Repository: bootc/netbox-chart Branch: main Commit: 96297979d1ba Files: 79 Total size: 416.2 KB Directory structure: gitextract_jmg13inm/ ├── .checkov.yaml ├── .editorconfig ├── .flake8 ├── .gitattributes ├── .github/ │ ├── FUNDING.yml │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.yml │ │ ├── config.yml │ │ └── feature_request.yml │ ├── dependabot.yml │ ├── renovate.json │ └── workflows/ │ ├── analysis.yml │ ├── auto-merge.yml │ ├── ci.yml │ ├── lint.yml │ ├── release.yml │ └── test.yml ├── .gitignore ├── .markdownlint.yaml ├── LICENSE ├── README.md ├── charts/ │ ├── netbox/ │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── ci/ │ │ │ ├── default-values.yaml │ │ │ ├── ingress-metrics-values.yaml │ │ │ └── ldap-values.yaml │ │ ├── docs/ │ │ │ ├── auth.md │ │ │ ├── extra.md │ │ │ ├── migrate.md │ │ │ └── prod.md │ │ ├── files/ │ │ │ ├── configuration.py │ │ │ └── ldap_config.py │ │ ├── templates/ │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── cronjob.yaml │ │ │ ├── deployment.yaml │ │ │ ├── extra-list.yaml │ │ │ ├── granian-servicemonitor.yaml │ │ │ ├── hpa.yaml │ │ │ ├── httproute.yaml │ │ │ ├── ingress.yaml │ │ │ ├── pdb.yaml │ │ │ ├── pvc.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── secret.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── servicemonitor.yaml │ │ │ ├── tests/ │ │ │ │ └── test-connection.yaml │ │ │ └── worker/ │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ └── pdb.yaml │ │ ├── values.schema.json │ │ └── values.yaml │ └── netbox-operator/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci/ │ │ └── default-values.yaml │ ├── crds/ │ │ ├── ipaddressclaims.yaml │ │ ├── ipaddresses.yaml │ │ ├── iprangeclaims.yaml │ │ ├── ipranges.yaml │ │ ├── prefixclaims.yaml │ │ └── prefixes.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── deployment.yaml │ │ ├── leaderelect/ │ │ │ ├── role.yaml │ │ │ └── rolebinding.yaml │ │ ├── secret.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── config.yaml └── pyproject.toml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .checkov.yaml ================================================ directory: - charts skip-path: - /\w+/charts evaluate-variables: true framework: - helm compact: true quiet: true soft-fail: true ================================================ FILE: .editorconfig ================================================ # editorconfig.org root = true [*] charset = utf-8 indent_style = space indent_size = 2 end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true [*.py] indent_size = 4 [*.md] trim_trailing_whitespace = false ================================================ FILE: .flake8 ================================================ [flake8] max-line-length = 100 extend-ignore = E203, W503 per-file-ignores = charts/netbox/files/*:E131,E251,E266,E302,E305,E501,E722,F821 ================================================ FILE: .gitattributes ================================================ # https://git-scm.com/docs/gitattributes # Auto detect text files and perform LF normalization * text=auto eol=lf # Collapse generated and vendored files on GitHub *.lock linguist-generated=true merge=ours # Reduce conflicts on markdown files *.md merge=union ================================================ FILE: .github/FUNDING.yml ================================================ # https://docs.github.com/articles/displaying-a-sponsor-button-in-your-repository github: - RangerRick - LeoColomb ================================================ FILE: .github/ISSUE_TEMPLATE/bug_report.yml ================================================ name: 🐛 Bug Report description: Create a report about a malfunction of the Helm chart setup labels: - bug body: - type: markdown attributes: value: | > [!NOTE] > This form is only for reporting _reproducible bugs_ in a current NetBox > installation **using its Helm chart**. > If you're looking for assistance with using NetBox, please visit our > [discussion forum](https://github.com/netbox-community/netbox/discussions) instead. > [!TIP] > Please don't open an issue to open a PR. Just submit the PR, that's good enough. - type: input id: chart-version attributes: label: The Helm chart version description: What version of the Helm chart are you running? placeholder: netbox-5.0.0 validations: required: true - type: textarea id: context-version attributes: label: Environment Versions description: What version of relevant tools are you using? render: text placeholder: | Kubernetes: 1.31 Helm: 3.12 FluxCD: 1.0 validations: required: true - type: textarea id: chart-values-yml attributes: label: Custom chart values description: Please provide your custom values (`values.yaml`) render: yaml placeholder: | remoteAuth: enabled: true backends: - netbox.authentication.RemoteUserBackend ingress: enabled: true validations: required: true - type: textarea id: current-behavior attributes: label: Current Behavior & Steps to Reproduce description: Please describe what you did and how you think it misbehaved placeholder: I tried to … by doing …, but it … validations: required: true - type: textarea id: expected-behavior attributes: label: Expected Behavior description: What did you expect to happen? placeholder: I expected that … when I do … validations: required: true - type: textarea id: netbox-logs attributes: label: NetBox Logs description: Please paste the output of the deploy Pod logs render: text placeholder: | netbox_1 | ⚙️ Applying database migrations netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py' netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py' netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py' netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py' netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py' ... validations: required: false ================================================ FILE: .github/ISSUE_TEMPLATE/config.yml ================================================ # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser blank_issues_enabled: false contact_links: - name: ❓ Question url: https://github.com/netbox-community/netbox/discussions about: The Github Discussions are the right place to ask questions about how to use or do certain things with NetBox. - name: 💬 Community Slack url: https://netdev.chat about: "Join #netbox-chart on the NetDev Community Slack for assistance with installation issues and other problems." ================================================ FILE: .github/ISSUE_TEMPLATE/feature_request.yml ================================================ name: ✨ Feature Request description: Propose a new NetBox feature or enhancement labels: - enhancement body: - type: markdown attributes: value: | > [!NOTE] > This form is only for submitting well-formed proposals to extend or modify > NetBox **Helm charts** in some way. > If you're trying to solve a problem but can't figure out how, or if > you still need time to work on the details of a proposed new feature, please start a > [discussion](https://github.com/netbox-community/netbox/discussions) instead. - type: textarea attributes: label: Proposed functionality description: | Describe in detail the new feature or behavior you are proposing. Include any specific changes to work flows, data models, and/or the user interface. The more detail you provide here, the greater chance your proposal has of being discussed. Feature requests which don't include an actionable implementation plan will be rejected. validations: required: true - type: textarea attributes: label: Use case description: | Explain how adding this functionality would benefit NetBox users when using its Helm chart. What need does it address? validations: required: true ================================================ FILE: .github/dependabot.yml ================================================ # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file version: 2 updates: - package-ecosystem: github-actions directory: "/" schedule: interval: daily ================================================ FILE: .github/renovate.json ================================================ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended", ":configMigration", ":disableDependencyDashboard", "customManagers:helmChartYamlAppVersions" ], "labels": ["dependencies"], "rangeStrategy": "bump", "packageRules": [ { "matchManagers": ["helmv3"], "versioning": "helm" }, { "matchFileNames": ["charts/**"], "bumpVersions": [ { "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"], "matchStrings": ["version:\\s(?[^\\s]+)"], "bumpType": "{{#if isMajor}}minor{{else}}patch{{/if}}" } ] }, { "matchUpdateTypes": ["!major"], "automerge": true } ], "kubernetes": { "managerFilePatterns": ["/^charts/.