[ { "path": ".checkov.yaml", "content": "directory:\n - charts\nskip-path:\n - /\\w+/charts\nevaluate-variables: true\nframework:\n - helm\ncompact: true\nquiet: true\nsoft-fail: true\n" }, { "path": ".editorconfig", "content": "# editorconfig.org\n\nroot = true\n\n[*]\ncharset = utf-8\nindent_style = space\nindent_size = 2\nend_of_line = lf\ninsert_final_newline = true\ntrim_trailing_whitespace = true\n\n[*.py]\nindent_size = 4\n\n[*.md]\ntrim_trailing_whitespace = false\n" }, { "path": ".flake8", "content": "[flake8]\nmax-line-length = 100\nextend-ignore = E203, W503\nper-file-ignores =\n charts/netbox/files/*:E131,E251,E266,E302,E305,E501,E722,F821\n" }, { "path": ".gitattributes", "content": "# https://git-scm.com/docs/gitattributes\n\n# Auto detect text files and perform LF normalization\n* text=auto eol=lf\n\n# Collapse generated and vendored files on GitHub\n*.lock linguist-generated=true merge=ours\n\n# Reduce conflicts on markdown files\n*.md merge=union\n" }, { "path": ".github/FUNDING.yml", "content": "# https://docs.github.com/articles/displaying-a-sponsor-button-in-your-repository\n\ngithub:\n - RangerRick\n - LeoColomb\n" }, { "path": ".github/ISSUE_TEMPLATE/bug_report.yml", "content": "name: 🐛 Bug Report\ndescription: Create a report about a malfunction of the Helm chart setup\nlabels:\n - bug\nbody:\n - type: markdown\n attributes:\n value: |\n > [!NOTE]\n > This form is only for reporting _reproducible bugs_ in a current NetBox\n > installation **using its Helm chart**.\n > If you're looking for assistance with using NetBox, please visit our\n > [discussion forum](https://github.com/netbox-community/netbox/discussions) instead.\n\n > [!TIP]\n > Please don't open an issue to open a PR. Just submit the PR, that's good enough.\n - type: input\n id: chart-version\n attributes:\n label: The Helm chart version\n description: What version of the Helm chart are you running?\n placeholder: netbox-5.0.0\n validations:\n required: true\n - type: textarea\n id: context-version\n attributes:\n label: Environment Versions\n description: What version of relevant tools are you using?\n render: text\n placeholder: |\n Kubernetes: 1.31\n Helm: 3.12\n FluxCD: 1.0\n validations:\n required: true\n - type: textarea\n id: chart-values-yml\n attributes:\n label: Custom chart values\n description: Please provide your custom values (`values.yaml`)\n render: yaml\n placeholder: |\n remoteAuth:\n enabled: true\n backends:\n - netbox.authentication.RemoteUserBackend\n ingress:\n enabled: true\n validations:\n required: true\n - type: textarea\n id: current-behavior\n attributes:\n label: Current Behavior & Steps to Reproduce\n description: Please describe what you did and how you think it misbehaved\n placeholder: I tried to … by doing …, but it …\n validations:\n required: true\n - type: textarea\n id: expected-behavior\n attributes:\n label: Expected Behavior\n description: What did you expect to happen?\n placeholder: I expected that … when I do …\n validations:\n required: true\n - type: textarea\n id: netbox-logs\n attributes:\n label: NetBox Logs\n description: Please paste the output of the deploy Pod logs\n render: text\n placeholder: |\n netbox_1 | ⚙️ Applying database migrations\n netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py'\n netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py'\n netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py'\n netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py'\n netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py'\n ...\n validations:\n required: false\n" }, { "path": ".github/ISSUE_TEMPLATE/config.yml", "content": "# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser\nblank_issues_enabled: false\ncontact_links:\n - name: ❓ Question\n url: https://github.com/netbox-community/netbox/discussions\n about: The Github Discussions are the right place to ask questions about how to use or do certain things with NetBox.\n - name: 💬 Community Slack\n url: https://netdev.chat\n about: \"Join #netbox-chart on the NetDev Community Slack for assistance with installation issues and other problems.\"\n" }, { "path": ".github/ISSUE_TEMPLATE/feature_request.yml", "content": "name: ✨ Feature Request\ndescription: Propose a new NetBox feature or enhancement\nlabels:\n - enhancement\nbody:\n - type: markdown\n attributes:\n value: |\n > [!NOTE]\n > This form is only for submitting well-formed proposals to extend or modify\n > NetBox **Helm charts** in some way.\n > If you're trying to solve a problem but can't figure out how, or if\n > you still need time to work on the details of a proposed new feature, please start a\n > [discussion](https://github.com/netbox-community/netbox/discussions) instead.\n - type: textarea\n attributes:\n label: Proposed functionality\n description: |\n Describe in detail the new feature or behavior you are proposing. Include any specific changes\n to work flows, data models, and/or the user interface. The more detail you provide here, the\n greater chance your proposal has of being discussed. Feature requests which don't include an\n actionable implementation plan will be rejected.\n validations:\n required: true\n - type: textarea\n attributes:\n label: Use case\n description: |\n Explain how adding this functionality would benefit NetBox users when using its Helm chart.\n What need does it address?\n validations:\n required: true\n" }, { "path": ".github/dependabot.yml", "content": "# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file\n\nversion: 2\nupdates:\n - package-ecosystem: github-actions\n directory: \"/\"\n schedule:\n interval: daily\n" }, { "path": ".github/renovate.json", "content": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\n \"config:recommended\",\n \":configMigration\",\n \":disableDependencyDashboard\",\n \"customManagers:helmChartYamlAppVersions\"\n ],\n \"labels\": [\"dependencies\"],\n \"rangeStrategy\": \"bump\",\n \"packageRules\": [\n {\n \"matchManagers\": [\"helmv3\"],\n \"versioning\": \"helm\"\n },\n {\n \"matchFileNames\": [\"charts/**\"],\n \"bumpVersions\": [\n {\n \"filePatterns\": [\"{{packageFileDir}}/Chart.{yaml,yml}\"],\n \"matchStrings\": [\"version:\\\\s(?[^\\\\s]+)\"],\n \"bumpType\": \"{{#if isMajor}}minor{{else}}patch{{/if}}\"\n }\n ]\n },\n {\n \"matchUpdateTypes\": [\"!major\"],\n \"automerge\": true\n }\n ],\n \"kubernetes\": {\n \"managerFilePatterns\": [\"/^charts/.+\\\\.ya?ml$/\"]\n },\n \"github-actions\": {\n \"enabled\": false\n }\n}\n" }, { "path": ".github/workflows/analysis.yml", "content": "# https://docs.github.com/actions\n\nname: Analysis\n\non:\n push:\n branches:\n - main\n pull_request:\n branches:\n - main\n schedule:\n - cron: \"43 2 * * 6\"\n workflow_dispatch:\n\njobs:\n checkov:\n name: Checkov\n runs-on: ubuntu-latest\n permissions:\n actions: read\n contents: read\n security-events: write\n steps:\n - uses: actions/checkout@v6.0.2\n\n - name: Run Checkov scanner\n id: checkov\n uses: bridgecrewio/checkov-action@master\n\n - name: Upload scan results to GitHub Security tab\n uses: github/codeql-action/upload-sarif@v4\n with:\n sarif_file: results.sarif\n" }, { "path": ".github/workflows/auto-merge.yml", "content": "# https://docs.github.com/actions\n\nname: Auto-merge\n\non:\n pull_request_target:\n workflow_call:\n\npermissions:\n pull-requests: write\n contents: write\n\njobs:\n dependabot:\n name: Dependabot\n runs-on: ubuntu-latest\n if: ${{ github.actor == 'dependabot[bot]' }}\n steps:\n - name: Dependabot metadata\n id: dependabot-metadata\n uses: dependabot/fetch-metadata@v3.1.0\n\n - name: Approve a PR\n if: steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major'\n run: gh pr review --approve \"$PR_URL\"\n env:\n PR_URL: ${{ github.event.pull_request.html_url }}\n GITHUB_TOKEN: ${{ github.token }}\n\n - name: Enable auto-merge for Dependabot PRs\n run: gh pr merge --auto --rebase \"$PR_URL\"\n env:\n PR_URL: ${{ github.event.pull_request.html_url }}\n GITHUB_TOKEN: ${{ github.token }}\n" }, { "path": ".github/workflows/ci.yml", "content": "# yamllint disable rule:document-start\n# https://docs.github.com/actions\n\nname: CI\n\non:\n push:\n branches:\n - main\n pull_request:\n branches:\n - main\n\njobs:\n prepare:\n name: Prepare\n runs-on: ubuntu-latest\n outputs:\n changed: ${{ steps.list-changed.outputs.changed }}\n steps:\n - name: Checkout\n uses: actions/checkout@v6.0.2\n with:\n fetch-depth: 0\n\n - name: Set up chart-testing\n uses: helm/chart-testing-action@v2.8.0\n\n - name: Run chart-testing (list-changed)\n id: list-changed\n run: |\n changed=$(ct list-changed --config config.yaml)\n if [[ -n \"$changed\" ]]; then\n echo \"changed=true\" >> \"$GITHUB_OUTPUT\"\n fi\n\n test:\n name: Test\n if: needs.prepare.outputs.changed == 'true'\n needs:\n - prepare\n uses: ./.github/workflows/test.yml\n with:\n action-matrix: '[\"lint-and-install\", \"install --upgrade\"]'\n secrets: inherit\n\n results:\n name: Status\n if: always()\n runs-on: ubuntu-latest\n needs:\n - prepare\n - test\n steps:\n - run: exit 1\n if: >-\n ${{\n contains(needs.*.result, 'failure') ||\n contains(needs.*.result, 'cancelled')\n }}\n\n release:\n name: Release\n if: github.ref == 'refs/heads/main'\n uses: ./.github/workflows/release.yml\n permissions:\n contents: write\n packages: write\n id-token: write\n secrets:\n GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}\n GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}\n" }, { "path": ".github/workflows/lint.yml", "content": "# https://docs.github.com/actions\n\nname: Lint Code Base\n\non:\n push:\n branches-ignore: [main]\n pull_request:\n branches: [main]\n\npermissions:\n contents: read\n packages: read\n statuses: write\n\njobs:\n build:\n name: Lint Code Base\n runs-on: ubuntu-latest\n steps:\n - name: Checkout Code\n uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1\n with:\n fetch-depth: 0\n persist-credentials: false\n\n - name: Lint Code Base\n uses: super-linter/super-linter/slim@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0\n env:\n VALIDATE_ALL_CODEBASE: false\n DEFAULT_BRANCH: main\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n FIX_MARKDOWN_PRETTIER: false\n VALIDATE_BIOME_FORMAT: false\n VALIDATE_MARKDOWN_PRETTIER: false\n VALIDATE_JSCPD: false\n VALIDATE_PYTHON_MYPY: false\n VALIDATE_PYTHON_PYINK: false\n FILTER_REGEX_EXCLUDE: charts/[^/]+/[^/]+/.*\\.yaml\n LINTER_RULES_PATH: /\n PYTHON_BLACK_CONFIG_FILE: pyproject.toml\n PYTHON_PYLINT_CONFIG_FILE: pyproject.toml\n PYTHON_ISORT_CONFIG_FILE: pyproject.toml\n PYTHON_RUFF_CONFIG_FILE: pyproject.toml\n" }, { "path": ".github/workflows/release.yml", "content": "# yamllint disable rule:document-start\n# https://docs.github.com/actions\n\nname: Release\n\non:\n workflow_call:\n secrets:\n GPG_KEY_BASE64:\n required: true\n description: GPG key for signing\n GPG_PASSPHRASE:\n required: true\n description: passphrase for the signing key\n\njobs:\n publish:\n name: Publish\n runs-on: ubuntu-latest\n permissions:\n contents: write\n packages: write\n id-token: write\n steps:\n - name: Checkout\n uses: actions/checkout@v6.0.2\n with:\n fetch-depth: 0\n\n - name: Configure Git\n run: |\n git config user.name \"$GITHUB_ACTOR\"\n git config user.email \"$GITHUB_ACTOR@users.noreply.github.com\"\n\n - name: Prepare GPG key\n run: |\n gpg_dir=\"${HOME}/.cr-gpg\"\n mkdir \"$gpg_dir\"\n keyring=\"$gpg_dir/secring.gpg\"\n base64 -d <<< \"$GPG_KEY_BASE64\" > \"$keyring\"\n passphrase_file=\"$gpg_dir/passphrase\"\n echo \"$GPG_PASSPHRASE\" > \"$passphrase_file\"\n echo \"CR_PASSPHRASE_FILE=$passphrase_file\" >> \"$GITHUB_ENV\"\n echo \"CR_KEYRING=$keyring\" >> \"$GITHUB_ENV\"\n echo \"GNUPGHOME=${gpg_dir}\"\n env:\n GPG_KEY_BASE64: \"${{ secrets.GPG_KEY_BASE64 }}\"\n GPG_PASSPHRASE: \"${{ secrets.GPG_PASSPHRASE }}\"\n\n - name: Install Helm\n uses: azure/setup-helm@v5.0.0\n\n - name: Add Helm repos\n run: helm repo add bitnami https://charts.bitnami.com/bitnami\n\n - name: Run chart-releaser\n uses: helm/chart-releaser-action@v1.7.0\n with:\n config: config.yaml\n env:\n CR_TOKEN: \"${{ secrets.GITHUB_TOKEN }}\"\n\n - name: Login to GitHub Container Registry\n uses: docker/login-action@v4\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Push charts to GitHub Container Registry\n run: |\n shopt -s nullglob\n for pkg in .cr-release-packages/*.tgz; do\n if [ -z \"${pkg:-}\" ]; then\n break\n fi\n helm push \"${pkg}\" \"oci://ghcr.io/${GITHUB_REPOSITORY@L}\"\n done\n" }, { "path": ".github/workflows/test.yml", "content": "# yamllint disable rule:document-start\n# https://docs.github.com/actions\n\nname: Test\n\non:\n workflow_call:\n inputs:\n action-matrix:\n required: false\n default: '[\"install\"]'\n type: string\n description: Matrix of actions to run\n\njobs:\n ct:\n name: Run chart-testing\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n action: ${{ fromJSON(inputs.action-matrix) }}\n steps:\n - name: Checkout\n uses: actions/checkout@v6.0.2\n with:\n fetch-depth: 0\n\n - name: Set up Helm\n uses: azure/setup-helm@v5.0.0\n\n - uses: actions/setup-python@v6\n if: startsWith(matrix.action, 'lint')\n with:\n python-version: 3.x\n\n - name: Set up chart-testing\n uses: helm/chart-testing-action@v2.8.0\n\n - name: Create kind cluster\n uses: helm/kind-action@v1.14.0\n if: contains(matrix.action, 'install')\n\n - name: Run chart-testing (${{ matrix.action }})\n run: ct ${{ matrix.action }} --config config.yaml --debug --helm-extra-set-args=\"$CT_HELM_EXTRA_SET_ARGS\"\n env:\n CT_HELM_EXTRA_SET_ARGS: --set=host=${{ secrets.NETBOX_URL }} --set=auth.apiToken=${{ secrets.NETBOX_TOKEN }}\n" }, { "path": ".gitignore", "content": "# https://git-scm.com/docs/gitignore\n\n# General files\npkg/*\n*.pyc\n.project\n/.bin\n/_test/secrets/*.json\n\n# macOS\n._*\n.DS_Store\n\n# Editors and IDE\n.idea/\n.vscode/\n*.swp\n*.swo\n\n# Emacs save files\n*~\n\\#*\\#\n.\\#*\n\n# Vim-related files\n[._]*.s[a-w][a-z]\n[._]s[a-w][a-z]\n*.un~\nSession.vim\n.netrwhist\n\n# Releases\ndist/\n\n# Chart dependencies\n**/charts/*.tgz\nvalues-*.yaml\n.history\n/public\n" }, { "path": ".markdownlint.yaml", "content": "default: true\nMD013: false\nMD031: false\nMD060: false\n" }, { "path": "LICENSE", "content": "\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n" }, { "path": "README.md", "content": "# Netbox Helm Charts\n\n> The official [Helm](https://helm.sh) charts repository for [Netbox](https://netbox.dev).\n\n[![Build Status](https://github.com/netbox-community/netbox-chart/actions/workflows/ci.yml/badge.svg)](https://github.com/netbox-community/netbox-chart/actions/workflows/ci.yml)\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/netbox)](https://artifacthub.io/packages/search?repo=netbox)\n\n## About\n\nThis Git repository houses the official Helm charts for Netbox.\n\nDo you have any questions?\nBefore opening an issue on GitHub, please join [our Slack](https://netdev.chat/)\nand ask for help in the [`#netbox-chart`](https://netdev-community.slack.com/archives/C01Q6B100R2) channel.\n\n| Chart | Version |\n| :-------------------------------------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |\n| [`netbox/netbox`](charts/netbox/) | [![Chart Version](https://img.shields.io/badge/dynamic/json?label=netbox&query=version&url=https%3A%2F%2Fartifacthub.io%2Fapi%2Fv1%2Fpackages%2Fhelm%2Fnetbox%2Fnetbox)](https://artifacthub.io/packages/helm/netbox/netbox) |\n| [`netbox/netbox-operator`](charts/netbox-operator/) | [![Chart Version](https://img.shields.io/badge/dynamic/json?label=netbox-operator&query=version&url=https%3A%2F%2Fartifacthub.io%2Fapi%2Fv1%2Fpackages%2Fhelm%2Fnetbox%2Fnetbox-operator)](https://artifacthub.io/packages/helm/netbox/netbox-operator) |\n\n## Quickstart\n\n```shell\nhelm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox\n```\n\nSee docs on your preferred sources:\n\n- [Charts docs on Artifact Hub](https://artifacthub.io/packages/search?org=netbox)\n- [Charts respective readmes](charts)\n- [Charts discovery](https://helm.sh/docs/helm/helm_search/)\n ```sh\n helm search hub netbox\n ```\n- [Charts repository](https://helm.sh/docs/helm/helm_repo/)\n ```sh\n helm repo add netbox https://charts.netbox.oss.netboxlabs.com/\n ```\n\n## License\n\nThis project is licensed under [Apache License, Version 2.0](LICENSE).\n" }, { "path": "charts/netbox/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n\n# OWNERS file for Kubernetes\nOWNERS\n# example production yaml\nvalues-production.yaml\n# ci files\nci/\n# docs files\ndocs/\n" }, { "path": "charts/netbox/Chart.yaml", "content": "apiVersion: v2\nname: netbox\nversion: 8.2.7\n# renovate: image=ghcr.io/netbox-community/netbox\nappVersion: \"v4.6.0\"\ntype: application\nkubeVersion: ^1.25.0-0\ndescription: IP address management (IPAM) and data center infrastructure management (DCIM) tool\nhome: https://netbox.dev/\nicon: https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg\nsources:\n - https://github.com/netbox-community/netbox-chart\n - https://github.com/netbox-community/netbox\nmaintainers:\n - name: netbox-community\n url: https://github.com/netbox-community\n - name: bootc\n url: https://github.com/bootc\ndependencies:\n - name: common\n repository: oci://registry-1.docker.io/bitnamicharts\n version: ^2.38.0\n tags:\n - bitnami-common\n - name: postgresql\n version: ^18.6.3\n repository: oci://registry-1.docker.io/bitnamicharts\n condition: postgresql.enabled\n - name: valkey\n version: ^5.6.1\n repository: oci://registry-1.docker.io/bitnamicharts\n condition: valkey.enabled\nannotations:\n artifacthub.io/images: |\n - name: netbox\n image: ghcr.io/netbox-community/netbox:v4.6.0\n - name: busybox\n image: docker.io/busybox:1.37.0\n - name: kubectl\n image: docker.io/rancher/kubectl:v1.36.0\n artifacthub.io/license: Apache-2.0\n artifacthub.io/links: |\n - name: Upstream Project\n url: https://github.com/netbox-community/netbox\n artifacthub.io/changes: |\n - kind: changed\n description: New release\n links:\n - name: Changelog on GitHub Releases\n url: https://github.com/netbox-community/netbox-chart/releases?q=netbox-\n" }, { "path": "charts/netbox/README.md", "content": "# NetBox\n\n[NetBox](https://netbox.dev) is an IP address management (IPAM) and\ndata center infrastructure management (DCIM) tool.\n\n## TL;DR\n\n```shell\nhelm install netbox oci://ghcr.io/netbox-community/netbox-chart/netbox\n```\n\n> [!tip]\n> Please see [Production Considerations](docs/prod.md) guide before using this chart for real.\n\n## Prerequisites\n\n- Kubernetes [1.25+](https://kubernetes.io/releases/)\n- Helm [3.10+](https://helm.sh/docs/topics/version_skew/)\n\n## Installing the Chart\n\nTo install the chart with the release name `my-release` and default configuration:\n\n```shell\nhelm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox\n```\n\n## Documentation\n\n- [Production Considerations](docs/prod.md)\n- [Authentication Options](docs/auth.md)\n- [Extra Configuration](docs/extra.md)\n- [Migration Guide](docs/migrate.md)\n\n## Configuration\n\nThe following table lists the configurable parameters for this chart and their default values.\n\n\n\n| Parameter | Description | Default |\n| ------------------------------------------------|---------------------------------------------------------------------|----------------------------------------------|\n| `global.imageRegistry` | Netbox and subchart image registry for pulling container images | `\"\"` |\n| `global.imagePullSecrets` | Netbox and subchart registry secret names as an array | `[]` |\n| `global.storageClass` | Netbox and subchart default StorageClass for Persistent Volume(s) | `\"\"` |\n| `replicaCount` | The desired number of NetBox pods | `1` |\n| `image.registry` | NetBox container image registry | `ghcr.io` |\n| `image.repository` | NetBox container image repository | `netboxcommunity/netbox` |\n| `image.tag` | NetBox container image tag | `\"\"` |\n| `image.pullPolicy` | NetBox container image pull policy | `IfNotPresent` |\n| `superuser.name` | Initial super-user account to create | `admin` |\n| `superuser.email` | Email address for the initial super-user account | `admin@example.com` |\n| `superuser.password` | Password for the initial super-user account | `admin` |\n| `superuser.apiToken` | API token created for the initial super-user account | `0123456789abcdef0123456789abcdef01234567` |\n| `superuser.existingSecret` | Use an existing Kubernetes `Secret` for secret values | `\"\"` |\n| `allowedHosts` | List of valid FQDNs for this NetBox instance | `[\"*\"]` |\n| `admins` | List of admins to email about critical errors | `[]` |\n| `allowTokenRetrieval` | Permit the retrieval of API tokens after their creation | `false` |\n| `authPasswordValidators` | Configure validation of local user account passwords | `[]` |\n| `allowedUrlSchemes` | URL schemes that are allowed within links in NetBox | *see `values.yaml`* |\n| `banner.top` | Banner text to display at the top of every page | `\"\"` |\n| `banner.bottom` | Banner text to display at the bottom of every page | `\"\"` |\n| `banner.login` | Banner text to display on the login page | `\"\"` |\n| `basePath` | Base URL path if accessing NetBox within a directory | `\"\"` |\n| `changelogRetention` | Maximum number of days to retain logged changes (0 = forever) | `90` |\n| `customValidators` | Custom validators for NetBox field values | `{}` |\n| `defaultUserPreferences` | Default preferences for newly created user accounts | `{}` |\n| `cors.originAllowAll` | [CORS]: allow all origins | `false` |\n| `cors.originWhitelist` | [CORS]: list of origins authorised to make cross-site HTTP requests | `[]` |\n| `cors.originRegexWhitelist` | [CORS]: list of regular expression matching authorised origins | `[]` |\n| `csrf.cookieName` | Name of the CSRF authentication cookie | `csrftoken` |\n| `csrf.trustedOrigins` | A list of trusted origins for unsafe (e.g. POST) requests | `[]` |\n| `dataUploadMaxMemorySize` | The maximum size (in bytes) of an incoming HTTP request | `2621440` |\n| `debug` | Enable NetBox debugging (NOT for production use) | `false` |\n| `defaultLanguage` | Set the default preferred language/locale | `en-us` |\n| `dbWaitDebug` | Show details of errors that occur when applying migrations | `false` |\n| `email.server` | SMTP server to use to send emails | `localhost` |\n| `email.port` | TCP port to connect to the SMTP server on | `25` |\n| `email.username` | Optional username for SMTP authentication | `\"\"` |\n| `email.password` | Password for SMTP authentication (see also `existingSecret`) | `\"\"` |\n| `email.useSSL` | Use SSL when connecting to the server | `false` |\n| `email.useTLS` | Use TLS when connecting to the server | `false` |\n| `email.sslCertFile` | SMTP SSL certificate file path (e.g. in a mounted volume) | `\"\"` |\n| `email.sslKeyFile` | SMTP SSL key file path (e.g. in a mounted volume) | `\"\"` |\n| `email.timeout` | Timeout for SMTP connections, in seconds | `10` |\n| `email.from` | Sender address for emails sent by NetBox | `\"\"` |\n| `enforceGlobalUnique` | Enforce unique IP space in the global table (not in a VRF) | `true` |\n| `exemptViewPermissions` | A list of models to exempt from the enforcement of view permissions | `[]` |\n| `fieldChoices` | Configure custom choices for certain built-in fields | `{}` |\n| `fileUploadMaxMemorySize` | The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem | `2621440` |\n| `graphQlEnabled` | Enable the GraphQL API | `true` |\n| `httpProxies` | HTTP proxies NetBox should use when sending outbound HTTP requests | `null` |\n| `internalIPs` | IP addresses recognized as internal to the system | `['127.0.0.1', '::1']` |\n| `jobRetention` | The number of days to retain job results (scripts and reports) | `90` |\n| `logging` | Custom Django logging configuration | `{}` |\n| `loginPersistence` | Enables users to remain authenticated to NetBox indefinitely | `false` |\n| `loginRequired` | Permit only logged-in users to access NetBox | `false` (unauthenticated read-only access) |\n| `loginTimeout` | How often to re-authenticate users | `1209600` (14 days) |\n| `logoutRedirectUrl` | View name or URL to which users are redirected after logging out | `home` |\n| `maintenanceMode` | Display a \"maintenance mode\" banner on every page | `false` |\n| `mapsUrl` | The URL to use when mapping physical addresses or GPS coordinates | `https://maps.google.com/?q=` |\n| `maxPageSize` | Maximum number of objects that can be returned by a single API call | `1000` |\n| `storages` | `django-storages` backends configuration | `{}` |\n| `paginateCount` | The default number of objects to display per page in the web UI | `50` |\n| `plugins` | Additional plugins to load into NetBox | `[]` |\n| `pluginsConfig` | Configuration for the additional plugins | `{}` |\n| `powerFeedDefaultAmperage` | Default amperage value for new power feeds | `15` |\n| `powerFeedMaxUtilisation` | Default maximum utilisation percentage for new power feeds | `80` |\n| `powerFeedDefaultVoltage` | Default voltage value for new power feeds | `120` |\n| `preferIPv4` | Prefer devices' IPv4 address when determining their primary address | `false` |\n| `rackElevationDefaultUnitHeight` | Rack elevation default height in pixels | `22` |\n| `rackElevationDefaultUnitWidth` | Rack elevation default width in pixels | `220` |\n| `remoteAuth.enabled` | Enable remote authentication support | `false` |\n| `remoteAuth.backends` | Remote authentication backend classes | `[netbox.authentication.RemoteUserBackend]` |\n| `remoteAuth.header` | The name of the HTTP header which conveys the username | `HTTP_REMOTE_USER` |\n| `remoteAuth.userFirstName` | HTTP header which contains the user's first name | `HTTP_REMOTE_USER_FIRST_NAME` |\n| `remoteAuth.userLastName` | HTTP header which contains the user's last name | `HTTP_REMOTE_USER_LAST_NAME` |\n| `remoteAuth.userEmail` | HTTP header which contains the user's email address | `HTTP_REMOTE_USER_EMAIL` |\n| `remoteAuth.autoCreateUser` | Enables the automatic creation of new users | `false` |\n| `remoteAuth.autoCreateGroups` | Enables the automatic creation of new groups | `false` |\n| `remoteAuth.defaultGroups` | A list of groups to assign to newly created users | `[]` |\n| `remoteAuth.defaultPermissions` | A list of permissions to assign newly created users | `{}` |\n| `remoteAuth.groupSyncEnabled` | Sync remote user groups from an HTTP header set by a reverse proxy | `false` |\n| `remoteAuth.groupHeader` | The name of the HTTP header which conveys the groups to which the user belongs | `HTTP_REMOTE_USER_GROUP` |\n| `remoteAuth.superuserGroups` | The list of groups that promote an remote User to Superuser on login| `[]` |\n| `remoteAuth.superusers` | The list of users that get promoted to Superuser on login | `[]` |\n| `remoteAuth.staffGroups` | The list of groups that promote an remote User to Staff on login | `[]` |\n| `remoteAuth.staffUsers` | The list of users that get promoted to Staff on login | `[]` |\n| `remoteAuth.groupSeparator` | The Seperator upon which `remoteAuth.groupHeader` gets split into individual groups | `\\|` |\n| `remoteAuth.ldap.serverUri` | see [django-auth-ldap](https://django-auth-ldap.readthedocs.io) | `\"\"` |\n| `remoteAuth.ldap.startTls` | if StarTLS should be used | *see values.yaml* |\n| `remoteAuth.ldap.ignoreCertErrors` | if Certificate errors should be ignored | *see values.yaml* |\n| `remoteAuth.ldap.caCertDir` | CA certificate directory | *see auth.md* |\n| `remoteAuth.ldap.caCertData` | CA certificate data | *see auth.md* |\n| `remoteAuth.ldap.bindDn` | Distinguished Name to bind with | `\"\"` |\n| `remoteAuth.ldap.bindPassword` | Password for bind DN | `\"\"` |\n| `remoteAuth.ldap.userDnTemplate` | see [AUTH_LDAP_USER_DN_TEMPLATE](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-dn-template) | *see values.yaml* |\n| `remoteAuth.ldap.userSearchBaseDn` | see base_dn of [django_auth_ldap.config.LDAPSearch](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#django_auth_ldap.config.LDAPSearch) | *see values.yaml* |\n| `remoteAuth.ldap.userSearchAttr` | User attribute name for user search | `sAMAccountName` |\n| `remoteAuth.ldap.groupSearchBaseDn` | base DN for group search | *see values.yaml* |\n| `remoteAuth.ldap.groupSearchClass` | [django-auth-ldap](https://django-auth-ldap.readthedocs.io) for group search | `group` |\n| `remoteAuth.ldap.groupType` | see [AUTH_LDAP_GROUP_TYPE](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-group-type) | `GroupOfNamesType` |\n| `remoteAuth.ldap.requireGroupDn` | DN of a group that is required for login | `null` |\n| `remoteAuth.ldap.findGroupPerms` | see [AUTH_LDAP_FIND_GROUP_PERMS](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-find-group-perms) | true |\n| `remoteAuth.ldap.mirrorGroups` | see [AUTH_LDAP_MIRROR_GROUPS](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-mirror-groups) | `null` |\n| `remoteAuth.ldap.cacheTimeout` | see [AUTH_LDAP_MIRROR_GROUPS_EXCEPT](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-mirror-groups-except) | `null` |\n| `remoteAuth.ldap.isAdminDn` | required DN to be able to login in Admin-Backend, \"is_staff\"-Attribute of [AUTH_LDAP_USER_FLAGS_BY_GROUP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-flags-by-group) | *see values.yaml* |\n| `remoteAuth.ldap.isSuperUserDn` | required DN to receive SuperUser privileges, \"is_superuser\"-Attribute of [AUTH_LDAP_USER_FLAGS_BY_GROUP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-flags-by-group) | *see values.yaml* |\n| `remoteAuth.ldap.attrFirstName` | first name attribute of users, \"first_name\"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `givenName` |\n| `remoteAuth.ldap.attrLastName` | last name attribute of users, \"last_name\"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `sn` |\n| `remoteAuth.ldap.attrMail` | mail attribute of users, \"email_name\"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `mail` |\n| `releaseCheck.url` | Release check URL (GitHub API URL; see `values.yaml`) | `null` (disabled by default) |\n| `rqDefaultTimeout` | Maximum execution time for background tasks, in seconds | `300` (5 minutes) |\n| `sessionCookieName` | The name to use for the session cookie | `\"sessionid\"` |\n| `enableLocalization` | Localization | `false` |\n| `timeZone` | The time zone NetBox will use when dealing with dates and times | `UTC` |\n| `dateFormat` | Django date format for long-form date strings | `\"N j, Y\"` |\n| `shortDateFormat` | Django date format for short-form date strings | `\"Y-m-d\"` |\n| `timeFormat` | Django date format for long-form time strings | `\"g:i a\"` |\n| `metrics.granian.enabled` | Enable Granian metrics | `true` |\n| `metrics.granian.serviceMonitor.enabled` | Whether to enable a [ServiceMonitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) for Granian metrics | `false` |\n| `metrics.granian.serviceMonitor.additionalLabels`| Additonal labels to apply to the ServiceMonitor | `{}` |\n| `metrics.granian.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions | `false` |\n| `metrics.granian.serviceMonitor.interval` | Interval at which metrics should be scraped | `\"\"` |\n| `metrics.granian.serviceMonitor.scrapeTimeout` | Timeout duration for scraping metrics | `\"\"` |\n| `metrics.granian.serviceMonitor.metricRelabelings`| Specify additional relabeling of metrics | `[]` |\n| `metrics.granian.serviceMonitor.relabelings` | Specify general relabeling | `[]` |\n| `metrics.granian.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |\n| `metrics.enabled` | Expose Prometheus metrics at the `/metrics` HTTP endpoint | `false` |\n| `metrics.serviceMonitor.enabled` | Whether to enable a [ServiceMonitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) for Netbox | `false` |\n| `metrics.serviceMonitor.additionalLabels` | Additonal labels to apply to the ServiceMonitor | `{}` |\n| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions | `false` |\n| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `\"\"` |\n| `metrics.serviceMonitor.scrapeTimeout` | Timeout duration for scraping metrics | `\"\"` |\n| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |\n| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |\n| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |\n| `shortTimeFormat` | Django date format for short-form time strings | `\"H:i:s\"` |\n| `dateTimeFormat` | Django date format for long-form date and time strings | `\"N j, Y g:i a\"` |\n| `shortDateTimeFormat` | Django date format for short-form date and time strongs | `\"Y-m-d H:i\"` |\n| `extraConfig` | Additional NetBox configuration (see `values.yaml`) | `[]` |\n| `secretKey` | Django secret key used for sessions and password reset tokens | `\"\"` (generated) |\n| `existingSecret` | Use an existing Kubernetes `Secret` for secret values (see below) | `\"\"` (use individual chart values) |\n| `postgresql.enabled` | Deploy PostgreSQL using bundled Bitnami PostgreSQL chart | `true` |\n| `postgresql.auth.username` | Username to create for NetBox in bundled PostgreSQL instance | `netbox` |\n| `postgresql.auth.database` | Database to create for NetBox in bundled PostgreSQL instance | `netbox` |\n| `postgresql.*` | Values under this key are passed to the bundled PostgreSQL chart | n/a |\n| `externalDatabase.host` | PostgreSQL host to use when `postgresql.enabled` is `false` | `localhost` |\n| `externalDatabase.port` | Port number for external PostgreSQL | `5432` |\n| `externalDatabase.database` | Database name for external PostgreSQL | `netbox` |\n| `externalDatabase.username` | Username for external PostgreSQL | `netbox` |\n| `externalDatabase.password` | Password for external PostgreSQL (see also `existingSecret`) | `\"\"` |\n| `externalDatabase.existingSecretName` | Fetch password for external PostgreSQL from a different `Secret` | `\"\"` |\n| `externalDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `postgresql-password` |\n| `externalDatabase.connMaxAge` | The lifetime of a database connection, as an integer of seconds | `300` |\n| `externalDatabase.disableServerSideCursors` | Disable the use of server-side cursors transaction pooling | `false` |\n| `externalDatabase.options` | Additional PostgreSQL client parameters | `{}` |\n| `valkey.enabled` | Deploy Valkey using bundled Bitnami Valkey chart | `true` |\n| `valkey.