_cache_password - {{- end -}} +{{- end -}} {{- end -}} {{/* @@ -356,19 +356,19 @@ Volumes that need to be mounted for .Values.extraConfig entries {{- define "netbox.extraConfig.volumes" -}} {{- range $index, $config := .Values.extraConfig -}} - name: extra-config-{{ $index }} - {{- if $config.values }} + {{- if $config.values -}} configMap: name: {{ include "netbox.fullname" $ }} items: - key: extra-{{ $index }}.yaml path: extra-{{ $index }}.yaml - {{- else if $config.configMap }} + {{- else if $config.configMap -}} configMap: {{- toYaml $config.configMap | nindent 4 }} - {{- else if $config.secret }} + {{- else if $config.secret -}} secret: {{- toYaml $config.secret | nindent 4 }} - {{- end }} + {{- end -}} {{ end -}} {{- end -}} @@ -387,7 +387,7 @@ Volume mounts for .Values.extraConfig entries Return the Database hostname */}} {{- define "netbox.databaseHost" -}} -{{- if eq .Values.postgresql.architecture "replication" }} +{{- if eq .Values.postgresql.architecture "replication" -}} {{- ternary (include "netbox.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}}-primary {{- else -}} {{- ternary (include "netbox.postgresql.fullname" .) (tpl .Values.externalDatabase.host $) .Values.postgresql.enabled -}} @@ -445,7 +445,7 @@ Return the Database encrypted password {{- define "netbox.databaseSecretName" -}} {{- if .Values.postgresql.enabled -}} {{- default (include "netbox.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} -{{- else if .Values.existingSecretName }} +{{- else if .Values.existingSecretName -}} {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- default (printf "%s-externaldb" .Release.Name) (tpl .Values.externalDatabase.existingSecretName $) -}} @@ -504,15 +504,15 @@ Add environment variables to configure database values Return the Redis secret name */}} {{- define "netbox.redis.secretName" -}} -{{- if .Values.redis.enabled }} - {{- if .Values.redis.auth.existingSecret }} +{{- if .Values.redis.enabled -}} + {{- if .Values.redis.auth.existingSecret -}} {{- printf "%s" .Values.redis.auth.existingSecret -}} {{- else -}} {{- printf "%s" (include "netbox.redis.fullname" .) }} {{- end -}} -{{- else if .Values.externalRedis.existingSecretName }} +{{- else if .Values.externalRedis.existingSecretName -}} {{- printf "%s" .Values.externalRedis.existingSecretName -}} -{{- else if .Values.existingSecretName }} +{{- else if .Values.existingSecretName -}} {{- printf "%s" .Values.existingSecretName -}} {{- else -}} {{- printf "%s" (include "netbox.redis.fullname" .) -}} @@ -542,7 +542,7 @@ Return the Redis secret key Return whether Redis uses password authentication or not */}} {{- define "netbox.redis.auth.enabled" -}} -{{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (and (not .Values.redis.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecretName)) }} +{{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (and (not .Values.redis.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecretName)) -}} {{- true -}} {{- end -}} {{- end -}} From 068f72f42f6c8ec19b5eba15f276223dc1222dd1 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:47:13 +0700 Subject: [PATCH 07/36] Fix helper missing end --- charts/netbox/templates/_helpers.tpl | 43 ++++++++++++++-------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 0ae8b9ec..7e7a061a 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -43,7 +43,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "netbox.postgresql.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} +{{ include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) }} {{- end -}} {{/* @@ -51,7 +51,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "netbox.redis.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) -}} +{{ include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) }} {{- end -}} {{/* @@ -86,14 +86,14 @@ Return the proper Netbox init image name Return the proper PostgreSQL image name */}} {{- define "netbox.postgresql.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.postgresql.image "global" .Values.global ) -}} +{{ include "common.images.image" ( dict "imageRoot" .Values.postgresql.image "global" .Values.global ) }} {{- end -}} {{/* Return the proper Redis image name */}} {{- define "netbox.redis.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.redis.image "global" .Values.global ) -}} +{{ include "common.images.image" ( dict "imageRoot" .Values.redis.image "global" .Values.global ) }} {{- end -}} {{/* @@ -156,13 +156,13 @@ Return the path Netbox is hosted on. This looks at httpRelativePath and returns Name of the Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secret" -}} - {{- if .Values.postgresql.enabled -}} - {{- include "postgresql.v1.secretName" .Subcharts.postgresql -}} - {{- else if .Values.externalDatabase.existingSecretName -}} +{{- if .Values.postgresql.enabled -}} + {{ include "postgresql.v1.secretName" .Subcharts.postgresql }} +{{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretName }} - {{- else -}} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.postgresql.fullname" .) }} - {{- end -}} +{{- end -}} {{- end -}} {{/* @@ -205,7 +205,7 @@ Return the Redis secret name Return the task Redis hostname */}} {{- define "netbox.tasksRedis.host" -}} -{{- if eq .Values.redis.architecture "replication" }} +{{- if eq .Values.redis.architecture "replication" -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.tasksRedis.host $) .Values.redis.enabled -}}-master {{- else -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.tasksRedis.host $) .Values.redis.enabled -}}-master @@ -216,7 +216,7 @@ Return the task Redis hostname Return the task Redis port */}} {{- define "netbox.tasksRedis.port" -}} - {{- ternary 6379 .Values.tasksRedis.port .Values.redis.enabled | int -}} + {{- ternary 6379 .Values.tasksRedis.port .Values.redis.enabled | int -}} {{- end -}} {{/* @@ -242,26 +242,26 @@ Add environment variables to configure tasks Redis values Name of the Secret that contains the Redis tasks password */}} {{- define "netbox.tasksRedis.secret" -}} - {{- if .Values.redis.enabled -}} +{{- if .Values.redis.enabled -}} {{- include "redis.secretName" .Subcharts.redis -}} - {{- else if .Values.tasksRedis.existingSecretName -}} +{{- else if .Values.tasksRedis.existingSecretName -}} {{- .Values.tasksRedis.existingSecretName }} - {{- else -}} +{{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} - {{- end -}} +{{- end -}} {{- end -}} {{/* Name of the key in Secret that contains the Redis tasks password */}} {{- define "netbox.tasksRedis.secretKey" -}} - {{- if .Values.redis.enabled -}} +{{- if .Values.redis.enabled -}} {{- include "redis.secretPasswordKey" .Subcharts.redis -}} - {{- else if .Values.tasksRedis.existingSecretName -}} +{{- else if .Values.tasksRedis.existingSecretName -}} {{ .Values.tasksRedis.existingSecretKey }} - {{- else -}} +{{- else -}} {{- print "redis_tasks_password" -}} - {{- end -}} +{{- end -}} {{- end -}} {{/* @@ -291,7 +291,7 @@ Return the Redis secret name Return the cache Redis hostname */}} {{- define "netbox.cachingRedis.host" -}} -{{- if eq .Values.redis.architecture "replication" }} +{{- if eq .Values.redis.architecture "replication" -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.cachingRedis.host $) .Values.redis.enabled -}}-master {{- else -}} {{- ternary (include "netbox.redis.fullname" .) (tpl .Values.cachingRedis.host $) .Values.redis.enabled -}}-master @@ -329,7 +329,7 @@ Name of the Secret that contains the Redis cache password */}} {{- define "netbox.cachingRedis.secret" -}} {{- if .Values.redis.enabled -}} - {{- include "redis.secretName" .Subcharts.redis -}} + {{ include "redis.secretName" .Subcharts.redis }} {{- else if .Values.cachingRedis.existingSecretName -}} {{- .Values.cachingRedis.existingSecretName }} {{- else -}} @@ -651,6 +651,7 @@ Return the secret name containing email server {{- else -}} {{- .Values.existingSecretName | default (include "netbox.fullname" .) }} {{- end -}} +{{- end -}} {{/* Return the secret key that contains the Netbox email password From 269e6f3000122042459072d4637656e056fec98b Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:19:07 +0700 Subject: [PATCH 08/36] Cleanup secrets --- charts/netbox/README.md | 14 +-- charts/netbox/templates/ConfigMap/netbox.yaml | 11 ++- charts/netbox/templates/_helpers.tpl | 42 ++++----- charts/netbox/templates/cronjob.yaml | 13 ++- charts/netbox/templates/deployment.yaml | 24 +++-- .../netbox/templates/worker/Deployment.yaml | 59 +++++++------ charts/netbox/values.yaml | 87 ++++++++++--------- 7 files changed, 132 insertions(+), 118 deletions(-) diff --git a/charts/netbox/README.md b/charts/netbox/README.md index 30e42055..54ec94ef 100644 --- a/charts/netbox/README.md +++ b/charts/netbox/README.md @@ -20,7 +20,7 @@ $ helm install netbox \ --set redis.auth.password=[password3] \ startechnica/netbox ``` -⚠️ **WARNING:** Please see [Production Usage](#production-usage) below before using this chart for real. +⚠️ **WARNING:** Please see [Production Usage](#production-usage) below before using this chart for production environment. ## Prerequisites @@ -32,12 +32,12 @@ $ helm install netbox \ To install the chart with the release name `my-release` and default configuration: -```shell +```console $ helm repo add startechnica https://startechnica.github.io/apps $ helm install my-release \ - --set postgresql.auth.postgresPassword=[password1] \ - --set postgresql.auth.password=[password2] \ - --set redis.auth.password=[password3] \ + --set postgresql.auth.postgresPassword= \ + --set postgresql.auth.password= \ + --set redis.auth.password= \ startechnica/netbox ``` @@ -96,12 +96,14 @@ The command removes all the Kubernetes components associated with the chart and * The `extraEnvs` setting has been renamed to `extraEnvVars`. * The `extraContainers` setting has been renamed to `sidecars`. * The `extraInitContainers` setting has been renamed to `initContainers`. - * The `securityContext` setting has been renamed to `podSecurityContext` and `containerSecurityContext`. * The `housekeeping.securityContext` setting has been renamed to `housekeeping.containerSecurityContext` * The `init` setting has been renamed to `initDirs`. * The `ingress.className` setting has been renamed to `ingress.ingressClassName`. * The `metricsEnabled` setting has been renamed to `metrics.enabled`. + * The `securityContext` setting has been renamed to `podSecurityContext` and `containerSecurityContext`. * The `serviceMonitor` setting has been renamed to `metrics.serviceMonitor`. + * The `superuser.password: admin` setting has been changed to `superuser.password: ""`. + * The `superuser.passwordSecretKey` setting has been renamed to `superuser.existingSecretPasswordKey`. * The `worker.autoscaling.targetCPUUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetCPU`. * The `worker.autoscaling.targetMemoryUtilizationPercentage` setting has been renamed to `worker.autoscaling.targetMemory`. * The `worker.extraEnvs` setting has been renamed to `worker.extraEnvVars`. diff --git a/charts/netbox/templates/ConfigMap/netbox.yaml b/charts/netbox/templates/ConfigMap/netbox.yaml index 91f613fc..ecacd229 100644 --- a/charts/netbox/templates/ConfigMap/netbox.yaml +++ b/charts/netbox/templates/ConfigMap/netbox.yaml @@ -203,14 +203,13 @@ data: ENABLE_LOCALIZATION: {{ toJson .Values.enableLocalization }} TIME_ZONE: {{ .Values.timeZone | quote }} DATE_FORMAT: {{ .Values.dateFormat | quote }} - SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} TIME_FORMAT: {{ .Values.timeFormat | quote }} - SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }} DATETIME_FORMAT: {{ .Values.dateTimeFormat | quote }} + SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} + SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }} SHORT_DATETIME_FORMAT: {{ .Values.shortDateTimeFormat | quote }} - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - + {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} ldap_config.py: |- from importlib import import_module @@ -288,11 +287,11 @@ data: AUTH_LDAP_MIRROR_GROUPS_EXCEPT: {{ toJson .Values.remoteAuth.ldap.mirrorGroupsExcept }} AUTH_LDAP_CACHE_TIMEOUT: {{ int .Values.remoteAuth.ldap.cacheTimeout }} {{- end }} - {{- if .Values.overrideUnitConfig }} + {{- if .Values.overrideUnitConfig -}} nginx-unit.json: |- {{- toPrettyJson .Values.overrideUnitConfig | nindent 4 }} - {{- end }} + {{- end -}} {{- range $index, $config := .Values.extraConfig -}} {{- if $config.values }} diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 7e7a061a..5ecdf82a 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -152,6 +152,13 @@ Return the path Netbox is hosted on. This looks at httpRelativePath and returns {{ ternary .Values.httpRelativePath (printf "%s%s" .Values.httpRelativePath "/") (hasSuffix "/" .Values.httpRelativePath) }} {{- end -}} +{{/* +Return the Netbox secret name +*/}} +{{- define "netbox.secretName" -}} + {{ default (include "netbox.fullname" .) .Values.existingSecretName }} +{{- end -}} + {{/* Name of the Secret that contains the PostgreSQL password */}} @@ -573,30 +580,6 @@ Return the Redis port {{- end -}} {{- end -}} -{{/* -Return the secret containing the Netbox superuser password -*/}} -{{- define "netbox.secretName" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret key that contains the Netbox superuser password -*/}} -{{- define "netbox.secretKey" -}} -{{- $secretName := .Values.superuser.existingSecretName -}} -{{- if and $secretName .Values.superuser.existingSecretPasswordKey -}} - {{- printf "%s" .Values.superuser.existingSecretPasswordKey -}} -{{- else -}} - {{- print "superuser_password" -}} -{{- end -}} -{{- end -}} - {{/* Return the secret name containing the Netbox superuser password */}} @@ -670,6 +653,17 @@ Return the secret key that contains the Netbox email password {{- end -}} {{- end -}} +{{/* +Return the secret name containing remote auth +*/}} +{{- define "netbox.remoteAuth.secretName" -}} +{{- if .Values.remoteAuth.existingSecretName -}} + {{- printf "%s" .Values.remoteAuth.existingSecretName -}} +{{- else -}} + {{ include "netbox.secretName" . }} +{{- end -}} +{{- end -}} + {{/* Validate values of Netbox - database */}} {{- define "netbox.validateValues.database" -}} {{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecretName)) -}} diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 159a467f..cb3120f6 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -116,10 +116,15 @@ spec: path: email_password - key: secret_key path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - - key: ldap_bind_password - path: ldap_bind_password - {{- end }} + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + - key: ldap_bind_password + path: ldap_bind_password + {{- end }} + {{- end }} - secret: name: {{ include "netbox.databaseSecretName" . | quote }} items: diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 463c3239..fe514d04 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -174,7 +174,7 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.subPath | quote }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath | quote }} {{- end }} @@ -275,22 +275,30 @@ spec: projected: sources: - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} + name: {{ include "netbox.secretName" . | quote }} items: - # Used by netbox-docker entry scripts - - key: {{ include "netbox.superuser.secretPasswordKey" . | quote }} - path: superuser_password - - key: {{ include "netbox.superuser.secretApiTokenKey" . | quote }} - path: superuser_api_token # Used by our configuration - key: {{ include "netbox.email.secretPasswordKey" . | quote }} path: email_password - key: secret_key path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} + {{- end }} + - secret: + name: {{ include "netbox.superuser.secretName" . | quote }} + items: + # Used by netbox-docker entry scripts + - key: {{ include "netbox.superuser.secretPasswordKey" . | quote }} + path: superuser_password + - key: {{ include "netbox.superuser.secretApiTokenKey" . | quote }} + path: superuser_api_token - secret: name: {{ include "netbox.databaseSecretName" . | quote }} items: diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index b635cbca..953869d1 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -191,33 +191,38 @@ spec: - name: secrets projected: sources: - - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} - items: - # Used by our configuration - - key: {{ include "netbox.email.secretPasswordKey" . | quote }} - path: email_password - - key: secret_key - path: secret_key - {{- if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" }} - - key: ldap_bind_password - path: ldap_bind_password - {{- end }} - - secret: - name: {{ include "netbox.databaseSecretName" . | quote }} - items: - - key: {{ include "netbox.databaseSecretPasswordKey" . | quote }} - path: db_password - - secret: - name: {{ include "netbox.tasksRedis.secretName" . | quote }} - items: - - key: {{ include "netbox.tasksRedis.secretPasswordKey" . | quote }} - path: redis_tasks_password - - secret: - name: {{ include "netbox.cachingRedis.secretName" . | quote }} - items: - - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }} - path: redis_cache_password + - secret: + name: {{ include "netbox.secretName" . | quote }} + items: + # Used by our configuration + - key: {{ include "netbox.email.secretPasswordKey" . | quote }} + path: email_password + - key: secret_key + path: secret_key + {{- if .Values.remoteAuth.enabled }} + - secret: + name: {{ include "netbox.remoteAuth.secretName" . | quote }} + items: + {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + - key: ldap_bind_password + path: ldap_bind_password + {{- end }} + {{- end }} + - secret: + name: {{ include "netbox.databaseSecretName" . | quote }} + items: + - key: {{ include "netbox.databaseSecretPasswordKey" . | quote }} + path: db_password + - secret: + name: {{ include "netbox.tasksRedis.secretName" . | quote }} + items: + - key: {{ include "netbox.tasksRedis.secretPasswordKey" . | quote }} + path: redis_tasks_password + - secret: + name: {{ include "netbox.cachingRedis.secretName" . | quote }} + items: + - key: {{ include "netbox.cachingRedis.secretPasswordKey" . | quote }} + path: redis_cache_password {{- include "netbox.extraConfig.volumes" . | nindent 8 -}} - name: netbox-tmp emptyDir: diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index a80adcdb..acd83692 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -388,17 +388,15 @@ superuser: email: admin@example.com ## @param superuser.password Netbox administrator password for the new superuser ## - password: admin + password: "" ## @param superuser.apiToken Netbox administrator superuser token ## apiToken: "" ## @param superuser.existingSecretName Existing secret containing Netbox superuser password ## existingSecretName: "" - ## @param superuser.passwordSecretKey Key where the Netbox superuser password is being stored inside the existing secret. ## @param superuser.existingSecretPasswordKey Key where the Netbox superuser password is being stored inside the existing secret. ## - passwordSecretKey: "" existingSecretPasswordKey: "" ## @param superuser.annotations Additional custom annotations for Netbox superuser secret object ## @@ -603,9 +601,10 @@ mapsUrl: 'https://maps.google.com/?q=' # all objects by specifying "?limit=0". maxPageSize: 1000 -# By default uploaded media is stored in an attached volume. Using -# Django-storages is also supported. Provide the class path of the storage -# driver in storageBackend and any configuration options in storageConfig. +## @param storageBackend By default uploaded media is stored in an attached volume. Using +## Django-storages is also supported. Provide the class path of the storage +## driver in storageBackend and any configuration options in storageConfig. +## storageBackend: null # storages.backends.s3boto3.S3Boto3Storage storageConfig: {} # AWS_ACCESS_KEY_ID: 'Key ID' @@ -649,8 +648,6 @@ rackElevationDefaultUnitWidth: 220 ## @section Authentication parameters -## -## remoteAuth: ## @param remoteAuth.enabled Enable remote authentication support ## @@ -676,42 +673,46 @@ remoteAuth: ## existingSecretName: "" - # The following options are specific for backend "netbox.authentication.LDAPBackend" - # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" - # see https://django-auth-ldap.readthedocs.io - # - # When enabling LDAP support please see "Using LDAP Authentication" in README.md and - # uncomment ALL of the configuration settings below, or your configuration will be invalid. - # - # ldap: - # serverUri: 'ldap://domain.com' - # startTls: true - # ignoreCertErrors: false - # bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com' - # bindPassword: 'TopSecretPassword' - # userDnTemplate: null - # userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com' - # userSearchAttr: 'sAMAccountName' - # groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com' - # groupSearchClass: 'group' - # groupType: 'GroupOfNamesType' - # requireGroupDn: '' - # findGroupPerms: true - # mirrorGroups: true - # mirrorGroupsExcept: null - # cacheTimeout: 3600 - # isAdminDn: 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com' - # isSuperUserDn: 'CN=Domain Admins,CN=Users,DC=domain,dc=com' - # attrFirstName: 'givenName' - # attrLastName: 'sn' - # attrMail: 'mail' + ## The following options are specific for backend "netbox.authentication.LDAPBackend" + ## you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" + ## see https://django-auth-ldap.readthedocs.io + ## + ## When enabling LDAP support please see "Using LDAP Authentication" in README.md and + ## uncomment ALL of the configuration settings below, or your configuration will be invalid. + ## + ldap: + ## @param remoteAuth.ldap.enabled Enable LDAP remote auth backend + ## + enabled: false + serverUri: 'ldap://domain.com' + startTls: true + ignoreCertErrors: false + bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com' + bindPassword: 'TopSecretPassword' + userDnTemplate: null + userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com' + userSearchAttr: 'sAMAccountName' + groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com' + groupSearchClass: 'group' + groupType: 'GroupOfNamesType' + requireGroupDn: '' + findGroupPerms: true + mirrorGroups: true + mirrorGroupsExcept: null + cacheTimeout: 3600 + isAdminDn: 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com' + isSuperUserDn: 'CN=Domain Admins,CN=Users,DC=domain,dc=com' + attrFirstName: 'givenName' + attrLastName: 'sn' + attrMail: 'mail' releaseCheck: - # This repository is used to check whether there is a new release of NetBox - # available. Set to null to disable the version check or use the URL below to - # check for release in the official NetBox repository. + ## This repository is used to check whether there is a new release of NetBox + ## available. Set to null to disable the version check or use the URL below to + ## check for release in the official NetBox repository. + ## url: https://api.github.com/repos/netbox-community/netbox/releases + ## url: null - # url: https://api.github.com/repos/netbox-community/netbox/releases # Maximum execution time for background tasks, in seconds. rqDefaultTimeout: 300 # 5 mins @@ -756,7 +757,7 @@ extraConfig: [] ## @param secretKey If provided, this should be a 50+ character string of random characters. It ## will be randomly generated if left blank. -## You can also use an existing secret with "secret_key" instead of "secretKey" +## You can also use an existing secret with "secret-key" instead of "secretKey" ## See `existingSecretName` for details ## secretKey: "" @@ -887,7 +888,7 @@ persistence: ## @param persistence.path The path the volume will be mounted at on Redis master containers ## NOTE: Useful when using different Redis images ## - path: /opt/netbox/netbox/reports + path: /opt/netbox/netbox/media ## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## subPath: "" From f16dca47022ab3b1c95053a8baf34d251f2a568e Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:50:54 +0700 Subject: [PATCH 09/36] Fix volumeMount --- charts/netbox/templates/deployment.yaml | 6 +++--- charts/netbox/templates/worker/Deployment.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index fe514d04..bf884518 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,12 +158,12 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true @@ -286,7 +286,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 953869d1..7308c158 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -94,12 +94,12 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true From b1312386b1f8f87af49f97f57f3de9bafe5c3cfd Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:58:37 +0700 Subject: [PATCH 10/36] Fix has --- charts/netbox/templates/cronjob.yaml | 4 ++-- charts/netbox/templates/deployment.yaml | 2 +- charts/netbox/templates/worker/Deployment.