+\\.ya?ml$/"] }, "github-actions": { "enabled": false } } ================================================ FILE: .github/workflows/analysis.yml ================================================ # https://docs.github.com/actions name: Analysis on: push: branches: - main pull_request: branches: - main schedule: - cron: "43 2 * * 6" workflow_dispatch: jobs: checkov: name: Checkov runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write steps: - uses: actions/checkout@v6.0.2 - name: Run Checkov scanner id: checkov uses: bridgecrewio/checkov-action@master - name: Upload scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif ================================================ FILE: .github/workflows/auto-merge.yml ================================================ # https://docs.github.com/actions name: Auto-merge on: pull_request_target: workflow_call: permissions: pull-requests: write contents: write jobs: dependabot: name: Dependabot runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Dependabot metadata id: dependabot-metadata uses: dependabot/fetch-metadata@v3.1.0 - name: Approve a PR if: steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' run: gh pr review --approve "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} GITHUB_TOKEN: ${{ github.token }} - name: Enable auto-merge for Dependabot PRs run: gh pr merge --auto --rebase "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} GITHUB_TOKEN: ${{ github.token }} ================================================ FILE: .github/workflows/ci.yml ================================================ # yamllint disable rule:document-start # https://docs.github.com/actions name: CI on: push: branches: - main pull_request: branches: - main jobs: prepare: name: Prepare runs-on: ubuntu-latest outputs: changed: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Set up chart-testing uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config config.yaml) if [[ -n "$changed" ]]; then echo "changed=true" >> "$GITHUB_OUTPUT" fi test: name: Test if: needs.prepare.outputs.changed == 'true' needs: - prepare uses: ./.github/workflows/test.yml with: action-matrix: '["lint-and-install", "install --upgrade"]' secrets: inherit results: name: Status if: always() runs-on: ubuntu-latest needs: - prepare - test steps: - run: exit 1 if: >- ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} release: name: Release if: github.ref == 'refs/heads/main' uses: ./.github/workflows/release.yml permissions: contents: write packages: write id-token: write secrets: GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} ================================================ FILE: .github/workflows/lint.yml ================================================ # https://docs.github.com/actions name: Lint Code Base on: push: branches-ignore: [main] pull_request: branches: [main] permissions: contents: read packages: read statuses: write jobs: build: name: Lint Code Base runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 with: fetch-depth: 0 persist-credentials: false - name: Lint Code Base uses: super-linter/super-linter/slim@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FIX_MARKDOWN_PRETTIER: false VALIDATE_BIOME_FORMAT: false VALIDATE_MARKDOWN_PRETTIER: false VALIDATE_JSCPD: false VALIDATE_PYTHON_MYPY: false VALIDATE_PYTHON_PYINK: false FILTER_REGEX_EXCLUDE: charts/[^/]+/[^/]+/.*\.yaml LINTER_RULES_PATH: / PYTHON_BLACK_CONFIG_FILE: pyproject.toml PYTHON_PYLINT_CONFIG_FILE: pyproject.toml PYTHON_ISORT_CONFIG_FILE: pyproject.toml PYTHON_RUFF_CONFIG_FILE: pyproject.toml ================================================ FILE: .github/workflows/release.yml ================================================ # yamllint disable rule:document-start # https://docs.github.com/actions name: Release on: workflow_call: secrets: GPG_KEY_BASE64: required: true description: GPG key for signing GPG_PASSPHRASE: required: true description: passphrase for the signing key jobs: publish: name: Publish runs-on: ubuntu-latest permissions: contents: write packages: write id-token: write steps: - name: Checkout uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Prepare GPG key run: | gpg_dir="${HOME}/.cr-gpg" mkdir "$gpg_dir" keyring="$gpg_dir/secring.gpg" base64 -d <<< "$GPG_KEY_BASE64" > "$keyring" passphrase_file="$gpg_dir/passphrase" echo "$GPG_PASSPHRASE" > "$passphrase_file" echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" echo "GNUPGHOME=${gpg_dir}" env: GPG_KEY_BASE64: "${{ secrets.GPG_KEY_BASE64 }}" GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" - name: Install Helm uses: azure/setup-helm@v5.0.0 - name: Add Helm repos run: helm repo add bitnami https://charts.bitnami.com/bitnami - name: Run chart-releaser uses: helm/chart-releaser-action@v1.7.0 with: config: config.yaml env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GitHub Container Registry uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Push charts to GitHub Container Registry run: | shopt -s nullglob for pkg in .cr-release-packages/*.tgz; do if [ -z "${pkg:-}" ]; then break fi helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY@L}" done ================================================ FILE: .github/workflows/test.yml ================================================ # yamllint disable rule:document-start # https://docs.github.com/actions name: Test on: workflow_call: inputs: action-matrix: required: false default: '["install"]' type: string description: Matrix of actions to run jobs: ct: name: Run chart-testing runs-on: ubuntu-latest strategy: fail-fast: false matrix: action: ${{ fromJSON(inputs.action-matrix) }} steps: - name: Checkout uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@v5.0.0 - uses: actions/setup-python@v6 if: startsWith(matrix.action, 'lint') with: python-version: 3.x - name: Set up chart-testing uses: helm/chart-testing-action@v2.8.0 - name: Create kind cluster uses: helm/kind-action@v1.14.0 if: contains(matrix.action, 'install') - name: Run chart-testing (${{ matrix.action }}) run: ct ${{ matrix.action }} --config config.yaml --debug --helm-extra-set-args="$CT_HELM_EXTRA_SET_ARGS" env: CT_HELM_EXTRA_SET_ARGS: --set=host=${{ secrets.NETBOX_URL }} --set=auth.apiToken=${{ secrets.NETBOX_TOKEN }} ================================================ FILE: .gitignore ================================================ # https://git-scm.com/docs/gitignore # General files pkg/* *.pyc .project /.bin /_test/secrets/*.json # macOS ._* .DS_Store # Editors and IDE .idea/ .vscode/ *.swp *.swo # Emacs save files *~ \#*\# .\#* # Vim-related files [._]*.s[a-w][a-z] [._]s[a-w][a-z] *.un~ Session.vim .netrwhist # Releases dist/ # Chart dependencies **/charts/*.tgz values-*.yaml .history /public ================================================ FILE: .markdownlint.yaml ================================================ default: true MD013: false MD031: false MD060: false ================================================ FILE: LICENSE ================================================ Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ================================================ FILE: README.md ================================================ # Netbox Helm Charts > The official [Helm](https://helm.sh) charts repository for [Netbox](https://netbox.dev). [![Build Status](https://github.com/netbox-community/netbox-chart/actions/workflows/ci.yml/badge.svg)](https://github.com/netbox-community/netbox-chart/actions/workflows/ci.yml) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/netbox)](https://artifacthub.io/packages/search?repo=netbox) ## About This Git repository houses the official Helm charts for Netbox. Do you have any questions? Before opening an issue on GitHub, please join [our Slack](https://netdev.chat/) and ask for help in the [`#netbox-chart`](https://netdev-community.slack.com/archives/C01Q6B100R2) channel. | Chart | Version | | :-------------------------------------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | [`netbox/netbox`](charts/netbox/) | [![Chart Version](https://img.shields.io/badge/dynamic/json?label=netbox&query=version&url=https%3A%2F%2Fartifacthub.io%2Fapi%2Fv1%2Fpackages%2Fhelm%2Fnetbox%2Fnetbox)](https://artifacthub.io/packages/helm/netbox/netbox) | | [`netbox/netbox-operator`](charts/netbox-operator/) | [![Chart Version](https://img.shields.io/badge/dynamic/json?label=netbox-operator&query=version&url=https%3A%2F%2Fartifacthub.io%2Fapi%2Fv1%2Fpackages%2Fhelm%2Fnetbox%2Fnetbox-operator)](https://artifacthub.io/packages/helm/netbox/netbox-operator) | ## Quickstart ```shell helm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox ``` See docs on your preferred sources: - [Charts docs on Artifact Hub](https://artifacthub.io/packages/search?org=netbox) - [Charts respective readmes](charts) - [Charts discovery](https://helm.sh/docs/helm/helm_search/) ```sh