*` | Values under this key are passed to the bundled Valkey chart | n/a |\n| `tasksDatabase.database` | KV database number used for NetBox task queue | `0` |\n| `tasksDatabase.ssl` | Enable SSL when connecting to KV | `false` |\n| `tasksDatabase.insecureSkipTlsVerify` | Skip TLS certificate verification when connecting to KV | `false` |\n| `tasksDatabase.caCertPath` | Path to CA certificates bundle for KV (needs mounting manually) | `\"\"` |\n| `tasksDatabase.host` | KV host to use when `valkey.enabled` is `false` | `\"netbox-kv\"` |\n| `tasksDatabase.port` | Port number for external KV | `6379` |\n| `tasksDatabase.sentinels` | List of sentinels in `host:port` form (`host` and `port` not used) | `[]` |\n| `tasksDatabase.sentinelService` | Sentinel master service name | `\"netbox-kv\"` |\n| `tasksDatabase.sentinelTimeout` | Sentinel connection timeout, in seconds | `300` (5 minutes) |\n| `tasksDatabase.username` | Username for external KV | `\"\"` |\n| `tasksDatabase.password` | Password for external KV (see also `existingSecret`) | `\"\"` |\n| `tasksDatabase.existingSecretName` | Fetch password for external KV from a different `Secret` | `\"\"` |\n| `tasksDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `tasks-password` |\n| `cachingDatabase.database` | KV database number used for caching views | `1` |\n| `cachingDatabase.ssl` | Enable SSL when connecting to KV | `false` |\n| `cachingDatabase.insecureSkipTlsVerify` | Skip TLS certificate verification when connecting to KV | `false` |\n| `cachingDatabase.caCertPath` | Path to CA certificates bundle for KV (needs mounting manually) | `\"\"` |\n| `cachingDatabase.host` | KV host to use when `valkey.enabled` is `false` | `\"netbox-kv\"` |\n| `cachingDatabase.port` | Port number for external KV | `6379` |\n| `cachingDatabase.sentinels` | List of sentinels in `host:port` form (`host` and `port` not used) | `[]` |\n| `cachingDatabase.sentinelService` | Sentinel master service name | `\"netbox-kv\"` |\n| `cachingDatabase.sentinelTimeout` | Sentinel connection timeout, in seconds | `300` (5 minutes) |\n| `cachingDatabase.username` | Username for external KV | `\"\"` |\n| `cachingDatabase.password` | Password for external KV (see also `existingSecret`) | `\"\"` |\n| `cachingDatabase.existingSecretName` | Fetch password for external KV from a different `Secret` | `\"\"` |\n| `cachingDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `cache-password` |\n| `imagePullSecrets` | List of `Secret` names containing private registry credentials | `[]` |\n| `nameOverride` | Override the application name (`netbox`) used throughout the chart | `\"\"` |\n| `fullnameOverride` | Override the full name of resources created as part of the release | `\"\"` |\n| `serviceAccount.create` | Create a ServiceAccount for NetBox | `true` |\n| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |\n| `serviceAccount.name` | The name of the service account to use | `\"\"` (use the fullname) |\n| `serviceAccount.imagePullSecrets` | Add an imagePullSecrets attribute to the serviceAccount | `\"\"` |\n| `serviceAccount.automountServiceAccountToken` | Whether to automatically mount the token in the containers using this serviceAccount or not | `false` |\n| `persistence.enabled` | Enable storage persistence for uploaded media (images) | `true` |\n| `persistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `\"\"` |\n| `persistence.subPath` | Mount a sub-path of the volume into the container, not the root | `\"\"` |\n| `persistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `\"\"` |\n| `persistence.selector` | Set the selector for PVs, if desired | `{}` |\n| `persistence.accessMode` | Access mode for the volume | `ReadWriteOnce` |\n| `persistence.size` | Size of persistent volume to request | `1Gi` |\n| `reportsPersistence.enabled` | Enable storage persistence for NetBox reports | `false` |\n| `reportsPersistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `\"\"` |\n| `reportsPersistence.subPath` | Mount a sub-path of the volume into the container, not the root | `\"\"` |\n| `reportsPersistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `\"\"` |\n| `reportsPersistence.selector` | Set the selector for PVs, if desired | `{}` |\n| `reportsPersistence.accessMode` | Access mode for the volume | `ReadWriteOnce` |\n| `reportsPersistence.size` | Size of persistent volume to request | `1Gi` |\n| `scriptsPersistence.enabled` | Enable storage persistence for NetBox reports | `false` |\n| `scriptsPersistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `\"\"` |\n| `scriptsPersistence.subPath` | Mount a sub-path of the volume into the container, not the root | `\"\"` |\n| `scriptsPersistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `\"\"` |\n| `scriptsPersistence.selector` | Set the selector for PVs, if desired | `{}` |\n| `scriptsPersistence.accessMode` | Access mode for the volume | `ReadWriteOnce` |\n| `scriptsPersistence.size` | Size of persistent volume to request | `1Gi` |\n| `podAnnotations` | Additional annotations for NetBox pods | `{}` |\n| `podLabels` | Additional labels for NetBox pods | `{}` |\n| `podSecurityContext` | Security context for NetBox pods | *see `values.yaml`* |\n| `securityContext` | Security context for NetBox containers | *see `values.yaml`* |\n| `service.type` | Type of `Service` resource to create | `ClusterIP` |\n| `service.port` | Port number for the service | `80` |\n| `service.nodePort` | The port used on the node when `service.type` is NodePort | `\"\"` |\n| `service.clusterIP` | The cluster IP address assigned to the service | `\"\"` |\n| `service.clusterIPs` | A list of cluster IP addresses assigned to the service | `[]` |\n| `service.externalIPs` | A list of external IP addresses aliased to this service | `[]` |\n| `service.externalTrafficPolicy` | Policy for routing external traffic | `Cluster` |\n| `service.ipFamilyPolicy` | Represents the dual-stack-ness of the service | `\"\"` |\n| `service.loadBalancerIP` | Request a specific IP address when `service.type` is `LoadBalancer` | `\"\"` |\n| `service.loadBalancerSourceRanges` | A list of allowed IP ranges when `service.type` is `LoadBalancer` | `[]` |\n| `service.loadBalancerClass` | Load Balancer class if `service.type` is `LoadBalancer` | `\"\"` |\n| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |\n| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |\n| `ingress.enabled` | Create an `Ingress` resource for accessing NetBox | `false` |\n| `ingress.className` | Use a named IngressClass | `\"\"` |\n| `ingress.annotations` | Extra annotations to apply to the `Ingress` resource | `{}` |\n| `ingress.hosts` | List of hosts and paths to map to the service (see `values.yaml`) | `[{host:\"chart-example.local\",paths:[\"/\"]}]` |\n| `ingress.tls` | TLS settings for the `Ingress` resource | `[]` |\n| `httpRoute.enabled` | Create an `HTTPRoute` resource for Gateway API | `false` |\n| `httpRoute.annotations` | Extra annotations to apply to the `HTTPRoute` resource | `{}` |\n| `httpRoute.parentRefs` | References to the parent Gateway(s) for the `HTTPRoute` | `[]` |\n| `httpRoute.hostnames` | Hostnames that the `HTTPRoute` should match | `[]` |\n| `httpRoute.filters` | Optional filters to apply to the route | `[]` |\n| `resources` | Configure resource requests or limits for NetBox | `{}` |\n| `automountServiceAccountToken` | Whether to automatically mount the serviceAccount token in the main container or not | `false` |\n| `priorityClassName` | Pods' priorityClassName | `\"\"` |\n| `schedulerName` | Name of the k8s scheduler (other than default) for pods | `\"\"` |\n| `terminationGracePeriodSeconds` | Seconds pods need to terminate gracefully | `\"\"` |\n| `topologySpreadConstraints` | Configure Pod Topology Spread Constraints for NetBox | `[]` |\n| `livenessProbe.enabled` | Enable Kubernetes livenessProbe, see [liveness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command) | *see `values.yaml`* |\n| `livenessProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* |\n| `livenessProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* |\n| `livenessProbe.periodSeconds` | Number of seconds | *see `values.yaml`* |\n| `livenessProbe.successThreshold` | Number of seconds | *see `values.yaml`* |\n| `readinessProbe.enabled` | Enable Kubernetes readinessProbe, see [readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) | *see `values.yaml`* |\n| `readinessProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* |\n| `readinessProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* |\n| `readinessProbe.periodSeconds` | Number of seconds | *see `values.yaml`* |\n| `readinessProbe.successThreshold` | Number of seconds | *see `values.yaml`* |\n| `lifecycleHooks` | Automate configuration before or after container startup | `{}` |\n| `startupProbe.enabled` | Enable Kubernetes startupProbe, see [startup probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) | *see `values.yaml`* |\n| `startupProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* |\n| `startupProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* |\n| `startupProbe.periodSeconds` | Number of seconds | *see `values.yaml`* |\n| `startupProbe.successThreshold` | Number of seconds | *see `values.yaml`* |\n| `init.image.registry` | Init container image registry | `ghcr.io` |\n| `init.image.repository` | Init container image repository | `busybox` |\n| `init.image.tag` | Init container image tag | `1.37.0` |\n| `init.image.pullPolicy` | Init container image pull policy | `IfNotPresent` |\n| `init.resourcesPreset` | Configure a preset for requests or limits for init container | `nano` |\n| `init.resources` | Configure resource requests or limits for init container | `{}` |\n| `init.securityContext` | Security context for init container | *see `values.yaml`* |\n| `test.image.registry` | Test container image registry | `ghcr.io` |\n| `test.image.repository` | Test container image repository | `busybox` |\n| `test.image.tag` | Test container image tag | `1.37.0` |\n| `test.image.pullPolicy` | Test container image pull policy | `IfNotPresent` |\n| `test.resourcesPreset` | Configure a preset for requests or limits for test container | `nano` |\n| `test.resources` | Configure resource requests or limits for test container | `{}` |\n| `test.securityContext` | Security context for test container | *see `values.yaml`* |\n| `autoscaling.enabled` | Whether to enable the HorizontalPodAutoscaler | `false` |\n| `autoscaling.minReplicas` | Minimum number of replicas when autoscaling is enabled | `1` |\n| `autoscaling.maxReplicas` | Maximum number of replicas when autoscaling is enabled | `100` |\n| `autoscaling.targetCPUUtilizationPercentage` | Target CPU utilisation percentage for autoscaling | `80` |\n| `autoscaling.targetMemoryUtilizationPercentage` | Target memory utilisation percentage for autoscaling | `null` |\n| `autoscaling.behavior` | HPA behavior (scaleUp/scaleDown policies and settings) | `{}` |\n| `nodeSelector` | Node labels for pod assignment | `{}` |\n| `tolerations` | Toleration labels for pod assignment | `[]` |\n| `updateStrategy` | Configure deployment update strategy | `{}` (defaults to `RollingUpdate`) |\n| `affinity` | Affinity settings for pod assignment | `{}` |\n| `extraEnvs` | Additional environment variables to set in the NetBox container | `[]` |\n| `extraVolumeMounts` | Additional volumes to mount in the NetBox container | `[]` |\n| `extraVolumes` | Additional volumes to reference in pods | `[]` |\n| `sidecars` | Additional sidecar containers to be added to pods | `[]` |\n| `initContainers` | Additional init containers to run before starting main containers | `[]` |\n| `command` | NetBox container custom command/entrypoint | `[]` |\n| `args` | NetBox container custom args | `[]` |\n| `worker` | Worker specific variables. Most global variables also apply here. | *see `values.yaml`* |\n| `housekeeping.enabled` | Whether the [Housekeeping][housekeeping] `CronJob` should be active | `true` |\n| `housekeeping.concurrencyPolicy` | ConcurrencyPolicy for the Housekeeping CronJob. | `Forbid` |\n| `housekeeping.failedJobsHistoryLimit` | Number of failed jobs to keep in history | `5` |\n| `housekeeping.command` | The shell command to execute in the housekeeping job. | `[/opt/netbox/venv/bin/python, /opt/netbox/netbox/manage.py, housekeeping]`|\n| `housekeeping.args` | NetBox housekeeping container custom args | `[]` |\n| `housekeeping.restartPolicy` | Restart Policy for the Housekeeping CronJob. | `OnFailure` |\n| `housekeeping.schedule` | Schedule for the CronJob in [Cron syntax][cron syntax]. | `0 0 * * *` (Midnight daily) |\n| `housekeeping.successfulJobsHistoryLimit` | Number of successful jobs to keep in history | `5` |\n| `housekeeping.suspend` | Whether to suspend the CronJob | `false` |\n| `housekeeping.podAnnotations` | Additional annotations for housekeeping CronJob pods | `{}` |\n| `housekeeping.podLabels` | Additional labels for housekeeping CronJob pods | `{}` |\n| `housekeeping.podSecurityContext` | Security context for housekeeping CronJob pods | *see `values.yaml`* |\n| `housekeeping.securityContext` | Security context for housekeeping CronJob containers | *see `values.yaml`* |\n| `housekeeping.automountServiceAccountToken` | Whether to automatically mount the serviceAccount token in the housekeeping container or not | `false` |\n| `housekeeping.resources` | Configure resource requests or limits for housekeeping CronJob | `{}` |\n| `housekeeping.nodeSelector` | Node labels for housekeeping CronJob pod assignment | `{}` |\n| `housekeeping.tolerations` | Toleration labels for housekeeping CronJob pod assignment | `[]` |\n| `housekeeping.affinity` | Affinity settings for housekeeping CronJob pod assignment | `{}` |\n| `housekeeping.extraEnvs` | Additional environment variables to set in housekeeping CronJob | `[]` |\n| `housekeeping.extraVolumeMounts` | Additional volumes to mount in the housekeeping CronJob | `[]` |\n| `housekeeping.extraVolumes` | Additional volumes to reference in housekeeping CronJob pods | `[]` |\n| `housekeeping.sidecars` | Additional sidecar containers to be added to housekeeping CronJob | `[]` |\n| `housekeeping.initContainers` | Additional init containers for housekeeping CronJob pods | `[]` |\n\n\n\n[CORS]: https://github.com/ottoyiu/django-cors-headers\n[housekeeping]: https://netboxlabs.com/docs/netbox/en/stable/administration/housekeeping/\n[cron syntax]: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-schedule-syntax\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters:\n\n```shell\nhelm install my-release --devel --values values.yaml \\\n oci://ghcr.io/netbox-community/netbox-chart/netbox\n```\n\n## Persistent storage pitfalls\n\nPersistent storage for media is enabled by default, but unless you take special\ncare you will run into issues. The most common issue is that one of the NetBox\npods gets stuck in the `ContainerCreating` state. There are several ways around\nthis problem:\n\n\n\n1. Use the recommended S3 `storages` and **disable** persistent storage\n by setting `persistence.enabled` to `false`. This can\n be used with any S3-compatible storage provider including Amazon S3, Minio,\n Ceph RGW, and many others. See further down for an example of this.\n2. Use a `ReadWriteMany` volume that can be mounted by several pods across\n nodes simultaneously.\n3. Configure pod affinity settings to keep all the pods on the same node. This\n allows a `ReadWriteOnce` volume to be mounted in several pods at the same\n time.\n4. Disable persistent storage of media altogether and just manage without. The\n storage functionality is only needed to store uploaded image attachments.\n\n\n\nTo configure the pod affinity to allow using a `ReadWriteOnce` volume you can\nuse the following example configuration:\n\n```yaml\naffinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n\nhousekeeping:\n affinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n\nworker:\n affinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n```\n\n## Using an Existing Secret\n\nRather than specifying passwords and secrets as part of the Helm release values,\nyou may pass these to NetBox using pre-existing `Secret` resources. When using\nthis, the respective `Secret`s must contain the following keys.\n\n### Superuser secret (`superuser.existingSecret`)\n\nType: `kubernetes.io/basic-auth`\n\n| Key | Description | Required? |\n| ----------- | ---------------------------------------------------- | --------- |\n| `username` | Username for the initial super-user account | Yes |\n| `password` | Password for the initial super-user account | Yes |\n| `email` | Email address for the initial super-user account | Yes |\n| `api_token` | API token created for the initial super-user account | Yes |\n\n### Config secret (`existingSecret`)\n\n| Key | Description | Required? |\n| -------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |\n| `ldap_bind_password` | Password for LDAP bind DN | If `remoteAuth.enabled` is `true` and `remoteAuth.backend` is `netbox.authentication.LDAPBackend` |\n| `secret_key` | Django secret key used for sessions and password reset tokens | Yes |\n\n### Email secret (`email.existingSecretName`)\n\n| Key | Description | Required? |\n| -------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |\n| `email-password` | SMTP user password | Yes, but the value may be left blank if not required |\n\n### PostgreSQL secret (`externalDatabase.existingSecretName`)\n\n| Key | Description | Required? |\n| --------------------- | ------------------------------------------------- | ---------------------------------- |\n| `postgresql-password` | The password for the external PostgreSQL database | If `postgresql.enabled` is `false` |\n\n### Tasks secrets (`tasksDatabase.existingSecretName`)\n\n| Key | Description | Required? |\n| ---------------- | ------------------------------------------------------------- | ----------------------------- |\n| `tasks-password` | Password for the external KV database (tasks and/or cache) | If `valkey.enabled` is `false` |\n\n### Cache secrets (`cachingDatabase.existingSecretName`)\n\n| Key | Description | Required? |\n| ---------------- | ------------------------------------------------------------- | ----------------------------- |\n| `cache-password` | Password for the external KV database (tasks and/or cache) | If `valkey.enabled` is `false` |\n\n## License\n\nThis project is licensed under [Apache License, Version 2.0](LICENSE).\n" }, { "path": "charts/netbox/ci/default-values.yaml", "content": "" }, { "path": "charts/netbox/ci/ingress-metrics-values.yaml", "content": "ingress:\n enabled: true\n\nmetrics:\n enabled: true\n" }, { "path": "charts/netbox/ci/ldap-values.yaml", "content": "remoteAuth:\n enabled: true\n backends:\n - netbox.authentication.LDAPBackend\n\n ldap:\n serverUri: \"ldap://ldap.forumsys.com\"\n startTls: true\n ignoreCertErrors: true\n caCertData: \"\"\n bindDn: \"cn=read-only-admin,dc=example,dc=com\"\n bindPassword: password\n userDnTemplate: \"\"\n userSearchBaseDn: \"dc=example,dc=com\"\n userSearchAttr: \"sAMAccountName\"\n groupSearchBaseDn: \"dc=example,dc=com\"\n groupSearchClass: \"group\"\n groupType: \"GroupOfNamesType\"\n requireGroupDn:\n - \"cn=read-only-admin,dc=example,dc=com\"\n findGroupPerms: true\n mirrorGroups: true\n mirrorGroupsExcept: \"\"\n cacheTimeout: 3600\n isAdminDn:\n - \"ou=mathematicians,cn=read-only-admin,dc=example,dc=com\"\n isSuperUserDn:\n - \"ou=scientists,cn=read-only-admin,dc=example,dc=com\"\n attrFirstName: \"givenName\"\n attrLastName: \"sn\"\n attrMail: \"mail\"\n" }, { "path": "charts/netbox/docs/auth.md", "content": "# Authentication Options\n\n## Using SSO\n\nYou can configure different SSO backends with `remoteAuth`.\nThe implementation is based on [Python Social Auth](https://python-social-auth.readthedocs.io/en/latest/backends/index.html#supported-backends).\n\nDepending on the chosen backend you may need to configure different parameters.\nYou can leverage the `extraConfig` value in conjunction with `remoteAuth`.\n\n> [!tip]\n> Read more about `extraConfig` usage within [Extra Configuration](./extra.md) guide.\n\nBy default the users do not have any permission after logging in.\nUsing custom auth pipelines you can assign groups based on the roles supplied by the oauth provider.\n\n### Example config for Keycloak backend\n\n```yaml\nremoteAuth:\n enabled: true\n backends:\n - social_core.backends.keycloak.KeycloakOAuth2\n autoCreateUser: true\n\nextraConfig:\n - secret:\n secretName: keycloak-client\n - values:\n SOCIAL_AUTH_PIPELINE:\n [\n \"social_core.pipeline.social_auth.social_details\",\n \"social_core.pipeline.social_auth.social_uid\",\n \"social_core.pipeline.social_auth.social_user\",\n \"social_core.pipeline.user.get_username\",\n \"social_core.pipeline.social_auth.associate_by_email\",\n \"social_core.pipeline.user.create_user\",\n \"social_core.pipeline.social_auth.associate_user\",\n \"netbox.authentication.user_default_groups_handler\",\n \"social_core.pipeline.social_auth.load_extra_data\",\n \"social_core.pipeline.user.user_details\",\n \"netbox.sso_pipeline_roles.set_role\",\n ]\n\nextraVolumes:\n - name: sso-pipeline-roles\n configMap:\n name: sso-pipeline-roles\nextraVolumeMounts:\n - name: sso-pipeline-roles\n mountPath: /opt/netbox/netbox/netbox/sso_pipeline_roles.py\n subPath: sso_pipeline_roles.py\n readOnly: true\n```\n\nAdditional resources are necessary:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: keycloak-client\n namespace: netbox\ntype: Opaque\ndata:\n oidc-keycloak.yaml: |\n SOCIAL_AUTH_KEYCLOAK_KEY: \n SOCIAL_AUTH_KEYCLOAK_SECRET: \n SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY: MIIB...AB\n SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: \"https://keycloak.example.com/auth/realms/master/protocol/openid-connect/auth\"\n SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: \"https://keycloak.example.com/auth/realms/master/protocol/openid-connect/token\"\n SOCIAL_AUTH_JSONFIELD_ENABLED: true\n SOCIAL_AUTH_STAFF_ROLE: staff\n SOCIAL_AUTH_SUPERUSER_ROLE: superuser\n\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sso-pipeline-roles\n namespace: netbox\ndata:\n sso_pipeline_roles.py: |\n from django.conf import settings\n from netbox.authentication import Group\n\n def set_role(response, user, backend, *args, **kwargs):\n client_id = getattr(settings, 'SOCIAL_AUTH_KEYCLOAK_KEY', None)\n staff_role = getattr(settings, 'SOCIAL_AUTH_STAFF_ROLE', 'staff')\n superuser_role = getattr(settings, 'SOCIAL_AUTH_SUPERUSER_ROLE', 'superuser')\n\n roles = []\n try:\n roles = response['resource_access'][client_id]['roles']\n except KeyError:\n pass\n user.is_staff = (staff_role in roles)\n user.is_superuser = (superuser_role in roles)\n user.save()\n groups = Group.objects.all()\n for group in groups:\n try:\n if group.name in roles:\n group.users.add(user)\n else:\n group.users.remove(user)\n except Group.DoesNotExist:\n continue\n```\n\n> [!note]\n> A hardcoded custom audience mapper is required on Keycloak.\n>\n> For the audience name to be in the token, enter the Client ID\n> in the _Included **Custom** Audience_ field instead of the _Included **Client** Audience_ field.\n>\n> Refer to the Keycloak usage materials:\n>\n> - [Python Social Auth Documentation](https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html)\n> - [Python Social Auth Source Code](https://github.com/python-social-auth/social-core/blob/d9554fa40e751c85ae60231fe2f5bd5a528c4452/social_core/backends/keycloak.py#L7-L96)\n> - [Keycloak Documentation](https://www.keycloak.org/docs/latest/server_admin/#_audience_hardcoded)\n\n### Example config for GitLab backend\n\n```yaml\nremoteAuth:\n enabled: true\n backends:\n - social_core.backends.gitlab.GitLabOAuth2\n autoCreateUser: true\n\nextraConfig:\n - secret:\n secretName: gitlab-client\n - values:\n SOCIAL_AUTH_PIPELINE:\n [\n \"social_core.pipeline.social_auth.social_details\",\n \"social_core.pipeline.social_auth.social_uid\",\n \"social_core.pipeline.social_auth.social_user\",\n \"social_core.pipeline.user.get_username\",\n \"social_core.pipeline.social_auth.associate_by_email\",\n \"social_core.pipeline.user.create_user\",\n \"social_core.pipeline.social_auth.associate_user\",\n \"netbox.authentication.user_default_groups_handler\",\n \"social_core.pipeline.social_auth.load_extra_data\",\n \"social_core.pipeline.user.user_details\",\n \"netbox.sso_pipeline_roles.set_role\",\n ]\nextraVolumes:\n - name: sso-pipeline-roles\n configMap:\n name: sso-pipeline-roles\nextraVolumeMounts:\n - name: sso-pipeline-roles\n mountPath: /opt/netbox/netbox/netbox/sso_pipeline_roles.py\n subPath: sso_pipeline_roles.py\n readOnly: true\n```\n\nAdditional resources are necessary (please note that the client ID is necessary in the custom pipeline script):\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: gitlab-client\n namespace: netbox\ntype: Opaque\nstringData:\n oidc-gitlab.yaml: |\n SOCIAL_AUTH_GITLAB_API_URL: https://git.example.com\n SOCIAL_AUTH_GITLAB_AUTHORIZATION_URL: https://git.example.com/oauth/authorize\n SOCIAL_AUTH_GITLAB_ACCESS_TOKEN_URL: https://git.example.com/oauth/token\n SOCIAL_AUTH_GITLAB_KEY: \n SOCIAL_AUTH_GITLAB_SECRET: \n SOCIAL_AUTH_GITLAB_SCOPE: ['read_user', 'openid']\n SOCIAL_AUTH_STAFF_ROLE: staff\n SOCIAL_AUTH_SUPERUSER_ROLE: superuser\n\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sso-pipeline-roles\n namespace: netbox\ndata:\n sso_pipeline_roles.py: |\n from django.conf import settings\n from netbox.authentication import Group\n\n import jwt\n from jwt import PyJWKClient\n def set_role(response, user, backend, *args, **kwargs):\n client_id = getattr(settings, 'SOCIAL_AUTH_GITLAB_KEY', None)\n staff_role = getattr(settings, 'SOCIAL_AUTH_STAFF_ROLE', 'staff')\n superuser_role = getattr(settings, 'SOCIAL_AUTH_SUPERUSER_ROLE', 'superuser')\n\n jwks_client = PyJWKClient(\"https://git.example.com/oauth/discovery/keys\")\n signing_key = jwks_client.get_signing_key_from_jwt(response['id_token'])\n decoded = jwt.decode(\n response['id_token'],\n signing_key.key,\n algorithms=[\"RS256\"],\n audience=client_id,\n )\n roles = []\n try:\n roles = decoded.get('groups_direct')\n except KeyError:\n pass\n user.is_staff = (staff_role in roles)\n user.is_superuser = (superuser_role in roles)\n user.save()\n groups = Group.objects.all()\n for group in groups:\n try:\n if group.name in roles:\n group.users.add(user)\n else:\n group.users.remove(user)\n except Group.DoesNotExist:\n continue\n```\n\n## Using LDAP Authentication\n\nIn order to enable LDAP authentication, please carry out the following steps:\n\n1. Configure the `remoteAuth` settings to enable the LDAP backend (see below)\n2. Make sure you set _all_ of the `remoteAuth.ldap` settings shown in the `values.yaml` file\n\nFor example:\n\n```yaml\nremoteAuth:\n enabled: true\n backends:\n - netbox.authentication.LDAPBackend\n ldap:\n serverUri: ldap://domain.com\n startTls: true\n ignoreCertErrors: true\n bindDn: \"\"\n bindPassword: \"\"\n # and ALL the other remoteAuth.ldap.* settings from values.yaml\n```\n\n> [!NOTE]\n> In order to use anonymous LDAP binding, set `bindDn` and `bindPassword`\n> to an empty string as in the example above.\n\n### LDAP Certificate Verification\n\nIf you need to specify your own CA certificate, follow the instructions below.\n\n#### Option 1. In your `values.yaml` file define the directory already containing your CA certificate\n\n```yaml\n ldap:\n serverUri: ldap://domain.com\n startTls: true\n ignoreCertErrors: false\n caCertDir: /etc/ssl/certs\n```\n\n#### Option 2. In your `values.yaml` file define your CA certificate content in `caCertData`\n\n```yaml\n ldap:\n serverUri: ldap://domain.com\n startTls: true\n ignoreCertErrors: false\n caCertData: |\n -----BEGIN CERTIFICATE-----\n ...\n -----END CERTIFICATE-----\n```\n" }, { "path": "charts/netbox/docs/extra.md", "content": "# Extra Configuration\n\n## Overview\n\nAny additional configuration setting can be passed in the chart\nvalues to be loaded into NetBox's instance.\nThey may be provided as arbitrary configuration values set, or\nyou can load arbitrary `*.yaml` keys from ConfigMaps and Secrets.\n\n```yaml\nextraConfig:\n - values:\n EXTRA_SETTING_ONE: example\n ANOTHER_SETTING: foobar\n - configMap: # pod.spec.volumes.configMap\n name: netbox-extra\n items: []\n optional: false\n - secret: # same as pod.spec.volumes.secret\n secretName: netbox-extra\n items: []\n optional: false\n```\n\n## NetBox Additional Configuration\n\nFor additional NetBox configuration setting, the recommended way is\nto use the extra configuration value (`extraConfig`).\n\n> [!note]\n> In order to keep the chart's values reasonnable, only the\n> [required](https://netboxlabs.com/docs/netbox/en/stable/configuration/required-parameters/)\n> and critical configuration settings can be directly configured with a dedicated value field.\n\nFor example, the following snippet is configuring the value for\n[`DEFAULT_DASHBOARD`](https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_dashboard):\n\n```yaml\nextraConfig:\n - values:\n DEFAULT_DASHBOARD: \n - widget: \"extras.ObjectCountsWidget\"\n width: 4\n```\n\n## ConfigMaps and Secrets Use\n\nAny ConfigMaps and Secrets can be leveraged to provide configuration parameters.\nThe resource must provide the data under a `*.yaml` file description.\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: netbox-okta-credentials\n namespace: netbox\ntype: Opaque\nstringData:\n okta.yaml: |\n SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY: ...\n SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET: ...\n SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL: ...\n```\n\nThen, it can be consumed using `extraConfig` using a the name as reference.\n\n```yaml\nextraConfig:\n - secret:\n secretName: netbox-okta-credentials\n```\n\nThe variables will be retrieve by NetBox when loading.\nIn this example, the three variables (`SOCIAL_AUTH_OKTA_OPENIDCONNECT_*`)\nwill be available as global variables.\n\n> [!tip]\n> See more example of `extraConfig` within [Authentication Options](./auth.md) guide.\n" }, { "path": "charts/netbox/docs/migrate.md", "content": "# Migration Guide\n\nFor major version updates (5.0.0, 6.0.0, etc.), see the release notes for detailed migration information.\n\n## Back Up PostgreSQL\n\nThe first thing you should do is back up your PostgreSQL database.\nThis way you can always go back to your previous install version if anything goes wrong.\n\nYou can find your PostgreSQL pod by running `kubectl get pods -A | grep postgres` and then use `kubectl exec` to run `psql` or `pg_dump` from it.\n\n## Upgrade PostgreSQL If Necessary\n\nAs of NetBox 3.6.x, NetBox requires PostgreSQL 12 or higher.\nIt is recommended that you upgrade to the latest supported PostgreSQL version.\n\nIf you are using the built-in PostgreSQL chart, you may need to update it separately, or update to the latest NetBox chart and dump your data back into it before NetBox will start.\n\n## Upgrade NetBox\n\nIt is always recommended that you upgrade NetBox one major version at a time.\nFor example, if you are currently running NetBox 3.5.2 inside your chart, you would upgrade to the last 3.6.x version, then 3.7.x, and so on.\n\nThis ensures that migrations all run smoothly between versions.\n\n## Check for Breaking Changes\n\nAlways look at the release notes for breaking changes.\nThere may be necessary changes to your `values.yaml` to ensure your configuration still works.\n" }, { "path": "charts/netbox/docs/prod.md", "content": "# Production Considerations\n\n## Database Recommendation\n\nWe recommend using separate external PostgreSQL and Key-Value instances. This\nde-couples those services from the chart's bundled versions which may have\ncomplex upgrade requirements. A clustered PostgreSQL server (e.g. using Zalando's\n[Postgres Operator](https://github.com/zalando/postgres-operator)) and Redis\nwith Sentinel (e.g. using [Aaron Layfield](https://github.com/DandyDeveloper)'s\n[redis-ha chart](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha)).\n\n## Storage Recommendation\n\nSet `persistence.enabled` to `false` and use the S3 `storages`\nfor object storage. This works well with Minio or Ceph RGW as well as Amazon S3.\nSee [Persistent storage pitfalls](#persistent-storage-pitfalls), below.\n\nRun multiple replicas of the NetBox web frontend to avoid interruptions during\nupgrades or at other times when the pods need to be restarted. There's no need\nto have multiple workers (`worker.replicaCount`) for better availability. Set\nup `affinity.podAntiAffinity` to avoid multiple NetBox pods being colocated on\nthe same node, for example:\n\n```yaml\naffinity:\n podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/instance: netbox\n app.kubernetes.io/name: netbox\n app.kubernetes.io/component: netbox\n topologyKey: kubernetes.io/hostname\n```\n\n## Persistent Storage Pitfalls\n\nPersistent storage for media is enabled by default, but unless you take special\ncare you will run into issues. The most common issue is that one of the NetBox\npods gets stuck in the `ContainerCreating` state. There are several ways around\nthis problem:\n\n\n\n1. Use the recommended S3 `storageBackend` and **disable** persistent storage\n by setting `persistence.enabled` to `false`. This can\n be used with any S3-compatible storage provider including Amazon S3, Minio,\n Ceph RGW, and many others. See further down for an example of this.\n2. Use a `ReadWriteMany` volume that can be mounted by several pods across\n nodes simultaneously.\n3. Configure pod affinity settings to keep all the pods on the same node. This\n allows a `ReadWriteOnce` volume to be mounted in several pods at the same\n time.\n4. Disable persistent storage of media altogether and just manage without. The\n storage functionality is only needed to store uploaded image attachments.\n\n\n\nTo configure the pod affinity to allow using a `ReadWriteOnce` volume you can\nuse the following example configuration:\n\n```yaml\naffinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n\nhousekeeping:\n affinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n\nworker:\n affinity:\n podAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: netbox\n topologyKey: kubernetes.io/hostname\n```\n\n## Disruption Budgets\n\nTo minimize downtime during voluntary disruptions (node drains, upgrades, autoscaling evictions), the chart can create PodDisruptionBudgets (PDBs) for both the web and worker Deployments.\n\n- Configure web PDB via `pdb.*` values.\n- Configure worker PDB via `worker.pdb.*` values.\n\nExamples:\n\n```yaml\n# Ensure at least one web pod stays available at all times\npdb:\n enabled: true\n minAvailable: 1\n\n# Allow one worker to be evicted at a time\nworker:\n pdb:\n enabled: true\n maxUnavailable: 1\n```\n" }, { "path": "charts/netbox/files/configuration.py", "content": "\"\"\"\nThis file serves as a base configuration for Netbox\nhttps://netboxlabs.com/docs/netbox/en/stable/configuration/\n\"\"\"\n\nimport json\nimport os\nimport re\nfrom pathlib import Path\n\nimport yaml\n\n\ndef _deep_merge(source, destination):\n \"\"\"Inspired by https://stackoverflow.com/a/20666342\"\"\"\n for key, value in source.items():\n dst_value = destination.get(key)\n\n if isinstance(value, dict) and isinstance(dst_value, dict):\n _deep_merge(value, dst_value)\n else:\n destination[key] = value\n\n return destination\n\n\ndef _load_yaml() -> None:\n \"\"\"Load YAML from files\"\"\"\n extra_config_base = Path(\"/run/config/extra\")\n config_files = [Path(\"/run/config/netbox/netbox.yaml\")]\n\n config_files.extend(sorted(extra_config_base.glob(\"*/*.yaml\")))\n\n for config_file in config_files:\n with open(config_file, \"r\", encoding=\"utf-8\") as f:\n config = yaml.safe_load(f)\n _deep_merge(config, globals())\n\n\ndef _read_secret(secret_name: str, secret_key: str, default: str | None = None) -> str | None:\n \"\"\"Read secret from file\"\"\"\n try:\n secret = open(\n f\"/run/secrets/{secret_name}/{secret_key}\",\n \"r\",\n encoding=\"utf-8\",\n )\n except EnvironmentError:\n return default\n with secret:\n return secret.read().strip()\n\n\nCORS_ORIGIN_REGEX_WHITELIST = []\nDATABASES = {}\nEMAIL = {}\nREDIS = {}\n\n_load_yaml()\n\nprovided_secret_name = os.getenv(\"SECRET_NAME\", \"netbox\")\n\nDATABASES[\"default\"][\"PASSWORD\"] = _read_secret(provided_secret_name, \"db_password\")\nEMAIL[\"PASSWORD\"] = _read_secret(provided_secret_name, \"email_password\")\nREDIS[\"tasks\"][\"PASSWORD\"] = _read_secret(provided_secret_name, \"tasks_password\")\nREDIS[\"caching\"][\"PASSWORD\"] = _read_secret(provided_secret_name, \"cache_password\")\nSECRET_KEY = _read_secret(provided_secret_name, \"secret_key\")\n\n# Read API token peppers from secret (JSON with integer or string keys)\n_peppers_raw = _read_secret(provided_secret_name, \"api_token_peppers\")\nif _peppers_raw:\n try:\n API_TOKEN_PEPPERS = {int(k): v for k, v in json.loads(_peppers_raw).items()}\n except (json.JSONDecodeError, ValueError, TypeError) as exc:\n raise ValueError(\n f\"Invalid api_token_peppers secret: expected a JSON object mapping numeric \"\n f'string keys to string values, e.g. {{\"1\": \"random-string...