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index cb3120f6..c6ecceb5 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -63,12 +63,12 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{ if eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend" -}} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true - {{ end -}} + {{- end }} - name: config mountPath: /run/config/netbox readOnly: true diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index bf884518..7e092b35 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,7 +158,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 7308c158..80ae60f7 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -94,7 +94,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py From b54a241a0e1c1b131094c3d317ac287bf8844379 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:05:52 +0700 Subject: [PATCH 11/36] Fix volumeMounts --- charts/netbox/templates/cronjob.yaml | 6 +++--- charts/netbox/templates/deployment.yaml | 2 +- charts/netbox/templates/worker/Deployment.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index c6ecceb5..0ee774f1 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -79,16 +79,16 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.path | quote }} subPath: {{ .Values.persistence.subPath | default "" | quote }} {{- if .Values.reportsPersistence.enabled }} - name: reports - mountPath: /opt/netbox/netbox/reports + mountPath: {{ .Values.reportsPersistence.path }} subPath: {{ .Values.reportsPersistence.subPath | default "" | quote }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts - mountPath: /opt/netbox/netbox/scripts + mountPath: {{ .Values.scriptsPersistence.path }} subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }} {{- end }} {{- with .Values.housekeeping.extraVolumeMounts }} diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 7e092b35..727c8114 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -174,7 +174,7 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: {{ .Values.persistence.subPath | quote }} + mountPath: {{ .Values.persistence.path | quote }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath | quote }} {{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 80ae60f7..c9141be8 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -110,7 +110,7 @@ spec: - name: netbox-tmp mountPath: /tmp - name: media - mountPath: /opt/netbox/netbox/media + mountPath: {{ .Values.persistence.path | quote }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath | quote }} {{- end }} From c6796e84cfa91b27752963a92cb78649517814ae Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:29:39 +0700 Subject: [PATCH 12/36] Add metrics service --- charts/netbox/templates/metrics/Service.yaml | 26 ++++++++++++++++++++ charts/netbox/values.yaml | 15 +++++++++++ 2 files changed, 41 insertions(+) create mode 100644 charts/netbox/templates/metrics/Service.yaml diff --git a/charts/netbox/templates/metrics/Service.yaml b/charts/netbox/templates/metrics/Service.yaml new file mode 100644 index 00000000..fb278b65 --- /dev/null +++ b/charts/netbox/templates/metrics/Service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "netbox.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: http + port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }} + protocol: TCP + targetPort: http + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: netbox +{{- end }} \ No newline at end of file diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index acd83692..f64be489 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -1906,6 +1906,21 @@ metrics: ## @param metrics.enabled Enable metrics ## enabled: false + ## Netbox metrics service parameters + ## + service: + ## @param metrics.service.ports.http Metrics service HTTP port + ## + ports: + http: 8080 + ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.http }}" + ## @param metrics.service.extraPorts [array] Add additional ports to the netbox metrics service (i.e. admin port 9000) + ## + extraPorts: [] ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: From e85ef88290225ca82ade7bc9181fba6d8771b524 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:38:40 +0700 Subject: [PATCH 13/36] Fix netbox metrics service --- charts/netbox/templates/metrics/Service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/templates/metrics/Service.yaml b/charts/netbox/templates/metrics/Service.yaml index fb278b65..94462853 100644 --- a/charts/netbox/templates/metrics/Service.yaml +++ b/charts/netbox/templates/metrics/Service.yaml @@ -22,5 +22,5 @@ spec: {{- end }} {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: netbox + app.kubernetes.io/component: server {{- end }} \ No newline at end of file From 08e8f01cfcbdde108e7830669e399521b0408b8f Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 18:39:23 +0700 Subject: [PATCH 14/36] Add metrics test --- charts/netbox/values-test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index b6b6456c..7b1779c0 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -8,3 +8,5 @@ metrics: enabled: true serviceMonitor: enabled: true + additionalLabels: + release: kube-prometheus-stack \ No newline at end of file From c4a5dcd8a3bf1f92aee37a951fab088ea8899782 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 18:42:57 +0700 Subject: [PATCH 15/36] Add metrics labels --- charts/netbox/values-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index 7b1779c0..ab905f76 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -8,5 +8,5 @@ metrics: enabled: true serviceMonitor: enabled: true - additionalLabels: + labels: release: kube-prometheus-stack \ No newline at end of file From 89c8950bbb1c05d167fce3b44bcd6d21ae030962 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 19:21:57 +0700 Subject: [PATCH 16/36] Add HPA --- .../templates/HorizontalPodAutoscaler.yaml | 45 +++++++++++++++++++ charts/netbox/templates/Ingress.yaml | 2 +- charts/netbox/templates/hpa.yaml | 37 --------------- charts/netbox/templates/metrics/Service.yaml | 2 +- charts/netbox/templates/worker/Service.yaml | 2 +- .../templates/worker/ServiceMonitor.yaml | 2 +- charts/netbox/values-test.yaml | 1 + 7 files changed, 50 insertions(+), 41 deletions(-) create mode 100644 charts/netbox/templates/HorizontalPodAutoscaler.yaml delete mode 100644 charts/netbox/templates/hpa.yaml diff --git a/charts/netbox/templates/HorizontalPodAutoscaler.yaml b/charts/netbox/templates/HorizontalPodAutoscaler.yaml new file mode 100644 index 00000000..e57f2f93 --- /dev/null +++ b/charts/netbox/templates/HorizontalPodAutoscaler.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.worker.enabled .Values.worker.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "netbox.worker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: worker + app.kubernetes.io/part-of: netbox + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ template "netbox.worker.fullname" . }} + minReplicas: {{ .Values.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} + metrics: + {{- if or .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ coalesce .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ coalesce .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- end }} + {{- if or .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ coalesce .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ coalesce .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/Ingress.yaml b/charts/netbox/templates/Ingress.yaml index 362db928..b5066f2c 100644 --- a/charts/netbox/templates/Ingress.yaml +++ b/charts/netbox/templates/Ingress.yaml @@ -48,7 +48,7 @@ spec: secretName: {{ printf "%s-tls" .Values.ingress.hostname }} {{- end }} {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/hpa.yaml b/charts/netbox/templates/hpa.yaml deleted file mode 100644 index dde6ad85..00000000 --- a/charts/netbox/templates/hpa.