helm search hub netbox ``` - [Charts repository](https://helm.sh/docs/helm/helm_repo/) ```sh helm repo add netbox https://charts.netbox.oss.netboxlabs.com/ ``` ## License This project is licensed under [Apache License, Version 2.0](LICENSE). ================================================ FILE: charts/netbox/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ # OWNERS file for Kubernetes OWNERS # example production yaml values-production.yaml # ci files ci/ # docs files docs/ ================================================ FILE: charts/netbox/Chart.yaml ================================================ apiVersion: v2 name: netbox version: 8.2.7 # renovate: image=ghcr.io/netbox-community/netbox appVersion: "v4.6.0" type: application kubeVersion: ^1.25.0-0 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool home: https://netbox.dev/ icon: https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg sources: - https://github.com/netbox-community/netbox-chart - https://github.com/netbox-community/netbox maintainers: - name: netbox-community url: https://github.com/netbox-community - name: bootc url: https://github.com/bootc dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts version: ^2.38.0 tags: - bitnami-common - name: postgresql version: ^18.6.3 repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled - name: valkey version: ^5.6.1 repository: oci://registry-1.docker.io/bitnamicharts condition: valkey.enabled annotations: artifacthub.io/images: | - name: netbox image: ghcr.io/netbox-community/netbox:v4.6.0 - name: busybox image: docker.io/busybox:1.37.0 - name: kubectl image: docker.io/rancher/kubectl:v1.36.0 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Upstream Project url: https://github.com/netbox-community/netbox artifacthub.io/changes: | - kind: changed description: New release links: - name: Changelog on GitHub Releases url: https://github.com/netbox-community/netbox-chart/releases?q=netbox- ================================================ FILE: charts/netbox/README.md ================================================ # NetBox [NetBox](https://netbox.dev) is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. ## TL;DR ```shell helm install netbox oci://ghcr.io/netbox-community/netbox-chart/netbox ``` > [!tip] > Please see [Production Considerations](docs/prod.md) guide before using this chart for real. ## Prerequisites - Kubernetes [1.25+](https://kubernetes.io/releases/) - Helm [3.10+](https://helm.sh/docs/topics/version_skew/) ## Installing the Chart To install the chart with the release name `my-release` and default configuration: ```shell helm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox ``` ## Documentation - [Production Considerations](docs/prod.md) - [Authentication Options](docs/auth.md) - [Extra Configuration](docs/extra.md) - [Migration Guide](docs/migrate.md) ## Configuration The following table lists the configurable parameters for this chart and their default values. | Parameter | Description | Default | | ------------------------------------------------|---------------------------------------------------------------------|----------------------------------------------| | `global.imageRegistry` | Netbox and subchart image registry for pulling container images | `""` | | `global.imagePullSecrets` | Netbox and subchart registry secret names as an array | `[]` | | `global.storageClass` | Netbox and subchart default StorageClass for Persistent Volume(s) | `""` | | `replicaCount` | The desired number of NetBox pods | `1` | | `image.registry` | NetBox container image registry | `ghcr.io` | | `image.repository` | NetBox container image repository | `netboxcommunity/netbox` | | `image.tag` | NetBox container image tag | `""` | | `image.pullPolicy` | NetBox container image pull policy | `IfNotPresent` | | `superuser.name` | Initial super-user account to create | `admin` | | `superuser.email` | Email address for the initial super-user account | `admin@example.com` | | `superuser.password` | Password for the initial super-user account | `admin` | | `superuser.apiToken` | API token created for the initial super-user account | `0123456789abcdef0123456789abcdef01234567` | | `superuser.existingSecret` | Use an existing Kubernetes `Secret` for secret values | `""` | | `allowedHosts` | List of valid FQDNs for this NetBox instance | `["*"]` | | `admins` | List of admins to email about critical errors | `[]` | | `allowTokenRetrieval` | Permit the retrieval of API tokens after their creation | `false` | | `authPasswordValidators` | Configure validation of local user account passwords | `[]` | | `allowedUrlSchemes` | URL schemes that are allowed within links in NetBox | *see `values.yaml`* | | `banner.top` | Banner text to display at the top of every page | `""` | | `banner.bottom` | Banner text to display at the bottom of every page | `""` | | `banner.login` | Banner text to display on the login page | `""` | | `basePath` | Base URL path if accessing NetBox within a directory | `""` | | `changelogRetention` | Maximum number of days to retain logged changes (0 = forever) | `90` | | `customValidators` | Custom validators for NetBox field values | `{}` | | `defaultUserPreferences` | Default preferences for newly created user accounts | `{}` | | `cors.originAllowAll` | [CORS]: allow all origins | `false` | | `cors.originWhitelist` | [CORS]: list of origins authorised to make cross-site HTTP requests | `[]` | | `cors.originRegexWhitelist` | [CORS]: list of regular expression matching authorised origins | `[]` | | `csrf.cookieName` | Name of the CSRF authentication cookie | `csrftoken` | | `csrf.trustedOrigins` | A list of trusted origins for unsafe (e.g. POST) requests | `[]` | | `dataUploadMaxMemorySize` | The maximum size (in bytes) of an incoming HTTP request | `2621440` | | `debug` | Enable NetBox debugging (NOT for production use) | `false` | | `defaultLanguage` | Set the default preferred language/locale | `en-us` | | `dbWaitDebug` | Show details of errors that occur when applying migrations | `false` | | `email.server` | SMTP server to use to send emails | `localhost` | | `email.port` | TCP port to connect to the SMTP server on | `25` | | `email.username` | Optional username for SMTP authentication | `""` | | `email.password` | Password for SMTP authentication (see also `existingSecret`) | `""` | | `email.useSSL` | Use SSL when connecting to the server | `false` | | `email.useTLS` | Use TLS when connecting to the server | `false` | | `email.sslCertFile` | SMTP SSL certificate file path (e.g. in a mounted volume) | `""` | | `email.sslKeyFile` | SMTP SSL key file path (e.g. in a mounted volume) | `""` | | `email.timeout` | Timeout for SMTP connections, in seconds | `10` | | `email.from` | Sender address for emails sent by NetBox | `""` | | `enforceGlobalUnique` | Enforce unique IP space in the global table (not in a VRF) | `true` | | `exemptViewPermissions` | A list of models to exempt from the enforcement of view permissions | `[]` | | `fieldChoices` | Configure custom choices for certain built-in fields | `{}` | | `fileUploadMaxMemorySize` | The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem | `2621440` | | `graphQlEnabled` | Enable the GraphQL API | `true` | | `httpProxies` | HTTP proxies NetBox should use when sending outbound HTTP requests | `null` | | `internalIPs` | IP addresses recognized as internal to the system | `['127.0.0.1', '::1']` | | `jobRetention` | The number of days to retain job results (scripts and reports) | `90` | | `logging` | Custom Django logging configuration | `{}` | | `loginPersistence` | Enables users to remain authenticated to NetBox indefinitely | `false` | | `loginRequired` | Permit only logged-in users to access NetBox | `false` (unauthenticated read-only access) | | `loginTimeout` | How often to re-authenticate users | `1209600` (14 days) | | `logoutRedirectUrl` | View name or URL to which users are redirected after logging out | `home` | | `maintenanceMode` | Display a "maintenance mode" banner on every page | `false` | | `mapsUrl` | The URL to use when mapping physical addresses or GPS coordinates | `https://maps.google.com/?q=` | | `maxPageSize` | Maximum number of objects that can be returned by a single API call | `1000` | | `storages` | `django-storages` backends configuration | `{}` | | `paginateCount` | The default number of objects to display per page in the web UI | `50` | | `plugins` | Additional plugins to load into NetBox | `[]` | | `pluginsConfig` | Configuration for the additional plugins | `{}` | | `powerFeedDefaultAmperage` | Default amperage value for new power feeds | `15` | | `powerFeedMaxUtilisation` | Default maximum utilisation percentage for new power feeds | `80` | | `powerFeedDefaultVoltage` | Default