\"}}. '\n f\"Keys are converted to integers at load time. Error: {exc}\"\n ) from exc\n\n# Post-process certain values\nCORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in CORS_ORIGIN_REGEX_WHITELIST]\nif \"SENTINELS\" in REDIS[\"tasks\"]:\n REDIS[\"tasks\"][\"SENTINELS\"] = [tuple(x.split(r\":\")) for x in REDIS[\"tasks\"][\"SENTINELS\"]]\nif \"SENTINELS\" in REDIS[\"caching\"]:\n REDIS[\"caching\"][\"SENTINELS\"] = [tuple(x.split(r\":\")) for x in REDIS[\"caching\"][\"SENTINELS\"]]\nif ALLOWED_HOSTS_INCLUDES_POD_ID:\n ALLOWED_HOSTS.append(os.getenv(\"POD_IP\"))\n" }, { "path": "charts/netbox/files/ldap_config.py", "content": "\"\"\"\nThis file serves as a LDAP configuration for Netbox\nhttps://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/#configuration\nhttps://django-auth-ldap.readthedocs.io/en/latest/reference.html\n\"\"\"\n\nfrom functools import reduce\nfrom importlib import import_module\nfrom typing import Any\n\nimport ldap\nimport yaml\nfrom django_auth_ldap.config import LDAPGroupQuery, LDAPSearch\n\n\ndef _load_yaml() -> None:\n \"\"\"Load YAML from file\"\"\"\n with open(\"/run/config/netbox/ldap.yaml\", \"r\", encoding=\"utf-8\") as f:\n config = yaml.safe_load(f)\n globals().update(config)\n\n\ndef _read_secret(secret_name: str, secret_key: str, default: str | None = None) -> str | None:\n \"\"\"Read secret from file\"\"\"\n try:\n secret = open(\n f\"/run/secrets/{secret_name}/{secret_key}\",\n \"r\",\n encoding=\"utf-8\",\n )\n except EnvironmentError:\n return default\n with secret:\n return secret.readline().strip()\n\n\ndef _import_group_type(group_type_name: str) -> Any | None:\n \"\"\"Import and return the group type based on name\"\"\"\n mod = import_module(\"django_auth_ldap.config\")\n try:\n return getattr(mod, group_type_name)()\n except AttributeError:\n return None\n\n\nAUTH_LDAP_USER_SEARCH_FILTER = None\nAUTH_LDAP_GROUP_SEARCH_FILTER = None\nAUTH_LDAP_REQUIRE_GROUP = None\nAUTH_LDAP_USER_FLAGS_BY_GROUP = {}\n\n_load_yaml()\n\n# The following may be needed if you are binding to Active Directory.\nAUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0}\n\n# Set the DN and password for the NetBox service account if needed.\nAUTH_LDAP_BIND_PASSWORD = _read_secret(\"netbox\", \"ldap_bind_password\")\n\n# This search ought to return all groups to which the user belongs.\n# django_auth_ldap uses this to determine group\n# heirarchy.\nAUTH_LDAP_USER_SEARCH = LDAPSearch(\n AUTH_LDAP_USER_SEARCH_BASEDN,\n ldap.SCOPE_SUBTREE,\n AUTH_LDAP_USER_SEARCH_FILTER or f\"({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)\",\n)\nAUTH_LDAP_GROUP_SEARCH = LDAPSearch(\n AUTH_LDAP_GROUP_SEARCH_BASEDN,\n ldap.SCOPE_SUBTREE,\n AUTH_LDAP_GROUP_SEARCH_FILTER or f\"(objectClass={AUTH_LDAP_GROUP_SEARCH_CLASS})\",\n)\nAUTH_LDAP_GROUP_TYPE = _import_group_type(AUTH_LDAP_GROUP_TYPE)\n\n# Define a group required to login.\nif AUTH_LDAP_REQUIRE_GROUP_LIST:\n AUTH_LDAP_REQUIRE_GROUP = reduce(\n lambda query, group: query | LDAPGroupQuery(group),\n AUTH_LDAP_REQUIRE_GROUP_LIST,\n LDAPGroupQuery(\"\"),\n )\n\n# Define special user types using groups. Exercise great caution when assigning superuser status.\nif AUTH_LDAP_REQUIRE_GROUP is not None:\n AUTH_LDAP_USER_FLAGS_BY_GROUP = {\n \"is_active\": AUTH_LDAP_REQUIRE_GROUP,\n \"is_staff\": reduce(\n lambda query, group: query | LDAPGroupQuery(group),\n AUTH_LDAP_IS_ADMIN_LIST,\n LDAPGroupQuery(\"\"),\n ),\n \"is_superuser\": reduce(\n lambda query, group: query | LDAPGroupQuery(group),\n AUTH_LDAP_IS_SUPERUSER_LIST,\n LDAPGroupQuery(\"\"),\n ),\n }\n" }, { "path": "charts/netbox/templates/NOTES.txt", "content": "CHART NAME: {{ .Chart.Name }}\nCHART VERSION: {{ .Chart.Version }}\nAPP VERSION: {{ .Chart.AppVersion }}\n\n** Please be patient while the chart is being deployed **\n\nNetbox can be accessed through the following DNS name from within the cluster:\n\n {{ include \"common.names.fullname\" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.port }})\n\nTo access Netbox site from outside the cluster follow the steps below.\n\n{{- if .Values.ingress.enabled }}\n\nYou have configured NetBox to use an ingress controller, exposing the following URL(s):\n\n{{- range $host := .Values.ingress.hosts }}\n {{- range .paths }}\n - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}\n {{- end }}\n{{- end }}\n\n{{- else if contains \"NodePort\" .Values.service.type }}\n\nGet the application URL by running these commands:\n\n export NODE_PORT=$(kubectl get --namespace {{ include \"common.names.namespace\" . | quote }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"common.names.fullname\" . }})\n export NODE_IP=$(kubectl get nodes --namespace {{ include \"common.names.namespace\" . | quote }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n echo http://$NODE_IP:$NODE_PORT\n\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n\nGet the application URL by running these commands:\n\n export SERVICE_IP=$(kubectl get svc --namespace {{ include \"common.names.namespace\" . | quote }} {{ include \"common.names.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n echo http://$SERVICE_IP:{{ .Values.service.port }}\n\n NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n You can watch the status of by running 'kubectl get --namespace {{ include \"common.names.namespace\" . | quote }} svc -w {{ include \"common.names.fullname\" . }}'\n\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n\nGet the application URL by running these commands:\n\n export POD_NAME=$(kubectl get pods --namespace {{ include \"common.names.namespace\" . | quote }} -l \"app.kubernetes.io/name={{ include \"common.names.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n echo \"Visit http://127.0.0.1:8080 to use your application\"\n kubectl port-forward $POD_NAME 8080:8080\n\n{{- end }}\n\n{{- include \"netbox.validateValues\" . }}\n{{- include \"common.warnings.rollingTag\" .Values.image }}\n{{- include \"common.warnings.rollingTag\" .Values.init.image }}\n{{- include \"common.warnings.resources\" (dict \"sections\" (list \"\" \"worker\") \"context\" $) }}\n" }, { "path": "charts/netbox/templates/_helpers.tpl", "content": "{{/* vim: set filetype=mustache: */}}\n\n{{/*\nReturn the proper image name\n*/}}\n{{- define \"netbox.image\" -}}\n{{- include \"common.images.image\" (dict \"imageRoot\" .Values.image \"global\" .Values.global \"chart\" .Chart) -}}\n{{- end -}}\n\n{{/*\nReturn the proper image name (for the init container image)\n*/}}\n{{- define \"netbox.init.image\" -}}\n{{- include \"common.images.image\" (dict \"imageRoot\" .Values.init.image \"global\" .Values.global) -}}\n{{- end -}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"netbox.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create }}\n{{- default (include \"common.names.fullname\" .) .Values.serviceAccount.name }}\n{{- else }}\n{{- default \"default\" .Values.serviceAccount.name }}\n{{- end }}\n{{- end }}\n\n{{/*\nName of the key in Secret that contains the email password\n*/}}\n{{- define \"netbox.email.secretKey\" -}}\n {{- if .Values.email.existingSecretName -}}\n {{- .Values.email.existingSecretKey -}}\n {{- else -}}\n email_password\n {{- end -}}\n{{- end }}\n\n{{/*\nName of the Secret that contains the PostgreSQL password\n*/}}\n{{- define \"netbox.postgresql.secret\" -}}\n {{- if .Values.postgresql.enabled }}\n {{- include \"postgresql.v1.secretName\" .Subcharts.postgresql -}}\n {{- else }}\n {{- include \"common.secrets.name\" (dict \"existingSecret\" .Values.externalDatabase.existingSecretName \"defaultNameSuffix\" \"postgresql\" \"context\" $) }}\n {{- end }}\n{{- end }}\n\n{{/*\nName of the key in Secret that contains the PostgreSQL password\n*/}}\n{{- define \"netbox.postgresql.secretKey\" -}}\n {{- if .Values.postgresql.enabled -}}\n {{- include \"postgresql.v1.userPasswordKey\" .Subcharts.postgresql -}}\n {{- else if .Values.externalDatabase.existingSecretName -}}\n {{- .Values.externalDatabase.existingSecretKey -}}\n {{- else -}}\n db_password\n {{- end -}}\n{{- end }}\n\n{{/*\nName of the Secret that contains the Valkey tasks password\n*/}}\n{{- define \"netbox.tasksDatabase.secret\" -}}\n {{- if .Values.valkey.enabled }}\n {{- include \"valkey.secretName\" .Subcharts.valkey -}}\n {{- else }}\n {{- include \"common.secrets.name\" (dict \"existingSecret\" .Values.tasksDatabase.existingSecretName \"defaultNameSuffix\" \"kv\" \"context\" $) }}\n {{- end }}\n{{- end }}\n\n{{/*\nName of the key in Secret that contains the Valkey tasks password\n*/}}\n{{- define \"netbox.tasksDatabase.secretKey\" -}}\n {{- if .Values.valkey.enabled -}}\n {{- include \"valkey.secretPasswordKey\" .Subcharts.valkey -}}\n {{- else if .Values.tasksDatabase.existingSecretName -}}\n {{ .Values.tasksDatabase.existingSecretKey }}\n {{- else -}}\n tasks_password\n {{- end -}}\n{{- end }}\n\n{{/*\nName of the Secret that contains the Valkey cache password\n*/}}\n{{- define \"netbox.cachingDatabase.secret\" -}}\n {{- if .Values.valkey.enabled }}\n {{- include \"valkey.secretName\" .Subcharts.valkey -}}\n {{- else }}\n {{- include \"common.secrets.name\" (dict \"existingSecret\" .Values.cachingDatabase.existingSecretName \"defaultNameSuffix\" \"kv\" \"context\" $) }}\n {{- end }}\n{{- end }}\n\n{{/*\nName of the key in Secret that contains the Valkey cache password\n*/}}\n{{- define \"netbox.cachingDatabase.secretKey\" -}}\n {{- if .Values.valkey.enabled -}}\n {{- include \"valkey.secretPasswordKey\" .Subcharts.valkey -}}\n {{- else if .Values.cachingDatabase.existingSecretName -}}\n {{ .Values.cachingDatabase.existingSecretKey }}\n {{- else -}}\n cache_password\n {{- end -}}\n{{- end }}\n\n{{/*\nValkey Sentinels that would result from setting .Values.valkey.enabled=true and .Values.valkey.sentinel.enabled=true\n*/}}\n{{- define \"netbox.valkey.managedSentinels\" -}}\n {{- $sentinels := list }}\n {{- $fullname := include \"common.names.fullname\" .Subcharts.valkey }}\n {{- $headlessService := printf \"%s-headless\" (include \"common.names.fullname\" .Subcharts.valkey) }}\n {{- $sentinelPort := toString .Values.valkey.sentinel.service.ports.sentinel }}\n {{- range $i := until (int .Values.valkey.replica.replicaCount) }}\n {{- $sentinels = append $sentinels (printf \"%s-node-%s.%s:%s\" $fullname (toString $i) $headlessService $sentinelPort) }}\n {{- end }}\n {{- toJson $sentinels }}\n{{- end -}}\n\n{{/*\nTasks Sentinel: use .Values.tasksDatabase.sentinels if defined. When using embedded Valkey Sentinel feature, fallback to generated sentinels\n*/}}\n{{- define \"netbox.tasksDatabase.sentinels\" -}}\n {{- if .Values.tasksDatabase.sentinels }}\n {{- toJson .Values.tasksDatabase.sentinels }}\n {{- else if and .Values.valkey.enabled .Values.valkey.sentinel.enabled }}\n {{- include \"netbox.valkey.managedSentinels\" . }}\n {{- end }}\n{{- end -}}\n\n{{/*\nCaching Sentinel: use .Values.cachingDatabase.sentinels if defined. When using embedded Valkey Sentinel feature, fallback to generated sentinels\n*/}}\n{{- define \"netbox.cachingDatabase.sentinels\" -}}\n {{- if .Values.cachingDatabase.sentinels }}\n {{- toJson .Values.cachingDatabase.sentinels }}\n {{- else if and .Values.valkey.enabled .Values.valkey.sentinel.enabled }}\n {{- include \"netbox.valkey.managedSentinels\" . }}\n {{- end }}\n{{- end -}}\n\n{{/*\nVolumes that need to be mounted for .Values.extraConfig entries\n*/}}\n{{- define \"netbox.extraConfig.volumes\" -}}\n{{- range $index, $config := .Values.extraConfig }}\n- name: {{ printf \"extra-config-%d\" $index | quote }}\n {{- if $config.values }}\n configMap:\n name: {{ include \"common.names.fullname\" $ }}\n items:\n - key: {{ printf \"extra-%d.yaml\" $index | quote }}\n path: {{ printf \"extra-%d.yaml\" $index | quote }}\n {{- else if $config.configMap }}\n configMap:\n {{- include \"common.tplvalues.render\" (dict \"value\" $config.configMap \"context\" $) | nindent 4 }}\n {{- else if $config.secret }}\n secret:\n {{- include \"common.tplvalues.render\" (dict \"value\" $config.secret \"context\" $) | nindent 4 }}\n {{- end }}\n{{- end }}\n{{- end }}\n\n{{/*\nVolume mounts for .Values.extraConfig entries\n*/}}\n{{- define \"netbox.extraConfig.volumeMounts\" -}}\n{{- range $index, $config := .Values.extraConfig }}\n- name: {{ printf \"extra-config-%d\" $index | quote }}\n mountPath: /run/config/extra/{{ $index }}\n readOnly: true\n{{- end }}\n{{- end }}\n\n{{/*\nGenerate the api_token_peppers secret value.\nReturns a base64-encoded, quoted JSON object.\n\nPriority:\n 1. User-provided apiTokenPeppers from values.yaml (always wins for rotation)\n 2. Existing secret value (preserved across upgrades via lookup)\n 3. Auto-generated single pepper {\"1\": \"\"}\n*/}}\n{{- define \"netbox.apiTokenPeppers.secret\" -}}\n{{- if not (empty .Values.apiTokenPeppers) -}}\n {{- .Values.apiTokenPeppers | toJson | b64enc | quote }}\n{{- else -}}\n {{- $secretName := include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"config\" \"context\" $) -}}\n {{- $existingSecret := (lookup \"v1\" \"Secret\" (include \"common.names.namespace\" .) $secretName).data -}}\n {{- if and $existingSecret (hasKey $existingSecret \"api_token_peppers\") -}}\n {{- index $existingSecret \"api_token_peppers\" | quote }}\n {{- else -}}\n {{- $pepper := randAlphaNum 50 -}}\n {{- dict \"1\" $pepper | toJson | b64enc | quote }}\n {{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCompile all warnings into a single message.\n*/}}\n{{- define \"netbox.validateValues\" -}}\n{{- $messages := list -}}\n{{- $messages := append $messages (include \"netbox.validateValues.postgresql\" .) -}}\n{{- $messages := append $messages (include \"netbox.validateValues.ldap\" .) -}}\n{{- $messages := without $messages \"\" -}}\n{{- $message := join \"\\n\" $messages -}}\n{{- if $message -}}\n{{- printf \"\\nVALUES VALIDATION:\\n%s\" $message | fail -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nValidate values of Netbox Chart - PostgreSQL\n*/}}\n{{- define \"netbox.validateValues.postgresql\" -}}\n{{- if and (not .Values.postgresql.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}}\nnetbox: postgresql\n PostgreSQL installation has been disabled but without the required parameters\n to use an external database. To use an external database, please ensure you provide\n (at least) the following values:\n externalDatabase.host=DB_SERVER_HOST\n externalDatabase.database=DB_NAME\n externalDatabase.port=DB_SERVER_PORT\n{{- end -}}\n{{- end -}}\n\n{{/*\nValidate values of Netbox Chart - LDAP\n*/}}\n{{- define \"netbox.validateValues.ldap\" -}}\n{{- if and (has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends) (empty .Values.remoteAuth.ldap.serverUri) -}}\nnetbox: remoteAuth.ldap\n When LDAP backend is activated, you must provide all the necessary parameters.\n Review the values under `remoteAuth.ldap`.\n{{- end -}}\n{{- end -}}\n" }, { "path": "charts/netbox/templates/configmap.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ndata:\n configuration.py: |-\n {{ .Files.Get \"files/configuration.py\" | nindent 4 }}\n\n netbox.yaml: |-\n ALLOWED_HOSTS: {{ toJson .Values.allowedHosts }}\n ALLOWED_HOSTS_INCLUDES_POD_ID: {{ .Values.allowedHostsIncludesPodIP }}\n\n DATABASES:\n default:\n {{- if .Values.postgresql.enabled }}\n HOST: {{ include \"postgresql.v1.primary.fullname\" .Subcharts.postgresql | quote }}\n USER: {{ include \"postgresql.v1.username\" .Subcharts.postgresql | quote }}\n NAME: {{ include \"postgresql.v1.database\" .Subcharts.postgresql | quote }}\n PORT: {{ include \"postgresql.v1.service.port\" .Subcharts.postgresql | int }}\n {{- else }}\n HOST: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.externalDatabase.host \"context\" $) | quote }}\n USER: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.externalDatabase.username \"context\" $) | quote }}\n NAME: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.externalDatabase.database \"context\" $) | quote }}\n PORT: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.externalDatabase.port \"context\" $) | int }}\n {{- end }}\n ENGINE: {{ .Values.externalDatabase.engine | quote }}\n OPTIONS: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.externalDatabase.options \"context\" $) | nindent 10 }}\n CONN_MAX_AGE: {{ .Values.externalDatabase.connMaxAge | int }}\n DISABLE_SERVER_SIDE_CURSORS: {{ toJson .Values.externalDatabase.disableServerSideCursors }}\n {{- range $key, $db := .Values.additionalDatabases }}\n {{ $key }}:\n ENGINE: {{ $db.engine | quote }}\n NAME: {{ $db.database | quote }}\n USER: {{ $db.username | quote }}\n HOST: {{ $db.host | quote }}\n PORT: {{ $db.port | int }}\n CONN_MAX_AGE: {{ $db.connMaxAge | int }}\n OPTIONS: {{- include \"common.tplvalues.render\" (dict \"value\" $db.options \"context\" $) | nindent 10 }}\n DISABLE_SERVER_SIDE_CURSORS: {{ toJson $db.disableServerSideCursors }}\n {{- end }}\n\n ADMINS: {{ toJson .Values.admins }}\n ALLOW_TOKEN_RETRIEVAL: {{ toJson .Values.allowTokenRetrieval }}\n AUTH_PASSWORD_VALIDATORS: {{ toJson .Values.authPasswordValidators }}\n ALLOWED_URL_SCHEMES: {{ toJson .Values.allowedUrlSchemes }}\n {{- range $k, $v := .Values.banner }}\n BANNER_{{ upper $k }}: {{ $v | quote }}\n {{- end }}\n BASE_PATH: {{ .Values.basePath | quote }}\n CHANGELOG_RETENTION: {{ int .Values.changelogRetention }}\n CUSTOM_VALIDATORS: {{ toJson .Values.customValidators }}\n DEFAULT_USER_PREFERENCES: {{ toJson .Values.defaultUserPreferences }}\n CORS_ORIGIN_ALLOW_ALL: {{ toJson .Values.cors.originAllowAll }}\n CORS_ORIGIN_WHITELIST: {{ toJson .Values.cors.originWhitelist }}\n CORS_ORIGIN_REGEX_WHITELIST: {{ toJson .Values.cors.originRegexWhitelist }}\n CSRF_TRUSTED_ORIGINS: {{ toJson .Values.csrf.trustedOrigins }}\n DATA_UPLOAD_MAX_MEMORY_SIZE: {{ int .Values.dataUploadMaxMemorySize }}\n DEBUG: {{ toJson .Values.debug }}\n DEFAULT_LANGUAGE: {{ .Values.defaultLanguage | quote }}\n\n EMAIL:\n SERVER: {{ .Values.email.server | quote }}\n PORT: {{ .Values.email.port | int }}\n USERNAME: {{ .Values.email.username | quote }}\n USE_SSL: {{ toJson .Values.email.useSSL }}\n USE_TLS: {{ toJson .Values.email.useTLS }}\n SSL_CERTFILE: {{ .Values.email.sslCertFile | quote }}\n SSL_KEYFILE: {{ .Values.email.sslKeyFile | quote }}\n TIMEOUT: {{ .Values.email.timeout | int }}\n FROM_EMAIL: {{ toJson .Values.email.from }}\n\n ENFORCE_GLOBAL_UNIQUE: {{ toJson .Values.enforceGlobalUnique }}\n EXEMPT_VIEW_PERMISSIONS: {{ toJson .Values.exemptViewPermissions }}\n FIELD_CHOICES: {{ toJson .Values.fieldChoices }}\n FILE_UPLOAD_MAX_MEMORY_SIZE: {{ int .Values.fileUploadMaxMemorySize }}\n GRAPHQL_ENABLED: {{ toJson .Values.graphQlEnabled }}\n HTTP_PROXIES: {{ toJson .Values.httpProxies }}\n INTERNAL_IPS: {{ toJson .Values.internalIPs }}\n JOB_RETENTION: {{ int .Values.jobRetention }}\n LOGGING: {{ toJson .Values.logging }}\n LOGIN_PERSISTENCE: {{ toJson .Values.loginPersistence }}\n LOGIN_REQUIRED: {{ toJson .Values.loginRequired }}\n LOGIN_TIMEOUT: {{ int .Values.loginTimeout }}\n LOGOUT_REDIRECT_URL: {{ .Values.logoutRedirectUrl | quote }}\n {{- if ne nil .Values.maintenanceMode }}\n MAINTENANCE_MODE: {{ toJson .Values.maintenanceMode }}\n {{- end }}\n MAPS_URL: {{ .Values.mapsUrl | quote }}\n MAX_PAGE_SIZE: {{ int .Values.maxPageSize }}\n MEDIA_ROOT: /opt/netbox/netbox/media\n STORAGES: {{ toJson .Values.storages }}\n METRICS_ENABLED: {{ toJson .Values.metrics.enabled }}\n PAGINATE_COUNT: {{ int .Values.paginateCount }}\n PLUGINS: {{ toJson .Values.plugins }}\n PLUGINS_CONFIG: {{ toJson .Values.pluginsConfig }}\n POWERFEED_DEFAULT_AMPERAGE: {{ int .Values.powerFeedDefaultAmperage }}\n POWERFEED_DEFAULT_MAX_UTILIZATION: {{ int .Values.powerFeedMaxUtilisation }}\n POWERFEED_DEFAULT_VOLTAGE: {{ int .Values.powerFeedDefaultVoltage }}\n PREFER_IPV4: {{ toJson .Values.preferIPv4 }}\n RACK_ELEVATION_DEFAULT_UNIT_HEIGHT: {{ int .Values.rackElevationDefaultUnitHeight }}\n RACK_ELEVATION_DEFAULT_UNIT_WIDTH: {{ int .Values.rackElevationDefaultUnitWidth }}\n REMOTE_AUTH_ENABLED: {{ toJson .Values.remoteAuth.enabled }}\n REMOTE_AUTH_BACKEND: {{ toJson .Values.remoteAuth.backends }}\n REMOTE_AUTH_HEADER: {{ .Values.remoteAuth.header | quote }}\n REMOTE_AUTH_USER_FIRST_NAME: {{ .Values.remoteAuth.userFirstName | quote }}\n REMOTE_AUTH_USER_LAST_NAME: {{ .Values.remoteAuth.userLastName | quote }}\n REMOTE_AUTH_USER_EMAIL: {{ .Values.remoteAuth.userEmail | quote }}\n REMOTE_AUTH_AUTO_CREATE_USER: {{ toJson .Values.remoteAuth.autoCreateUser }}\n REMOTE_AUTH_AUTO_CREATE_GROUPS: {{ toJson .Values.remoteAuth.autoCreateGroups }}\n REMOTE_AUTH_DEFAULT_GROUPS: {{ toJson .Values.remoteAuth.defaultGroups }}\n REMOTE_AUTH_DEFAULT_PERMISSIONS: {{ toJson .Values.remoteAuth.defaultPermissions }}\n REMOTE_AUTH_GROUP_SYNC_ENABLED: {{ toJson .Values.remoteAuth.groupSyncEnabled }}\n REMOTE_AUTH_GROUP_HEADER: {{ .Values.remoteAuth.groupHeader | quote }}\n REMOTE_AUTH_SUPERUSER_GROUPS: {{ toJson .Values.remoteAuth.superuserGroups }}\n REMOTE_AUTH_SUPERUSERS: {{ toJson .Values.remoteAuth.superusers }}\n REMOTE_AUTH_STAFF_GROUPS: {{ toJson .Values.remoteAuth.staffGroups }}\n REMOTE_AUTH_STAFF_USERS: {{ toJson .Values.remoteAuth.staffUsers }}\n REMOTE_AUTH_GROUP_SEPARATOR: {{ .Values.remoteAuth.groupSeparator | quote }}\n RELEASE_CHECK_URL: {{ toJson .Values.releaseCheck.url }}\n\n REDIS:\n tasks:\n {{- if (include \"netbox.tasksDatabase.sentinels\" .) }}\n SENTINELS: {{ include \"netbox.tasksDatabase.sentinels\" . }}\n SENTINEL_SERVICE: {{ ternary .Values.valkey.sentinel.primarySet .Values.tasksDatabase.sentinelService (empty .Values.tasksDatabase.sentinels) | quote }}\n SENTINEL_TIMEOUT: {{ .Values.tasksDatabase.sentinelTimeout | int }}\n {{- else if .Values.valkey.enabled }}\n HOST: {{ printf \"%s-primary\" (include \"common.names.fullname\" .Subcharts.valkey) | quote }}\n PORT: {{ .Values.valkey.primary.service.ports.valkey | int }}\n {{- else }}\n HOST: {{ .Values.tasksDatabase.host | quote }}\n PORT: {{ .Values.tasksDatabase.port | int }}\n {{- end }}\n USERNAME: {{ .Values.tasksDatabase.username | quote }}\n DATABASE: {{ int .Values.tasksDatabase.database }}\n SSL: {{ toJson .Values.tasksDatabase.ssl }}\n INSECURE_SKIP_TLS_VERIFY: {{ toJson .Values.tasksDatabase.insecureSkipTlsVerify }}\n CA_CERT_PATH: {{ .Values.tasksDatabase.caCertPath | quote }}\n caching:\n {{- if (include \"netbox.cachingDatabase.sentinels\" .) }}\n SENTINELS: {{ include \"netbox.cachingDatabase.sentinels\" . }}\n SENTINEL_SERVICE: {{ ternary .Values.valkey.sentinel.primarySet .Values.cachingDatabase.sentinelService (empty .Values.cachingDatabase.sentinels) | quote }}\n SENTINEL_TIMEOUT: {{ .Values.cachingDatabase.sentinelTimeout | int }}\n {{- else if .Values.valkey.enabled }}\n HOST: {{ printf \"%s-primary\" (include \"common.names.fullname\" .Subcharts.valkey) | quote }}\n PORT: {{ .Values.valkey.primary.service.ports.valkey | int }}\n {{- else }}\n HOST: {{ .Values.cachingDatabase.host | quote }}\n PORT: {{ .Values.cachingDatabase.port | int}}\n {{- end }}\n USERNAME: {{ .Values.cachingDatabase.username | quote }}\n DATABASE: {{ int .Values.cachingDatabase.database }}\n SSL: {{ toJson .Values.cachingDatabase.ssl }}\n INSECURE_SKIP_TLS_VERIFY: {{ toJson .Values.cachingDatabase.insecureSkipTlsVerify }}\n CA_CERT_PATH: {{ .Values.cachingDatabase.caCertPath | quote }}\n\n REPORTS_ROOT: /opt/netbox/netbox/reports\n RQ_DEFAULT_TIMEOUT: {{ .Values.rqDefaultTimeout | int }}\n SCRIPTS_ROOT: /opt/netbox/netbox/scripts\n CSRF_COOKIE_NAME: {{ .Values.csrf.cookieName | quote }}\n SESSION_COOKIE_NAME: {{ .Values.sessionCookieName }}\n ENABLE_LOCALIZATION: {{ toJson .Values.enableLocalization }}\n TIME_ZONE: {{ .Values.timeZone | quote }}\n DATE_FORMAT: {{ .Values.dateFormat | quote }}\n SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }}\n TIME_FORMAT: {{ .Values.timeFormat | quote }}\n SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }}\n DATETIME_FORMAT: {{ .Values.dateTimeFormat | quote }}\n SHORT_DATETIME_FORMAT: {{ .Values.shortDateTimeFormat | quote }}\n\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n ldap_config.py: |-\n {{ .Files.Get \"files/ldap_config.py\" | nindent 4 }}\n\n ldap.yaml: |-\n AUTH_LDAP_SERVER_URI: {{ .Values.remoteAuth.ldap.serverUri | quote }}\n AUTH_LDAP_BIND_DN: {{ .Values.remoteAuth.ldap.bindDn | quote }}\n AUTH_LDAP_START_TLS: {{ toJson .Values.remoteAuth.ldap.startTls }}\n LDAP_IGNORE_CERT_ERRORS: {{ toJson .Values.remoteAuth.ldap.ignoreCertErrors }}\n {{- if .Values.remoteAuth.ldap.caCertDir }}\n LDAP_CA_CERT_DIR: {{ .Values.remoteAuth.ldap.caCertDir | quote }}\n {{- end }}\n {{- if .Values.remoteAuth.ldap.caCertData }}\n LDAP_CA_CERT_FILE: /etc/netbox/config/ldap/ldap_ca.crt\n {{- end }}\n AUTH_LDAP_USER_DN_TEMPLATE: {{ default nil .Values.remoteAuth.ldap.userDnTemplate }}\n AUTH_LDAP_USER_SEARCH_BASEDN: {{ .Values.remoteAuth.ldap.userSearchBaseDn | quote }}\n AUTH_LDAP_USER_SEARCH_ATTR: {{ .Values.remoteAuth.ldap.userSearchAttr | quote }}\n AUTH_LDAP_GROUP_SEARCH_BASEDN: {{ .Values.remoteAuth.ldap.groupSearchBaseDn | quote }}\n AUTH_LDAP_GROUP_SEARCH_CLASS: {{ .Values.remoteAuth.ldap.groupSearchClass | quote }}\n AUTH_LDAP_GROUP_TYPE: {{ .Values.remoteAuth.ldap.groupType | quote }}\n AUTH_LDAP_FIND_GROUP_PERMS: {{ toJson .Values.remoteAuth.ldap.findGroupPerms }}\n AUTH_LDAP_MIRROR_GROUPS: {{ toJson .Values.remoteAuth.ldap.mirrorGroups }}\n AUTH_LDAP_MIRROR_GROUPS_EXCEPT: {{ toJson .Values.remoteAuth.ldap.mirrorGroupsExcept }}\n AUTH_LDAP_CACHE_TIMEOUT: {{ int .Values.remoteAuth.ldap.cacheTimeout }}\n\n AUTH_LDAP_REQUIRE_GROUP_LIST: {{ toJson .Values.remoteAuth.ldap.requireGroupDn }}\n AUTH_LDAP_IS_ADMIN_LIST: {{ toJson .Values.remoteAuth.ldap.isAdminDn }}\n AUTH_LDAP_IS_SUPERUSER_LIST: {{ toJson .Values.remoteAuth.ldap.isSuperUserDn }}\n\n # Populate the Django user from the LDAP directory.\n AUTH_LDAP_USER_ATTR_MAP:\n first_name: {{ .Values.remoteAuth.ldap.attrFirstName | quote }}\n last_name: {{ .Values.remoteAuth.ldap.attrLastName | quote }}\n email: {{ .Values.remoteAuth.ldap.attrMail | quote }}\n\n {{- if .Values.remoteAuth.ldap.caCertData }}\n ldap_ca.crt: {{- toYaml .Values.remoteAuth.ldap.caCertData | indent 4 }}\n {{- end }}\n {{- end }}\n\n {{- range $index, $config := .Values.extraConfig }}\n {{- if $config.values }}\n {{ printf \"extra-%d.yaml\" $index }}: |-\n {{- include \"common.tplvalues.render\" (dict \"value\" $config.values \"context\" $) | nindent 4 }}\n {{- end }}\n {{- end }}\n" }, { "path": "charts/netbox/templates/cronjob.yaml", "content": "{{- if .Values.housekeeping.enabled -}}\napiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: {{ printf \"%s-housekeeping\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: housekeeping\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n concurrencyPolicy: {{ .Values.housekeeping.concurrencyPolicy }}\n failedJobsHistoryLimit: {{ .Values.housekeeping.failedJobsHistoryLimit }}\n schedule: {{ .Values.housekeeping.schedule | quote }}\n successfulJobsHistoryLimit: {{ .Values.housekeeping.successfulJobsHistoryLimit }}\n suspend: {{ .Values.housekeeping.suspend }}\n {{- if .Values.housekeeping.timezone }}\n timeZone: {{ .Values.housekeeping.timezone }}\n {{- end }}\n jobTemplate:\n metadata:\n labels:\n {{- include \"common.labels.standard\" . | nindent 8 }}\n spec:\n template:\n metadata:\n {{- if .Values.housekeeping.podAnnotations }}\n annotations:\n {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.housekeeping.podAnnotations \"context\" $ ) | nindent 12 }}\n {{- end }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.housekeeping.podLabels \"context\" $ ) | nindent 12 }}\n app.kubernetes.io/component: housekeeping\n spec:\n {{- include \"common.images.renderPullSecrets\" (dict \"images\" (list .Values.image) \"context\" $) | nindent 10 }}\n serviceAccountName: {{ include \"netbox.serviceAccountName\" . }}\n automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }}\n {{- if .Values.housekeeping.podSecurityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.housekeeping.podSecurityContext \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.housekeeping.initContainers }}\n initContainers: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.initContainers \"context\" $) | trim | nindent 12 }}\n {{- end }}\n containers:\n - name: {{ .Chart.Name }}-housekeeping\n {{- if .Values.housekeeping.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.housekeeping.securityContext \"context\" $) | nindent 14 }}\n {{- end }}\n image: {{ include \"netbox.image\" . | quote }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if .Values.housekeeping.command }}\n command: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.command \"context\" $) | nindent 14 }}\n {{- end }}\n {{- if .Values.housekeeping.args }}\n args: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.args \"context\" $) | nindent 14 }}\n {{- end }}\n {{- if .Values.housekeeping.extraEnvs }}\n env: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.extraEnvs \"context\" $) | nindent 14 }}\n {{- end }}\n {{- if or .Values.housekeeping.extraEnvVarsCM .Values.housekeeping.extraEnvVarsSecret }}\n envFrom:\n {{- if .Values.housekeeping.extraEnvVarsCM }}\n - configMapRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.extraEnvVarsCM \"context\" $) }}\n {{- end }}\n {{- if .Values.housekeeping.extraEnvVarsSecret }}\n - secretRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.extraEnvVarsSecret \"context\" $) }}\n {{- end }}\n {{- end }}\n volumeMounts:\n - name: config\n mountPath: /etc/netbox/config/configuration.py\n subPath: configuration.py\n readOnly: true\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_config.py\n subPath: ldap_config.py\n readOnly: true\n {{- if .Values.remoteAuth.ldap.caCertData }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_ca.crt\n subPath: ldap_ca.crt\n readOnly: true\n {{- end }}\n {{- end }}\n - name: config\n mountPath: /run/config/netbox\n readOnly: true\n - name: secrets\n mountPath: /run/secrets/netbox\n readOnly: true\n {{- include \"netbox.extraConfig.volumeMounts\" . | nindent 12 }}\n - name: netbox-tmp\n mountPath: /tmp\n - name: media\n mountPath: /opt/netbox/netbox/media\n subPath: {{ .Values.persistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n mountPath: /opt/netbox/netbox/reports\n subPath: {{ .Values.reportsPersistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n mountPath: /opt/netbox/netbox/scripts\n subPath: {{ .Values.scriptsPersistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.housekeeping.extraVolumeMounts }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.extraVolumeMounts \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.housekeeping.resources }}\n resources: {{ toYaml .Values.housekeeping.resources | nindent 14 }}\n {{- else if ne .Values.housekeeping.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.housekeeping.resourcesPreset) | nindent 14 }}\n {{- end }}\n {{- if .Values.housekeeping.sidecars }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.sidecars \"context\" $) | nindent 10 }}\n {{- end }}\n volumes:\n - name: config\n configMap:\n name: {{ include \"common.names.fullname\" . }}\n - name: secrets\n projected:\n sources:\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: secret_key\n path: secret_key\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - key: ldap_bind_password\n path: ldap_bind_password\n {{- end }}\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n optional: true\n items:\n - key: api_token_peppers\n path: api_token_peppers\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" (default .Values.existingSecret .Values.email.existingSecretName) \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: {{ include \"netbox.email.secretKey\" . | quote }}\n path: email_password\n - secret:\n name: {{ include \"netbox.postgresql.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.postgresql.secretKey\" . | quote }}\n path: db_password\n - secret:\n name: {{ include \"netbox.tasksDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.tasksDatabase.secretKey\" . | quote }}\n path: tasks_password\n - secret:\n name: {{ include \"netbox.cachingDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.cachingDatabase.secretKey\" . | quote }}\n path: cache_password\n {{- include \"netbox.extraConfig.volumes\" . | nindent 10 }}\n - name: netbox-tmp\n emptyDir:\n medium: Memory\n - name: media\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (printf \"%s-media\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n persistentVolumeClaim:\n claimName: {{ .Values.reportsPersistence.existingClaim | default (printf \"%s-reports\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n persistentVolumeClaim:\n claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf \"%s-scripts\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.housekeeping.extraVolumes }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.extraVolumes \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.housekeeping.nodeSelector }}\n nodeSelector: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.housekeeping.nodeSelector \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.housekeeping.affinity }}\n affinity: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.housekeeping.affinity \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.housekeeping.tolerations }}\n tolerations: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.housekeeping.tolerations \"context\" .) | nindent 12 }}\n {{- end }}\n restartPolicy: {{ .Values.housekeeping.restartPolicy }}\n{{- end -}}\n" }, { "path": "charts/netbox/templates/deployment.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: netbox\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n {{- if not .Values.autoscaling.enabled }}\n replicas: {{ .Values.replicaCount }}\n {{- end }}\n revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}\n selector:\n matchLabels: {{- include \"common.labels.matchLabels\" (dict \"customLabels\" .Values.podLabels \"context\" $) | nindent 6 }}\n app.kubernetes.io/component: netbox\n {{- if .Values.updateStrategy }}\n strategy: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.updateStrategy \"context\" $) | nindent 4 }}\n {{- end }}\n template:\n metadata:\n annotations:\n {{- if .Values.podAnnotations }}\n {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.podAnnotations \"context\" $ ) | nindent 8 }}\n {{- end }}\n checksum/config: {{ include \"common.utils.checksumTemplate\" (dict \"path\" \"/configmap.yaml\" \"context\" $) }}\n {{- if (not .Values.existingSecret) }}\n checksum/secret: {{ include \"common.utils.checksumTemplate\" (dict \"path\" \"/secret.yaml\" \"context\" $) }}\n {{- end }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.podLabels \"context\" $ ) | nindent 8 }}\n app.kubernetes.io/component: netbox\n spec:\n {{- include \"common.images.renderPullSecrets\" (dict \"images\" (list .Values.image) \"context\" $) | nindent 6 }}\n serviceAccountName: {{ include \"netbox.serviceAccountName\" . }}\n automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}\n {{- if .Values.podSecurityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.podSecurityContext \"context\" $) | nindent 8 }}\n {{- end }}\n initContainers:\n - name: init-dirs\n image: {{ include \"netbox.init.image\" . | quote }}\n imagePullPolicy: {{ .Values.init.image.pullPolicy | quote }}\n command: [/bin/sh, -c, mkdir -p /opt/unit/state /opt/unit/tmp]\n {{- if .Values.init.resources }}\n resources: {{- toYaml .Values.init.resources | nindent 11 }}\n {{- else if ne .Values.init.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.init.resourcesPreset) | nindent 10 }}\n {{- end }}\n {{- if .Values.init.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.init.securityContext \"context\" $) | nindent 10 }}\n {{- end }}\n volumeMounts:\n - name: optunit\n mountPath: /opt/unit\n {{- if .Values.initContainers }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.initContainers \"context\" $) | trim | nindent 6 }}\n {{- end }}\n containers:\n - name: {{ .Chart.Name }}\n {{- if .Values.