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "netbox.fullname" . }} - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "netbox.labels" . | nindent 4 }} - app.kubernetes.io/component: netbox -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "netbox.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/netbox/templates/metrics/Service.yaml b/charts/netbox/templates/metrics/Service.yaml index 94462853..2d66a6d3 100644 --- a/charts/netbox/templates/metrics/Service.yaml +++ b/charts/netbox/templates/metrics/Service.yaml @@ -13,7 +13,7 @@ metadata: spec: type: ClusterIP ports: - - name: http + - name: http-metrics port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }} protocol: TCP targetPort: http diff --git a/charts/netbox/templates/worker/Service.yaml b/charts/netbox/templates/worker/Service.yaml index 01ac2283..dd447365 100644 --- a/charts/netbox/templates/worker/Service.yaml +++ b/charts/netbox/templates/worker/Service.yaml @@ -35,7 +35,7 @@ spec: {{- end }} ports: {{- if .Values.worker.service.http.enabled }} - - name: http + - name: http-metrics port: {{ coalesce .Values.worker.service.ports.http .Values.worker.service.port }} protocol: TCP targetPort: http diff --git a/charts/netbox/templates/worker/ServiceMonitor.yaml b/charts/netbox/templates/worker/ServiceMonitor.yaml index 4b823b5b..3a23903c 100644 --- a/charts/netbox/templates/worker/ServiceMonitor.yaml +++ b/charts/netbox/templates/worker/ServiceMonitor.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: worker app.kubernetes.io/part-of: netbox endpoints: - - port: http + - port: http-metrics {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} diff --git a/charts/netbox/values-test.yaml b/charts/netbox/values-test.yaml index ab905f76..036f67a0 100644 --- a/charts/netbox/values-test.yaml +++ b/charts/netbox/values-test.yaml @@ -8,5 +8,6 @@ metrics: enabled: true serviceMonitor: enabled: true + interval: 30s labels: release: kube-prometheus-stack \ No newline at end of file From 7425fc88a80fb5108faf3b83c4e9a0101fcef126 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 19:44:26 +0700 Subject: [PATCH 17/36] Add secret tls --- .../templates/HorizontalPodAutoscaler.yaml | 24 +++---- charts/netbox/templates/Secret/tls.yaml | 65 +++++++++++++++++++ charts/netbox/templates/_helpers.tpl | 9 +++ charts/netbox/values.yaml | 22 +++---- 4 files changed, 97 insertions(+), 23 deletions(-) create mode 100644 charts/netbox/templates/Secret/tls.yaml diff --git a/charts/netbox/templates/HorizontalPodAutoscaler.yaml b/charts/netbox/templates/HorizontalPodAutoscaler.yaml index e57f2f93..c8971fe1 100644 --- a/charts/netbox/templates/HorizontalPodAutoscaler.yaml +++ b/charts/netbox/templates/HorizontalPodAutoscaler.yaml @@ -1,11 +1,11 @@ -{{- if and .Values.worker.enabled .Values.worker.autoscaling.enabled }} +{{- if .Values.autoscaling.enabled }} apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ template "netbox.worker.fullname" . }} + name: {{ template "netbox.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: worker + app.kubernetes.io/component: server app.kubernetes.io/part-of: netbox {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -14,32 +14,32 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment - name: {{ template "netbox.worker.fullname" . }} - minReplicas: {{ .Values.worker.autoscaling.minReplicas }} - maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} + name: {{ template "netbox.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- if or .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + {{- if or .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ coalesce .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + targetAverageUtilization: {{ coalesce .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} {{- else }} target: type: Utilization - averageUtilization: {{ coalesce .Values.worker.autoscaling.targetCPU .Values.worker.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ coalesce .Values.autoscaling.targetCPU .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- end }} - {{- if or .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + {{- if or .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ coalesce .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + targetAverageUtilization: {{ coalesce .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- else }} target: type: Utilization - averageUtilization: {{ coalesce .Values.worker.autoscaling.targetMemory .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} + averageUtilization: {{ coalesce .Values.autoscaling.targetMemory .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/netbox/templates/Secret/tls.yaml b/charts/netbox/templates/Secret/tls.yaml new file mode 100644 index 00000000..99798fd9 --- /dev/null +++ b/charts/netbox/templates/Secret/tls.yaml @@ -0,0 +1,65 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.tplvalues.render" ( dict "value" .certificate "context" $ ) | b64enc }} + tls.key: {{ include "common.tplvalues.render" ( dict "value" .key "context" $ ) | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "netbox-ca" 365 }} +{{- $cert := genSignedCert (tpl .Values.ingress.hostname .) nil (list (tpl .Values.ingress.hostname .)) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} +{{- if (include "netbox.tls.isCreateSecret" $) }} +{{- $secretName := printf "%s-crt" (include "netbox.fullname" .) }} +{{- $ca := genCA "netbox-ca" 365 }} +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: netbox + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- $replicaCount := int .Values.replicaCount }} + {{- $svcName := include "netbox.fullname" . }} + {{- $altNames := list (printf "%s.%s.svc.%s" $svcName $releaseNamespace $clusterDomain) (printf "%s.%s" $svcName $releaseNamespace) $svcName }} + {{- $cert := genSignedCert $svcName nil $altNames 365 $ca }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 5ecdf82a..49f48e4b 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -664,6 +664,15 @@ Return the secret name containing remote auth {{- end -}} {{- end -}} +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "netbox.tls.isCreateSecret" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + {{/* Validate values of Netbox - database */}} {{- define "netbox.validateValues.database" -}} {{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecretName)) -}} diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index f64be489..301385b0 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -831,7 +831,7 @@ imagePullSecrets: [] ## Specifies whether a ServiceAccount should be created ## serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Netbox pods ## create: true ## @param serviceAccount.name Name of the created ServiceAccount @@ -1096,7 +1096,7 @@ service: nodePorts: http: "" https: "" - ## @param service.clusterIP Keycloak service clusterIP IP + ## @param service.clusterIP Netbox service clusterIP IP ## e.g: ## clusterIP: None ## @@ -1130,7 +1130,7 @@ service: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] - ## @param service.annotations Additional custom annotations for Keycloak service + ## @param service.annotations Additional custom annotations for Netbox service ## Example: ## annotations: ## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http @@ -1138,7 +1138,7 @@ service: ## service.beta.kubernetes.io/aws-load-balancer-ssl-ports: http ## annotations: {} - ## @param service.extraPorts Extra port to expose on Keycloak service + ## @param service.extraPorts Extra port to expose on Netbox service ## extraPorts: [] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin @@ -1201,7 +1201,7 @@ ingress: ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: - ## - name: airflow.local + ## - name: netbox.local ## path: / ## extraHosts: [] @@ -1219,8 +1219,8 @@ ingress: ## e.g: ## extraTls: ## - hosts: - ## - airflow.local - ## secretName: airflow.local-tls + ## - netbox.local + ## secretName: netbox.local-tls ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets @@ -1232,7 +1232,7 @@ ingress: ## Please see README.md for more information ## e.g: ## secrets: - ## - name: airflow.local-tls + ## - name: netbox.