voltage value for new power feeds | `120` | | `preferIPv4` | Prefer devices' IPv4 address when determining their primary address | `false` | | `rackElevationDefaultUnitHeight` | Rack elevation default height in pixels | `22` | | `rackElevationDefaultUnitWidth` | Rack elevation default width in pixels | `220` | | `remoteAuth.enabled` | Enable remote authentication support | `false` | | `remoteAuth.backends` | Remote authentication backend classes | `[netbox.authentication.RemoteUserBackend]` | | `remoteAuth.header` | The name of the HTTP header which conveys the username | `HTTP_REMOTE_USER` | | `remoteAuth.userFirstName` | HTTP header which contains the user's first name | `HTTP_REMOTE_USER_FIRST_NAME` | | `remoteAuth.userLastName` | HTTP header which contains the user's last name | `HTTP_REMOTE_USER_LAST_NAME` | | `remoteAuth.userEmail` | HTTP header which contains the user's email address | `HTTP_REMOTE_USER_EMAIL` | | `remoteAuth.autoCreateUser` | Enables the automatic creation of new users | `false` | | `remoteAuth.autoCreateGroups` | Enables the automatic creation of new groups | `false` | | `remoteAuth.defaultGroups` | A list of groups to assign to newly created users | `[]` | | `remoteAuth.defaultPermissions` | A list of permissions to assign newly created users | `{}` | | `remoteAuth.groupSyncEnabled` | Sync remote user groups from an HTTP header set by a reverse proxy | `false` | | `remoteAuth.groupHeader` | The name of the HTTP header which conveys the groups to which the user belongs | `HTTP_REMOTE_USER_GROUP` | | `remoteAuth.superuserGroups` | The list of groups that promote an remote User to Superuser on login| `[]` | | `remoteAuth.superusers` | The list of users that get promoted to Superuser on login | `[]` | | `remoteAuth.staffGroups` | The list of groups that promote an remote User to Staff on login | `[]` | | `remoteAuth.staffUsers` | The list of users that get promoted to Staff on login | `[]` | | `remoteAuth.groupSeparator` | The Seperator upon which `remoteAuth.groupHeader` gets split into individual groups | `\|` | | `remoteAuth.ldap.serverUri` | see [django-auth-ldap](https://django-auth-ldap.readthedocs.io) | `""` | | `remoteAuth.ldap.startTls` | if StarTLS should be used | *see values.yaml* | | `remoteAuth.ldap.ignoreCertErrors` | if Certificate errors should be ignored | *see values.yaml* | | `remoteAuth.ldap.caCertDir` | CA certificate directory | *see auth.md* | | `remoteAuth.ldap.caCertData` | CA certificate data | *see auth.md* | | `remoteAuth.ldap.bindDn` | Distinguished Name to bind with | `""` | | `remoteAuth.ldap.bindPassword` | Password for bind DN | `""` | | `remoteAuth.ldap.userDnTemplate` | see [AUTH_LDAP_USER_DN_TEMPLATE](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-dn-template) | *see values.yaml* | | `remoteAuth.ldap.userSearchBaseDn` | see base_dn of [django_auth_ldap.config.LDAPSearch](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#django_auth_ldap.config.LDAPSearch) | *see values.yaml* | | `remoteAuth.ldap.userSearchAttr` | User attribute name for user search | `sAMAccountName` | | `remoteAuth.ldap.groupSearchBaseDn` | base DN for group search | *see values.yaml* | | `remoteAuth.ldap.groupSearchClass` | [django-auth-ldap](https://django-auth-ldap.readthedocs.io) for group search | `group` | | `remoteAuth.ldap.groupType` | see [AUTH_LDAP_GROUP_TYPE](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-group-type) | `GroupOfNamesType` | | `remoteAuth.ldap.requireGroupDn` | DN of a group that is required for login | `null` | | `remoteAuth.ldap.findGroupPerms` | see [AUTH_LDAP_FIND_GROUP_PERMS](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-find-group-perms) | true | | `remoteAuth.ldap.mirrorGroups` | see [AUTH_LDAP_MIRROR_GROUPS](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-mirror-groups) | `null` | | `remoteAuth.ldap.cacheTimeout` | see [AUTH_LDAP_MIRROR_GROUPS_EXCEPT](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-mirror-groups-except) | `null` | | `remoteAuth.ldap.isAdminDn` | required DN to be able to login in Admin-Backend, "is_staff"-Attribute of [AUTH_LDAP_USER_FLAGS_BY_GROUP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-flags-by-group) | *see values.yaml* | | `remoteAuth.ldap.isSuperUserDn` | required DN to receive SuperUser privileges, "is_superuser"-Attribute of [AUTH_LDAP_USER_FLAGS_BY_GROUP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-flags-by-group) | *see values.yaml* | | `remoteAuth.ldap.attrFirstName` | first name attribute of users, "first_name"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `givenName` | | `remoteAuth.ldap.attrLastName` | last name attribute of users, "last_name"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `sn` | | `remoteAuth.ldap.attrMail` | mail attribute of users, "email_name"-Attribute of [AUTH_LDAP_USER_ATTR_MAP](https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-user-attr-map) | `mail` | | `releaseCheck.url` | Release check URL (GitHub API URL; see `values.yaml`) | `null` (disabled by default) | | `rqDefaultTimeout` | Maximum execution time for background tasks, in seconds | `300` (5 minutes) | | `sessionCookieName` | The name to use for the session cookie | `"sessionid"` | | `enableLocalization` | Localization | `false` | | `timeZone` | The time zone NetBox will use when dealing with dates and times | `UTC` | | `dateFormat` | Django date format for long-form date strings | `"N j, Y"` | | `shortDateFormat` | Django date format for short-form date strings | `"Y-m-d"` | | `timeFormat` | Django date format for long-form time strings | `"g:i a"` | | `metrics.granian.enabled` | Enable Granian metrics | `true` | | `metrics.granian.serviceMonitor.enabled` | Whether to enable a [ServiceMonitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) for Granian metrics | `false` | | `metrics.granian.serviceMonitor.additionalLabels`| Additonal labels to apply to the ServiceMonitor | `{}` | | `metrics.granian.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions | `false` | | `metrics.granian.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | | `metrics.granian.serviceMonitor.scrapeTimeout` | Timeout duration for scraping metrics | `""` | | `metrics.granian.serviceMonitor.metricRelabelings`| Specify additional relabeling of metrics | `[]` | | `metrics.granian.serviceMonitor.relabelings` | Specify general relabeling | `[]` | | `metrics.granian.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `metrics.enabled` | Expose Prometheus metrics at the `/metrics` HTTP endpoint | `false` | | `metrics.serviceMonitor.enabled` | Whether to enable a [ServiceMonitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) for Netbox | `false` | | `metrics.serviceMonitor.additionalLabels` | Additonal labels to apply to the ServiceMonitor | `{}` | | `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions | `false` | | `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | | `metrics.serviceMonitor.scrapeTimeout` | Timeout duration for scraping metrics | `""` | | `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | | `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | | `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `shortTimeFormat` | Django date format for short-form time strings | `"H:i:s"` | | `dateTimeFormat` | Django date format for long-form date and time strings | `"N j, Y g:i a"` | | `shortDateTimeFormat` | Django date format for short-form date and time strongs | `"Y-m-d H:i"` | | `extraConfig` | Additional NetBox configuration (see `values.yaml`) | `[]` | | `secretKey` | Django secret key used for sessions and password reset tokens | `""` (generated) | | `existingSecret` | Use an existing Kubernetes `Secret` for secret values (see below) | `""` (use individual chart values) | | `postgresql.enabled` | Deploy PostgreSQL using bundled Bitnami PostgreSQL chart | `true` | | `postgresql.auth.username` | Username to create for NetBox in bundled PostgreSQL instance | `netbox` | | `postgresql.auth.database` | Database to create for NetBox in bundled PostgreSQL instance | `netbox` | | `postgresql.*` | Values under this key are passed to the bundled PostgreSQL chart | n/a | | `externalDatabase.host` | PostgreSQL host to use when `postgresql.enabled` is `false` | `localhost` | | `externalDatabase.port` | Port number for external PostgreSQL | `5432` | | `externalDatabase.database` | Database name for external PostgreSQL | `netbox` | | `externalDatabase.username` | Username for external PostgreSQL | `netbox` | | `externalDatabase.password` | Password for external PostgreSQL (see also `existingSecret`) | `""` | | `externalDatabase.existingSecretName` | Fetch password for external PostgreSQL from a different `Secret` | `""` | | `externalDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `postgresql-password` | | `externalDatabase.connMaxAge` | The lifetime of a database connection, as an integer of seconds | `300` | | `externalDatabase.disableServerSideCursors` | Disable the use of server-side cursors transaction pooling | `false` | | `externalDatabase.options` | Additional PostgreSQL client parameters | `{}` | | `valkey.enabled` | Deploy Valkey using bundled Bitnami Valkey chart | `true` | | `valkey.