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.securityContext \"context\" $) | nindent 10 }}\n {{- end }}\n image: {{ include \"netbox.image\" . | quote }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if .Values.command }}\n command: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.command \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.args }}\n args: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.args \"context\" $) | nindent 10 }}\n {{- end }}\n env:\n - name: SUPERUSER_NAME\n valueFrom:\n secretKeyRef:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.superuser.existingSecret \"defaultNameSuffix\" \"superuser\" \"context\" $) }}\n key: username\n - name: SUPERUSER_EMAIL\n valueFrom:\n secretKeyRef:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.superuser.existingSecret \"defaultNameSuffix\" \"superuser\" \"context\" $) }}\n key: email\n {{- if and .Values.metrics.enabled .Values.metrics.granian.enabled }}\n - name: GRANIAN_METRICS_ENABLED\n value: {{ .Values.metrics.granian.enabled | quote }}\n {{- if and .Values.metrics.granian.serviceMonitor.enabled .Values.metrics.granian.serviceMonitor.interval }}\n - name: GRANIAN_METRICS_SCRAPE_INTERVAL\n value: {{ .Values.metrics.granian.serviceMonitor.interval | quote }}\n {{- end }}\n {{- end }}\n {{- if .Values.dbWaitDebug }}\n - name: DB_WAIT_DEBUG\n value: \"1\"\n {{- end }}\n {{- if .Values.allowedHostsIncludesPodIP }}\n - name: POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n {{- end }}\n {{- if .Values.extraEnvs }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvs \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}\n envFrom:\n {{- if .Values.extraEnvVarsCM }}\n - configMapRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvVarsCM \"context\" $) }}\n {{- end }}\n {{- if .Values.extraEnvVarsSecret }}\n - secretRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvVarsSecret \"context\" $) }}\n {{- end }}\n {{- end }}\n ports:\n - name: http\n containerPort: 8080\n protocol: TCP\n {{- if .Values.metrics.granian.serviceMonitor.enabled}}\n - name: granian-metrics\n containerPort: 9090\n protocol: TCP\n {{- end }}\n {{- if .Values.customLivenessProbe }}\n livenessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.customLivenessProbe \"context\" $) | nindent 10 }}\n {{- else if .Values.livenessProbe.enabled }}\n livenessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" (omit .Values.livenessProbe \"enabled\") \"context\" $) | nindent 10 }}\n tcpSocket:\n port: http\n {{- end }}\n {{- if .Values.customReadinessProbe }}\n readinessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.customReadinessProbe \"context\" $) | nindent 10 }}\n {{- else if .Values.readinessProbe.enabled }}\n readinessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" (omit .Values.readinessProbe \"enabled\") \"context\" $) | nindent 10 }}\n httpGet:\n path: /{{ .Values.basePath }}login/\n port: http\n {{- if (not (eq (index .Values.allowedHosts 0) \"*\")) }}\n httpHeaders:\n - name: Host\n value: {{ (index .Values.allowedHosts 0) | quote }}\n {{- end }}\n {{- end }}\n {{- if .Values.customStartupProbe }}\n startupProbe: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.customStartupProbe \"context\" $) | nindent 10 }}\n {{- else if .Values.startupProbe.enabled }}\n startupProbe: {{- include \"common.tplvalues.render\" (dict \"value\" (omit .Values.startupProbe \"enabled\") \"context\" $) | nindent 10 }}\n httpGet:\n path: /{{ .Values.basePath }}login/\n port: http\n {{- if (not (eq (index .Values.allowedHosts 0) \"*\")) }}\n httpHeaders:\n - name: Host\n value: {{ (index .Values.allowedHosts 0) | quote }}\n {{- end }}\n {{- end }}\n {{- if .Values.lifecycleHooks }}\n lifecycle: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.lifecycleHooks \"context\" $) | nindent 10 }}\n {{- end }}\n volumeMounts:\n - name: config\n mountPath: /etc/netbox/config/configuration.py\n subPath: configuration.py\n readOnly: true\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_config.py\n subPath: ldap_config.py\n readOnly: true\n {{- if .Values.remoteAuth.ldap.caCertData }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_ca.crt\n subPath: ldap_ca.crt\n readOnly: true\n {{- end }}\n {{- end }}\n - name: config\n mountPath: /run/config/netbox\n readOnly: true\n - name: secrets\n mountPath: /run/secrets/netbox\n readOnly: true\n {{- include \"netbox.extraConfig.volumeMounts\" . | nindent 8 }}\n - name: netbox-tmp\n mountPath: /tmp\n - name: media\n mountPath: /opt/netbox/netbox/media\n subPath: {{ .Values.persistence.subPath | default \"\" | quote }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n mountPath: /opt/netbox/netbox/reports\n subPath: {{ .Values.reportsPersistence.subPath | default \"\" | quote }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n mountPath: /opt/netbox/netbox/scripts\n subPath: {{ .Values.scriptsPersistence.subPath | default \"\" | quote }}\n {{- end }}\n - name: optunit\n mountPath: /opt/unit\n - name: secrets\n mountPath: /run/secrets/superuser_password\n subPath: superuser_password\n readOnly: true\n - name: secrets\n mountPath: /run/secrets/superuser_api_token\n subPath: superuser_api_token\n readOnly: true\n {{- if .Values.extraVolumeMounts }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraVolumeMounts \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.resources }}\n resources: {{- toYaml .Values.resources | nindent 10 }}\n {{- else if ne .Values.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.resourcesPreset) | nindent 10 }}\n {{- end }}\n {{- if .Values.sidecars }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.sidecars \"context\" $) | nindent 6 }}\n {{- end }}\n volumes:\n - name: config\n configMap:\n name: {{ include \"common.names.fullname\" . }}\n - name: secrets\n projected:\n sources:\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: secret_key\n path: secret_key\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - key: ldap_bind_password\n path: ldap_bind_password\n {{- end }}\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n optional: true\n items:\n - key: api_token_peppers\n path: api_token_peppers\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" (default .Values.existingSecret .Values.email.existingSecretName) \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: {{ include \"netbox.email.secretKey\" . | quote }}\n path: email_password\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.superuser.existingSecret \"defaultNameSuffix\" \"superuser\" \"context\" $) }}\n items:\n - key: password\n path: superuser_password\n - key: api_token\n path: superuser_api_token\n - secret:\n name: {{ include \"netbox.postgresql.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.postgresql.secretKey\" . | quote }}\n path: db_password\n - secret:\n name: {{ include \"netbox.tasksDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.tasksDatabase.secretKey\" . | quote }}\n path: tasks_password\n - secret:\n name: {{ include \"netbox.cachingDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.cachingDatabase.secretKey\" . | quote }}\n path: cache_password\n {{- include \"netbox.extraConfig.volumes\" . | nindent 6 }}\n - name: netbox-tmp\n emptyDir:\n medium: Memory\n - name: optunit\n emptyDir:\n medium: Memory\n - name: media\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (printf \"%s-media\" (include \"common.names.fullname\" .)) }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n persistentVolumeClaim:\n claimName: {{ .Values.reportsPersistence.existingClaim | default (printf \"%s-reports\" (include \"common.names.fullname\" .)) }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n persistentVolumeClaim:\n claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf \"%s-scripts\" (include \"common.names.fullname\" .)) }}\n {{- end }}\n {{- if .Values.extraVolumes }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraVolumes \"context\" $) | nindent 6 }}\n {{- end }}\n {{- if .Values.nodeSelector }}\n nodeSelector: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.nodeSelector \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.affinity }}\n affinity: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.affinity \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.tolerations }}\n tolerations: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.tolerations \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.hostAliases }}\n hostAliases: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.hostAliases \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.priorityClassName }}\n priorityClassName: {{ .Values.priorityClassName | quote }}\n {{- end }}\n {{- if .Values.schedulerName }}\n schedulerName: {{ .Values.schedulerName | quote }}\n {{- end }}\n {{- if .Values.topologySpreadConstraints }}\n topologySpreadConstraints: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.topologySpreadConstraints \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.terminationGracePeriodSeconds }}\n terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}\n {{- end }}\n" }, { "path": "charts/netbox/templates/extra-list.yaml", "content": "{{ range .Values.extraDeploy }}\n---\n{{ include \"common.tplvalues.render\" (dict \"value\" . \"context\" $) }}\n{{ end }}\n" }, { "path": "charts/netbox/templates/granian-servicemonitor.yaml", "content": "{{- if and .Values.metrics.granian.enabled .Values.metrics.granian.serviceMonitor.enabled }}\napiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: {{ printf \"%s-granian\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n {{- $labels := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.metrics.granian.serviceMonitor.additionalLabels .Values.commonLabels ) \"context\" . ) }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" $labels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n jobLabel: {{ include \"common.names.fullname\" . }}\n namespaceSelector:\n matchNames:\n - {{ include \"common.names.namespace\" . | quote }}\n selector:\n matchLabels:\n {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n {{- if .Values.metrics.granian.serviceMonitor.selector }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.metrics.granian.serviceMonitor.selector \"context\" $) | nindent 6 }}\n {{- end }}\n endpoints:\n - port: granian-metrics\n path: \"/metrics\"\n {{- if .Values.metrics.granian.serviceMonitor.interval }}\n interval: {{ .Values.metrics.granian.serviceMonitor.interval }}\n {{- end }}\n {{- if .Values.metrics.granian.serviceMonitor.scrapeTimeout }}\n scrapeTimeout: {{ .Values.metrics.granian.serviceMonitor.scrapeTimeout }}\n {{- end }}\n {{- if .Values.metrics.granian.serviceMonitor.honorLabels }}\n honorLabels: {{ .Values.metrics.granian.serviceMonitor.honorLabels }}\n {{- end }}\n {{- if .Values.metrics.granian.serviceMonitor.metricRelabelings }}\n metricRelabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.granian.serviceMonitor.metricRelabelings \"context\" $) | nindent 6 }}\n {{- end }}\n {{- if .Values.metrics.granian.serviceMonitor.relabelings }}\n relabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.granian.serviceMonitor.relabelings \"context\" $) | nindent 6 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/hpa.yaml", "content": "{{- if .Values.autoscaling.enabled }}\napiVersion: autoscaling/v2\nkind: HorizontalPodAutoscaler\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: netbox\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n scaleTargetRef:\n apiVersion: apps/v1\n kind: Deployment\n name: {{ include \"common.names.fullname\" . }}\n minReplicas: {{ .Values.autoscaling.minReplicas }}\n maxReplicas: {{ .Values.autoscaling.maxReplicas }}\n {{- if .Values.autoscaling.behavior }}\n behavior:\n {{- if .Values.autoscaling.behavior.scaleUp }}\n scaleUp:\n {{- if .Values.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }}\n stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }}\n {{- end }}\n {{- if .Values.autoscaling.behavior.scaleUp.selectPolicy }}\n selectPolicy: {{ .Values.autoscaling.behavior.scaleUp.selectPolicy | quote }}\n {{- end }}\n {{- if .Values.autoscaling.behavior.scaleUp.policies }}\n policies:\n {{- range .Values.autoscaling.behavior.scaleUp.policies }}\n - type: {{ .type | quote }}\n value: {{ .value }}\n periodSeconds: {{ .periodSeconds }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Values.autoscaling.behavior.scaleDown }}\n scaleDown:\n {{- if .Values.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }}\n stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }}\n {{- end }}\n {{- if .Values.autoscaling.behavior.scaleDown.selectPolicy }}\n selectPolicy: {{ .Values.autoscaling.behavior.scaleDown.selectPolicy | quote }}\n {{- end }}\n {{- if .Values.autoscaling.behavior.scaleDown.policies }}\n policies:\n {{- range .Values.autoscaling.behavior.scaleDown.policies }}\n - type: {{ .type | quote }}\n value: {{ .value }}\n periodSeconds: {{ .periodSeconds }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n metrics:\n {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}\n - type: Resource\n resource:\n name: cpu\n target:\n type: Utilization\n averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}\n {{- end }}\n {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}\n - type: Resource\n resource:\n name: memory\n target:\n type: Utilization\n averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/httproute.yaml", "content": "{{- if .Values.httpRoute.enabled -}}\napiVersion: gateway.networking.k8s.io/v1\nkind: HTTPRoute\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.httpRoute.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" (dict \"values\" (list .Values.httpRoute.annotations .Values.commonAnnotations) \"context\" .) }}\n annotations:\n {{- include \"common.tplvalues.render\" (dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n {{- with .Values.httpRoute.parentRefs }}\n parentRefs:\n {{- toYaml . | nindent 4 }}\n {{- end }}\n {{- with .Values.httpRoute.hostnames }}\n hostnames:\n {{- toYaml . | nindent 4 }}\n {{- end }}\n rules:\n - matches:\n - path:\n type: PathPrefix\n value: /\n {{- with .Values.httpRoute.filters }}\n filters:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n backendRefs:\n - name: {{ include \"common.names.fullname\" . }}\n port: {{ .Values.service.port }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/ingress.yaml", "content": "{{- if .Values.ingress.enabled -}}\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.ingress.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.ingress.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n {{- if .Values.ingress.className }}\n ingressClassName: {{ .Values.ingress.className | quote }}\n {{- end }}\n {{- with .Values.ingress.tls }}\n tls:\n {{- range . }}\n - hosts:\n {{- range .hosts }}\n - {{ . | quote }}\n {{- end }}\n secretName: {{ .secretName }}\n {{- end }}\n {{- end }}\n rules:\n {{- range .Values.ingress.hosts }}\n - host: {{ .host | quote }}\n http:\n paths:\n {{- range .paths }}\n {{- if kindIs \"string\" . }}\n - path: {{ . }}\n pathType: Prefix\n backend: {{- include \"common.ingress.backend\" (dict \"serviceName\" (include \"common.names.fullname\" $) \"servicePort\" \"http\" \"context\" $) | nindent 10 }}\n {{- else }}\n {{- (list .) | toYaml | nindent 6 }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/pdb.yaml", "content": "{{- if and .Values.pdb.enabled (or .Values.pdb.minAvailable .Values.pdb.maxUnavailable) }}\napiVersion: policy/v1\nkind: PodDisruptionBudget\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: netbox\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n selector:\n matchLabels: {{- include \"common.labels.matchLabels\" (dict \"customLabels\" .Values.podLabels \"context\" $) | nindent 6 }}\n app.kubernetes.io/component: netbox\n {{- if .Values.pdb.minAvailable }}\n minAvailable: {{ .Values.pdb.minAvailable }}\n {{- end }}\n {{- if .Values.pdb.maxUnavailable }}\n maxUnavailable: {{ .Values.pdb.maxUnavailable }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/pvc.yaml", "content": "{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}\n---\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ printf \"%s-media\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.persistence.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.persistence.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.size | quote }}\n {{- if .Values.persistence.selector }}\n selector: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.persistence.selector \"context\" $) | nindent 4 }}\n {{- end }}\n {{- include \"common.storage.class\" (dict \"persistence\" .Values.persistence \"global\" .Values.global) | nindent 2 }}\n{{- end }}\n{{- if and .Values.reportsPersistence.enabled (not .Values.reportsPersistence.existingClaim) }}\n---\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ printf \"%s-reports\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.reportsPersistence.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.reportsPersistence.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n accessModes:\n - {{ .Values.reportsPersistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.reportsPersistence.size | quote }}\n {{- if .Values.reportsPersistence.selector }}\n selector: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.reportsPersistence.selector \"context\" $) | nindent 4 }}\n {{- end }}\n {{- include \"common.storage.class\" (dict \"persistence\" .Values.reportsPersistence \"global\" .Values.global) | nindent 2 }}\n{{- end }}\n{{- if and .Values.scriptsPersistence.enabled (not .Values.scriptsPersistence.existingClaim) }}\n---\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ printf \"%s-scripts\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.scriptsPersistence.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.scriptsPersistence.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n accessModes:\n - {{ .Values.scriptsPersistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.scriptsPersistence.size | quote }}\n {{- if .Values.scriptsPersistence.selector }}\n selector: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.scriptsPersistence.selector \"context\" $) | nindent 4 }}\n {{- end }}\n {{- include \"common.storage.class\" (dict \"persistence\" .Values.scriptsPersistence \"global\" .Values.global) | nindent 2 }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/role.yaml", "content": "{{- if .Values.rbac.create }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nrules:\n {{- if and .Values.worker.enabled .Values.worker.waitForBackend.enabled }}\n - apiGroups:\n - apps\n resources:\n - statefulsets\n - deployments\n - replicasets\n verbs:\n - get\n - list\n - watch\n {{- end }}\n {{- if .Values.rbac.rules }}\n {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.rbac.rules \"context\" $ ) | nindent 2 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/rolebinding.yaml", "content": "{{- if .Values.rbac.create }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nroleRef:\n kind: Role\n name: {{ include \"common.names.fullname\" . }}\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: {{ include \"netbox.serviceAccountName\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/secret.yaml", "content": "{{- if not .Values.existingSecret }}\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"config\" \"context\" $) }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ntype: Opaque\ndata:\n {{- if not .Values.email.existingSecretName }}\n email_password: {{ .Values.email.password | b64enc | quote }}\n {{- end }}\n secret_key: {{ include \"common.secrets.passwords.manage\" (dict \"secret\" (include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"config\" \"context\" $)) \"key\" \"secret_key\" \"providedValues\" (list \"secretKey\") \"length\" 60 \"strong\" true \"failOnNew\" false \"context\" $) }}\n api_token_peppers: {{ include \"netbox.apiTokenPeppers.secret\" . }}\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n ldap_bind_password: {{ .Values.remoteAuth.ldap.bindPassword | b64enc | quote }}\n {{- end }}\n{{- end }}\n{{- if not .Values.superuser.existingSecret }}\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"superuser\" \"context\" $) }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ntype: kubernetes.io/basic-auth\ndata:\n username: {{ .Values.superuser.name | default \"admin\" | b64enc | quote }}\n password: {{ include \"common.secrets.passwords.manage\" (dict \"secret\" (include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"superuser\" \"context\" $)) \"key\" \"password\" \"providedValues\" (list \"superuser.password\") \"context\" $) }}\n email: {{ .Values.superuser.email | b64enc | quote }}\n api_token: {{ .Values.superuser.apiToken | default uuidv4 | b64enc | quote }}\n{{- end }}\n{{- if not (or .Values.postgresql.enabled .Values.externalDatabase.existingSecretName) }}\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"postgresql\" \"context\" $) }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ntype: Opaque\ndata:\n db_password: {{ .Values.externalDatabase.password | b64enc | quote }}\n{{- end }}\n{{- if not (or .Values.valkey.enabled (and .Values.tasksDatabase.existingSecretName .Values.cachingDatabase.existingSecretName)) }}\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"kv\" \"context\" $) }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ntype: Opaque\ndata:\n {{- if not .Values.tasksDatabase.existingSecretName }}\n tasks_password: {{ .Values.tasksDatabase.password | b64enc | quote }}\n {{- end }}\n {{- if not .Values.cachingDatabase.existingSecretName }}\n cache_password: {{ .Values.cachingDatabase.password | b64enc | quote }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/service.yaml", "content": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.service.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.service.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nspec:\n type: {{ .Values.service.type }}\n ports:\n - port: {{ .Values.service.port }}\n targetPort: http\n protocol: TCP\n name: http\n {{- if and (or (eq .Values.service.type \"NodePort\") (eq .Values.service.type \"LoadBalancer\")) (not (empty .Values.service.nodePort)) }}\n nodePort: {{ .Values.service.nodePort }}\n {{- else if eq .Values.service.type \"ClusterIP\" }}\n nodePort: null\n {{- end }}\n {{- if and .Values.metrics.enabled .Values.metrics.granian.enabled }}\n - port: 9090\n targetPort: granian-metrics\n protocol: TCP\n name: granian-metrics\n {{- if and (or (eq .Values.service.type \"NodePort\") (eq .Values.service.type \"LoadBalancer\")) (not (empty .Values.service.nodePort)) }}\n nodePort: {{ .Values.service.nodePort }}\n {{- else if eq .Values.service.type \"ClusterIP\" }}\n nodePort: null\n {{- end }}\n {{- end }}\n selector:\n {{- include \"common.labels.matchLabels\" . | nindent 4 }}\n app.kubernetes.io/component: netbox\n {{- if and .Values.service.clusterIP (eq .Values.service.type \"ClusterIP\") }}\n clusterIP: {{ .Values.service.clusterIP }}\n {{- end }}\n {{- if and .Values.service.clusterIPs (eq .Values.service.type \"ClusterIP\") }}\n clusterIPs: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.service.clusterIPs \"context\" $) | nindent 4 }}\n {{- end }}\n {{- if .Values.service.externalIPs }}\n clusterIPs: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.service.externalIPs \"context\" $) | nindent 4 }}\n {{- end }}\n {{- if .Values.service.sessionAffinity }}\n sessionAffinity: {{ .Values.service.sessionAffinity }}\n {{- end }}\n {{- if .Values.service.sessionAffinityConfig }}\n sessionAffinityConfig: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.service.sessionAffinityConfig \"context\" $) | nindent 4 }}\n {{- end }}\n {{- if .Values.service.ipFamilyPolicy }}\n ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy | quote }}\n {{- end }}\n {{- if or (eq .Values.service.type \"LoadBalancer\") (eq .Values.service.type \"NodePort\") }}\n externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}\n {{- end }}\n {{- if and (eq .Values.service.type \"LoadBalancer\") (not (empty .Values.service.loadBalancerSourceRanges)) }}\n loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}\n {{- end }}\n {{- if and (eq .Values.service.type \"LoadBalancer\") (not (empty .Values.service.loadBalancerIP)) }}\n loadBalancerIP: {{ .Values.service.loadBalancerIP }}\n {{- end }}\n {{- if and (eq .Values.service.type \"LoadBalancer\") (not (empty .Values.service.loadBalancerClass)) }}\n loadBalancerClass: {{ .Values.service.loadBalancerClass | quote }}\n {{- end }}\n" }, { "path": "charts/netbox/templates/serviceaccount.yaml", "content": "{{- if .Values.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nautomountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}\nmetadata:\n name: {{ include \"netbox.serviceAccountName\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/servicemonitor.yaml", "content": "{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}\napiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n {{- $labels := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.metrics.serviceMonitor.additionalLabels .Values.commonLabels ) \"context\" . ) }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" $labels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n jobLabel: {{ include \"common.names.fullname\" . }}\n namespaceSelector:\n matchNames:\n - {{ include \"common.names.namespace\" . | quote }}\n selector:\n matchLabels:\n {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n {{- if .Values.metrics.serviceMonitor.selector }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.metrics.serviceMonitor.selector \"context\" $) | nindent 6 }}\n {{- end }}\n endpoints:\n - port: http\n path: \"/metrics\"\n {{- if .Values.metrics.serviceMonitor.interval }}\n interval: {{ .Values.metrics.serviceMonitor.interval }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}\n scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.honorLabels }}\n honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.metricRelabelings }}\n metricRelabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.serviceMonitor.metricRelabelings \"context\" $) | nindent 6 }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.relabelings }}\n relabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.serviceMonitor.relabelings \"context\" $) | nindent 6 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/tests/test-connection.yaml", "content": "apiVersion: v1\nkind: Pod\nmetadata:\n name: {{ printf \"%s-test-connection\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n labels:\n {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n annotations:\n \"helm.sh/hook\": test\n {{- if .Values.commonAnnotations }}\n {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n containers:\n - name: wget\n image: \"{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}\"\n imagePullPolicy: {{ .Values.test.image.pullPolicy }}\n command: ['wget']\n args: ['{{ include \"common.names.fullname\" . }}:{{ .Values.service.port }}']\n {{- if .Values.test.resources }}\n resources: {{ toYaml .Values.test.resources | nindent 6 }}\n {{- else if ne .Values.test.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.test.resourcesPreset) | nindent 6 }}\n {{- end }}\n {{- if .Values.test.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.test.securityContext \"context\" $) | nindent 6 }}\n {{- end }}\n restartPolicy: Never\n" }, { "path": "charts/netbox/templates/worker/deployment.yaml", "content": "{{- if .Values.worker.enabled }}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ printf \"%s-worker\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: worker\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n {{- if not .Values.worker.autoscaling.enabled }}\n replicas: {{ .Values.worker.replicaCount }}\n {{- end }}\n revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}\n selector:\n matchLabels: {{- include \"common.labels.matchLabels\" (dict \"customLabels\" .Values.worker.podLabels \"context\" $) | nindent 6 }}\n app.kubernetes.io/component: worker\n {{- if .Values.worker.updateStrategy }}\n strategy: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.updateStrategy \"context\" $) | nindent 4 }}\n {{- end }}\n template:\n metadata:\n annotations:\n {{- if .Values.worker.podAnnotations }}\n {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.worker.podAnnotations \"context\" $ ) | nindent 8 }}\n {{- end }}\n checksum/config: {{ include (print $.Template.BasePath \"/configmap.yaml\") . | sha256sum }}\n {{- if (not .Values.existingSecret) }}\n checksum/secret: {{ include (print $.Template.BasePath \"/secret.yaml\") . | sha256sum }}\n {{- end }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.worker.podLabels \"context\" $ ) | nindent 8 }}\n app.kubernetes.io/component: worker\n spec:\n {{- include \"common.images.renderPullSecrets\" (dict \"images\" (list .Values.image) \"context\" $) | nindent 6 }}\n serviceAccountName: {{ include \"netbox.serviceAccountName\" . }}\n automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}\n {{- if .Values.worker.podSecurityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.worker.podSecurityContext \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if or .Values.worker.initContainers .Values.worker.waitForBackend.enabled }}\n initContainers:\n {{- if .Values.worker.waitForBackend.enabled }}\n - name: wait-for-backend\n image: {{ include \"common.images.image\" (dict \"imageRoot\" .Values.worker.waitForBackend.image \"global\" .Values.global) }}\n imagePullPolicy: {{ .Values.worker.waitForBackend.image.pullPolicy | quote }}\n {{- if .Values.worker.waitForBackend.command }}\n command: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.waitForBackend.command \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.worker.waitForBackend.args }}\n args: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.waitForBackend.args \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.worker.waitForBackend.containerSecurityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.worker.waitForBackend.containerSecurityContext \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.worker.waitForBackend.resources }}\n resources: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.waitForBackend.resources \"context\" $) | nindent 12 }}\n {{- else if ne .Values.worker.waitForBackend.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.worker.waitForBackend.resourcesPreset) | nindent 12 }}\n {{- end }}\n env:\n - name: DEPLOYMENT_NAME\n value: {{ include \"common.names.fullname\" . }}\n {{- end }}\n {{- if .Values.worker.initContainers }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.initContainers \"context\" $) | nindent 8 }}\n {{- end }}\n {{- end }}\n containers:\n - name: {{ .Chart.Name }}-worker\n {{- if .Values.worker.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.worker.securityContext \"context\" $) | nindent 10 }}\n {{- end }}\n image: {{ include \"netbox.image\" . | quote }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if .Values.worker.command }}\n command: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.command \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.worker.args }}\n args: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.args \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if .Values.worker.extraEnvs }}\n env: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.extraEnvs \"context\" $) | nindent 10 }}\n {{- end }}\n {{- if or .Values.worker.extraEnvVarsCM .Values.worker.extraEnvVarsSecret }}\n envFrom:\n {{- if .Values.worker.extraEnvVarsCM }}\n - configMapRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.worker.extraEnvVarsCM \"context\" $) }}\n {{- end }}\n {{- if .Values.worker.extraEnvVarsSecret }}\n - secretRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.worker.extraEnvVarsSecret \"context\" $) }}\n {{- end }}\n {{- end }}\n volumeMounts:\n - name: config\n mountPath: /etc/netbox/config/configuration.py\n subPath: configuration.py\n readOnly: true\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_config.py\n subPath: ldap_config.py\n readOnly: true\n {{- if .Values.remoteAuth.ldap.caCertData }}\n - name: config\n mountPath: /etc/netbox/config/ldap/ldap_ca.crt\n subPath: ldap_ca.crt\n readOnly: true\n {{- end }}\n {{- end }}\n - name: config\n mountPath: /run/config/netbox\n readOnly: true\n - name: secrets\n mountPath: /run/secrets/netbox\n readOnly: true\n {{- include \"netbox.extraConfig.volumeMounts\" . | nindent 8 }}\n - name: netbox-tmp\n mountPath: /tmp\n - name: media\n mountPath: /opt/netbox/netbox/media\n subPath: {{ .Values.persistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n mountPath: /opt/netbox/netbox/reports\n subPath: {{ .Values.reportsPersistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n mountPath: /opt/netbox/netbox/scripts\n subPath: {{ .Values.scriptsPersistence.subPath | default \"\" | quote }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.worker.extraVolumeMounts }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.extraVolumeMounts \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.resources }}\n resources: {{ toYaml .Values.worker.resources | nindent 10 }}\n {{- else if ne .Values.worker.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.worker.resourcesPreset) | nindent 10 }}\n {{- end }}\n {{- if .Values.worker.sidecars }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.sidecars \"context\" $) | nindent 6 }}\n {{- end }}\n volumes:\n - name: config\n configMap:\n name: {{ include \"common.names.fullname\" . }}\n - name: secrets\n projected:\n sources:\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: secret_key\n path: secret_key\n {{- if has \"netbox.authentication.LDAPBackend\" .Values.remoteAuth.backends }}\n - key: ldap_bind_password\n path: ldap_bind_password\n {{- end }}\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.existingSecret \"defaultNameSuffix\" \"config\" \"context\" $) }}\n optional: true\n items:\n - key: api_token_peppers\n path: api_token_peppers\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" (default .Values.existingSecret .Values.email.existingSecretName) \"defaultNameSuffix\" \"config\" \"context\" $) }}\n items:\n - key: {{ include \"netbox.email.secretKey\" . | quote }}\n path: email_password\n - secret:\n name: {{ include \"common.secrets.name\" (dict \"existingSecret\" .Values.superuser.existingSecret \"defaultNameSuffix\" \"superuser\" \"context\" $) }}\n items:\n - key: password\n path: superuser_password\n - key: api_token\n path: superuser_api_token\n - secret:\n name: {{ include \"netbox.postgresql.