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... @@ -2090,9 +2090,9 @@ postgresql: ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host ## @param externalDatabase.port Database port number -## @param externalDatabase.user Non-root username for Keycloak -## @param externalDatabase.password Password for the non-root username for Keycloak -## @param externalDatabase.database Keycloak database name +## @param externalDatabase.user Non-root username for Netbox +## @param externalDatabase.password Password for the non-root username for Netbox +## @param externalDatabase.database Netbox database name ## @param externalDatabase.existingSecretName Name of an existing secret resource containing the database credentials ## @param externalDatabase.existingSecretHostKey Name of an existing secret key containing the database host name ## @param externalDatabase.existingSecretPortKey Name of an existing secret key containing the database port From b13ca98e0f97754dda892be3e80b6e8bdf7e71c1 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 20:18:57 +0700 Subject: [PATCH 18/36] Tidy up housekeeping --- charts/netbox/templates/cronjob.yaml | 44 ++++---- charts/netbox/values.yaml | 158 +++++++++++++++------------ 2 files changed, 110 insertions(+), 92 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 0ee774f1..375efa99 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -28,20 +28,28 @@ spec: metadata: {{- if .Values.podAnnotations }} annotations: - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.podAnnotations "context" $) | nindent 12 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 12 }} app.kubernetes.io/component: housekeeping app.kubernetes.io/part-of: netbox spec: + automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }} {{- include "netbox.imagePullSecrets" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 10 }} + {{- end }} + restartPolicy: {{ .Values.housekeeping.restartPolicy }} + {{- if .Values.housekeeping.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} serviceAccountName: {{ include "netbox.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }} - securityContext: - {{- toYaml .Values.housekeeping.podSecurityContext | nindent 12 }} - {{- with .Values.housekeeping.extraInitContainers }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 10 }} + {{- end }} + {{- if .Values.initContainers }} initContainers: - {{- toYaml . | nindent 10 }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 10 }} {{- end }} containers: - name: housekeeping @@ -53,10 +61,9 @@ spec: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping - {{- include "netbox.imagePullSecrets" . | nindent 12 }} - {{- with .Values.housekeeping.extraEnvs }} + {{- if .Values.housekeping.extraEnvVars }} env: - {{- toYaml . | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" .Values.housekeping.extraEnvVars "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: config @@ -95,11 +102,10 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.housekeeping.resources }} - resources: - {{- toYaml .Values.housekeeping.resources | nindent 14 }} + resources: {{- toYaml .Values.housekeeping.resources | nindent 14 }} {{- end }} - {{- with .Values.housekeeping.extraContainers }} - {{- toYaml . | nindent 10 }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 10 }} {{- end }} volumes: - name: config @@ -109,7 +115,7 @@ spec: projected: sources: - secret: - name: {{ .Values.existingSecretName | default (include "netbox.fullname" .) | quote }} + name: {{ include "netbox.secretName" . | quote }} items: # Used by our configuration - key: {{ include "netbox.email.secretPasswordKey" . | quote }} @@ -164,17 +170,9 @@ spec: {{- with .Values.housekeeping.extraVolumes }} {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.housekeeping.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.housekeeping.affinity }} affinity: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.housekeeping.tolerations }} - tolerations: - {{- toYaml . | nindent 10 }} - {{- end }} - restartPolicy: {{ .Values.housekeeping.restartPolicy }} + {{- end -}} diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index 301385b0..29adebb1 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -1337,17 +1337,43 @@ housekeeping: ## Set to true if you would like to see extra information on logs ## debug: false - - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 5 - restartPolicy: OnFailure - schedule: '0 0 * * *' - successfulJobsHistoryLimit: 5 - suspend: false - - podAnnotations: {} - + ## @param housekeeping.command Override default container command (useful when using custom images) + ## + command: [] + ## @param housekeeping.args Override default container args (useful when using custom images) + ## + args: [] + ## @param housekeeping.extraEnvVars Array with extra environment variables to add to Netbox worker nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param housekeeping.podLabels Extra labels for Netbox housekeeping pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## podLabels: {} + ## @param housekeeping.podAnnotations Annotations for Netbox housekeeping pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## Netbox housekeeping resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param housekeeping.resources.limits The resources limits for the Netbox housekeeping containers + ## @param housekeeping.resources.requests The requested resources for the Netbox housekeeping containers + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + resources: {} ## Configure Netbox housekeeping Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param housekeeping.podSecurityContext.enabled Enabled Netbox housekeeping pods' Security Context @@ -1357,6 +1383,7 @@ housekeeping: ## @param housekeeping.podSecurityContext.fsGroup Set Netbox housekeeping pod's Security Context fsGroup ## podSecurityContext: + enabled: true fsGroup: 1000 runAsNonRoot: true # runAsUser: 1000 @@ -1385,61 +1412,65 @@ housekeeping: drop: - ALL - # Set this to true to automatically mount the service account token in the housekeeping container + ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod + ## automountServiceAccountToken: false - ## Netbox housekeeping resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param housekeeping.resources.limits The resources limits for the Netbox housekeeping containers - ## @param housekeeping.resources.requests The requested resources for the Netbox housekeeping containers - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## requests: - ## cpu: 100m - ## memory: 128Mi + ## @param housekeeping.affinity Affinity for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `housekeeping.podAffinityPreset`, `housekeeping.podAntiAffinityPreset`, and `housekeeping.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param housekeeping.nodeSelector Node labels for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## - resources: {} - nodeSelector: {} - + ## @param housekeeping.tolerations Tolerations for Netbox housekeeping pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] - - affinity: {} - - ## Additional environment variables to set - extraEnvs: [] - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - ## Additional volumes to mount - extraVolumeMounts: [] - # - name: extra-volume - # mountPath: /run/secrets/super-secret - # readOnly: true - + ## @param housekeeping.extraVolumes Optionally specify extra list of additional volumes for the Netbox housekeeping pod(s) + ## extraVolumes: + ## - name: extra-volume + ## secret: + ## secretName: super-secret + ## extraVolumes: [] - # - name: extra-volume - # secret: - # secretName: super-secret - - ## Additional containers to be added to the NetBox pod. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest + ## @param housekeeping.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Netbox housekeeping container(s) + ## extraVolumeMounts: + ## - name: extra-volume + ## mountPath: /run/secrets/super-secret + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param housekeeping.sidecars Add additional sidecar containers to the Netbox housekeeping pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param housekeeping.initContainers Add additional init containers to the Netbox housekeeping pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] - ## Containers which are run before the NetBox containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + restartPolicy: OnFailure + schedule: '0 0 * * *' + successfulJobsHistoryLimit: 5 + suspend: false ## @section Netbox worker parameters @@ -1834,17 +1865,6 @@ worker: ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Additional containers to be added to the NetBox pod. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - - ## Containers which are run before the NetBox containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - ## Netbox worker Service configuration ## service: From 14136fea9e0d5b0743c7a298d116892d847aaa15 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 20:26:02 +0700 Subject: [PATCH 19/36] Fix serviceMonitor --- charts/netbox/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index 29adebb1..d304dec3 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -1949,7 +1949,7 @@ metrics: enabled: false ## @param metrics.serviceMonitor.port Metrics service HTTP port ## - port: http + port: http-metrics ## @param metrics.serviceMonitor.endpoints [array] The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. ## endpoints: From 42dbf9a19ccb31eea063a74057d18a8bb59482b2 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 20:28:41 +0700 Subject: [PATCH 20/36] Fix extraEnvVars --- charts/netbox/templates/cronjob.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 375efa99..fc401ea7 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -61,9 +61,9 @@ spec: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping - {{- if .Values.housekeping.extraEnvVars }} + {{- if .Values.houseekeeping.extraEnvVars }} env: - {{- include "common.tplvalues.render" (dict "value" .Values.housekeping.extraEnvVars "context" $) | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvVars "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: config From aa7660d5763e803ffb32be640c496a83397068ae Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Thu, 1 Feb 2024 20:29:00 +0700 Subject: [PATCH 21/36] Fix housekeeping extraEnvVars --- charts/netbox/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index fc401ea7..2a871018 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -61,7 +61,7 @@ spec: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping - {{- if .Values.houseekeeping.extraEnvVars }} + {{- if .Values.housekeeping.extraEnvVars }} env: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvVars "context" $) | nindent 12 }} {{- end }} From dd2e954f0b36a288b4f6eda9aa2563da1a8a030e Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 08:49:07 +0700 Subject: [PATCH 22/36] Add has as conditional --- charts/netbox/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 2a871018..0ed6eec9 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if .Values.remoteAuth.ldap.enabled }} + {{- if (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.ldap.enabled) }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py From 3b92bd1228613352f53a89b21be4962ac8fe4e7b Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 08:50:43 +0700 Subject: [PATCH 23/36] Fix has conditional --- charts/netbox/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 0ed6eec9..1d2d5665 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.ldap.enabled) }} + {{- if (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py From 5053df9a5ea0584aa9aafa474b54bc981221d979 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 08:57:06 +0700 Subject: [PATCH 24/36] Fix volume conditional --- charts/netbox/templates/cronjob.yaml | 4 ++-- charts/netbox/templates/deployment.yaml | 5 +++-- charts/netbox/templates/worker/Deployment.yaml | 6 ++++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 1d2d5665..1aed1181 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -126,7 +126,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 727c8114..65260659 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,7 +158,8 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if .Values.remoteAuth.ldap.enabled }} + # {{- if .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -286,7 +287,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index c9141be8..8220e696 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -94,7 +94,8 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if .Values.remoteAuth.ldap.enabled }} + # {{- if .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -199,7 +200,8 @@ spec: path: email_password - key: secret_key path: secret_key - {{- if .Values.remoteAuth.enabled }} + # {{- if .Values.remoteAuth.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: From 2c36812a0d31993a4a79ae7ea37a9e06d9bc2773 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 09:48:35 +0700 Subject: [PATCH 25/36] Fix Deployment EOF --- charts/netbox/templates/worker/Deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 8220e696..885523e7 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -200,8 +200,7 @@ spec: path: email_password - key: secret_key path: secret_key - # {{- if .Values.remoteAuth.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.enabled }} - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: From 051839a522f5704b99662ea69c2ad5ea75b9ecca Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 09:57:55 +0700 Subject: [PATCH 26/36] Rollback deployment --- charts/netbox/templates/cronjob.yaml | 3 +-- charts/netbox/templates/worker/Deployment.yaml | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 1aed1181..83c29f32 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -174,5 +174,4 @@ spec: affinity: {{- toYaml . | nindent 12 }} {{- end }} - -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 885523e7..dc591831 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -94,8 +94,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -204,7 +203,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (eq .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} From 7b93a1dfbe34d11f3b3f33c73474388b958ddafa Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 09:59:31 +0700 Subject: [PATCH 27/36] Fix server Deployment --- charts/netbox/templates/deployment.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 65260659..727c8114 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,8 +158,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -287,7 +286,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} From 533a22c2f87ed3c5e5001e37724c745d7da4df23 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:08:37 +0700 Subject: [PATCH 28/36] Add volume conditional --- charts/netbox/templates/deployment.yaml | 5 +++-- charts/netbox/templates/worker/Deployment.yaml | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 727c8114..65260659 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,7 +158,8 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if .Values.remoteAuth.ldap.enabled }} + # {{- if .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -286,7 +287,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (has .Values.remoteAuth.backend "netbox.authentication.LDAPBackend") .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index dc591831..536520b8 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.worker.enabled }} +{{- if .Values.worker.enabled -}} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -94,7 +94,8 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if .Values.remoteAuth.ldap.enabled }} + # {{- if .