*` | Values under this key are passed to the bundled Valkey chart | n/a | | `tasksDatabase.database` | KV database number used for NetBox task queue | `0` | | `tasksDatabase.ssl` | Enable SSL when connecting to KV | `false` | | `tasksDatabase.insecureSkipTlsVerify` | Skip TLS certificate verification when connecting to KV | `false` | | `tasksDatabase.caCertPath` | Path to CA certificates bundle for KV (needs mounting manually) | `""` | | `tasksDatabase.host` | KV host to use when `valkey.enabled` is `false` | `"netbox-kv"` | | `tasksDatabase.port` | Port number for external KV | `6379` | | `tasksDatabase.sentinels` | List of sentinels in `host:port` form (`host` and `port` not used) | `[]` | | `tasksDatabase.sentinelService` | Sentinel master service name | `"netbox-kv"` | | `tasksDatabase.sentinelTimeout` | Sentinel connection timeout, in seconds | `300` (5 minutes) | | `tasksDatabase.username` | Username for external KV | `""` | | `tasksDatabase.password` | Password for external KV (see also `existingSecret`) | `""` | | `tasksDatabase.existingSecretName` | Fetch password for external KV from a different `Secret` | `""` | | `tasksDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `tasks-password` | | `cachingDatabase.database` | KV database number used for caching views | `1` | | `cachingDatabase.ssl` | Enable SSL when connecting to KV | `false` | | `cachingDatabase.insecureSkipTlsVerify` | Skip TLS certificate verification when connecting to KV | `false` | | `cachingDatabase.caCertPath` | Path to CA certificates bundle for KV (needs mounting manually) | `""` | | `cachingDatabase.host` | KV host to use when `valkey.enabled` is `false` | `"netbox-kv"` | | `cachingDatabase.port` | Port number for external KV | `6379` | | `cachingDatabase.sentinels` | List of sentinels in `host:port` form (`host` and `port` not used) | `[]` | | `cachingDatabase.sentinelService` | Sentinel master service name | `"netbox-kv"` | | `cachingDatabase.sentinelTimeout` | Sentinel connection timeout, in seconds | `300` (5 minutes) | | `cachingDatabase.username` | Username for external KV | `""` | | `cachingDatabase.password` | Password for external KV (see also `existingSecret`) | `""` | | `cachingDatabase.existingSecretName` | Fetch password for external KV from a different `Secret` | `""` | | `cachingDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `cache-password` | | `imagePullSecrets` | List of `Secret` names containing private registry credentials | `[]` | | `nameOverride` | Override the application name (`netbox`) used throughout the chart | `""` | | `fullnameOverride` | Override the full name of resources created as part of the release | `""` | | `serviceAccount.create` | Create a ServiceAccount for NetBox | `true` | | `serviceAccount.annotations` | Annotations to add to the service account | `{}` | | `serviceAccount.name` | The name of the service account to use | `""` (use the fullname) | | `serviceAccount.imagePullSecrets` | Add an imagePullSecrets attribute to the serviceAccount | `""` | | `serviceAccount.automountServiceAccountToken` | Whether to automatically mount the token in the containers using this serviceAccount or not | `false` | | `persistence.enabled` | Enable storage persistence for uploaded media (images) | `true` | | `persistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `""` | | `persistence.subPath` | Mount a sub-path of the volume into the container, not the root | `""` | | `persistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `""` | | `persistence.selector` | Set the selector for PVs, if desired | `{}` | | `persistence.accessMode` | Access mode for the volume | `ReadWriteOnce` | | `persistence.size` | Size of persistent volume to request | `1Gi` | | `reportsPersistence.enabled` | Enable storage persistence for NetBox reports | `false` | | `reportsPersistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `""` | | `reportsPersistence.subPath` | Mount a sub-path of the volume into the container, not the root | `""` | | `reportsPersistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `""` | | `reportsPersistence.selector` | Set the selector for PVs, if desired | `{}` | | `reportsPersistence.accessMode` | Access mode for the volume | `ReadWriteOnce` | | `reportsPersistence.size` | Size of persistent volume to request | `1Gi` | | `scriptsPersistence.enabled` | Enable storage persistence for NetBox reports | `false` | | `scriptsPersistence.existingClaim` | Use an existing `PersistentVolumeClaim` instead of creating one | `""` | | `scriptsPersistence.subPath` | Mount a sub-path of the volume into the container, not the root | `""` | | `scriptsPersistence.storageClass` | Set the storage class of the PVC (use `-` to disable provisioning) | `""` | | `scriptsPersistence.selector` | Set the selector for PVs, if desired | `{}` | | `scriptsPersistence.accessMode` | Access mode for the volume | `ReadWriteOnce` | | `scriptsPersistence.size` | Size of persistent volume to request | `1Gi` | | `podAnnotations` | Additional annotations for NetBox pods | `{}` | | `podLabels` | Additional labels for NetBox pods | `{}` | | `podSecurityContext` | Security context for NetBox pods | *see `values.yaml`* | | `securityContext` | Security context for NetBox containers | *see `values.yaml`* | | `service.type` | Type of `Service` resource to create | `ClusterIP` | | `service.port` | Port number for the service | `80` | | `service.nodePort` | The port used on the node when `service.type` is NodePort | `""` | | `service.clusterIP` | The cluster IP address assigned to the service | `""` | | `service.clusterIPs` | A list of cluster IP addresses assigned to the service | `[]` | | `service.externalIPs` | A list of external IP addresses aliased to this service | `[]` | | `service.externalTrafficPolicy` | Policy for routing external traffic | `Cluster` | | `service.ipFamilyPolicy` | Represents the dual-stack-ness of the service | `""` | | `service.loadBalancerIP` | Request a specific IP address when `service.type` is `LoadBalancer` | `""` | | `service.loadBalancerSourceRanges` | A list of allowed IP ranges when `service.type` is `LoadBalancer` | `[]` | | `service.loadBalancerClass` | Load Balancer class if `service.type` is `LoadBalancer` | `""` | | `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `ingress.enabled` | Create an `Ingress` resource for accessing NetBox | `false` | | `ingress.className` | Use a named IngressClass | `""` | | `ingress.annotations` | Extra annotations to apply to the `Ingress` resource | `{}` | | `ingress.hosts` | List of hosts and paths to map to the service (see `values.yaml`) | `[{host:"chart-example.local",paths:["/"]}]` | | `ingress.tls` | TLS settings for the `Ingress` resource | `[]` | | `httpRoute.enabled` | Create an `HTTPRoute` resource for Gateway API | `false` | | `httpRoute.annotations` | Extra annotations to apply to the `HTTPRoute` resource | `{}` | | `httpRoute.parentRefs` | References to the parent Gateway(s) for the `HTTPRoute` | `[]` | | `httpRoute.hostnames` | Hostnames that the `HTTPRoute` should match | `[]` | | `httpRoute.filters` | Optional filters to apply to the route | `[]` | | `resources` | Configure resource requests or limits for NetBox | `{}` | | `automountServiceAccountToken` | Whether to automatically mount the serviceAccount token in the main container or not | `false` | | `priorityClassName` | Pods' priorityClassName | `""` | | `schedulerName` | Name of the k8s scheduler (other than default) for pods | `""` | | `terminationGracePeriodSeconds` | Seconds pods need to terminate gracefully | `""` | | `topologySpreadConstraints` | Configure Pod Topology Spread Constraints for NetBox | `[]` | | `livenessProbe.enabled` | Enable Kubernetes livenessProbe, see [liveness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command) | *see `values.yaml`* | | `livenessProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* | | `livenessProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* | | `livenessProbe.periodSeconds` | Number of seconds | *see `values.yaml`* | | `livenessProbe.successThreshold` | Number of seconds | *see `values.yaml`* | | `readinessProbe.enabled` | Enable Kubernetes readinessProbe, see [readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) | *see `values.yaml`* | | `readinessProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* | | `readinessProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* | | `readinessProbe.periodSeconds` | Number of seconds | *see `values.yaml`* | | `readinessProbe.successThreshold` | Number of seconds | *see `values.yaml`* | | `lifecycleHooks` | Automate configuration before or after container startup | `{}` | | `startupProbe.enabled` | Enable Kubernetes startupProbe, see [startup probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) | *see `values.yaml`* | | `startupProbe.initialDelaySeconds` | Number of seconds | *see `values.yaml`* | | `startupProbe.timeoutSeconds` | Number of seconds | *see `values.yaml`* | | `startupProbe.periodSeconds` | Number of seconds | *see `values.yaml`* | | `startupProbe.successThreshold` | Number of seconds | *see `values.yaml`* | | `init.image.registry` | Init container image registry | `ghcr.io` | | `init.image.repository` | Init container image repository | `busybox` | | `init.image.tag` | Init container image tag | `1.37.0` | | `init.image.pullPolicy` | Init container image pull policy | `IfNotPresent` | | `init.resourcesPreset` | Configure a preset for requests or limits for init container | `nano` | | `init.resources` | Configure resource requests or limits for init container | `{}` | | `init.securityContext` | Security context for init container | *see `values.yaml`* | | `test.image.registry` | Test container image registry | `ghcr.io` | | `test.image.repository` | Test container image repository | `busybox` | | `test.image.tag` | Test container image tag | `1.37.0` | | `test.image.pullPolicy` | Test container image pull policy | `IfNotPresent` | | `test.resourcesPreset` | Configure a preset for requests or limits for test container | `nano` | | `test.resources` | Configure resource requests or limits for test container | `{}` | | `test.securityContext` | Security context for test container | *see `values.yaml`* | | `autoscaling.enabled` | Whether to enable the HorizontalPodAutoscaler | `false` | | `autoscaling.minReplicas` | Minimum number of replicas when autoscaling is enabled | `1` | | `autoscaling.maxReplicas` | Maximum number of replicas when autoscaling is enabled | `100` | | `autoscaling.targetCPUUtilizationPercentage` | Target CPU utilisation percentage for autoscaling | `80` | | `autoscaling.targetMemoryUtilizationPercentage` | Target memory utilisation percentage for autoscaling | `null` | | `autoscaling.behavior` | HPA behavior (scaleUp/scaleDown policies and settings) | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `updateStrategy` | Configure deployment update strategy | `{}` (defaults to `RollingUpdate`) | | `affinity` | Affinity settings for pod assignment | `{}` | | `extraEnvs` | Additional environment variables to set in the NetBox container | `[]` | | `extraVolumeMounts` | Additional volumes to mount in the NetBox container | `[]` | | `extraVolumes` | Additional volumes to reference in pods | `[]` | | `sidecars` | Additional sidecar containers to be added to pods | `[]` | | `initContainers` | Additional init containers to run before starting main containers | `[]` | | `command` | NetBox container custom command/entrypoint | `[]` | | `args` | NetBox container custom args | `[]` | | `worker` | Worker specific variables. Most global variables also apply here. | *see `values.yaml`* | | `housekeeping.enabled` | Whether the [Housekeeping][housekeeping] `CronJob` should be active | `true` | | `housekeeping.concurrencyPolicy` | ConcurrencyPolicy for the Housekeeping CronJob. | `Forbid` | | `housekeeping.failedJobsHistoryLimit` | Number of failed jobs to keep in history | `5` | | `housekeeping.command` | The shell command to execute in the housekeeping job. | `[/opt/netbox/venv/bin/python, /opt/netbox/netbox/manage.py, housekeeping]`| | `housekeeping.args` | NetBox housekeeping container custom args | `[]` | | `housekeeping.restartPolicy` | Restart Policy for the Housekeeping CronJob. | `OnFailure` | | `housekeeping.schedule` | Schedule for the CronJob in [Cron syntax][cron syntax]. | `0 0 * * *` (Midnight daily) | | `housekeeping.successfulJobsHistoryLimit` | Number of successful jobs to keep in history | `5` | | `housekeeping.suspend` | Whether to suspend the CronJob | `false` | | `housekeeping.podAnnotations` | Additional annotations for housekeeping CronJob pods | `{}` | | `housekeeping.podLabels` | Additional labels for housekeeping CronJob pods | `{}` | | `housekeeping.podSecurityContext` | Security context for housekeeping CronJob pods | *see `values.yaml`* | | `housekeeping.securityContext` | Security context for housekeeping CronJob containers | *see `values.yaml`* | | `housekeeping.automountServiceAccountToken` | Whether to automatically mount the serviceAccount token in the housekeeping container or not | `false` | | `housekeeping.resources` | Configure resource requests or limits for housekeeping CronJob | `{}` | | `housekeeping.nodeSelector` | Node labels for housekeeping CronJob pod assignment | `{}` | | `housekeeping.tolerations` | Toleration labels for housekeeping CronJob pod assignment | `[]` | | `housekeeping.affinity` | Affinity settings for housekeeping CronJob pod assignment | `{}` | | `housekeeping.extraEnvs` | Additional environment variables to set in housekeeping CronJob | `[]` | | `housekeeping.extraVolumeMounts` | Additional volumes to mount in the housekeeping CronJob | `[]` | | `housekeeping.extraVolumes` | Additional volumes to reference in housekeeping CronJob pods | `[]` | | `housekeeping.sidecars` | Additional sidecar containers to be added to housekeeping CronJob | `[]` | | `housekeeping.initContainers` | Additional init containers for housekeeping CronJob pods | `[]` | [CORS]: https://github.com/ottoyiu/django-cors-headers [housekeeping]: https://netboxlabs.com/docs/netbox/en/stable/administration/housekeeping/ [cron syntax]: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-schedule-syntax Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: ```shell helm install my-release --devel --values values.yaml \ oci://ghcr.io/netbox-community/netbox-chart/netbox ``` ## Persistent storage pitfalls Persistent storage for media is enabled by default, but unless you take special care you will run into issues. The most common issue is that one of the NetBox pods gets stuck in the `ContainerCreating` state. There are several ways around this problem: 1. Use the recommended S3 `storages` and **disable** persistent storage by setting `persistence.enabled` to `false`. This can be used with any S3-compatible storage provider including Amazon S3, Minio, Ceph RGW, and many others. See further down for an example of this. 2. Use a `ReadWriteMany` volume that can be mounted by several pods across nodes simultaneously. 3. Configure pod affinity settings to keep all the pods on the same node. This allows a `ReadWriteOnce` volume to be mounted in several pods at the same time. 4. Disable persistent storage of media altogether and just manage without. The storage functionality is only needed to store uploaded image attachments. To configure the pod affinity to allow using a `ReadWriteOnce` volume you can use the following example configuration: ```yaml affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname housekeeping: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname worker: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname ``` ## Using an Existing Secret Rather than specifying passwords and secrets as part of the Helm release values, you may pass these to NetBox using pre-existing `Secret` resources. When using this, the respective `Secret`s must contain the following keys. ### Superuser secret (`superuser.existingSecret`) Type: `kubernetes.io/basic-auth` | Key | Description | Required? | | ----------- | ---------------------------------------------------- | --------- | | `username` | Username for the initial super-user account | Yes | | `password` | Password for the initial super-user account | Yes | | `email` | Email address for the initial super-user account | Yes | | `api_token` | API token created for the initial super-user account | Yes | ### Config secret (`existingSecret`) | Key | Description | Required? | | -------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | | `ldap_bind_password` | Password for LDAP bind DN | If `remoteAuth.enabled` is `true` and `remoteAuth.backend` is `netbox.authentication.LDAPBackend` | | `secret_key` | Django secret key used for sessions and password reset tokens | Yes | ### Email secret (`email.existingSecretName`) | Key | Description | Required? | | -------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | | `email-password` | SMTP user password | Yes, but the value may be left blank if not required | ### PostgreSQL secret (`externalDatabase.existingSecretName`) | Key | Description | Required? | | --------------------- | ------------------------------------------------- | ---------------------------------- | | `postgresql-password` | The password for the external PostgreSQL database | If `postgresql.enabled` is `false` | ### Tasks secrets (`tasksDatabase.existingSecretName`) | Key | Description | Required? | | ---------------- | ------------------------------------------------------------- | ----------------------------- | | `tasks-password` | Password for the external KV database (tasks and/or cache) | If `valkey.enabled` is `false` | ### Cache secrets (`cachingDatabase.existingSecretName`) | Key | Description | Required? | | ---------------- | ------------------------------------------------------------- | ----------------------------- | | `cache-password` | Password for the external KV database (tasks and/or cache) | If `valkey.enabled` is `false` | ## License This project is licensed under [Apache License, Version 2.0](LICENSE). ================================================ FILE: charts/netbox/ci/default-values.yaml ================================================ ================================================ FILE: charts/netbox/ci/ingress-metrics-values.yaml ================================================ ingress: enabled: true metrics: enabled: true ================================================ FILE: charts/netbox/ci/ldap-values.yaml ================================================ remoteAuth: enabled: true backends: - netbox.authentication.LDAPBackend ldap: serverUri: "ldap://ldap.forumsys.com" startTls: true ignoreCertErrors: true caCertData: "" bindDn: "cn=read-only-admin,dc=example,dc=com" bindPassword: password userDnTemplate: "" userSearchBaseDn: "dc=example,dc=com" userSearchAttr: "sAMAccountName" groupSearchBaseDn: "dc=example,dc=com" groupSearchClass: "group" groupType: "GroupOfNamesType" requireGroupDn: - "cn=read-only-admin,dc=example,dc=com" findGroupPerms: true mirrorGroups: true mirrorGroupsExcept: "" cacheTimeout: 3600 isAdminDn: - "ou=mathematicians,cn=read-only-admin,dc=example,dc=com" isSuperUserDn: - "ou=scientists,cn=read-only-admin,dc=example,dc=com" attrFirstName: "givenName" attrLastName: "sn" attrMail: "mail" ================================================ FILE: charts/netbox/docs/auth.md ================================================ # Authentication Options ## Using SSO You can configure different SSO backends with `remoteAuth`. The implementation is based on [Python Social Auth](https://python-social-auth.readthedocs.io/en/latest/backends/index.html#supported-backends). Depending on the chosen backend you may need to configure different parameters. You can leverage the `extraConfig` value in conjunction with `remoteAuth`. > [!tip] > Read more about `extraConfig` usage within [Extra Configuration](./extra.md) guide. By default the users do not have any permission after logging in. Using custom auth pipelines you can assign groups based on the roles supplied by the oauth provider. ### Example config for Keycloak backend ```yaml remoteAuth: enabled: true backends: - social_core.backends.keycloak.KeycloakOAuth2 autoCreateUser: true extraConfig: - secret: secretName: keycloak-client - values: SOCIAL_AUTH_PIPELINE: [ "social_core.pipeline.social_auth.social_details", "social_core.pipeline.social_auth.social_uid", "social_core.pipeline.social_auth.social_user", "social_core.pipeline.user.get_username", "social_core.pipeline.social_auth.associate_by_email", "social_core.pipeline.user.create_user", "social_core.pipeline.social_auth.associate_user", "netbox.authentication.user_default_groups_handler", "social_core.pipeline.social_auth.load_extra_data", "social_core.pipeline.user.user_details", "netbox.sso_pipeline_roles.set_role", ] extraVolumes: - name: sso-pipeline-roles configMap: name: sso-pipeline-roles extraVolumeMounts: - name: sso-pipeline-roles mountPath: /opt/netbox/netbox/netbox/sso_pipeline_roles.py subPath: sso_pipeline_roles.py readOnly: true ``` Additional resources are necessary: ```yaml apiVersion: v1 kind: Secret metadata: name: keycloak-client namespace: netbox type: Opaque data: oidc-keycloak.yaml: | SOCIAL_AUTH_KEYCLOAK_KEY: SOCIAL_AUTH_KEYCLOAK_SECRET: SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY: MIIB...AB SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: "https://keycloak.example.com/auth/realms/master/protocol/openid-connect/auth" SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: "https://keycloak.example.com/auth/realms/master/protocol/openid-connect/token" SOCIAL_AUTH_JSONFIELD_ENABLED: true SOCIAL_AUTH_STAFF_ROLE: staff SOCIAL_AUTH_SUPERUSER_ROLE: superuser --- apiVersion: v1 kind: ConfigMap metadata: name: sso-pipeline-roles namespace: netbox data: sso_pipeline_roles.py: | from django.conf import settings from netbox.authentication import Group def set_role(response, user, backend, *args, **kwargs): client_id = getattr(settings, 'SOCIAL_AUTH_KEYCLOAK_KEY', None) staff_role = getattr(settings, 'SOCIAL_AUTH_STAFF_ROLE', 'staff') superuser_role = getattr(settings, 'SOCIAL_AUTH_SUPERUSER_ROLE', 'superuser') roles = [] try: roles = response['resource_access'][client_id]['roles'] except KeyError: pass user.is_staff = (staff_role in roles) user.is_superuser = (superuser_role in roles) user.save() groups = Group.objects.all() for group in groups: try: if group.name in roles: group.users.add(user) else: group.users.remove(user) except Group.DoesNotExist: continue ``` > [!note] > A hardcoded custom audience mapper is required on Keycloak. > > For the audience name to be in the token, enter the Client ID > in the _Included **Custom** Audience_ field instead of the _Included **Client** Audience_ field. > > Refer to the Keycloak usage materials: > > - [Python Social Auth Documentation](https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html) > - [Python Social Auth Source Code](https://github.com/python-social-auth/social-core/blob/d9554fa40e751c85ae60231fe2f5bd5a528c4452/social_core/backends/keycloak.py#L7-L96) > - [Keycloak Documentation](https://www.keycloak.org/docs/latest/server_admin/#_audience_hardcoded) ### Example config for GitLab backend ```yaml remoteAuth: enabled: true backends: - social_core.backends.gitlab.GitLabOAuth2 autoCreateUser: true extraConfig: - secret: secretName: gitlab-client - values: SOCIAL_AUTH_PIPELINE: [ "social_core.pipeline.social_auth.social_details", "social_core.pipeline.social_auth.social_uid", "social_core.pipeline.social_auth.social_user", "social_core.pipeline.user.get_username", "social_core.pipeline.social_auth.associate_by_email", "social_core.pipeline.user.create_user", "social_core.pipeline.social_auth.associate_user", "netbox.authentication.user_default_groups_handler", "social_core.pipeline.social_auth.load_extra_data", "social_core.pipeline.user.user_details", "netbox.sso_pipeline_roles.set_role", ] extraVolumes: - name: sso-pipeline-roles configMap: name: sso-pipeline-roles extraVolumeMounts: - name: sso-pipeline-roles mountPath: /opt/netbox/netbox/netbox/sso_pipeline_roles.py subPath: sso_pipeline_roles.py readOnly: true ``` Additional resources are necessary (please note that the client ID is necessary in the custom pipeline script): ```yaml apiVersion: v1 kind: Secret metadata: name: gitlab-client namespace: netbox type: Opaque stringData: oidc-gitlab.yaml: | SOCIAL_AUTH_GITLAB_API_URL: https://git.example.com SOCIAL_AUTH_GITLAB_AUTHORIZATION_URL: https://git.example.com/oauth/authorize SOCIAL_AUTH_GITLAB_ACCESS_TOKEN_URL: https://git.example.com/oauth/token SOCIAL_AUTH_GITLAB_KEY: SOCIAL_AUTH_GITLAB_SECRET: SOCIAL_AUTH_GITLAB_SCOPE: ['read_user', 'openid'] SOCIAL_AUTH_STAFF_ROLE: staff SOCIAL_AUTH_SUPERUSER_ROLE: superuser --- apiVersion: v1 kind: ConfigMap metadata: name: sso-pipeline-roles namespace: netbox data: sso_pipeline_roles.py: | from django.conf import settings from netbox.authentication import Group import jwt from jwt import PyJWKClient def set_role(response, user, backend, *args, **kwargs): client_id = getattr(settings, 'SOCIAL_AUTH_GITLAB_KEY', None) staff_role = getattr(settings, 'SOCIAL_AUTH_STAFF_ROLE', 'staff') superuser_role = getattr(settings, 'SOCIAL_AUTH_SUPERUSER_ROLE', 'superuser') jwks_client = PyJWKClient("https://git.example.com/oauth/discovery/keys") signing_key = jwks_client.get_signing_key_from_jwt(response['id_token']) decoded = jwt.decode( response['id_token'], signing_key.key, algorithms=["RS256"], audience=client_id, ) roles = [] try: roles = decoded.get('groups_direct') except KeyError: pass user.is_staff = (staff_role in roles) user.is_superuser = (superuser_role in roles) user.save() groups = Group.objects.all() for group in groups: try: if group.name in roles: group.users.add(user) else: group.users.remove(user) except Group.DoesNotExist: continue ``` ## Using LDAP Authentication In order to enable LDAP authentication, please carry out the following steps: 1. Configure the `remoteAuth` settings to enable the LDAP backend (see below) 2. Make sure you set _all_ of the `remoteAuth.ldap` settings shown in the `values.yaml` file For example: ```yaml remoteAuth: enabled: true backends: - netbox.authentication.LDAPBackend ldap: serverUri: ldap://domain.com startTls: true ignoreCertErrors: true bindDn: "" bindPassword: "" # and ALL the other remoteAuth.ldap.