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.postgresql.secretKey\" . | quote }}\n path: db_password\n - secret:\n name: {{ include \"netbox.tasksDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.tasksDatabase.secretKey\" . | quote }}\n path: tasks_password\n - secret:\n name: {{ include \"netbox.cachingDatabase.secret\" . | quote }}\n items:\n - key: {{ include \"netbox.cachingDatabase.secretKey\" . | quote }}\n path: cache_password\n {{- include \"netbox.extraConfig.volumes\" . | nindent 6 }}\n - name: netbox-tmp\n emptyDir:\n medium: Memory\n - name: media\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (printf \"%s-media\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- if .Values.reportsPersistence.enabled }}\n - name: reports\n persistentVolumeClaim:\n claimName: {{ .Values.reportsPersistence.existingClaim | default (printf \"%s-reports\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.scriptsPersistence.enabled }}\n - name: scripts\n persistentVolumeClaim:\n claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf \"%s-scripts\" (include \"common.names.fullname\" .)) }}\n readOnly: {{ .Values.worker.readOnlyPersistence | default false }}\n {{- end }}\n {{- if .Values.worker.extraVolumes }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.extraVolumes \"context\" $) | nindent 6 }}\n {{- end }}\n {{- if .Values.worker.nodeSelector }}\n nodeSelector: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.worker.nodeSelector \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.affinity }}\n affinity: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.worker.affinity \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.tolerations }}\n tolerations: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.tolerations \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.hostAliases }}\n hostAliases: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.hostAliases \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.priorityClassName }}\n priorityClassName: {{ .Values.worker.priorityClassName | quote }}\n {{- end }}\n {{- if .Values.worker.schedulerName }}\n schedulerName: {{ .Values.worker.schedulerName | quote }}\n {{- end }}\n {{- if .Values.worker.topologySpreadConstraints }}\n topologySpreadConstraints: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.worker.topologySpreadConstraints \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.worker.terminationGracePeriodSeconds }}\n terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/worker/hpa.yaml", "content": "{{- if and .Values.worker.enabled .Values.worker.autoscaling.enabled }}\napiVersion: autoscaling/v2\nkind: HorizontalPodAutoscaler\nmetadata:\n name: {{ printf \"%s-worker\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: worker\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n scaleTargetRef:\n apiVersion: apps/v1\n kind: Deployment\n name: {{ include \"common.names.fullname\" . }}-worker\n minReplicas: {{ .Values.worker.autoscaling.minReplicas }}\n maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }}\n {{- if .Values.worker.autoscaling.behavior }}\n behavior:\n {{- if .Values.worker.autoscaling.behavior.scaleUp }}\n scaleUp:\n {{- if .Values.worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }}\n stabilizationWindowSeconds: {{ .Values.worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }}\n {{- end }}\n {{- if .Values.worker.autoscaling.behavior.scaleUp.selectPolicy }}\n selectPolicy: {{ .Values.worker.autoscaling.behavior.scaleUp.selectPolicy | quote }}\n {{- end }}\n {{- if .Values.worker.autoscaling.behavior.scaleUp.policies }}\n policies:\n {{- range .Values.worker.autoscaling.behavior.scaleUp.policies }}\n - type: {{ .type | quote }}\n value: {{ .value }}\n periodSeconds: {{ .periodSeconds }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Values.worker.autoscaling.behavior.scaleDown }}\n scaleDown:\n {{- if .Values.worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }}\n stabilizationWindowSeconds: {{ .Values.worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }}\n {{- end }}\n {{- if .Values.worker.autoscaling.behavior.scaleDown.selectPolicy }}\n selectPolicy: {{ .Values.worker.autoscaling.behavior.scaleDown.selectPolicy | quote }}\n {{- end }}\n {{- if .Values.worker.autoscaling.behavior.scaleDown.policies }}\n policies:\n {{- range .Values.worker.autoscaling.behavior.scaleDown.policies }}\n - type: {{ .type | quote }}\n value: {{ .value }}\n periodSeconds: {{ .periodSeconds }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n metrics:\n {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }}\n - type: Resource\n resource:\n name: cpu\n target:\n type: Utilization\n averageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }}\n {{- end }}\n {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}\n - type: Resource\n resource:\n name: memory\n target:\n type: Utilization\n averageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox/templates/worker/pdb.yaml", "content": "{{- if and .Values.worker.enabled .Values.worker.pdb.enabled (or .Values.worker.pdb.minAvailable .Values.worker.pdb.maxUnavailable) }}\napiVersion: policy/v1\nkind: PodDisruptionBudget\nmetadata:\n name: {{ printf \"%s-worker\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: worker\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n selector:\n matchLabels: {{- include \"common.labels.matchLabels\" (dict \"customLabels\" .Values.worker.podLabels \"context\" $) | nindent 6 }}\n app.kubernetes.io/component: worker\n {{- if .Values.worker.pdb.minAvailable }}\n minAvailable: {{ .Values.worker.pdb.minAvailable }}\n {{- end }}\n {{- if .Values.worker.pdb.maxUnavailable }}\n maxUnavailable: {{ .Values.worker.pdb.maxUnavailable }}\n {{- end }}\n{{- end }}\n\n" }, { "path": "charts/netbox/values.schema.json", "content": "{\n \"$schema\": \"https://json-schema.org/draft/2020-12/schema\",\n \"title\": \"Netbox Helm Chart Schema\",\n \"type\": \"object\",\n \"$defs\": {\n \"image\": {\n \"title\": \"Container image description\",\n \"type\": \"object\",\n \"properties\": {\n \"pullPolicy\": {\n \"title\": \"Specify a imagePullPolicy\",\n \"description\": \"Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'\",\n \"type\": \"string\",\n \"enum\": [\"IfNotPresent\", \"Always\", \"Never\"]\n },\n \"pullSecrets\": {\n \"title\": \"Optionally specify an array of imagePullSecrets\",\n \"description\": \"https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\",\n \"type\": \"array\"\n },\n \"registry\": {\n \"type\": \"string\"\n },\n \"repository\": {\n \"type\": \"string\"\n },\n \"tag\": {\n \"type\": \"string\"\n },\n \"digest\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"repository\", \"pullPolicy\"]\n },\n \"probe\": {\n \"type\": \"object\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"failureThreshold\": {\n \"type\": \"integer\"\n },\n \"httpGet\": {\n \"type\": \"object\",\n \"properties\": {\n \"httpHeaders\": {\n \"type\": \"array\"\n },\n \"path\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": \"string\"\n },\n \"scheme\": {\n \"type\": \"string\"\n }\n }\n },\n \"initialDelaySeconds\": {\n \"type\": \"integer\"\n },\n \"periodSeconds\": {\n \"type\": \"integer\"\n },\n \"successThreshold\": {\n \"type\": \"integer\"\n },\n \"timeoutSeconds\": {\n \"type\": \"integer\"\n }\n }\n },\n \"resources\": {\n \"type\": \"object\",\n \"title\": \"Required Resources\",\n \"description\": \"Configure resource requests\",\n \"form\": true,\n \"properties\": {\n \"requests\": {\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"string\",\n \"form\": true,\n \"render\": \"slider\",\n \"title\": \"Memory Request\",\n \"sliderMin\": 10,\n \"sliderMax\": 2048,\n \"sliderUnit\": \"Mi\"\n },\n \"cpu\": {\n \"type\": \"string\",\n \"form\": true,\n \"render\": \"slider\",\n \"title\": \"CPU Request\",\n \"sliderMin\": 10,\n \"sliderMax\": 2000,\n \"sliderUnit\": \"m\"\n }\n }\n },\n \"limits\": {\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"string\",\n \"form\": true,\n \"render\": \"slider\",\n \"title\": \"Memory Request\",\n \"sliderMin\": 10,\n \"sliderMax\": 2048,\n \"sliderUnit\": \"Mi\"\n },\n \"cpu\": {\n \"type\": \"string\",\n \"form\": true,\n \"render\": \"slider\",\n \"title\": \"CPU Request\",\n \"sliderMin\": 10,\n \"sliderMax\": 2000,\n \"sliderUnit\": \"m\"\n }\n }\n }\n }\n }\n },\n \"properties\": {\n \"admins\": {\n \"type\": \"array\"\n },\n \"affinity\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"allowTokenRetrieval\": {\n \"type\": \"boolean\"\n },\n \"allowedHosts\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"allowedHostsIncludesPodIP\": {\n \"type\": \"boolean\"\n },\n \"allowedUrlSchemes\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"args\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"authPasswordValidators\": {\n \"type\": \"array\"\n },\n \"automountServiceAccountToken\": {\n \"type\": \"boolean\"\n },\n \"autoscaling\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"maxReplicas\": {\n \"type\": \"integer\"\n },\n \"minReplicas\": {\n \"type\": \"integer\"\n },\n \"targetCPUUtilizationPercentage\": {\n \"type\": [\"integer\", \"null\"]\n },\n \"targetMemoryUtilizationPercentage\": {\n \"type\": [\"integer\", \"null\"],\n \"default\": null\n },\n \"behavior\": {\n \"type\": \"object\",\n \"default\": {},\n \"properties\": {\n \"scaleUp\": {\n \"type\": \"object\",\n \"properties\": {\n \"stabilizationWindowSeconds\": { \"type\": \"integer\" },\n \"selectPolicy\": { \"type\": \"string\" },\n \"policies\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": { \"type\": \"string\" },\n \"value\": { \"type\": \"integer\" },\n \"periodSeconds\": { \"type\": \"integer\" }\n },\n \"required\": [\"type\", \"value\", \"periodSeconds\"]\n }\n }\n }\n },\n \"scaleDown\": {\n \"type\": \"object\",\n \"properties\": {\n \"stabilizationWindowSeconds\": { \"type\": \"integer\" },\n \"selectPolicy\": { \"type\": \"string\" },\n \"policies\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": { \"type\": \"string\" },\n \"value\": { \"type\": \"integer\" },\n \"periodSeconds\": { \"type\": \"integer\" }\n },\n \"required\": [\"type\", \"value\", \"periodSeconds\"]\n }\n }\n }\n }\n }\n }\n },\n \"type\": \"object\"\n },\n \"banner\": {\n \"properties\": {\n \"bottom\": {\n \"type\": [\"string\", \"null\"]\n },\n \"login\": {\n \"type\": [\"string\", \"null\"]\n },\n \"top\": {\n \"type\": [\"string\", \"null\"]\n }\n },\n \"type\": [\"object\", \"null\"]\n },\n \"basePath\": {\n \"type\": \"string\"\n },\n \"cachingDatabase\": {\n \"properties\": {\n \"caCertPath\": {\n \"type\": \"string\"\n },\n \"database\": {\n \"type\": \"integer\"\n },\n \"existingSecretKey\": {\n \"type\": \"string\"\n },\n \"existingSecretName\": {\n \"type\": \"string\"\n },\n \"host\": {\n \"type\": \"string\"\n },\n \"insecureSkipTlsVerify\": {\n \"type\": \"boolean\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": \"integer\"\n },\n \"sentinelService\": {\n \"type\": \"string\"\n },\n \"sentinelTimeout\": {\n \"type\": \"integer\"\n },\n \"sentinels\": {\n \"type\": \"array\"\n },\n \"ssl\": {\n \"type\": \"boolean\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"changelogRetention\": {\n \"type\": \"integer\"\n },\n \"clusterDomain\": {\n \"type\": \"string\"\n },\n \"command\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"commonAnnotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"commonLabels\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"cors\": {\n \"properties\": {\n \"originAllowAll\": {\n \"type\": \"boolean\"\n },\n \"originRegexWhitelist\": {\n \"type\": \"array\"\n },\n \"originWhitelist\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"csrf\": {\n \"properties\": {\n \"cookieName\": {\n \"type\": \"string\"\n },\n \"trustedOrigins\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"customLivenessProbe\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"customReadinessProbe\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"customStartupProbe\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"customValidators\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"dataUploadMaxMemorySize\": {\n \"type\": \"integer\"\n },\n \"dateFormat\": {\n \"type\": \"string\"\n },\n \"dateTimeFormat\": {\n \"type\": \"string\"\n },\n \"dbWaitDebug\": {\n \"type\": \"boolean\"\n },\n \"debug\": {\n \"type\": \"boolean\"\n },\n \"defaultLanguage\": {\n \"type\": \"string\"\n },\n \"defaultUserPreferences\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"email\": {\n \"properties\": {\n \"from\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": \"integer\"\n },\n \"server\": {\n \"type\": \"string\"\n },\n \"sslCertFile\": {\n \"type\": \"string\"\n },\n \"sslKeyFile\": {\n \"type\": \"string\"\n },\n \"timeout\": {\n \"type\": \"integer\"\n },\n \"useSSL\": {\n \"type\": \"boolean\"\n },\n \"useTLS\": {\n \"type\": \"boolean\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"enableLocalization\": {\n \"type\": \"boolean\"\n },\n \"enforceGlobalUnique\": {\n \"type\": \"boolean\"\n },\n \"exemptViewPermissions\": {\n \"type\": \"array\"\n },\n \"existingSecret\": {\n \"type\": \"string\"\n },\n \"externalDatabase\": {\n \"properties\": {\n \"connMaxAge\": {\n \"type\": \"integer\"\n },\n \"database\": {\n \"type\": \"string\"\n },\n \"disableServerSideCursors\": {\n \"type\": \"boolean\"\n },\n \"engine\": {\n \"type\": \"string\"\n },\n \"existingSecretKey\": {\n \"type\": \"string\"\n },\n \"existingSecretName\": {\n \"type\": \"string\"\n },\n \"host\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": [\"integer\", \"string\"]\n },\n \"options\": {\n \"type\": [\"object\", \"string\"]\n },\n \"username\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"additionalDatabases\": {\n \"type\": \"object\"\n },\n \"extraConfig\": {\n \"type\": \"array\"\n },\n \"extraDeploy\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraEnvs\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraEnvVarsCM\": {\n \"type\": \"string\",\n \"description\": \"Name of existing ConfigMap containing extra env vars\",\n \"default\": \"\"\n },\n \"extraEnvVarsSecret\": {\n \"type\": \"string\",\n \"description\": \"Name of existing Secret containing extra env vars\",\n \"default\": \"\"\n },\n \"extraVolumeMounts\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraVolumes\": {\n \"type\": [\"array\", \"string\"]\n },\n \"fieldChoices\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"fileUploadMaxMemorySize\": {\n \"type\": \"integer\"\n },\n \"fullnameOverride\": {\n \"type\": \"string\"\n },\n \"global\": {\n \"properties\": {\n \"imagePullSecrets\": {\n \"type\": \"array\"\n },\n \"imageRegistry\": {\n \"type\": \"string\"\n },\n \"storageClass\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"graphQlEnabled\": {\n \"type\": \"boolean\"\n },\n \"hostAliases\": {\n \"type\": [\"array\", \"string\"]\n },\n \"housekeeping\": {\n \"properties\": {\n \"affinity\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"args\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"automountServiceAccountToken\": {\n \"type\": \"boolean\"\n },\n \"command\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"concurrencyPolicy\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"extraEnvs\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraEnvVarsCM\": {\n \"type\": \"string\",\n \"description\": \"Name of existing ConfigMap containing extra env vars\",\n \"default\": \"\"\n },\n \"extraEnvVarsSecret\": {\n \"type\": \"string\",\n \"description\": \"Name of existing Secret containing extra env vars\",\n \"default\": \"\"\n },\n \"extraVolumeMounts\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraVolumes\": {\n \"type\": [\"array\", \"string\"]\n },\n \"failedHistoryLimit\": {\n \"type\": \"integer\"\n },\n \"historyLimit\": {\n \"type\": \"integer\"\n },\n \"initContainers\": {\n \"type\": [\"array\", \"string\"]\n },\n \"nodeSelector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podAnnotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podLabels\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podSecurityContext\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"fsGroup\": {\n \"type\": \"integer\"\n },\n \"fsGroupChangePolicy\": {\n \"type\": \"string\"\n },\n \"supplementalGroups\": {\n \"type\": \"array\"\n },\n \"sysctls\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"readOnlyPersistence\": {\n \"type\": \"boolean\"\n },\n \"resources\": {\n \"$ref\": \"#/$defs/resources\"\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"restartPolicy\": {\n \"type\": \"string\"\n },\n \"schedule\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"allowPrivilegeEscalation\": {\n \"type\": \"boolean\"\n },\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"privileged\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"sidecars\": {\n \"type\": [\"array\", \"string\"]\n },\n \"suspend\": {\n \"type\": \"boolean\"\n },\n \"timezone\": {\n \"type\": \"string\"\n },\n \"tolerations\": {\n \"type\": [\"array\", \"string\"]\n }\n },\n \"type\": \"object\"\n },\n \"httpProxies\": {\n \"properties\": {\n \"http\": {\n \"type\": \"string\"\n },\n \"https\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"image\": {\n \"$ref\": \"#/$defs/image\"\n },\n \"ingress\": {\n \"properties\": {\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"className\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"hosts\": {\n \"items\": {\n \"properties\": {\n \"host\": {\n \"type\": \"string\"\n },\n \"paths\": {\n \"items\": {\n \"type\": [\"string\", \"object\"]\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"pathType\": {\n \"type\": \"string\"\n },\n \"tls\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"init\": {\n \"properties\": {\n \"image\": {\n \"$ref\": \"#/$defs/image\"\n },\n \"resources\": {\n \"$ref\": \"#/$defs/resources\"\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"initContainers\": {\n \"type\": [\"array\", \"string\"]\n },\n \"internalIPs\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"jobRetention\": {\n \"type\": \"integer\"\n },\n \"lifecycleHooks\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"livenessProbe\": {\n \"$ref\": \"#/$defs/probe\"\n },\n \"logging\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"loginPersistence\": {\n \"type\": \"boolean\"\n },\n \"loginRequired\": {\n \"type\": \"boolean\"\n },\n \"loginTimeout\": {\n \"type\": \"integer\"\n },\n \"logoutRedirectUrl\": {\n \"type\": \"string\"\n },\n \"maintenanceMode\": {\n \"type\": [\"boolean\", \"null\"]\n },\n \"mapsUrl\": {\n \"type\": \"string\"\n },\n \"maxPageSize\": {\n \"type\": \"integer\"\n },\n \"metrics\": {\n \"properties\": {\n \"granian\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"serviceMonitor\": {\n \"properties\": {\n \"additionalLabels\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"honorLabels\": {\n \"type\": \"boolean\"\n },\n \"interval\": {\n \"type\": \"string\"\n },\n \"metricRelabelings\": {\n \"type\": [\"array\", \"string\"]\n },\n \"relabelings\": {\n \"type\": [\"array\", \"string\"]\n },\n \"scrapeTimeout\": {\n \"type\": \"string\"\n },\n \"selector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"serviceMonitor\": {\n \"properties\": {\n \"additionalLabels\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"honorLabels\": {\n \"type\": \"boolean\"\n },\n \"interval\": {\n \"type\": \"string\"\n },\n \"metricRelabelings\": {\n \"type\": [\"array\", \"string\"]\n },\n \"relabelings\": {\n \"type\": [\"array\", \"string\"]\n },\n \"scrapeTimeout\": {\n \"type\": \"string\"\n },\n \"selector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"nameOverride\": {\n \"type\": \"string\"\n },\n \"nodeSelector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"paginateCount\": {\n \"type\": \"integer\"\n },\n \"persistence\": {\n \"properties\": {\n \"accessMode\": {\n \"type\": \"string\"\n },\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"existingClaim\": {\n \"type\": \"string\"\n },\n \"selector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"size\": {\n \"type\": \"string\"\n },\n \"storageClass\": {\n \"type\": \"string\"\n },\n \"subPath\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"pdb\": {\n \"title\": \"PodDisruptionBudget for NetBox web\",\n \"type\": \"object\",\n \"properties\": {\n \"enabled\": { \"type\": \"boolean\" },\n \"minAvailable\": { \"type\": [\"integer\", \"string\"], \"default\": \"\" },\n \"maxUnavailable\": { \"type\": [\"integer\", \"string\"], \"default\": \"\" }\n }\n },\n \"plugins\": {\n \"type\": \"array\"\n },\n \"pluginsConfig\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"podAnnotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podLabels\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podSecurityContext\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"fsGroup\": {\n \"type\": \"integer\"\n },\n \"fsGroupChangePolicy\": {\n \"type\": \"string\"\n },\n \"supplementalGroups\": {\n \"type\": \"array\"\n },\n \"sysctls\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"postgresql\": {\n \"title\": \"PostgreSQL chart configuration\",\n \"description\": \"https://artifacthub.io/packages/helm/bitnami/postgresql\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n }\n },\n \"type\": \"object\"\n },\n \"powerFeedDefaultAmperage\": {\n \"type\": \"integer\"\n },\n \"powerFeedDefaultVoltage\": {\n \"type\": \"integer\"\n },\n \"powerFeedMaxUtilisation\": {\n \"type\": \"integer\"\n },\n \"preferIPv4\": {\n \"type\": \"boolean\"\n },\n \"priorityClassName\": {\n \"type\": \"string\"\n },\n \"rackElevationDefaultUnitHeight\": {\n \"type\": \"integer\"\n },\n \"rackElevationDefaultUnitWidth\": {\n \"type\": \"integer\"\n },\n \"rbac\": {\n \"type\": \"object\",\n \"properties\": {\n \"create\": {\n \"type\": \"boolean\"\n },\n \"rules\": {\n \"type\": [\"array\", \"string\"]\n }\n }\n },\n \"readinessProbe\": {\n \"$ref\": \"#/$defs/probe\"\n },\n \"valkey\": {\n \"title\": \"Valkey chart configuration\",\n \"description\": \"https://artifacthub.io/packages/helm/bitnami/valkey\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n }\n },\n \"type\": \"object\"\n },\n \"releaseCheck\": {\n \"properties\": {\n \"url\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"remoteAuth\": {\n \"properties\": {\n \"autoCreateGroups\": {\n \"type\": \"boolean\"\n },\n \"autoCreateUser\": {\n \"type\": \"boolean\"\n },\n \"backends\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"defaultGroups\": {\n \"type\": \"array\"\n },\n \"defaultPermissions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"groupHeader\": {\n \"type\": \"string\"\n },\n \"groupSeparator\": {\n \"type\": \"string\"\n },\n \"groupSyncEnabled\": {\n \"type\": \"boolean\"\n },\n \"header\": {\n \"type\": \"string\"\n },\n \"staffGroups\": {\n \"type\": \"array\"\n },\n \"staffUsers\": {\n \"type\": \"array\"\n },\n \"superuserGroups\": {\n \"type\": \"array\"\n },\n \"superusers\": {\n \"type\": \"array\"\n },\n \"userEmail\": {\n \"type\": \"string\"\n },\n \"userFirstName\": {\n \"type\": \"string\"\n },\n \"userLastName\": {\n \"type\": \"string\"\n },\n \"ldap\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"serverUri\": {\n \"type\": \"string\"\n },\n \"startTls\": {\n \"type\": \"boolean\"\n },\n \"ignoreCertErrors\": {\n \"type\": \"boolean\"\n },\n \"caCertDir\": {\n \"type\": \"string\"\n },\n \"caCertData\": {\n \"type\": \"string\"\n },\n \"bindDn\": {\n \"type\": \"string\"\n },\n \"bindPassword\": {\n \"type\": \"string\"\n },\n \"userDnTemplate\": {\n \"type\": \"string\"\n },\n \"userSearchBaseDn\": {\n \"type\": \"string\"\n },\n \"userSearchAttr\": {\n \"type\": \"string\"\n },\n \"groupSearchBaseDn\": {\n \"type\": \"string\"\n },\n \"groupSearchClass\": {\n \"type\": \"string\"\n },\n \"groupType\": {\n \"type\": \"string\"\n },\n \"requireGroupDn\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"isAdminDn\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"isSuperUserDn\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"findGroupPerms\": {\n \"type\": \"boolean\"\n },\n \"mirrorGroups\": {\n \"type\": [\"boolean\", \"string\", \"array\"]\n },\n \"mirrorGroupsExcept\": {\n \"type\": [\"null\", \"string\", \"array\"]\n },\n \"cacheTimeout\": {\n \"type\": \"integer\"\n },\n \"attrFirstName\": {\n \"type\": \"string\"\n },\n \"attrLastName\": {\n \"type\": \"string\"\n },\n \"attrMail\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"type\": \"object\"\n },\n \"replicaCount\": {\n \"type\": \"integer\"\n },\n \"reportsPersistence\": {\n \"properties\": {\n \"accessMode\": {\n \"type\": \"string\"\n },\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"existingClaim\": {\n \"type\": \"string\"\n },\n \"selector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"size\": {\n \"type\": \"string\"\n },\n \"storageClass\": {\n \"type\": \"string\"\n },\n \"subPath\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"resources\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"revisionHistoryLimit\": {\n \"type\": \"integer\"\n },\n \"rqDefaultTimeout\": {\n \"type\": \"integer\"\n },\n \"schedulerName\": {\n \"type\": \"string\"\n },\n \"scriptsPersistence\": {\n \"properties\": {\n \"accessMode\": {\n \"type\": \"string\"\n },\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"existingClaim\": {\n \"type\": \"string\"\n },\n \"selector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"size\": {\n \"type\": \"string\"\n },\n \"storageClass\": {\n \"type\": \"string\"\n },\n \"subPath\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"apiTokenPeppers\": {\n \"type\": \"object\",\n \"patternProperties\": {\n \"^[0-9]+$\": {\n \"type\": \"string\",\n \"minLength\": 50\n }\n },\n \"additionalProperties\": false\n },\n \"secretKey\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"allowPrivilegeEscalation\": {\n \"type\": \"boolean\"\n },\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"privileged\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"service\": {\n \"properties\": {\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"clusterIP\": {\n \"type\": \"string\"\n },\n \"clusterIPs\": {\n \"type\": [\"array\", \"string\"]\n },\n \"externalIPs\": {\n \"type\": [\"array\", \"string\"]\n },\n \"externalTrafficPolicy\": {\n \"type\": \"string\"\n },\n \"ipFamilyPolicy\": {\n \"type\": \"string\"\n },\n \"loadBalancerClass\": {\n \"type\": \"string\"\n },\n \"loadBalancerIP\": {\n \"type\": \"string\"\n },\n \"loadBalancerSourceRanges\": {\n \"type\": \"array\"\n },\n \"nodePort\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": \"integer\"\n },\n \"sessionAffinity\": {\n \"type\": \"string\"\n },\n \"sessionAffinityConfig\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"serviceAccount\": {\n \"properties\": {\n \"annotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"automountServiceAccountToken\": {\n \"type\": \"boolean\"\n },\n \"create\": {\n \"type\": \"boolean\"\n },\n \"name\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"sessionCookieName\": {\n \"type\": \"string\"\n },\n \"shortDateFormat\": {\n \"type\": \"string\"\n },\n \"shortDateTimeFormat\": {\n \"type\": \"string\"\n },\n \"shortTimeFormat\": {\n \"type\": \"string\"\n },\n \"sidecars\": {\n \"type\": [\"array\", \"string\"]\n },\n \"startupProbe\": {\n \"$ref\": \"#/$defs/probe\"\n },\n \"storages\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"superuser\": {\n \"properties\": {\n \"apiToken\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\"\n },\n \"existingSecret\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"tasksDatabase\": {\n \"properties\": {\n \"caCertPath\": {\n \"type\": \"string\"\n },\n \"database\": {\n \"type\": \"integer\"\n },\n \"existingSecretKey\": {\n \"type\": \"string\"\n },\n \"existingSecretName\": {\n \"type\": \"string\"\n },\n \"host\": {\n \"type\": \"string\"\n },\n \"insecureSkipTlsVerify\": {\n \"type\": \"boolean\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"port\": {\n \"type\": \"integer\"\n },\n \"sentinelService\": {\n \"type\": \"string\"\n },\n \"sentinelTimeout\": {\n \"type\": \"integer\"\n },\n \"sentinels\": {\n \"type\": \"array\"\n },\n \"ssl\": {\n \"type\": \"boolean\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"terminationGracePeriodSeconds\": {\n \"type\": [\"null\", \"number\"]\n },\n \"test\": {\n \"properties\": {\n \"image\": {\n \"$ref\": \"#/$defs/image\"\n },\n \"resources\": {\n \"$ref\": \"#/$defs/resources\"\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"timeFormat\": {\n \"type\": \"string\"\n },\n \"timeZone\": {\n \"type\": \"string\"\n },\n \"tolerations\": {\n \"type\": [\"array\", \"string\"]\n },\n \"topologySpreadConstraints\": {\n \"type\": [\"array\", \"string\"]\n },\n \"updateStrategy\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": [\"object\", \"string\"]\n },\n \"worker\": {\n \"properties\": {\n \"affinity\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"args\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"automountServiceAccountToken\": {\n \"type\": \"boolean\"\n },\n \"autoscaling\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"maxReplicas\": {\n \"type\": \"integer\"\n },\n \"minReplicas\": {\n \"type\": \"integer\"\n },\n \"targetCPUUtilizationPercentage\": {\n \"type\": [\"integer\", \"null\"]\n },\n \"targetMemoryUtilizationPercentage\": {\n \"type\": [\"integer\", \"null\"],\n \"default\": null\n },\n \"behavior\": {\n \"type\": \"object\",\n \"default\": {},\n \"properties\": {\n \"scaleUp\": {\n \"type\": \"object\",\n \"properties\": {\n \"stabilizationWindowSeconds\": { \"type\": \"integer\" },\n \"selectPolicy\": { \"type\": \"string\" },\n \"policies\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": { \"type\": \"string\" },\n \"value\": { \"type\": \"integer\" },\n \"periodSeconds\": { \"type\": \"integer\" }\n },\n \"required\": [\"type\", \"value\", \"periodSeconds\"]\n }\n }\n }\n },\n \"scaleDown\": {\n \"type\": \"object\",\n \"properties\": {\n \"stabilizationWindowSeconds\": { \"type\": \"integer\" },\n \"selectPolicy\": { \"type\": \"string\" },\n \"policies\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": { \"type\": \"string\" },\n \"value\": { \"type\": \"integer\" },\n \"periodSeconds\": { \"type\": \"integer\" }\n },\n \"required\": [\"type\", \"value\", \"periodSeconds\"]\n }\n }\n }\n }\n }\n }\n },\n \"type\": \"object\"\n },\n \"command\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"extraEnvs\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraEnvVarsCM\": {\n \"type\": \"string\",\n \"description\": \"Name of existing ConfigMap containing extra env vars\",\n \"default\": \"\"\n },\n \"extraEnvVarsSecret\": {\n \"type\": \"string\",\n \"description\": \"Name of existing Secret containing extra env vars\",\n \"default\": \"\"\n },\n \"extraVolumeMounts\": {\n \"type\": [\"array\", \"string\"]\n },\n \"extraVolumes\": {\n \"type\": [\"array\", \"string\"]\n },\n \"hostAliases\": {\n \"type\": [\"array\", \"string\"]\n },\n \"initContainers\": {\n \"type\": [\"array\", \"string\"]\n },\n \"nodeSelector\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podAnnotations\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podLabels\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"podSecurityContext\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"fsGroup\": {\n \"type\": \"integer\"\n },\n \"fsGroupChangePolicy\": {\n \"type\": \"string\"\n },\n \"supplementalGroups\": {\n \"type\": \"array\"\n },\n \"sysctls\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"priorityClassName\": {\n \"type\": \"string\"\n },\n \"replicaCount\": {\n \"type\": \"integer\"\n },\n \"readOnlyPersistence\": {\n \"type\": \"boolean\"\n },\n \"resources\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"schedulerName\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"allowPrivilegeEscalation\": {\n \"type\": \"boolean\"\n },\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"privileged\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"sidecars\": {\n \"type\": [\"array\", \"string\"]\n },\n \"terminationGracePeriodSeconds\": {\n \"type\": [\"null\", \"number\"]\n },\n \"tolerations\": {\n \"type\": [\"array\", \"string\"]\n },\n \"topologySpreadConstraints\": {\n \"type\": [\"array\", \"string\"]\n },\n \"updateStrategy\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": [\"object\", \"string\"]\n },\n \"pdb\": {\n \"title\": \"PodDisruptionBudget for NetBox worker\",\n \"type\": \"object\",\n \"properties\": {\n \"enabled\": { \"type\": \"boolean\" },\n \"minAvailable\": { \"type\": [\"integer\", \"string\"], \"default\": 0 },\n \"maxUnavailable\": { \"type\": [\"integer\", \"string\"], \"default\": 0 }\n }\n },\n \"waitForBackend\": {\n \"properties\": {\n \"args\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"command\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": [\"array\", \"string\"]\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"podSecurityContext\": {\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"fsGroup\": {\n \"type\": \"integer\"\n },\n \"fsGroupChangePolicy\": {\n \"type\": \"string\"\n },\n \"supplementalGroups\": {\n \"type\": \"array\"\n },\n \"sysctls\": {\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"resources\": {\n \"properties\": {},\n \"type\": [\"object\", \"string\"]\n },\n \"resourcesPreset\": {\n \"type\": \"string\"\n },\n \"securityContext\": {\n \"properties\": {\n \"allowPrivilegeEscalation\": {\n \"type\": \"boolean\"\n },\n \"capabilities\": {\n \"properties\": {\n \"drop\": {\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"privileged\": {\n \"type\": \"boolean\"\n },\n \"readOnlyRootFilesystem\": {\n \"type\": \"boolean\"\n },\n \"runAsGroup\": {\n \"type\": \"integer\"\n },\n \"runAsNonRoot\": {\n \"type\": \"boolean\"\n },\n \"runAsUser\": {\n \"type\": \"integer\"\n },\n \"seLinuxOptions\": {\n \"properties\": {},\n \"type\": \"object\"\n },\n \"seccompProfile\": {\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n }\n}\n" }, { "path": "charts/netbox/values.yaml", "content": "# Default values for NetBox.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\n## @section Global parameters\n## Global container image parameters\n## Please, note that this will override the image parameters, including dependencies, configured to use the global value\n## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass\n\n## @param global.imageRegistry Global container image registry\n## @param global.imagePullSecrets Global container registry secret names as an array\n## @param global.storageClass Global StorageClass for Persistent Volume(s)\n##\nglobal:\n imageRegistry: \"\"\n ## E.g.\n ## imagePullSecrets:\n ## - myRegistryKeySecretName\n ##\n imagePullSecrets: []\n storageClass: \"\"\n\n## @section Common parameters\n\n## @param nameOverride String to partially override common.names.fullname\n##\nnameOverride: \"\"\n## @param fullnameOverride String to fully override common.names.fullname\n##\nfullnameOverride: \"\"\n## @param commonLabels Labels to add to all deployed objects\n##\ncommonLabels: {}\n## @param commonAnnotations Annotations to add to all deployed objects\n##\ncommonAnnotations: {}\n## @param clusterDomain Kubernetes cluster domain name\n##\nclusterDomain: cluster.local\n## @param extraDeploy Array of extra objects to deploy with the release\n## Example:\n## extraDeploy:\n## - |\n## apiVersion: v1\n## kind: ConfigMap\n## metadata:\n## name: sso-pipeline-roles\n## namespace: netbox\n## data:\n## sso_pipeline_roles.py: |\n## from netbox.authentication import Group\n## ...\n##\nextraDeploy: []\n\n## @section NetBox Image parameters\n## @param image.registry Image registry\n## @param image.repository Image repository\n## @param image.tag Image tag\n## @param image.digest Image digest in the way sha256:aa...\n## @param image.pullPolicy MariaDB image pull policy\n## @param image.pullSecrets Specify docker-registry secret names as an array\n##\nimage:\n registry: ghcr.io\n repository: netbox-community/netbox\n pullPolicy: IfNotPresent\n ## Defaults to '{{ .Chart.AppVersion }}'\n ##\n tag: \"\"\n ## If set, override the tag\n ##\n digest: \"\"\n ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n ## Example:\n ## pullSecrets:\n ## - myRegistryKeySecretName\n ##\n pullSecrets: []\n\n## @section NetBox Configuration parameters\n\n# You can also use an existing secret for the superuser password and API token\n# See `existingSecret` for details\nsuperuser:\n name: admin\n email: admin@example.com\n password: \"\"\n apiToken: \"\"\n existingSecret: \"\"\n\n# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox\n# server. NetBox will not permit write access to the server via any other\n# hostnames. The first FQDN in the list will be treated as the preferred name.\nallowedHosts:\n - \"*\"\n\n# Include Pod IP in list of allowed hosts by providing it as the 'POD_IP' envvar\n# at runtime, which is then used in the configuration.py.