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -251,4 +252,4 @@ spec: {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file From 30b67ffb7b4f4f7db4a623f2e82266637181680e Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:11:19 +0700 Subject: [PATCH 29/36] Typo at remoteAuth.backends --- charts/netbox/templates/deployment.yaml | 4 ++-- charts/netbox/templates/worker/Deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 65260659..26612559 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -159,7 +159,7 @@ spec: subPath: configuration.py readOnly: true # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -287,7 +287,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index 536520b8..c425aa4a 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -95,7 +95,7 @@ spec: subPath: configuration.py readOnly: true # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -204,7 +204,7 @@ spec: - secret: name: {{ include "netbox.remoteAuth.secretName" . | quote }} items: - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - key: ldap_bind_password path: ldap_bind_password {{- end }} From d8e38b53b39ae49562e1d9b6bd9d54937d4f2614 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:14:32 +0700 Subject: [PATCH 30/36] Rollback worker Deployment --- charts/netbox/templates/worker/Deployment.yaml | 7 +++---- charts/netbox/values.yaml | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/netbox/templates/worker/Deployment.yaml b/charts/netbox/templates/worker/Deployment.yaml index c425aa4a..4bdaf1b9 100644 --- a/charts/netbox/templates/worker/Deployment.yaml +++ b/charts/netbox/templates/worker/Deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.worker.enabled -}} +{{- if .Values.worker.enabled }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -94,8 +94,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -252,4 +251,4 @@ spec: {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index d304dec3..bad360d4 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -678,7 +678,7 @@ remoteAuth: ## see https://django-auth-ldap.readthedocs.io ## ## When enabling LDAP support please see "Using LDAP Authentication" in README.md and - ## uncomment ALL of the configuration settings below, or your configuration will be invalid. + ## set enabled to true. ## ldap: ## @param remoteAuth.ldap.enabled Enable LDAP remote auth backend From 6035aedb6ef04010e5dce5264c6d136bcd268e16 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:16:58 +0700 Subject: [PATCH 31/36] Fix server Deployment --- charts/netbox/templates/deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 26612559..99b3aaed 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -158,8 +158,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - # {{- if .Values.remoteAuth.ldap.enabled }} - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} + {{- if .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py From 04f5eca3931aa0172ca0073051287624bc9ecc94 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:34:19 +0700 Subject: [PATCH 32/36] Add Keycloak to backends --- charts/netbox/templates/ConfigMap/netbox.yaml | 3 ++- charts/netbox/values.yaml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/netbox/templates/ConfigMap/netbox.yaml b/charts/netbox/templates/ConfigMap/netbox.yaml index ecacd229..5ee2a977 100644 --- a/charts/netbox/templates/ConfigMap/netbox.yaml +++ b/charts/netbox/templates/ConfigMap/netbox.yaml @@ -292,10 +292,11 @@ data: nginx-unit.json: |- {{- toPrettyJson .Values.overrideUnitConfig | nindent 4 }} {{- end -}} + {{- range $index, $config := .Values.extraConfig -}} {{- if $config.values }} extra-{{ $index }}.yaml: |- {{- toYaml $config.values | nindent 4 }} {{- end }} - {{ end -}} + {{- end -}} \ No newline at end of file diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index bad360d4..963159ad 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -654,6 +654,7 @@ remoteAuth: enabled: false backends: - netbox.authentication.RemoteUserBackend + - social_core.backends.keycloak.KeycloakOAuth2 header: HTTP_REMOTE_USER userFirstName: HTTP_REMOTE_USER_FIRST_NAME userLastName: HTTP_REMOTE_USER_LAST_NAME From 1bf73500ebd6beaf82759be9a241f82ee4a5dc07 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:36:29 +0700 Subject: [PATCH 33/36] Add extraVolumes to housekeeping --- charts/netbox/templates/cronjob.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 83c29f32..5dbd2c91 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -167,8 +167,8 @@ spec: persistentVolumeClaim: claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf "%s-scripts" (include "netbox.fullname" .)) }} {{- end }} - {{- with .Values.housekeeping.extraVolumes }} - {{- toYaml . | nindent 10 }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- with .Values.housekeeping.affinity }} affinity: From 411231b3cec11891af48c790e4147b43268e61e6 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:47:27 +0700 Subject: [PATCH 34/36] Update cronjob.yaml --- charts/netbox/templates/cronjob.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 5dbd2c91..7d0b79ce 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true - {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backend) .Values.remoteAuth.ldap.enabled }} + {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) .Values.remoteAuth.ldap.enabled }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py @@ -174,4 +174,4 @@ spec: affinity: {{- toYaml . | nindent 12 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} From 9ed0ef907c93fe42272aaec08c946aaea1448d41 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:58:20 +0700 Subject: [PATCH 35/36] Update README.md --- charts/netbox/README.md | 44 +++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/charts/netbox/README.md b/charts/netbox/README.md index 54ec94ef..192c8b2b 100644 --- a/charts/netbox/README.md +++ b/charts/netbox/README.md @@ -3,10 +3,8 @@ [NetBox](https://netbox.readthedocs.io/) is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. -Forked from [bootc/netbox-chart](https://github.com/bootc/netbox-chart) - **Note:** This repository was forked from [bootc/netbox-chart](https://github.com/bootc/netbox-chart) at versions -v5.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG. +v5.0.0 and up are from this fork will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG. **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/startechnica/apps/issues/new/choose)** @@ -15,10 +13,10 @@ v5.0.0 and up are from this fork and will have diverged from any changes in the ```console $ helm repo add startechnica https://startechnica.github.io/apps $ helm install netbox \ - --set postgresql.auth.postgresPassword=[password1] \ - --set postgresql.auth.password=[password2] \ - --set redis.auth.password=[password3] \ - startechnica/netbox + --set postgresql.auth.postgresPassword= \ + --set postgresql.auth.password= \ + --set redis.auth.password= \ + startechnica/netbox ``` ⚠️ **WARNING:** Please see [Production Usage](#production-usage) below before using this chart for production environment. @@ -76,9 +74,9 @@ affinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: + app.kubernetes.io/component: server app.kubernetes.io/instance: netbox app.kubernetes.io/name: netbox - app.kubernetes.io/component: netbox topologyKey: kubernetes.io/hostname ``` @@ -168,6 +166,36 @@ PostgreSQL chart was upgraded from 5.x.x to 7.x.x, and Redis from 8.x.x to The following table lists the configurable parameters for this chart and their default values. +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template with a string | `""` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `schedulerName` | Name of the Kubernetes scheduler (other than default) | `""` | +| `clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `[]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `[]` | + + +### Netbox parameters + | Parameter | Description | Default | | ------------------------------------------------|---------------------------------------------------------------------|----------------------------------------------| | `replicaCount` | The desired number of NetBox pods | `1` | From c28b5fbb780cda84247e8d2121981b0973f2a134 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Fri, 2 Feb 2024 11:03:10 +0700 Subject: [PATCH 36/36] Update version to 5.0.3 --- charts/netbox/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index b72c3eb7..22336db6 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -5,7 +5,7 @@ annotations: image: docker.io/netboxcommunity/netbox:v3.7-2.8.0 apiVersion: v2 name: netbox -version: 5.0.2 +version: 5.0.3 appVersion: v3.7.1 kubeVersion: ">=1.25.0" description: IP address management (IPAM) and data center infrastructure management (DCIM) tool @@ -36,4 +36,4 @@ dependencies: - name: st-common repository: https://startechnica.github.io/apps version: 0.x.x - alias: startechnica-common \ No newline at end of file + alias: startechnica-common