\nallowedHostsIncludesPodIP: true\n\n# Specify one or more name and email address tuples representing NetBox\n# administrators. These people will be notified of application errors (assuming\n# correct email settings are provided).\n# admins:\n# - ['John Doe', 'jdoe@example.com']\nadmins: []\n\n# Permit the retrieval of API tokens after their creation.\nallowTokenRetrieval: false\n\n# This parameter acts as a pass-through for configuring Django's built-in\n# password validators for local user accounts. If configured, these will be\n# applied whenever a user's password is updated to ensure that it meets minimum\n# criteria such as length or complexity.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#auth_password_validators\nauthPasswordValidators: []\n\n# URL schemes that are allowed within links in NetBox\nallowedUrlSchemes:\n - file\n - ftp\n - ftps\n - http\n - https\n - irc\n - mailto\n - sftp\n - ssh\n - tel\n - telnet\n - tftp\n - vnc\n - xmpp\n\n# Setting this to null will allow all banners to be managed from the web interface.\n# Setting any individual banner (top/bottom/login) under this key to null with allow\n# to manage it from the web interface.\nbanner:\n # Optionally display a persistent banner at the top and/or bottom of every\n # page. HTML is allowed.\n top: \"\"\n bottom: \"\"\n\n # Text to include on the login page above the login form. HTML is allowed.\n login: \"\"\n\n# Base URL path if accessing NetBox within a directory. For example, if\n# installed at http://example.com/netbox/, set to 'netbox/'. If using\n# Kubernetes Ingress, make sure you set ingress.hosts[].paths[] appropriately.\nbasePath: \"\"\n\n# Maximum number of days to retain logged changes. Set to 0 to retain change\n# logs indefinitely. (Default: 90)\nchangelogRetention: 90\n\n# This is a mapping of models to custom validators that have been defined\n# locally to enforce custom validation logic.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#custom_validators\ncustomValidators: {}\n\n# This is a dictionary defining the default preferences to be set for newly-\n# created user accounts.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_user_preferences\n# defaultUserPreferences:\n# pagination:\n# per_page: 100\ndefaultUserPreferences: {}\n\n# API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll\n# is set to true, all origins will be allowed. Otherwise, define a list of\n# allowed origins using either originWhitelist or originRegexWhitelist. For\n# more information, see https://github.com/ottoyiu/django-cors-headers\ncors:\n originAllowAll: false\n originWhitelist: []\n originRegexWhitelist: []\n # - '^(https?://)?(\\w+\\.)?example\\.com$'\n\n# CSRF settings. Needed for netbox v3.2.0 and newer. For more information\n# see https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#csrf_trusted_origins\ncsrf:\n # The name of the cookie to use for the cross-site request forgery (CSRF)\n # authentication token.\n cookieName: csrftoken\n # Defines a list of trusted origins for unsafe (e.g. POST) requests. This is\n # a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each\n # host listed must specify a scheme (e.g. http:// or `https://).\n trustedOrigins: []\n\n# Note: this is where the CUSTOM_VALIDATORS setting naturally fits in relation\n# to the upstream NetBox configuration, but the setting cannot be reflected in\n# YAML/JSON as it depends on creating instances of Python classes.\n\n# Set the default preferred language/locale\ndefaultLanguage: en-us\n\n# The maximum size (in bytes) of an incoming HTTP request (i.e. GET or POST data).\n# Requests which exceed this size will raise a RequestDataTooBig exception.\ndataUploadMaxMemorySize: 2621440\n\n# Set to True to enable server debugging. WARNING: Debugging introduces a\n# substantial performance penalty and may reveal sensitive information about\n# your installation. Only enable debugging while performing testing. Never\n# enable debugging on a production system.\ndebug: false\n\n# Display full traceback of errors that occur when applying database\n# migrations.\ndbWaitDebug: false\n\n# Email settings\nemail:\n server: localhost\n port: 25\n username: \"\"\n password: \"\"\n useSSL: false\n useTLS: false\n sslCertFile: \"\"\n sslKeyFile: \"\"\n # Timeout in seconds\n timeout: 10\n from: \"\"\n existingSecretName: \"\"\n existingSecretKey: email-password\n\n# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce\n# unique IP space within the global table (all prefixes and IP addresses not\n# assigned to a VRF), set enforceGlobalUnique to True.\nenforceGlobalUnique: true\n\n# Exempt certain models from the enforcement of view permissions. Models listed\n# here will be viewable by all users and by anonymous users. List models in the\n# form `.`. Add '*' to this list to exempt all models.\nexemptViewPermissions: []\n# - dcim.site\n# - dcim.region\n# - ipam.prefix\n\n# Some static choice fields on models can be configured with custom values.\n# Each choice in the list must have a database value and a human-friendly\n# label, and may optionally specify a color.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#field_choices\n# fieldChoices:\n# 'dcim.Site.status':\n# - [foo, Foo, red]\n# - [bar, Bar, green]\n# - [baz, Baz, blue]\n# 'dcim.Site.status+':\n# ...\nfieldChoices: {}\n\n# The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem.\n# Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts\n# for processing.\nfileUploadMaxMemorySize: 2621440\n\n# Enable the GraphQL API\ngraphQlEnabled: true\n\n# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for\n# webhooks).\n# httpProxies:\n# http: http://10.10.1.10:3128\n# https: http://10.10.1.10:1080\nhttpProxies: {}\n\n# IP addresses recognized as internal to the system. The debugging toolbar will\n# be available only to clients accessing NetBox from an internal IP.\ninternalIPs: [\"127.0.0.1\", \"::1\"]\n\n# The number of days to retain job results (scripts and reports). Set this to 0\n# to retain job results in the database indefinitely.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#job_retention\njobRetention: 90\n\n# Enable custom logging. Please see the Django documentation for detailed\n# guidance on configuring custom logs:\n# https://docs.djangoproject.com/en/1.11/topics/logging/\nlogging: {}\n\n# Automatically reset the lifetime of a valid session upon each authenticated\n# request. Enables users to remain authenticated to NetBox indefinitely.\nloginPersistence: false\n\n# Setting this to True will permit only authenticated users to access any part\n# of NetBox. By default, anonymous users are permitted to access most data in\n# NetBox but not make any changes.\nloginRequired: false\n\n# The length of time (in seconds) for which a user will remain logged into the\n# web UI before being prompted to re-authenticate.\n# Default value 1209600 is 14 days\nloginTimeout: 1209600\n\n# The view name or URL to which users are redirected after logging out.\nlogoutRedirectUrl: home\n\n# Setting this to True will display a \"maintenance mode\" banner at the top of\n# every page. Setting this to null will allow to manage maintenance mode from\n# the web interface.\nmaintenanceMode: false\n\n# The URL to use when mapping physical addresses or GPS coordinates\nmapsUrl: \"https://maps.google.com/?q=\"\n\n# An API consumer can request an arbitrary number of objects by appending the\n# \"limit\" parameter to the URL (e.g. \"?limit=1000\"). This setting defines the\n# maximum limit. Setting it to 0 or None will allow an API consumer to request\n# all objects by specifying \"?limit=0\".\nmaxPageSize: 1000\n\n## The backend storage engine for handling uploaded files such as image\n## attachments and custom scripts. NetBox integrates with the\n## django-storages and django-storage-swift libraries, which provide backends\n## for several popular file storage services. If not configured, local\n## filesystem storage will be used.\n## Note these values are not stored securely. If the configuration must be\n## setup in a more secure way, a propor Secret can be used with extraEnvVarsSecret.\n## ref: https://netboxlabs.com/docs/netbox/en/stable/configuration/system/#storages\n## e.g:\n## storages:\n## default:\n## BACKEND: \"django.core.files.storage.FileSystemStorage\"\n## scripts:\n## BACKEND: \"storages.backends.s3.S3Storage\"\n## OPTIONS:\n## access_key: \"access key\"\n## secret_key: \"secret key\"\nstorages: {}\n\n# Determine how many objects to display per page within a list. (Default: 50)\npaginateCount: 50\n\n# Enable installed plugins. Add the name of each plugin to the list.\nplugins: []\n\n# Plugins configuration settings. These settings are used by various plugins\n# that the user may have installed. Each key in the dictionary is the name of\n# an installed plugin and its value is a dictionary of settings.\npluginsConfig: {}\n\n# The default value for the amperage field when creating new power feeds.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_amperage\npowerFeedDefaultAmperage: 15\n\n# The default value (percentage) for the max_utilization field when creating\n# new power feeds.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_max_utilization\npowerFeedMaxUtilisation: 80\n\n# The default value for the voltage field when creating new power feeds.\n# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_voltage\npowerFeedDefaultVoltage: 120\n\n# When determining the primary IP address for a device, IPv6 is preferred over\n# IPv4 by default. Set this to True to prefer IPv4 instead.\npreferIPv4: false\n\n# Rack elevation size defaults, in pixels. For best results, the ratio of width\n# to height should be roughly 10:1.\nrackElevationDefaultUnitHeight: 22\nrackElevationDefaultUnitWidth: 220\n\n# Remote authentication support\nremoteAuth:\n enabled: false\n backends:\n - netbox.authentication.RemoteUserBackend\n header: HTTP_REMOTE_USER\n userFirstName: HTTP_REMOTE_USER_FIRST_NAME\n userLastName: HTTP_REMOTE_USER_LAST_NAME\n userEmail: HTTP_REMOTE_USER_EMAIL\n autoCreateUser: false\n autoCreateGroups: false\n defaultGroups: []\n defaultPermissions: {}\n groupSyncEnabled: false\n groupHeader: HTTP_REMOTE_USER_GROUP\n superuserGroups: []\n superusers: []\n staffGroups: []\n staffUsers: []\n groupSeparator: \"|\"\n\n # The following options are specific for backend \"netbox.authentication.LDAPBackend\"\n # you can use an existing netbox secret with \"ldap_bind_password\" instead of \"bindPassword\"\n # see https://django-auth-ldap.readthedocs.io\n ldap:\n # serverUri: ldap://example.com\n serverUri: \"\"\n startTls: true\n ignoreCertErrors: false\n caCertDir: \"\"\n caCertData: \"\"\n # bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com\n bindDn: \"\"\n bindPassword: \"\"\n userDnTemplate: \"\"\n # userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com\n userSearchBaseDn: \"\"\n userSearchAttr: sAMAccountName\n # groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com\n groupSearchBaseDn: \"\"\n groupSearchClass: group\n groupType: GroupOfNamesType\n # requireGroupDn:\n # - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com\n # - CN=Domain Admins,CN=Users,DC=example,dc=com\n requireGroupDn: []\n # isAdminDn:\n # - CN=Domain Admins,CN=Users,DC=example,dc=com\n isAdminDn: []\n # isSuperUserDn:\n # - CN=Domain Admins,CN=Users,DC=example,dc=com\n isSuperUserDn: []\n findGroupPerms: true\n mirrorGroups: true\n mirrorGroupsExcept: []\n cacheTimeout: 3600\n attrFirstName: givenName\n attrLastName: sn\n attrMail: mail\n\nreleaseCheck:\n # This repository is used to check whether there is a new release of NetBox\n # available. Set to null to disable the version check or use the URL below to\n # check for release in the official NetBox repository.\n # url: https://api.github.com/repos/netbox-community/netbox/releases\n url: \"\"\n\n# Maximum execution time for background tasks, in seconds.\n# Default value 300 is 5 minutes\nrqDefaultTimeout: 300\n\n# The name to use for the session cookie.\nsessionCookieName: sessionid\n\n# Localization\nenableLocalization: false\n\n# Time zone (default: UTC)\ntimeZone: UTC\n\n# Date/time formatting. See the following link for supported formats:\n# https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date\ndateFormat: \"N j, Y\"\nshortDateFormat: \"Y-m-d\"\ntimeFormat: \"g:i a\"\nshortTimeFormat: \"H:i:s\"\ndateTimeFormat: \"N j, Y g:i a\"\nshortDateTimeFormat: \"Y-m-d H:i\"\n\n## Extra configuration settings\n# You can pass additional YAML files to be loaded into NetBox's configuration.\n# These can be passed as arbitrary configuration values set in the chart, or\n# you can load arbitrary *.yaml keys from ConfigMaps and Secrets.\n# extraConfig:\n# - values:\n# EXTRA_SETTING_ONE: example\n# ANOTHER_SETTING: foobar\n# - configMap: # pod.spec.volumes.configMap\n# name: netbox-extra\n# items: []\n# optional: false\n# - secret: # same as pod.spec.volumes.secret\n# secretName: netbox-extra\n# items: []\n# optional: false\nextraConfig: []\n\n# If provided, this should be a 50+ character string of random characters. It\n# will be randomly generated if left blank.\n# You can also use an existing secret with \"secret_key\" instead of \"secretKey\"\n# See `existingSecret` for details\nsecretKey: \"\"\n\n# API token peppers used for v2 API token HMAC signing.\n# https://netboxlabs.com/docs/netbox/configuration/required-parameters/#api_token_peppers\n# Keys must be integers (0-32767), values must be 50+ character random strings.\n# If empty, one pepper (key 1) will be auto-generated and preserved across upgrades.\n# New tokens always use the highest-numbered pepper. To rotate, add a new\n# higher-numbered entry; do NOT remove old entries or existing tokens will break.\n# You can also use an existing secret with \"api_token_peppers\" instead.\n# See `existingSecret` for details.\n# apiTokenPeppers:\n# 1: \"<50+ random characters>\"\n# 2: \"<50+ random characters>\"\napiTokenPeppers: {}\n\n## Provide passwords using existing secret\n# If set, this Secret must contain the following keys:\n# - secret_key: session encryption token (50+ random characters)\n# It may optionally contain:\n# - api_token_peppers: JSON object mapping integer pepper IDs to 50+ char strings,\n# e.g. {\"1\": \"abcdef...\"}. Keys may be integers or strings (converted at runtime).\nexistingSecret: \"\"\n\n## @section Deployment parameters\n\n## @param command Override default container command (useful when using custom images)\n##\ncommand: []\n## @param args Override default container args (useful when using custom images)\n##\nargs: []\n\n## @param replicaCount Number of replicas to deploy\n## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1\n##\nreplicaCount: 1\n## Enable persistence using Persistent Volume Claims\n## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/\n## @param persistence.enabled Enable persistence using PVC\n## @param persistence.storageClass PVC Storage Class for volume\n## @param persistence.accessMode PVC Access Mode for volume\n## @param persistence.size PVC Storage Request for volume\n## @param persistence.subPath Existing claim's subPath to use, e.g. \"media\" (optional)\n## @param persistence.existingClaim Name of an existing PVC to be used\n## @param persistence.annotations Annotations to add to the PVC\n##\npersistence:\n enabled: true\n ## Data Persistent Volume Storage Class\n ## If defined, storageClassName: \n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n storageClass: \"\"\n subPath: \"\"\n accessMode: ReadWriteOnce\n size: 1Gi\n existingClaim: \"\"\n annotations: {}\n## Enable reports persistence using Persistent Volume Claims\n## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/\n## @param reportsPersistence.enabled Enable reports persistence using PVC\n## @param reportsPersistence.storageClass PVC Storage Class for volume\n## @param reportsPersistence.accessMode PVC Access Mode for volume\n## @param reportsPersistence.size PVC Storage Request for volume\n## @param reportsPersistence.subPath Existing claim's subPath to use, e.g. \"media\" (optional)\n## @param reportsPersistence.existingClaim Name of an existing PVC to be used\n## @param reportsPersistence.annotations Annotations to add to the PVC\n##\nreportsPersistence:\n enabled: false\n existingClaim: \"\"\n subPath: \"\"\n ## Data Persistent Volume Storage Class\n ## If defined, storageClassName: \n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n storageClass: \"\"\n accessMode: ReadWriteOnce\n size: 1Gi\n annotations: {}\n## Enable scripts persistence using Persistent Volume Claims\n## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/\n## @param scriptsPersistence.enabled Enable reports persistence using PVC\n## @param scriptsPersistence.storageClass PVC Storage Class for volume\n## @param scriptsPersistence.accessMode PVC Access Mode for volume\n## @param scriptsPersistence.size PVC Storage Request for volume\n## @param scriptsPersistence.subPath Existing claim's subPath to use, e.g. \"media\" (optional)\n## @param scriptsPersistence.existingClaim Name of an existing PVC to be used\n## @param scriptsPersistence.annotations Annotations to add to the PVC\n##\nscriptsPersistence:\n enabled: false\n existingClaim: \"\"\n subPath: \"\"\n ## Data Persistent Volume Storage Class\n ## If defined, storageClassName: \n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n storageClass: \"\"\n accessMode: ReadWriteOnce\n size: 1Gi\n annotations: {}\n## @param updateStrategy.type Deployment strategy type\n## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters\n## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods\n## e.g:\n## updateStrategy:\n## type: RollingUpdate\n## rollingUpdate:\n## maxSurge: 25%\n## maxUnavailable: 25%\n##\nupdateStrategy:\n type: RollingUpdate\n## Pods Service Account\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n## @param serviceAccount.create Specifies whether a ServiceAccount should be created\n## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.\n## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account\n## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.\n##\nserviceAccount:\n create: true\n annotations: {}\n name: \"\"\n automountServiceAccountToken: false\n## Role Based Access\n## ref: https://kubernetes.io/docs/admin/authorization/rbac/\n##\nrbac:\n ## @param rbac.create Specifies whether RBAC resources should be created\n ##\n create: true\n ## @param rbac.rules Custom RBAC rules to set\n ## e.g:\n ## rules:\n ## - apiGroups:\n ## - \"\"\n ## resources:\n ## - pods\n ## verbs:\n ## - get\n ## - list\n ##\n rules: []\n## @param hostAliases [array] Add deployment host aliases\n## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/\n##\nhostAliases: []\n## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`\n## e.g:\n## extraVolumes:\n## - name: kv-ca\n## secret:\n## secretName: kv-ca\n##\nextraVolumes: []\n## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.\n## e.g:\n## extraVolumeMounts:\n## - name: kv-ca\n## mountPath: /tmp/kv-ca\n## subPath: kv_ca\n## readOnly: true\n##\nextraVolumeMounts: []\n## @param sidecars Add additional sidecar containers to the pod\n## e.g:\n## sidecars:\n## - name: your-image-name\n## image: your-image\n## imagePullPolicy: Always\n## ports:\n## - name: portname\n## containerPort: 1234\n##\nsidecars: []\n## @param initContainers Add additional init containers to the pods\n## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\n## e.g:\n## initContainers:\n## - name: your-image-name\n## image: your-image\n## imagePullPolicy: Always\n## command: ['sh', '-c', 'echo \"init\"']\n##\ninitContainers: []\n## @param podLabels Extra labels for pods\n## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/\n##\npodLabels: {}\n## @param podAnnotations Annotations for pods\n## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/\n##\npodAnnotations: {}\n## @param affinity Affinity for pod assignment\n## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set\n##\naffinity: {}\n## @param nodeSelector Node labels for pod assignment\n## ref: https://kubernetes.io/docs/user-guide/node-selection/\n##\nnodeSelector: {}\n## @param tolerations Tolerations for pod assignment\n## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n##\ntolerations: []\n## @param priorityClassName Pods' priorityClassName\n##\npriorityClassName: \"\"\n## @param schedulerName Name of the k8s scheduler (other than default) for pods\n## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/\n##\nschedulerName: \"\"\n## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully\n## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods\n##\nterminationGracePeriodSeconds:\n## @param topologySpreadConstraints Topology Spread Constraints for pod assignment\n## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n## The value is evaluated as a template.\n## e.g:\n## topologySpreadConstraints:\n## - maxSkew: 1\n## topologyKey: topology.kubernetes.io/zone\n## whenUnsatisfiable: DoNotSchedule\n## labelSelector:\n## matchLabels:\n## \"app.kubernetes.io/component\": netbox\n## \"app.kubernetes.io/name\": netbox\n##\ntopologySpreadConstraints: []\n## @section Pod disruption budget\n## Configure PodDisruptionBudget for NetBox web pods\n## @param pdb.enabled Enable PodDisruptionBudget for NetBox web pods\n## @param pdb.minAvailable Minimum number/percentage of pods that must be available\n## @param pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable\n## If neither minAvailable nor maxUnavailable is set, a sensible default is applied:\n## - Single replica: minAvailable: 1\n## - Multiple replicas or HPA enabled: minAvailable: 50%\n##\npdb:\n enabled: false\n minAvailable: \"\"\n maxUnavailable: \"\"\n## Container's resource requests and limits\n## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/\n## We usually recommend not to specify default resources and to leave this as a conscious\n## choice for the user. This also increases chances charts run on environments with little\n## resources, such as Minikube. If you do want to specify resources, uncomment the following\n## lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).\n## This is ignored if resources is set (resources is recommended for production).\n## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n##\nresourcesPreset: \"medium\"\n## Containers' resource requests and limits\n## ref: https://kubernetes.io/docs/user-guide/compute-resources/\n## @param resources.limits The resources limits for the container\n## @param resources.requests [object] The requested resources for the container\n## Example:\n## resources:\n## requests:\n## cpu: 2\n## memory: 512Mi\n## limits:\n## cpu: 3\n## memory: 1024Mi\n##\nresources: {}\n## Configure Pods Security Context\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod\n## @param podSecurityContext.enabled Enable pods' Security Context\n## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy\n## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface\n## @param podSecurityContext.supplementalGroups Set filesystem extra groups\n## @param podSecurityContext.fsGroup Pods' group ID\n##\npodSecurityContext:\n enabled: true\n fsGroupChangePolicy: Always\n sysctls: []\n supplementalGroups: []\n fsGroup: 1000\n## Configure Container Security Context (only main container)\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container\n## @param securityContext.enabled Enabled containers' Security Context\n## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n## @param securityContext.runAsUser Set containers' Security Context runAsUser\n## @param securityContext.runAsGroup Set containers' Security Context runAsGroup\n## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot\n## @param securityContext.privileged Set container's Security Context privileged\n## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem\n## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation\n## @param securityContext.capabilities.drop List of capabilities to be dropped\n## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile\n##\nsecurityContext:\n enabled: true\n seLinuxOptions: {}\n runAsUser: 1000\n runAsGroup: 1000\n runAsNonRoot: true\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n capabilities:\n drop: [\"ALL\"]\n seccompProfile:\n type: \"RuntimeDefault\"\n## @param automountServiceAccountToken Mount Service Account token in pod\n##\nautomountServiceAccountToken: false\n## Configure extra options for liveness probe\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes\n## @param livenessProbe.enabled Enable livenessProbe\n## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe\n## @param livenessProbe.periodSeconds Period seconds for livenessProbe\n## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe\n## @param livenessProbe.failureThreshold Failure threshold for livenessProbe\n## @param livenessProbe.successThreshold Success threshold for livenessProbe\n##\nlivenessProbe:\n enabled: true\n initialDelaySeconds: 0\n periodSeconds: 10\n timeoutSeconds: 1\n failureThreshold: 3\n successThreshold: 1\n## Configure extra options for readiness probe\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes\n## @param readinessProbe.enabled Enable readinessProbe\n## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe\n## @param readinessProbe.periodSeconds Period seconds for readinessProbe\n## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe\n## @param readinessProbe.failureThreshold Failure threshold for readinessProbe\n## @param readinessProbe.successThreshold Success threshold for readinessProbe\n##\nreadinessProbe:\n enabled: true\n initialDelaySeconds: 0\n periodSeconds: 10\n timeoutSeconds: 1\n failureThreshold: 3\n successThreshold: 1\n## Configure extra options for startupProbe probe\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes\n## @param startupProbe.enabled Enable startupProbe\n## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe\n## @param startupProbe.periodSeconds Period seconds for startupProbe\n## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe\n## @param startupProbe.failureThreshold Failure threshold for startupProbe\n## @param startupProbe.successThreshold Success threshold for startupProbe\n##\nstartupProbe:\n enabled: true\n initialDelaySeconds: 5\n periodSeconds: 10\n timeoutSeconds: 1\n failureThreshold: 100\n successThreshold: 1\n## @param customLivenessProbe Override default liveness probe for containers\n##\ncustomLivenessProbe: {}\n## @param customReadinessProbe Override default readiness probe for containers\n##\ncustomReadinessProbe: {}\n## @param customStartupProbe Override default startup probe for containers\n##\ncustomStartupProbe: {}\n## @param lifecycleHooks for containers to automate configuration before or after startup\n##\nlifecycleHooks: {}\n## @param extraEnvs Extra environment variables to be set on containers\n## E.g:\n## extraEnvs:\n## - name: FOO\n## valueFrom:\n## secretKeyRef:\n## key: FOO\n## name: secret-resource\nextraEnvs: []\n## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers\n##\nextraEnvVarsCM: \"\"\n## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers\n##\nextraEnvVarsSecret: \"\"\n\n## Configure revision history limit for deployments\n## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy\nrevisionHistoryLimit: 10\n\n## @section Traffic Exposure Parameters\n\n## Service parameters\n## @param service.type Kubernetes Service type\n## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)\n## @param service.loadBalancerIP loadBalancerIP for the service (optional, cloud specific)\n## @param service.loadBalancerClass Load Balancer class (optional, cloud specific)\n## @param service.nodePort Kubernetes node port\n## @param service.externalTrafficPolicy Enable client source IP preservation\n## @param service.clusterIP Service Cluster IP\n## @param service.annotations Additional custom annotations for Matomo service\n##\nservice:\n annotations: {}\n type: ClusterIP\n port: 80\n ## nodePort: \n ##\n nodePort: \"\"\n clusterIP: \"\"\n externalTrafficPolicy: Cluster\n loadBalancerIP: \"\"\n ## e.g:\n ## loadBalancerSourceRanges:\n ## - 0.0.0.0/0\n ##\n loadBalancerSourceRanges: []\n loadBalancerClass: \"\"\n externalIPs: []\n clusterIPs: []\n ipFamilyPolicy: \"\"\n ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin\n ## Values: ClientIP or None\n ## ref: https://kubernetes.io/docs/concepts/services-networking/service/\n ##\n sessionAffinity: None\n ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity\n ## sessionAffinityConfig:\n ## clientIP:\n ## timeoutSeconds: 300\n ##\n sessionAffinityConfig: {}\n\n## Configure the ingress resource that allows you to access the app\n## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/\n##\ningress:\n ## @param ingress.enabled Enable ingress record generation\n ##\n enabled: false\n ## @param ingress.pathType Ingress Path type\n ##\n pathType: ImplementationSpecific\n ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)\n ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .\n ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/\n ##\n className: \"\"\n ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.\n ## Use this parameter to set the required annotations for cert-manager, see\n ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations\n ##\n ## e.g:\n ## annotations:\n ## kubernetes.io/ingress.class: traefik\n ## cert-manager.io/cluster-issuer: cluster-issuer-name\n ##\n annotations: {}\n hosts:\n - host: chart-example.local\n paths:\n # You can manually specify the service name and service port if\n # required. This could be useful if for example you are using the AWS\n # ALB Ingress Controller and want to set up automatic SSL redirect.\n # https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#redirect-traffic-from-http-to-https\n # - path: /*\n # backend:\n # serviceName: ssl-redirect\n # servicePort: use-annotation\n #\n # Or you can let the template set it for you.\n # Both types of rule can be combined.\n # NB: You may also want to set the basePath above\n - /\n\n tls: []\n # - secretName: chart-example-tls\n # hosts:\n # - chart-example.local\n\n## Configure the HTTPRoute resource that allows you to access the app using Gateway API\n## ref: https://gateway-api.sigs.k8s.io/api-types/httproute/\n##\nhttpRoute:\n ## @param httpRoute.enabled Enable HTTPRoute resource generation\n ##\n enabled: false\n ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource\n ##\n annotations: {}\n ## @param httpRoute.parentRefs References to the parent Gateway(s)\n ## e.g:\n ## parentRefs:\n ## - name: my-gateway\n ## namespace: gateway-namespace\n ## sectionName: https\n ##\n parentRefs: []\n ## @param httpRoute.hostnames Hostnames that the HTTPRoute should match\n ## e.g:\n ## hostnames:\n ## - netbox.example.com\n ##\n hostnames: []\n ## @param httpRoute.filters Optional filters to apply to the route\n ## e.g:\n ## filters:\n ## - type: RequestHeaderModifier\n ## requestHeaderModifier:\n ## add:\n ## - name: X-Custom-Header\n ## value: custom-value\n ##\n filters: []\n\n## @section Metrics parameters\n\n## Prometheus Exporter / Metrics\n##\nmetrics:\n ## @param Enable Granian metrics.\n granian:\n enabled: true\n ## Prometheus Operator ServiceMonitor configuration\n ##\n serviceMonitor:\n ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)\n ##\n enabled: false\n ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels\n ##\n honorLabels: false\n ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## interval: 10s\n ##\n interval: \"\"\n ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## scrapeTimeout: 10s\n ##\n scrapeTimeout: \"\"\n ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics\n ##\n metricRelabelings: []\n ## @param metrics.serviceMonitor.relabelings Specify general relabeling\n ##\n relabelings: []\n ## @param metrics.serviceMonitor.selector Prometheus instance selector labels\n ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration\n ## selector:\n ## prometheus: my-prometheus\n ##\n selector: {}\n additionalLabels: {}\n ## @param metrics.enabled Enable the export of Prometheus metrics\n ##\n enabled: false\n ## Prometheus Operator ServiceMonitor configuration\n ##\n serviceMonitor:\n ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)\n ##\n enabled: false\n ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels\n ##\n honorLabels: false\n ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## interval: 10s\n ##\n interval: \"\"\n ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## scrapeTimeout: 10s\n ##\n scrapeTimeout: \"\"\n ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics\n ##\n metricRelabelings: []\n ## @param metrics.serviceMonitor.relabelings Specify general relabeling\n ##\n relabelings: []\n ## @param metrics.serviceMonitor.selector Prometheus instance selector labels\n ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration\n ## selector:\n ## prometheus: my-prometheus\n ##\n selector: {}\n additionalLabels: {}\n\n## @section Databases parameters\n\n## PostgreSQL chart configuration\n## https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml\n##\npostgresql:\n ## @param postgresql.enabled Whether to deploy a PostgreSQL server to satisfy the applications database requirements\n ## To use an external database set this to false and configure the externalDatabase parameters\n ##\n enabled: true\n auth:\n username: netbox\n database: netbox\n\n## External database configuration\n## @param externalDatabase.host Host of the existing database\n## @param externalDatabase.port Port of the existing database\n## @param externalDatabase.username Existing username in the external db\n## @param externalDatabase.password Password for the above username\n## @param externalDatabase.database Name of the existing database\n## @param externalDatabase.existingSecretName Name of a secret containing the database credentials\n## @param externalDatabase.existingSecretKey Key of a secret containing the database credentials\n##\nexternalDatabase:\n host: localhost\n port: 5432\n database: netbox\n username: netbox\n password: \"\"\n existingSecretName: \"\"\n existingSecretKey: postgresql-password\n\n # The following settings also apply when using the bundled PostgreSQL chart:\n engine: django.db.backends.postgresql\n connMaxAge: 300\n disableServerSideCursors: false\n ## @param externalDatabase.options Additional PostgreSQL client parameters\n ## Ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS\n ##\n options:\n sslmode: \"prefer\"\n target_session_attrs: \"read-write\"\n\n## Additional databases configuration\n## @param additionalDatabases.*.host Host of the existing database\n## @param additionalDatabases.*.port Port of the existing database\n## @param additionalDatabases.*.username Existing username in the external db\n## @param additionalDatabases.*.password Password for the above username\n## @param additionalDatabases.*.database Name of the existing database\n## e.g:\n## additionalDatabases:\n## external2:\n## host: localhost\n## port: 5432\n## database: netbox\n## username: netbox\n## password: \"\"\n## engine: django.db.backends.postgresql\n## connMaxAge: 300\n## disableServerSideCursors: false\n## options:\n## sslmode: \"prefer\"\n## target_session_attrs: \"read-write\"\n##\nadditionalDatabases: {}\n\n## Valkey chart configuration\n## https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml\n## @param valkey.enabled Whether to deploy a Valkey server to satisfy the applications database requirements\n##\nvalkey:\n enabled: true\n sentinel:\n enabled: false\n primarySet: netbox-kv\n auth:\n # Sentinel auth is disabled by default, as Netbox does not support configuring SENTINEL_KWARGS.\n sentinel: false\n\ntasksDatabase:\n database: 0\n ssl: false\n insecureSkipTlsVerify: false\n # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers\n caCertPath: \"\"\n\n # Used only when valkey.enabled is false. host and port are not used if\n # sentinels are given.\n host: netbox-kv\n port: 6379\n sentinels: []\n # - mysentinel:26379\n sentinelService: netbox-kv\n sentinelTimeout: 300\n username: \"\"\n password: \"\"\n existingSecretName: \"\"\n existingSecretKey: tasks-password\n\ncachingDatabase:\n database: 1\n ssl: false\n insecureSkipTlsVerify: false\n # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers\n caCertPath: \"\"\n\n # Used only when valkey.enabled is false. host and port are not used if\n # sentinels are given.\n host: netbox-kv\n port: 6379\n sentinels: []\n # - mysentinel:26379\n sentinelService: netbox-kv\n sentinelTimeout: 300\n username: \"\"\n password: \"\"\n existingSecretName: \"\"\n existingSecretKey: cache-password\n\n## @section Autoscaling parameters\n\n## Autoscaling configuration\n## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/\n## @param autoscaling.enabled Enable Horizontal POD autoscaling\n## @param autoscaling.minReplicas Minimum number of replicas\n## @param autoscaling.maxReplicas Maximum number of replicas\n## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage\n## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage\n## @param autoscaling.behavior.scaleUp.stabilizationWindowSeconds Scale-up stabilization window in seconds\n## @param autoscaling.behavior.scaleUp.selectPolicy Policy selection for scale-up (Max|Min|Disabled)\n## @param autoscaling.behavior.scaleUp.policies List of scale-up policies [{type,value,periodSeconds}]\n## @param autoscaling.behavior.scaleDown.stabilizationWindowSeconds Scale-down stabilization window in seconds\n## @param autoscaling.behavior.scaleDown.selectPolicy Policy selection for scale-down (Max|Min|Disabled)\n## @param autoscaling.behavior.scaleDown.policies List of scale-down policies [{type,value,periodSeconds}]\n##\nautoscaling:\n enabled: false\n minReplicas: 1\n maxReplicas: 100\n targetCPUUtilizationPercentage: 80\n targetMemoryUtilizationPercentage: null\n behavior: {}\n # scaleUp:\n # stabilizationWindowSeconds: 0\n # selectPolicy: Max\n # policies:\n # - type: Percent\n # value: 100\n # periodSeconds: 60\n # scaleDown:\n # stabilizationWindowSeconds: 300\n # selectPolicy: Max\n # policies:\n # - type: Percent\n # value: 100\n # periodSeconds: 60\n\n## @section Volume permissions parameters\n\n## Init Container parameters\n## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup'\n## values from the securityContext section.\n##\ninit:\n ## @param init.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry\n ## @param init.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name\n ## @param init.image.tag Init container volume-permissions image tag\n ## @param init.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag\n ## @param init.image.pullPolicy Init container volume-permissions image pull policy\n ## @param init.image.pullSecrets Specify docker-registry secret names as an array\n ##\n image:\n registry: docker.io\n repository: busybox\n tag: 1.37.0\n digest: \"\"\n ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'\n ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images\n ##\n pullPolicy: IfNotPresent\n ## Optionally specify an array of imagePullSecrets.\n ## Secrets must be manually created in the namespace.\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n ## e.g:\n ## pullSecrets:\n ## - myRegistryKeySecretName\n ##\n pullSecrets: []\n ## Init container resource requests and limits\n ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/\n ## @param init.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production).\n ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n ##\n resourcesPreset: \"nano\"\n ## @param init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)\n ## Example:\n ## resources:\n ## requests:\n ## cpu: 2\n ## memory: 512Mi\n ## limits:\n ## cpu: 3\n ## memory: 1024Mi\n ##\n resources: {}\n ## Init container' Security Context\n ## Note: the chown of the data folder is done to securityContext.runAsUser\n ## and not the below init.securityContext.runAsUser\n ## @param init.securityContext.enabled Enabled containers' Security Context\n ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n ## @param init.securityContext.runAsUser User ID for the init container\n ## @param init.securityContext.runAsGroup Group ID for the init container\n ## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container\n ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container\n ##\n securityContext:\n enabled: true\n seLinuxOptions: {}\n seccompProfile:\n type: RuntimeDefault\n capabilities:\n drop:\n - ALL\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n runAsNonRoot: true\n runAsUser: 1000\n runAsGroup: 1000\n\n## @section Test parameters\n\ntest:\n ## @param test.image.registry [default: REGISTRY_NAME] test container volume-permissions image registry\n ## @param test.image.repository [default: REPOSITORY_NAME/os-shell] test container volume-permissions image name\n ## @param test.image.tag test container volume-permissions image tag\n ## @param test.image.digest test container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag\n ## @param test.image.pullPolicy test container volume-permissions image pull policy\n ## @param test.image.pullSecrets Specify docker-registry secret names as an array\n ##\n image:\n registry: docker.io\n repository: busybox\n tag: 1.37.0\n digest: \"\"\n ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'\n ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images\n ##\n pullPolicy: IfNotPresent\n ## Optionally specify an array of imagePullSecrets.\n ## Secrets must be manually created in the namespace.\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n ## e.g:\n ## pullSecrets:\n ## - myRegistryKeySecretName\n ##\n pullSecrets: []\n ## test container resource requests and limits\n ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/\n ## @param test.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if test.resources is set (test.resources is recommended for production).\n ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n ##\n resourcesPreset: \"nano\"\n ## @param test.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)\n ## Example:\n ## resources:\n ## requests:\n ## cpu: 2\n ## memory: 512Mi\n ## limits:\n ## cpu: 3\n ## memory: 1024Mi\n ##\n resources: {}\n ## test container' Security Context\n ## Note: the chown of the data folder is done to securityContext.runAsUser\n ## and not the below test.securityContext.runAsUser\n ## @param test.securityContext.enabled Enabled containers' Security Context\n ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n ## @param test.securityContext.runAsUser User ID for the test container\n ## @param test.securityContext.runAsGroup Group ID for the test container\n ## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container\n ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container\n ##\n securityContext:\n enabled: false\n seLinuxOptions: {}\n seccompProfile:\n type: RuntimeDefault\n capabilities:\n drop:\n - ALL\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n runAsNonRoot: true\n runAsUser: 1000\n runAsGroup: 1000\n\n## @section Cron housekeeping job parameters\n\n## Configuration of Cron settings\n##\nhousekeeping:\n ## @param housekeeping.enabled Enable housekeeping job\n ##\n enabled: true\n ## @param housekeeping.schedule Schedule in Cron format to save snapshots\n ## See https://en.wikipedia.org/wiki/Cron\n ##\n schedule: \"0 0 * * *\"\n ## @param housekeeping.timezone Set time zone for cron job\n ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones\n ##\n timezone: \"\"\n ## @param housekeeping.historyLimit Number of successful finished jobs to retain\n ##\n successfulJobsHistoryLimit: 5\n ## @param housekeeping.failedHistoryLimit Number of failed finished jobs to retain\n ##\n failedJobsHistoryLimit: 5\n ## @param housekeeping.command The command to execute in the housekeeping job\n ## To append another command, e.g. in order to shut down a DB sidecar container, use something like\n ## - /bin/bash\n ## - -c\n ## - >\n ## /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping\n ## && curl -X POST http://localhost:9190/quitquitquit\"\n ##\n command:\n - /opt/netbox/venv/bin/python\n - /opt/netbox/netbox/manage.py\n - housekeeping\n ## @param housekeeping.args Override default housekeeping args\n ##\n args: []\n ## @param housekeeping.podAnnotations Pod annotations\n ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/\n ##\n podAnnotations: {}\n ## K8s Security Context for Housekeeping Cronjob pods\n ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n ## @param housekeeping.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods\n ## @param housekeeping.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy\n ## @param housekeeping.podSecurityContext.sysctls Set kernel settings using the sysctl interface\n ## @param housekeeping.podSecurityContext.supplementalGroups Set filesystem extra groups\n ## @param housekeeping.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem\n ##\n podSecurityContext:\n enabled: true\n fsGroup: 1000\n fsGroupChangePolicy: Always\n sysctls: []\n supplementalGroups: []\n ## K8s Security Context for Housekeeping Cronjob containers\n ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n ## @param housekeeping.securityContext.enabled Enabled containers' Security Context\n ## @param housekeeping.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n ## @param housekeeping.securityContext.runAsUser Set containers' Security Context runAsUser\n ## @param housekeeping.securityContext.runAsGroup Set containers' Security Context runAsGroup\n ## @param housekeeping.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot\n ## @param housekeeping.securityContext.privileged Set container's Security Context privileged\n ## @param housekeeping.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem\n ## @param housekeeping.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation\n ## @param housekeeping.securityContext.capabilities.drop List of capabilities to be dropped\n ## @param housekeeping.securityContext.seccompProfile.type Set container's Security Context seccomp profile\n securityContext:\n enabled: true\n seLinuxOptions: {}\n seccompProfile:\n type: \"RuntimeDefault\"\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n runAsNonRoot: true\n runAsUser: 1000\n runAsGroup: 1000\n ## @param housekeeping.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).\n ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n ##\n resourcesPreset: \"none\"\n ## @param housekeeping.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)\n ## Example:\n ## resources:\n ## requests:\n ## cpu: 2\n ## memory: 512Mi\n ## limits:\n ## cpu: 3\n ## memory: 1024Mi\n ##\n resources: {}\n ## @param housekeeping.readOnlyPersistence Whether to mount media, script, and report directories as read-only\n ##\n readOnlyPersistence: false\n ## @param housekeeping.extraEnvs Extra environment variables to be set on containers\n ## E.g:\n ## extraEnvs:\n ## - name: FOO\n ## valueFrom:\n ## secretKeyRef:\n ## key: FOO\n ## name: secret-resource\n extraEnvs: []\n ## @param housekeeping.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for housekeeping containers\n ##\n extraEnvVarsCM: \"\"\n ## @param housekeeping.extraEnvVarsSecret Name of existing Secret containing extra env vars for housekeeping containers\n ##\n extraEnvVarsSecret: \"\"\n ## @param housekeeping.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`\n ## e.g:\n ## extraVolumes:\n ## - name: kv-ca\n ## secret:\n ## secretName: kv-ca\n ##\n extraVolumes: []\n ## @param housekeeping.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.\n ## e.g:\n ## extraVolumeMounts:\n ## - name: kv-ca\n ## mountPath: /tmp/kv-ca\n ## subPath: kv_ca\n ## readOnly: true\n ##\n extraVolumeMounts: []\n ## @param housekeeping.sidecars Add additional sidecar containers to the pod\n ## e.g:\n ## sidecars:\n ## - name: your-image-name\n ## image: your-image\n ## imagePullPolicy: Always\n ## ports:\n ## - name: portname\n ## containerPort: 1234\n ##\n sidecars: []\n ## @param housekeeping.initContainers Add additional init containers to the pods\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\n ## e.g:\n ## initContainers:\n ## - name: your-image-name\n ## image: your-image\n ## imagePullPolicy: Always\n ## command: ['sh', '-c', 'echo \"init\"']\n ##\n initContainers: []\n ## @param housekeeping.affinity Housekeeping™ Affinity for housekeeping pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set\n ##\n affinity: {}\n ## @param housekeeping.nodeSelector Housekeeping™ Node labels for housekeeping pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/\n ##\n nodeSelector: {}\n ## @param housekeeping.tolerations Housekeeping™ Tolerations for housekeeping pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n ##\n tolerations: []\n ## @param housekeeping.podLabels Extra labels for pods\n ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/\n ##\n podLabels: {}\n ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod\n ##\n automountServiceAccountToken: false\n concurrencyPolicy: Forbid\n restartPolicy: OnFailure\n suspend: false\n\n## @section Worker for Netbox parameters\n\n## Worker for Netbox\n## Only required for Netbox Jobs, e.g. Webhooks\n##\nworker:\n ## @param worker.enabled Enable worker job\n ##\n enabled: true\n ## @param worker.command The command to execute in the worker container\n ##\n command:\n - /opt/netbox/venv/bin/python\n - /opt/netbox/netbox/manage.py\n - rqworker\n ## @param worker.args Override worker container args\n ##\n args: []\n ## @param worker.replicaCount Number of replicas to deploy\n ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1\n ##\n replicaCount: 1\n ## Configure PodDisruptionBudget for worker pods\n ## @param worker.pdb.enabled Enable PodDisruptionBudget for worker pods\n ## @param worker.pdb.minAvailable Minimum number/percentage of pods that must be available\n ## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable\n ## If neither minAvailable nor maxUnavailable is set, a sensible default is applied:\n ## - Single replica: minAvailable: 1\n ## - Multiple replicas or HPA enabled: minAvailable: 50%\n pdb:\n enabled: false\n minAvailable: \"\"\n maxUnavailable: \"\"\n ## @param worker.podLabels Extra labels for pods\n ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/\n ##\n podLabels: {}\n ## @param worker.podAnnotations Pod annotations\n ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/\n ##\n podAnnotations: {}\n ## K8s Security Context for worker pods\n ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n ## @param worker.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods\n ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy\n ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface\n ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups\n ## @param worker.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem\n ##\n podSecurityContext:\n enabled: true\n fsGroup: 1000\n fsGroupChangePolicy: Always\n sysctls: []\n supplementalGroups: []\n ## K8s Security Context for worker containers\n ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n ## @param worker.securityContext.enabled Enabled containers' Security Context\n ## @param worker.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n ## @param worker.securityContext.runAsUser Set containers' Security Context runAsUser\n ## @param worker.securityContext.runAsGroup Set containers' Security Context runAsGroup\n ## @param worker.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot\n ## @param worker.securityContext.privileged Set container's Security Context privileged\n ## @param worker.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem\n ## @param worker.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation\n ## @param worker.securityContext.capabilities.drop List of capabilities to be dropped\n ## @param worker.securityContext.seccompProfile.type Set container's Security Context seccomp profile\n securityContext:\n enabled: true\n seLinuxOptions: {}\n seccompProfile:\n type: \"RuntimeDefault\"\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n runAsNonRoot: true\n runAsUser: 1000\n runAsGroup: 1000\n ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).\n ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n ##\n resourcesPreset: \"none\"\n ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)\n ## Example:\n ## resources:\n ## requests:\n ## cpu: 2\n ## memory: 512Mi\n ## limits:\n ## cpu: 3\n ## memory: 1024Mi\n ##\n resources: {}\n ## @param worker.readOnlyPersistence Whether to mount media, script, and report directories as read-only\n ##\n readOnlyPersistence: false\n ## @param worker.automountServiceAccountToken Mount Service Account token in pod\n ##\n automountServiceAccountToken: true\n ## @param worker.affinity Affinity for worker pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set\n ##\n affinity: {}\n ## @param worker.nodeSelector Node labels for worker pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/\n ##\n nodeSelector: {}\n ## @param worker.tolerations Tolerations for worker pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n ##\n tolerations: []\n ## @param worker.priorityClassName Pods' priorityClassName\n ##\n priorityClassName: \"\"\n ## @param worker.schedulerName Name of the k8s scheduler (other than default) for pods\n ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/\n ##\n schedulerName: \"\"\n ## @param worker.terminationGracePeriodSeconds Seconds pods need to terminate gracefully\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods\n ##\n terminationGracePeriodSeconds:\n ## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment\n ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n ## The value is evaluated as a template.\n ## e.g:\n ## topologySpreadConstraints:\n ## - maxSkew: 1\n ## topologyKey: topology.kubernetes.io/zone\n ## whenUnsatisfiable: DoNotSchedule\n ## labelSelector:\n ## matchLabels:\n ## \"app.kubernetes.io/component\": netbox\n ## \"app.kubernetes.io/name\": netbox\n ##\n topologySpreadConstraints: []\n ## @param worker.hostAliases [array] Add deployment host aliases\n ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/\n ##\n hostAliases: []\n ## @param worker.updateStrategy.type Deployment strategy type\n ## @param worker.updateStrategy.rollingUpdate Deployment rolling update configuration parameters\n ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods\n ## e.g:\n ## updateStrategy:\n ## type: RollingUpdate\n ## rollingUpdate:\n ## maxSurge: 25%\n ## maxUnavailable: 25%\n ##\n updateStrategy:\n type: RollingUpdate\n ## Autoscaling configuration\n ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/\n ## @param worker.autoscaling.enabled Enable Horizontal POD autoscaling\n ## @param worker.autoscaling.minReplicas Minimum number of replicas\n ## @param worker.autoscaling.maxReplicas Maximum number of replicas\n ## @param worker.autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage\n ## @param worker.autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage\n ## @param worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds Scale-up stabilization window in seconds\n ## @param worker.autoscaling.behavior.scaleUp.selectPolicy Policy selection for scale-up (Max|Min|Disabled)\n ## @param worker.autoscaling.behavior.scaleUp.policies List of scale-up policies [{type,value,periodSeconds}]\n ## @param worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds Scale-down stabilization window in seconds\n ## @param worker.autoscaling.behavior.scaleDown.selectPolicy Policy selection for scale-down (Max|Min|Disabled)\n ## @param worker.autoscaling.behavior.scaleDown.policies List of scale-down policies [{type,value,periodSeconds}]\n ##\n autoscaling:\n enabled: false\n minReplicas: 1\n maxReplicas: 100\n targetCPUUtilizationPercentage: 80\n targetMemoryUtilizationPercentage: null\n behavior: {}\n # scaleUp:\n # stabilizationWindowSeconds: 0\n # selectPolicy: Max\n # policies:\n # - type: Percent\n # value: 100\n # periodSeconds: 60\n # scaleDown:\n # stabilizationWindowSeconds: 300\n # selectPolicy: Max\n # policies:\n # - type: Percent\n # value: 100\n # periodSeconds: 60\n ## @param worker.extraEnvs Extra environment variables to be set on containers\n ## E.g:\n ## extraEnvs:\n ## - name: FOO\n ## valueFrom:\n ## secretKeyRef:\n ## key: FOO\n ## name: secret-resource\n extraEnvs: []\n ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers\n ##\n extraEnvVarsCM: \"\"\n ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers\n ##\n extraEnvVarsSecret: \"\"\n ## @param worker.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`\n ## e.g:\n ## extraVolumes:\n ## - name: kv-ca\n ## secret:\n ## secretName: kv-ca\n ##\n extraVolumes: []\n ## @param worker.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.\n ## e.g:\n ## extraVolumeMounts:\n ## - name: kv-ca\n ## mountPath: /tmp/kv-ca\n ## subPath: kv_ca\n ## readOnly: true\n ##\n extraVolumeMounts: []\n ## @param worker.sidecars Add additional sidecar containers to the pod\n ## e.g:\n ## sidecars:\n ## - name: your-image-name\n ## image: your-image\n ## imagePullPolicy: Always\n ## ports:\n ## - name: portname\n ## containerPort: 1234\n ##\n sidecars: []\n ## @param worker.initContainers Add additional init containers to the pods\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\n ## e.g:\n ## initContainers:\n ## - name: your-image-name\n ## image: your-image\n ## imagePullPolicy: Always\n ## command: ['sh', '-c', 'echo \"init\"']\n ##\n initContainers: []\n ## Init containers parameters:\n ## wait-for-backend: Wait for NetBox backend before running workers\n ##\n waitForBackend:\n ## @param waitForBackend.enabled Wait for NetBox backend before running workers\n ##\n enabled: true\n ## @param waitForBackend.image.registry [default: REGISTRY_NAME] Init container wait-for-backend image registry\n ## @param waitForBackend.image.repository [default: REPOSITORY_NAME/kubectl] Init container wait-for-backend image name\n ## @param waitForBackend.image.tag Init container wait-for-backend image tag\n ## @param waitForBackend.image.digest Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag\n ## @param waitForBackend.image.pullPolicy Init container wait-for-backend image pull policy\n ## @param waitForBackend.image.pullSecrets Specify docker-registry secret names as an array\n ##\n image:\n registry: docker.io\n repository: rancher/kubectl\n tag: v1.36.0\n digest: \"\"\n ## Specify a imagePullPolicy\n ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images\n ##\n pullPolicy: IfNotPresent\n ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n ## Example:\n ## pullSecrets:\n ## - myRegistryKeySecretName\n ##\n pullSecrets: []\n ## @param waitForBackend.command The command to execute in the wait-for-backend container\n ##\n command:\n - /bin/kubectl\n ## @param waitForBackend.args Override wait-for-backend container args\n ##\n args:\n - rollout\n - status\n - deployment\n - \"$(DEPLOYMENT_NAME)\"\n ## waitForBackend containers' Security Context (init container).\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container\n ## @param waitForBackend.containerSecurityContext.enabled Enabled containers' Security Context\n ## @param waitForBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n ## @param waitForBackend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser\n ## @param waitForBackend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup\n ## @param waitForBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot\n ## @param waitForBackend.containerSecurityContext.privileged Set container's Security Context privileged\n ## @param waitForBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem\n ## @param waitForBackend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation\n ## @param waitForBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped\n ## @param waitForBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile\n ##\n containerSecurityContext:\n enabled: true\n seLinuxOptions: {}\n runAsUser: 1001\n runAsGroup: 1001\n runAsNonRoot: true\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n capabilities:\n drop: [\"ALL\"]\n seccompProfile:\n type: \"RuntimeDefault\"\n ## Init container resource requests and limits.\n ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/\n ## We usually recommend not to specify default resources and to leave this as a conscious\n ## choice for the user. This also increases chances charts run on environments with little\n ## resources, such as Minikube. If you do want to specify resources, uncomment the following\n ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n ## @param waitForBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackend.resources is set (waitForBackend.resources is recommended for production).\n ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n ##\n resourcesPreset: \"nano\"\n ## @param waitForBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)\n ## Example:\n ## resources:\n ## requests:\n ## cpu: 2\n ## memory: 512Mi\n ## limits:\n ## cpu: 3\n ## memory: 1024Mi\n ##\n resources: {}\n" }, { "path": "charts/netbox-operator/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n\n# OWNERS file for Kubernetes\nOWNERS\n# example production yaml\nvalues-production.yaml\n# ci files\nci/\n" }, { "path": "charts/netbox-operator/Chart.yaml", "content": "apiVersion: v2\nname: netbox-operator\nversion: 1.2.65\n# renovate: image=ghcr.io/netbox-community/netbox-operator\nappVersion: \"0.2.51\"\ntype: application\nkubeVersion: ^1.25.0-0\ndescription: Operator to manage NetBox resources directly through Kubernetes\nhome: https://netbox.dev/\nicon: https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg\nsources:\n - https://github.com/netbox-community/netbox-operator\n - https://github.com/netbox-community/netbox-chart\nmaintainers:\n - name: netbox-community\n url: https://github.com/netbox-community\ndependencies:\n - name: common\n repository: oci://registry-1.docker.io/bitnamicharts\n version: ^2.38.0\n tags:\n - bitnami-common\n - name: netbox\n version: ^8.2.6\n repository: oci://ghcr.io/netbox-community/netbox-chart\n condition: netbox.enabled\nannotations:\n artifacthub.io/license: Apache-2.0\n artifacthub.io/links: |\n - name: Upstream Project\n url: https://github.com/netbox-community/netbox-operator\n artifacthub.io/changes: |\n - kind: changed\n description: New release\n links:\n - name: Changelog on GitHub Releases\n url: https://github.com/netbox-community/netbox-chart/releases?q=netbox-operator-\n" }, { "path": "charts/netbox-operator/README.md", "content": "# NetBox Operator\n\n[Operator](https://github.com/netbox-community/netbox-operator) to manage [NetBox](https://netbox.dev) resources directly through Kubernetes.\n\n## TL;DR\n\n```shell\nhelm install netbox-operator oci://ghcr.io/netbox-community/netbox-chart/netbox-operator\n```\n\n## Prerequisites\n\n- Kubernetes [1.25+](https://kubernetes.io/releases/)\n- Helm [3.10+](https://helm.sh/docs/topics/version_skew/)\n- NetBox [4.0+](https://netboxlabs.com/docs/netbox/en/stable/release-notes/)\n\n> [!warning]\n> NetBox Operator requires additional NetBox configuration.\n> A custom field (by default `netboxOperatorRestorationHash`) must be added before operator installation.\n\n## Installing the Chart\n\nTo install the chart with the release name `my-release` and default configuration:\n\n```shell\nhelm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox-operator\n```\n\n## Configuration\n\nThe configurable parameters for this chart and their default values are listed on the [`values.yaml`](./values.yaml) file.\n\n## License\n\nThis project is licensed under [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0).\n" }, { "path": "charts/netbox-operator/ci/default-values.yaml", "content": "https: true\n" }, { "path": "charts/netbox-operator/crds/ipaddressclaims.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: ipaddressclaims.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: IpAddressClaim\n listKind: IpAddressClaimList\n plural: ipaddressclaims\n shortNames:\n - ipc\n singular: ipaddressclaim\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .status.ipAddress\n name: IpAddress\n type: string\n - jsonPath: .status.conditions[?(@.type==\"IPAssigned\")].status\n name: IpAssigned\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description: |-\n IpAddressClaim allows to claim a NetBox IP Address from an existing Prefix.\n The IpAddressClaim Controller will try to assign an available IP Address\n from the Prefix that is defined in the spec and if successful it will create\n the IpAddress CR. More info about NetBox IP Addresses:\n https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: IpAddressClaimSpec defines the desired state of IpAddressClaim\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n parentPrefix:\n description: |-\n The NetBox Prefix from which this IP Address should be claimed from\n Field is immutable, required\n Example: \"192.168.0.0/20\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'parentPrefix' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - parentPrefix\n type: object\n status:\n description: IpAddressClaimStatus defines the observed state of IpAddressClaim\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n ipAddress:\n description: The assigned IP Address in CIDR notation\n type: string\n ipAddressDotDecimal:\n description: The assigned IP Address in Dot Decimal notation\n type: string\n ipAddressName:\n description:\n The name of the IpAddress CR created by the IpAddressClaim\n Controller\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/crds/ipaddresses.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: ipaddresses.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: IpAddress\n listKind: IpAddressList\n plural: ipaddresses\n shortNames:\n - ip\n singular: ipaddress\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .spec.ipAddress\n name: IpAddress\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .status.id\n name: ID\n type: string\n - jsonPath: .status.url\n name: URL\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description:\n \"IpAddress allows to create a NetBox IP Address. More info about\n NetBox IP Addresses: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md\"\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: IpAddressSpec defines the desired state of IpAddress\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n ipAddress:\n description: |-\n The IP Address in CIDR notation that should be reserved in NetBox\n Field is immutable, required\n Example: \"192.168.0.1/32\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'ipAddress' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - ipAddress\n type: object\n status:\n description: IpAddressStatus defines the observed state of IpAddress\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n id:\n description: The ID of the resource in NetBox\n format: int64\n type: integer\n url:\n description: |-\n The URL to the resource in the NetBox UI. Note that the base of this\n URL depends on the runtime config of NetBox Operator\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/crds/iprangeclaims.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: iprangeclaims.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: IpRangeClaim\n listKind: IpRangeClaimList\n plural: iprangeclaims\n shortNames:\n - iprc\n singular: iprangeclaim\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .status.ipRange\n name: IpRange\n type: string\n - jsonPath: .status.conditions[?(@.type==\"IPRangeAssigned\")].status\n name: IpRangeAssigned\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description: |-\n IpRangeClaim allows to claim a NetBox IP Range from an existing Prefix.\n The IpRangeClaim Controller will try to assign an available IP Range\n from the Prefix that is defined in the spec and if successful it will create\n the IpRange CR. More info about NetBox IP Ranges:\n https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/iprange.md\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: IpRangeClaimSpec defines the desired state of IpRangeClaim\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n parentPrefix:\n description: |-\n The NetBox Prefix from which this IP Range should be claimed from\n Field is immutable, required\n Example: \"192.168.0.0/20\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'parentPrefix' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n size:\n description: |-\n The amount of consecutive IP Addresses you wish to reserve.\n Currently only sizes up to 50 are supported due to pagination of the\n NetBox API. In practice, this might be even lower depending on the\n fragmentation of the parent prefix.\n Field is immutable, required, range from 2-50\n maximum: 50\n minimum: 2\n type: integer\n x-kubernetes-validations:\n - message: Field 'size' is immutable\n rule: self == oldSelf\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - parentPrefix\n - size\n type: object\n status:\n description: IpRangeClaimStatus defines the observed state of IpRangeClaim\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n endAddress:\n description: The last IP Addresses in CIDR notation\n type: string\n endAddressDotDecimal:\n description: The last IP Addresses in Dot Decimal notation\n type: string\n ipAddressName:\n description:\n The name of the IpRange CR created by the IpRangeClaim\n Controller\n type: string\n ipAddresses:\n description: The full list of IP Addresses in CIDR notation\n items:\n type: string\n type: array\n ipAddressesDotDecimal:\n description: The full list of IP Addresses in Dot Decimal notation\n items:\n type: string\n type: array\n ipRange:\n description: The assigned IP Range in CIDR notation (e.g. 192.168.0.1/32-192.168.0.123/32)\n type: string\n ipRangeDotDecimal:\n description: The assigned IP Range in Dot Decimal notation (e.g. 192.168.0.1-192.168.0.123)\n type: string\n startAddress:\n description: The first IP Addresses in CIDR notation\n type: string\n startAddressDotDecimal:\n description: The first IP Addresses in Dot Decimal notation\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/crds/ipranges.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: ipranges.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: IpRange\n listKind: IpRangeList\n plural: ipranges\n shortNames:\n - ipr\n singular: iprange\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .spec.startAddress\n name: StartAddress\n type: string\n - jsonPath: .spec.endAddress\n name: EndAddress\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .status.id\n name: ID\n type: string\n - jsonPath: .status.url\n name: URL\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description:\n \"IpRange allows to create a NetBox IP Range. More info about\n NetBox IP Ranges: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/iprange.md\"\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: IpRangeSpec defines the desired state of IpRange\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n endAddress:\n description: |-\n The last IP in CIDR notation that should be included in the NetBox IP Range\n Field is immutable, required\n Example: \"192.168.0.20/32\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'endAddress' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n startAddress:\n description: |-\n The first IP in CIDR notation that should be included in the NetBox IP Range\n Field is immutable, required\n Example: \"192.168.0.1/32\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'startAddress' is immutable\n rule: self == oldSelf\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - endAddress\n - startAddress\n type: object\n status:\n description: IpRangeStatus defines the observed state of IpRange\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n id:\n description: The ID of the resource in NetBox\n format: int64\n type: integer\n url:\n description: |-\n The URL to the resource in the NetBox UI. Note that the base of this\n URL depends on the runtime config of NetBox Operator\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/crds/prefixclaims.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: prefixclaims.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: PrefixClaim\n listKind: PrefixClaimList\n plural: prefixclaims\n shortNames:\n - pxc\n singular: prefixclaim\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .status.prefix\n name: Prefix\n type: string\n - jsonPath: .status.conditions[?(@.type==\"PrefixAssigned\")].status\n name: PrefixAssigned\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description: |-\n PrefixClaim allows to claim a NetBox Prefix from an existing Prefix\n (parentPrefix) or a dynamically selected Prefix (parentPrefixSelector).\n The PrefixClaim Controller will try to assign an available Prefix from\n the Prefix that is defined in the spec and if successful it will create\n the Prefix CR. More info about NetBox IP Addresses:\n https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: PrefixClaimSpec defines the desired state of PrefixClaim\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n parentPrefix:\n description: |-\n The NetBox Prefix from which this Prefix should be claimed from\n Field is immutable, required (`parentPrefix` and `parentPrefixSelector` are mutually exclusive)\n Example: \"192.168.0.0/20\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'parentPrefix' is immutable\n rule: self == oldSelf\n parentPrefixSelector:\n additionalProperties:\n type: string\n description: |-\n The `parentPrefixSelector` is a key-value map, where all the entries are of data type `` The map contains a set of query conditions for selecting a set of prefixes that can be used as the parent prefix The query conditions will be chained by the AND operator, and exact match of the keys and values will be performed The built-in fields `tenant`, `site`, and `family`, along with custom fields, can be used. Note that since the key value pairs in this map are used to generate the URL for the query in NetBox, this also supports non-Text Custom Field types. For more information, please see ParentPrefixSelectorGuide.md\n Field is immutable, required (`parentPrefix` and `parentPrefixSelector` are mutually exclusive)\n Example:\n customfield1: \"Production\"\n family: \"IPv4\"\n type: object\n x-kubernetes-validations:\n - message: Field 'parentPrefixSelector' is immutable\n rule: self == oldSelf\n - rule:\n \"!has(self.family) || (self.family == 'IPv4' || self.family\n == 'IPv6')\"\n prefixLength:\n description: |-\n The desired prefix length of your Prefix using slash notation. Example: `/24` for an IPv4 Prefix or `/64` for an IPv6 Prefix\n Field is immutable, required\n Example: \"/24\"\n pattern: ^\\/[0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]$\n type: string\n x-kubernetes-validations:\n - message: Field 'prefixLength' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n site:\n description: |-\n The NetBox Site to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"DM-Buffalo\"\n type: string\n x-kubernetes-validations:\n - message: Field 'site' is immutable\n rule: self == oldSelf\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - prefixLength\n type: object\n x-kubernetes-validations:\n - message: Site is required once set\n rule: \"!has(oldSelf.site) || has(self.site)\"\n - rule:\n (!has(self.parentPrefix) && has(self.parentPrefixSelector)) ||\n (has(self.parentPrefix) && !has(self.parentPrefixSelector))\n status:\n description: PrefixClaimStatus defines the observed state of PrefixClaim\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n parentPrefix:\n description: |-\n Due to the fact that the parentPrefix can be specified directly in\n `.spec.parentPrefix` or selected from `.spec.parentPrefixSelector`,\n we use this field to store exactly which parent prefix we are using\n for all subsequent reconcile loop calls.\n type: string\n prefix:\n description: The assigned Prefix in CIDR notation\n type: string\n prefixName:\n description:\n The name of the Prefix CR created by the PrefixClaim\n Controller\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/crds/prefixes.yaml", "content": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.16.4\n name: prefixes.netbox.dev\nspec:\n group: netbox.dev\n names:\n kind: Prefix\n listKind: PrefixList\n plural: prefixes\n shortNames:\n - px\n singular: prefix\n scope: Namespaced\n versions:\n - additionalPrinterColumns:\n - jsonPath: .spec.prefix\n name: Prefix\n type: string\n - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n name: Ready\n type: string\n - jsonPath: .status.id\n name: ID\n type: string\n - jsonPath: .status.url\n name: URL\n type: string\n - jsonPath: .metadata.creationTimestamp\n name: Age\n type: date\n name: v1\n schema:\n openAPIV3Schema:\n description:\n \"Prefix allows to create a NetBox Prefix. More info about NetBox\n Prefixes: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/prefix.md\"\n properties:\n apiVersion:\n description: |-\n APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\n type: string\n kind:\n description: |-\n Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\n type: string\n metadata:\n type: object\n spec:\n description: PrefixSpec defines the desired state of Prefix\n properties:\n comments:\n description: |-\n Comment that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n customFields:\n additionalProperties:\n type: string\n description: |-\n The NetBox Custom Fields that should be added to the resource in NetBox.\n Note that currently only Text Type is supported (GitHub #129)\n More info on NetBox Custom Fields:\n https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md\n Field is mutable, not required\n Example:\n customfield1: \"Production\"\n customfield2: \"This is a string\"\n type: object\n description:\n description: |-\n Description that should be added to the resource in NetBox\n Field is mutable, not required\n type: string\n prefix:\n description: |-\n The Prefix in CIDR notation that should be reserved in NetBox\n Field is immutable, required\n Example: \"192.168.0.0/24\"\n format: cidr\n type: string\n x-kubernetes-validations:\n - message: Field 'prefix' is immutable\n rule: self == oldSelf\n preserveInNetbox:\n description: |-\n Defines whether the Resource should be preserved in NetBox when the\n Kubernetes Resource is deleted.\n - When set to true, the resource will not be deleted but preserved in\n NetBox upon CR deletion\n - When set to false, the resource will be cleaned up in NetBox\n upon CR deletion\n Setting preserveInNetbox to true is mandatory if the user wants to restore\n resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and\n recreated in Kubernetes)\n Field is mutable, not required\n type: boolean\n site:\n description: |-\n The NetBox Site to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n type: string\n x-kubernetes-validations:\n - message: Field 'site' is required once set\n rule: self == oldSelf || self != ''\n tenant:\n description: |-\n The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value\n Field is immutable, not required\n Example: \"Initech\" or \"Cyberdyne Systems\"\n type: string\n x-kubernetes-validations:\n - message: Field 'tenant' is immutable\n rule: self == oldSelf\n required:\n - prefix\n type: object\n x-kubernetes-validations:\n - message: Site is required once set\n rule: \"!has(oldSelf.site) || has(self.site)\"\n status:\n description: PrefixStatus defines the observed state of Prefix\n properties:\n conditions:\n description:\n Conditions represent the latest available observations\n of an object's state\n items:\n description:\n Condition contains details for one aspect of the current\n state of this API Resource.\n properties:\n lastTransitionTime:\n description: |-\n lastTransitionTime is the last time the condition transitioned from one status to another.\n This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.\n format: date-time\n type: string\n message:\n description: |-\n message is a human readable message indicating details about the transition.\n This may be an empty string.\n maxLength: 32768\n type: string\n observedGeneration:\n description: |-\n observedGeneration represents the .metadata.generation that the condition was set based upon.\n For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\n with respect to the current state of the instance.\n format: int64\n minimum: 0\n type: integer\n reason:\n description: |-\n reason contains a programmatic identifier indicating the reason for the condition's last transition.\n Producers of specific condition types may define expected values and meanings for this field,\n and whether the values are considered a guaranteed API.\n The value should be a CamelCase string.\n This field may not be empty.\n maxLength: 1024\n minLength: 1\n pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n type: string\n status:\n description: status of the condition, one of True, False, Unknown.\n enum:\n - \"True\"\n - \"False\"\n - Unknown\n type: string\n type:\n description: type of condition in CamelCase or in foo.example.com/CamelCase.\n maxLength: 316\n pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n type: string\n required:\n - lastTransitionTime\n - message\n - reason\n - status\n - type\n type: object\n type: array\n id:\n description: The ID of the resource in NetBox\n format: int64\n type: integer\n url:\n description: |-\n The URL to the resource in the NetBox UI. Note that the base of this\n URL depends on the runtime config of NetBox Operator\n type: string\n type: object\n type: object\n served: true\n storage: true\n subresources:\n status: {}\n" }, { "path": "charts/netbox-operator/templates/NOTES.txt", "content": "CHART NAME: {{ .Chart.Name }}\nCHART VERSION: {{ .Chart.Version }}\nAPP VERSION: {{ .Chart.AppVersion }}\n" }, { "path": "charts/netbox-operator/templates/_helpers.tpl", "content": "{{/* vim: set filetype=mustache: */}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"netbox-operator.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create }}\n {{- default (include \"common.names.fullname\" .) .Values.serviceAccount.name | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n {{- default \"default\" .Values.serviceAccount.name | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n{{- end }}\n\n{{/*\nName of the Secret that contains the NetBox API Token\n*/}}\n{{- define \"netbox-operator.netbox.secret\" -}}\n {{- if .Values.netbox.enabled }}\n {{- printf \"%s-%s\" (include \"common.names.dependency.fullname\" (dict \"chartName\" \"netbox\" \"chartValues\" .Values.netbox \"context\" .)) \"superuser\" | trunc 63 | trimSuffix \"-\" }}\n {{- else }}\n {{- include \"common.secrets.name\" (dict \"existingSecret\" .Values.auth.existingSecret \"defaultNameSuffix\" \"netbox-auth\" \"context\" .) }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox-operator/templates/clusterrole.yaml", "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nrules:\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n - apiGroups:\n - netbox.dev\n resources:\n - ipaddressclaims\n - ipaddresses\n - iprangeclaims\n - ipranges\n - prefixclaims\n - prefixes\n verbs:\n - create\n - delete\n - get\n - list\n - patch\n - update\n - watch\n - apiGroups:\n - netbox.dev\n resources:\n - ipaddressclaims/finalizers\n - ipaddresses/finalizers\n - iprangeclaims/finalizers\n - ipranges/finalizers\n - prefixclaims/finalizers\n - prefixes/finalizers\n verbs:\n - update\n - apiGroups:\n - netbox.dev\n resources:\n - ipaddressclaims/status\n - ipaddresses/status\n - iprangeclaims/status\n - ipranges/status\n - prefixclaims/status\n - prefixes/status\n verbs:\n - get\n - patch\n - update\n" }, { "path": "charts/netbox-operator/templates/clusterrolebinding.yaml", "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: {{ include \"common.names.fullname\" . }}\nsubjects:\n - kind: ServiceAccount\n name: {{ include \"netbox-operator.serviceAccountName\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n" }, { "path": "charts/netbox-operator/templates/deployment.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n app.kubernetes.io/component: netbox-operator\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n {{- if not .Values.autoscaling.enabled }}\n replicas: {{ .Values.replicaCount }}\n {{- end }}\n revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}\n selector:\n matchLabels: {{- include \"common.labels.matchLabels\" (dict \"customLabels\" .Values.podLabels \"context\" $) | nindent 6 }}\n app.kubernetes.io/component: netbox-operator\n {{- if .Values.updateStrategy }}\n strategy: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.updateStrategy \"context\" $) | nindent 4 }}\n {{- end }}\n template:\n metadata:\n {{- if .Values.podAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.podAnnotations \"context\" $ ) | nindent 8 }}\n {{- end }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.podLabels \"context\" $ ) | nindent 8 }}\n app.kubernetes.io/component: netbox-operator\n spec:\n {{- include \"common.images.renderPullSecrets\" (dict \"images\" (list .Values.image) \"context\" $) | nindent 6 }}\n serviceAccountName: {{ include \"netbox-operator.serviceAccountName\" . }}\n automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}\n {{- if .Values.podSecurityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.podSecurityContext \"context\" $) | nindent 8 }}\n {{- end }}\n containers:\n - name: {{ .Chart.Name }}\n image: {{ include \"common.images.image\" (dict \"imageRoot\" .Values.image \"global\" .Values.global \"chart\" .Chart) }}\n imagePullPolicy: {{ .Values.image.pullPolicy | quote }}\n {{- if .Values.securityContext.enabled }}\n securityContext: {{- include \"common.compatibility.renderSecurityContext\" (dict \"secContext\" .Values.securityContext \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.command }}\n command: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.command \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.args }}\n args: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.args \"context\" $) | nindent 12 }}\n {{- end }}\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: NETBOX_HOST\n {{- if .Values.netbox.enabled }}\n value: {{ include \"common.names.dependency.fullname\" (dict \"chartName\" \"netbox\" \"chartValues\" .Values.netbox \"context\" $) }}\n {{- else }}\n value: {{ .Values.host | quote }}\n {{- end }}\n - name: NETBOX_RESTORATION_HASH_FIELD_NAME\n value: {{ .Values.restorationHashFieldName | quote }}\n - name: HTTPS_ENABLE\n value: {{ .Values.https | quote }}\n - name: AUTH_TOKEN\n valueFrom:\n secretKeyRef:\n name: {{ include \"netbox-operator.netbox.secret\" $ }}\n key: api_token\n - name: DEBUG_ENABLE\n value: {{ .Values.debug | quote }}\n - name: CA_CERT\n value: {{ .Values.caCertPath | quote }}\n {{- if .Values.extraEnvVars }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvVars \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}\n envFrom:\n {{- if .Values.extraEnvVarsCM }}\n - configMapRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvVarsCM \"context\" $) }}\n {{- end }}\n {{- if .Values.extraEnvVarsSecret }}\n - secretRef:\n name: {{ include \"common.tplvalues.render\" (dict \"value\" .Values.extraEnvVarsSecret \"context\" $) }}\n {{- end }}\n {{- end }}\n ports:\n - name: http-metrics\n containerPort: 8080\n protocol: TCP\n - name: http-probe\n containerPort: 8081\n protocol: TCP\n {{- if .Values.extraContainerPorts }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraContainerPorts \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.livenessProbe.enabled }}\n livenessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" (omit .Values.livenessProbe \"enabled\") \"context\" $) | nindent 12 }}\n httpGet:\n path: /healthz\n port: http-probe\n {{- end }}\n {{- if .Values.readinessProbe.enabled }}\n readinessProbe: {{- include \"common.tplvalues.render\" (dict \"value\" (omit .Values.readinessProbe \"enabled\") \"context\" $) | nindent 12 }}\n httpGet:\n path: /readyz\n port: http-probe\n {{- end }}\n {{- if .Values.extraVolumeMounts }}\n volumeMounts: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraVolumeMounts \"context\" $) | nindent 12 }}\n {{- end }}\n {{- if .Values.resources }}\n resources: {{- toYaml .Values.resources | nindent 12 }}\n {{- else if ne .Values.resourcesPreset \"none\" }}\n resources: {{- include \"common.resources.preset\" (dict \"type\" .Values.resourcesPreset) | nindent 12 }}\n {{- end }}\n {{- if .Values.extraVolumes }}\n volumes: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.extraVolumes \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.nodeSelector }}\n nodeSelector: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.nodeSelector \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.affinity }}\n affinity: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.affinity \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.tolerations }}\n tolerations: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.tolerations \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.hostAliases }}\n hostAliases: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.hostAliases \"context\" $) | nindent 8 }}\n {{- end }}\n {{- if .Values.priorityClassName }}\n priorityClassName: {{ .Values.priorityClassName | quote }}\n {{- end }}\n {{- if .Values.schedulerName }}\n schedulerName: {{ .Values.schedulerName | quote }}\n {{- end }}\n {{- if .Values.topologySpreadConstraints }}\n topologySpreadConstraints: {{- include \"common.tplvalues.render\" (dict \"value\" .Values.topologySpreadConstraints \"context\" .) | nindent 8 }}\n {{- end }}\n {{- if .Values.terminationGracePeriodSeconds }}\n terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}\n {{- end }}\n" }, { "path": "charts/netbox-operator/templates/leaderelect/role.yaml", "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: {{ printf \"%s-leader-election\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - patch\n - delete\n - apiGroups:\n - coordination.k8s.io\n resources:\n - leases\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - patch\n - delete\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n" }, { "path": "charts/netbox-operator/templates/leaderelect/rolebinding.yaml", "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: {{ printf \"%s-leader-election\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: {{ printf \"%s-leader-election\" (include \"common.names.fullname\" .) | trunc 63 | trimSuffix \"-\" }}\nsubjects:\n{{- if .Values.serviceAccount.create }}\n - kind: ServiceAccount\n name: {{ include \"netbox-operator.serviceAccountName\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n{{- end }}\n" }, { "path": "charts/netbox-operator/templates/secret.yaml", "content": "{{- if not (or .Values.netbox.enabled .Values.auth.existingSecret) }}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"common.secrets.name\" (dict \"defaultNameSuffix\" \"netbox-auth\" \"context\" $) }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\ntype: Opaque\ndata:\n api_token: {{ .Values.auth.apiToken | b64enc | quote }}\n{{- end }}\n" }, { "path": "charts/netbox-operator/templates/serviceaccount.yaml", "content": "{{- if .Values.serviceAccount.create }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: {{ include \"netbox-operator.serviceAccountName\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" .Values.commonLabels \"context\" $ ) | nindent 4 }}\n {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}\n {{- $annotations := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) \"context\" . ) }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" $annotations \"context\" $) | nindent 4 }}\n {{- end }}\nautomountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}\n{{- end }}\n" }, { "path": "charts/netbox-operator/templates/servicemonitor.yaml", "content": "{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}\napiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: {{ include \"common.names.fullname\" . }}\n namespace: {{ include \"common.names.namespace\" . | quote }}\n {{- $labels := include \"common.tplvalues.merge\" ( dict \"values\" ( list .Values.metrics.serviceMonitor.additionalLabels .Values.commonLabels ) \"context\" . ) }}\n labels: {{- include \"common.labels.standard\" ( dict \"customLabels\" $labels \"context\" $ ) | nindent 4 }}\n {{- if .Values.commonAnnotations }}\n annotations: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.commonAnnotations \"context\" $ ) | nindent 4 }}\n {{- end }}\nspec:\n jobLabel: {{ include \"common.names.fullname\" . }}\n namespaceSelector:\n matchNames:\n - {{ include \"common.names.namespace\" . | quote }}\n selector:\n matchLabels:\n {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n {{- if .Values.metrics.serviceMonitor.selector }}\n {{- include \"common.tplvalues.render\" (dict \"value\" .Values.metrics.serviceMonitor.selector \"context\" $) | nindent 6 }}\n {{- end }}\n endpoints:\n - port: http-metrics\n scheme: https\n bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token\n path: /metrics\n {{- if .Values.metrics.serviceMonitor.interval }}\n interval: {{ .Values.metrics.serviceMonitor.interval }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}\n scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.honorLabels }}\n honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.metricRelabelings }}\n metricRelabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.serviceMonitor.metricRelabelings \"context\" $) | nindent 6 }}\n {{- end }}\n {{- if .Values.metrics.serviceMonitor.relabelings }}\n relabelings: {{- include \"common.tplvalues.render\" ( dict \"value\" .Values.metrics.serviceMonitor.relabelings \"context\" $) | nindent 6 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/netbox-operator/values.yaml", "content": "# Default values for NetBox Operator.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\n## @section Global parameters\n## Global container image parameters\n## Please, note that this will override the image parameters, including dependencies, configured to use the global value\n## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass\n\n## @param global.imageRegistry Global container image registry\n## @param global.imagePullSecrets Global container registry secret names as an array\n## @param global.storageClass Global StorageClass for Persistent Volume(s)\n##\nglobal:\n imageRegistry: \"\"\n ## E.g.\n ## imagePullSecrets:\n ## - myRegistryKeySecretName\n ##\n imagePullSecrets: []\n storageClass: \"\"\n\n## @section Common parameters\n\n## @param nameOverride String to partially override common.names.fullname\n##\nnameOverride: \"\"\n## @param fullnameOverride String to fully override common.names.fullname\n##\nfullnameOverride: \"\"\n## @param commonLabels Labels to add to all deployed objects\n##\ncommonLabels: {}\n## @param commonAnnotations Annotations to add to all deployed objects\n##\ncommonAnnotations: {}\n## @param clusterDomain Kubernetes cluster domain name\n##\nclusterDomain: cluster.local\n## @param extraDeploy Array of extra objects to deploy with the release\n## Example:\n## extraDeploy:\n## - |\n## apiVersion: v1\n## kind: ConfigMap\n## metadata:\n## name: sso-pipeline-roles\n## namespace: netbox\n## data:\n## sso_pipeline_roles.py: |\n## from netbox.authentication import Group\n## ...\n##\nextraDeploy: []\n\n## @section NetBox Operator Image parameters\n## @param image.registry Image registry\n## @param image.repository Image repository\n## @param image.tag Image tag\n## @param image.digest Image digest in the way sha256:aa...\n## @param image.pullPolicy MariaDB image pull policy\n## @param image.pullSecrets Specify docker-registry secret names as an array\n##\nimage:\n registry: ghcr.io\n repository: netbox-community/netbox-operator\n pullPolicy: IfNotPresent\n ## Defaults to '{{ .Chart.AppVersion }}'\n ##\n tag: \"\"\n ## If set, override the tag\n ##\n digest: \"\"\n ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n ## Example:\n ## pullSecrets:\n ## - myRegistryKeySecretName\n ##\n pullSecrets: []\n\n## @section NetBox Operator Configuration parameters\n\n## NetBox Operator settings based on environment variables\n# When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers\ncaCertPath: \"\"\nhost: \"\"\nhttps: false\nrestorationHashFieldName: \"\"\ndebug: false\n\nauth:\n apiToken: \"\"\n existingSecret: \"\"\n\nnetbox:\n enabled: false\n nameOverride: netbox-app\n\n## @section Deployment parameters\n\n## @param command Override default container command (useful when using custom images)\n##\ncommand:\n - /manager\n## @param args Override default container args (useful when using custom images)\n##\nargs:\n - --leader-elect\n\n## @param replicaCount Number of replicas to deploy\n## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1\n##\nreplicaCount: 1\n## @param updateStrategy.type Deployment strategy type\n## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters\n## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods\n## e.g:\n## updateStrategy:\n## type: RollingUpdate\n## rollingUpdate:\n## maxSurge: 25%\n## maxUnavailable: 25%\n##\nupdateStrategy:\n type: RollingUpdate\n## Pods Service Account\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created\n## @param master.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.\n## @param master.serviceAccount.automountServiceAccountToken Automount service account token for the server service account\n## @param master.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.\n##\nserviceAccount:\n create: true\n annotations: {}\n name: \"\"\n automountServiceAccountToken: true\n## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`\n## e.g:\n## extraVolumes:\n## - name: ca-cert\n## secret:\n## secretName: ca-cert\n##\nextraVolumes: []\n## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.\n## e.g:\n## extraVolumeMounts:\n## - name: ca-cert\n## mountPath: /tmp/ca.cert\n## subPath: ca-cert\n## readOnly: true\n##\nextraVolumeMounts: []\n## @param sidecars Add additional sidecar containers to the pod\n## e.g:\n## sidecars:\n## - name: your-image-name\n## image: your-image\n## imagePullPolicy: Always\n## ports:\n## - name: portname\n## containerPort: 1234\n##\nsidecars: []\n## @param initContainers Add additional init containers to the pods\n## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\n## e.g:\n## initContainers:\n## - name: your-image-name\n## image: your-image\n## imagePullPolicy: Always\n## command: ['sh', '-c', 'echo \"init\"']\n##\ninitContainers: []\n## @param podLabels Extra labels for pods\n## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/\n##\npodLabels: {}\n## @param podAnnotations Annotations for pods\n## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/\n##\npodAnnotations: {}\n## @param affinity Affinity for pod assignment\n## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set\n##\naffinity: {}\n## @param nodeSelector Node labels for pod assignment\n## ref: https://kubernetes.io/docs/user-guide/node-selection/\n##\nnodeSelector: {}\n## @param tolerations Tolerations for pod assignment\n## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n##\ntolerations: []\n## @param priorityClassName Pods' priorityClassName\n##\npriorityClassName: \"\"\n## @param schedulerName Name of the k8s scheduler (other than default) for pods\n## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/\n##\nschedulerName: \"\"\n## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully\n## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods\n##\nterminationGracePeriodSeconds: 10\n## @param topologySpreadConstraints Topology Spread Constraints for pod assignment\n## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n## The value is evaluated as a template.\n## e.g:\n## topologySpreadConstraints:\n## - maxSkew: 1\n## topologyKey: topology.kubernetes.io/zone\n## whenUnsatisfiable: DoNotSchedule\n## labelSelector:\n## matchLabels:\n## \"app.kubernetes.io/component\": netbox\n## \"app.kubernetes.io/name\": netbox\n##\ntopologySpreadConstraints: []\n## Container's resource requests and limits\n## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/\n## We usually recommend not to specify default resources and to leave this as a conscious\n## choice for the user. This also increases chances charts run on environments with little\n## resources, such as Minikube. If you do want to specify resources, uncomment the following\n## lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).\n## This is ignored if resources is set (resources is recommended for production).\n## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15\n##\nresourcesPreset: \"small\"\n## Containers' resource requests and limits\n## ref: https://kubernetes.io/docs/user-guide/compute-resources/\n## @param resources.limits The resources limits for the container\n## @param resources.requests [object] The requested resources for the container\n## Example:\n## resources:\n## requests:\n## cpu: 2\n## memory: 512Mi\n## limits:\n## cpu: 3\n## memory: 1024Mi\n##\nresources: {}\n## Configure Pods Security Context\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod\n## @param podSecurityContext.enabled Enable pods' Security Context\n## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy\n## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface\n## @param podSecurityContext.supplementalGroups Set filesystem extra groups\n## @param podSecurityContext.fsGroup Pods' group ID\n##\npodSecurityContext:\n enabled: true\n fsGroupChangePolicy: Always\n sysctls: []\n supplementalGroups: []\n fsGroup: 1000\n## Configure Container Security Context (only main container)\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container\n## @param securityContext.enabled Enabled containers' Security Context\n## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container\n## @param securityContext.runAsUser Set containers' Security Context runAsUser\n## @param securityContext.runAsGroup Set containers' Security Context runAsGroup\n## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot\n## @param securityContext.privileged Set container's Security Context privileged\n## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem\n## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation\n## @param securityContext.capabilities.drop List of capabilities to be dropped\n## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile\n##\nsecurityContext:\n enabled: true\n seLinuxOptions: {}\n runAsUser: 1000\n runAsGroup: 1000\n runAsNonRoot: true\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n capabilities:\n drop: [\"ALL\"]\n seccompProfile:\n type: \"RuntimeDefault\"\n## @param automountServiceAccountToken Mount Service Account token in pod\n##\nautomountServiceAccountToken: true\n## Configure extra options for liveness probe\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes\n## @param livenessProbe.enabled Enable livenessProbe\n## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe\n## @param livenessProbe.periodSeconds Period seconds for livenessProbe\n## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe\n## @param livenessProbe.failureThreshold Failure threshold for livenessProbe\n## @param livenessProbe.successThreshold Success threshold for livenessProbe\n##\nlivenessProbe:\n enabled: true\n initialDelaySeconds: 0\n periodSeconds: 10\n timeoutSeconds: 1\n failureThreshold: 3\n successThreshold: 1\n## Configure extra options for readiness probe\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes\n## @param readinessProbe.enabled Enable readinessProbe\n## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe\n## @param readinessProbe.periodSeconds Period seconds for readinessProbe\n## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe\n## @param readinessProbe.failureThreshold Failure threshold for readinessProbe\n## @param readinessProbe.successThreshold Success threshold for readinessProbe\n##\nreadinessProbe:\n enabled: true\n initialDelaySeconds: 0\n periodSeconds: 10\n timeoutSeconds: 1\n failureThreshold: 3\n successThreshold: 1\n## @param extraEnvVars Array with extra environment variables to add to containers\n## e.g:\n## extraEnvVars:\n## - name: FOO\n## value: \"bar\"\n##\nextraEnvVars: []\n## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers\n##\nextraEnvVarsCM: \"\"\n## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers\n##\nextraEnvVarsSecret: \"\"\n## Configure revision history limit for deployments\n## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy\nrevisionHistoryLimit: 10\n\n## @section Metrics parameters\n\n## Prometheus Exporter / Metrics\n##\nmetrics:\n ## @param metrics.enabled Enable the export of Prometheus metrics\n ##\n enabled: false\n ## Prometheus Operator ServiceMonitor configuration\n ##\n serviceMonitor:\n ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)\n ##\n enabled: false\n ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels\n ##\n honorLabels: false\n ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## interval: 10s\n ##\n interval: \"\"\n ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended\n ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint\n ## e.g:\n ## scrapeTimeout: 10s\n ##\n scrapeTimeout: \"\"\n ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics\n ##\n metricRelabelings: []\n ## @param metrics.serviceMonitor.relabelings Specify general relabeling\n ##\n relabelings: []\n ## @param metrics.serviceMonitor.selector Prometheus instance selector labels\n ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration\n ## selector:\n ## prometheus: my-prometheus\n ##\n selector: {}\n additionalLabels: {}\n\n## @section Autoscaling parameters\n\n## Autoscaling configuration\n## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/\n## @param autoscaling.enabled Enable Horizontal POD autoscaling\n## @param autoscaling.minReplicas Minimum number of replicas\n## @param autoscaling.maxReplicas Maximum number of replicas\n## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage\n## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage\n##\nautoscaling:\n enabled: false\n minReplicas: 1\n maxReplicas: 100\n targetCPUUtilizationPercentage: 80\n # targetMemoryUtilizationPercentage: 80\n" }, { "path": "config.yaml", "content": "owner: netbox-community\nrepo: netbox-chart\nremote: origin\ntarget-branch: main\nsign: true\nkey: builds@netboxlabs.com\nkeyring: ~/.cr-gpg/secring.gpg\nchart-dirs:\n - charts\nchart-repos:\n - bitnami=https://charts.bitnami.com/bitnami\nhelm-extra-args: \"--timeout 15m\"\ngenerate-release-notes: true\n" }, { "path": "pyproject.toml", "content": "[tool.black]\nline_length = 100\ntarget-version = [\"py38\"]\ninclude = '\\.pyi?$'\nexclude = '''\n(\n /(\n \\.git\n | \\.venv\n | \\.netbox\n | \\.vscode\n | configuration\n )/\n)\n'''\n\n[tool.isort]\nprofile = \"black\"\nmulti_line_output = 3\nline_length = 100\n\n[tool.pylint.main]\ndisable = [\n \"duplicate-code\",\n \"import-error\",\n \"possibly-used-before-assignment\",\n \"used-before-assignment\",\n \"undefined-variable\",\n]\n\n[tool.pylint.format]\nmax-line-length = \"100\"\n\n[tool.ruff.lint]\nignore = [\"F821\"]\n" } ]