* settings from values.yaml ``` > [!NOTE] > In order to use anonymous LDAP binding, set `bindDn` and `bindPassword` > to an empty string as in the example above. ### LDAP Certificate Verification If you need to specify your own CA certificate, follow the instructions below. #### Option 1. In your `values.yaml` file define the directory already containing your CA certificate ```yaml ldap: serverUri: ldap://domain.com startTls: true ignoreCertErrors: false caCertDir: /etc/ssl/certs ``` #### Option 2. In your `values.yaml` file define your CA certificate content in `caCertData` ```yaml ldap: serverUri: ldap://domain.com startTls: true ignoreCertErrors: false caCertData: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ``` ================================================ FILE: charts/netbox/docs/extra.md ================================================ # Extra Configuration ## Overview Any additional configuration setting can be passed in the chart values to be loaded into NetBox's instance. They may be provided as arbitrary configuration values set, or you can load arbitrary `*.yaml` keys from ConfigMaps and Secrets. ```yaml extraConfig: - values: EXTRA_SETTING_ONE: example ANOTHER_SETTING: foobar - configMap: # pod.spec.volumes.configMap name: netbox-extra items: [] optional: false - secret: # same as pod.spec.volumes.secret secretName: netbox-extra items: [] optional: false ``` ## NetBox Additional Configuration For additional NetBox configuration setting, the recommended way is to use the extra configuration value (`extraConfig`). > [!note] > In order to keep the chart's values reasonnable, only the > [required](https://netboxlabs.com/docs/netbox/en/stable/configuration/required-parameters/) > and critical configuration settings can be directly configured with a dedicated value field. For example, the following snippet is configuring the value for [`DEFAULT_DASHBOARD`](https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_dashboard): ```yaml extraConfig: - values: DEFAULT_DASHBOARD: - widget: "extras.ObjectCountsWidget" width: 4 ``` ## ConfigMaps and Secrets Use Any ConfigMaps and Secrets can be leveraged to provide configuration parameters. The resource must provide the data under a `*.yaml` file description. ```yaml apiVersion: v1 kind: Secret metadata: name: netbox-okta-credentials namespace: netbox type: Opaque stringData: okta.yaml: | SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY: ... SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET: ... SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL: ... ``` Then, it can be consumed using `extraConfig` using a the name as reference. ```yaml extraConfig: - secret: secretName: netbox-okta-credentials ``` The variables will be retrieve by NetBox when loading. In this example, the three variables (`SOCIAL_AUTH_OKTA_OPENIDCONNECT_*`) will be available as global variables. > [!tip] > See more example of `extraConfig` within [Authentication Options](./auth.md) guide. ================================================ FILE: charts/netbox/docs/migrate.md ================================================ # Migration Guide For major version updates (5.0.0, 6.0.0, etc.), see the release notes for detailed migration information. ## Back Up PostgreSQL The first thing you should do is back up your PostgreSQL database. This way you can always go back to your previous install version if anything goes wrong. You can find your PostgreSQL pod by running `kubectl get pods -A | grep postgres` and then use `kubectl exec` to run `psql` or `pg_dump` from it. ## Upgrade PostgreSQL If Necessary As of NetBox 3.6.x, NetBox requires PostgreSQL 12 or higher. It is recommended that you upgrade to the latest supported PostgreSQL version. If you are using the built-in PostgreSQL chart, you may need to update it separately, or update to the latest NetBox chart and dump your data back into it before NetBox will start. ## Upgrade NetBox It is always recommended that you upgrade NetBox one major version at a time. For example, if you are currently running NetBox 3.5.2 inside your chart, you would upgrade to the last 3.6.x version, then 3.7.x, and so on. This ensures that migrations all run smoothly between versions. ## Check for Breaking Changes Always look at the release notes for breaking changes. There may be necessary changes to your `values.yaml` to ensure your configuration still works. ================================================ FILE: charts/netbox/docs/prod.md ================================================ # Production Considerations ## Database Recommendation We recommend using separate external PostgreSQL and Key-Value instances. This de-couples those services from the chart's bundled versions which may have complex upgrade requirements. A clustered PostgreSQL server (e.g. using Zalando's [Postgres Operator](https://github.com/zalando/postgres-operator)) and Redis with Sentinel (e.g. using [Aaron Layfield](https://github.com/DandyDeveloper)'s [redis-ha chart](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha)). ## Storage Recommendation Set `persistence.enabled` to `false` and use the S3 `storages` for object storage. This works well with Minio or Ceph RGW as well as Amazon S3. See [Persistent storage pitfalls](#persistent-storage-pitfalls), below. Run multiple replicas of the NetBox web frontend to avoid interruptions during upgrades or at other times when the pods need to be restarted. There's no need to have multiple workers (`worker.replicaCount`) for better availability. Set up `affinity.podAntiAffinity` to avoid multiple NetBox pods being colocated on the same node, for example: ```yaml affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/instance: netbox app.kubernetes.io/name: netbox app.kubernetes.io/component: netbox topologyKey: kubernetes.io/hostname ``` ## Persistent Storage Pitfalls Persistent storage for media is enabled by default, but unless you take special care you will run into issues. The most common issue is that one of the NetBox pods gets stuck in the `ContainerCreating` state. There are several ways around this problem: 1. Use the recommended S3 `storageBackend` and **disable** persistent storage by setting `persistence.enabled` to `false`. This can be used with any S3-compatible storage provider including Amazon S3, Minio, Ceph RGW, and many others. See further down for an example of this. 2. Use a `ReadWriteMany` volume that can be mounted by several pods across nodes simultaneously. 3. Configure pod affinity settings to keep all the pods on the same node. This allows a `ReadWriteOnce` volume to be mounted in several pods at the same time. 4. Disable persistent storage of media altogether and just manage without. The storage functionality is only needed to store uploaded image attachments. To configure the pod affinity to allow using a `ReadWriteOnce` volume you can use the following example configuration: ```yaml affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname housekeeping: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname worker: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: netbox topologyKey: kubernetes.io/hostname ``` ## Disruption Budgets To minimize downtime during voluntary disruptions (node drains, upgrades, autoscaling evictions), the chart can create PodDisruptionBudgets (PDBs) for both the web and worker Deployments. - Configure web PDB via `pdb.*` values. - Configure worker PDB via `worker.pdb.*` values. Examples: ```yaml # Ensure at least one web pod stays available at all times pdb: enabled: true minAvailable: 1 # Allow one worker to be evicted at a time worker: pdb: enabled: true maxUnavailable: 1 ``` ================================================ FILE: charts/netbox/files/configuration.py ================================================ """ This file serves as a base configuration for Netbox https://netboxlabs.com/docs/netbox/en/stable/configuration/ """ import json import os import re from pathlib import Path import yaml def _deep_merge(source, destination): """Inspired by https://stackoverflow.com/a/20666342""" for key, value in source.items(): dst_value = destination.get(key) if isinstance(value, dict) and isinstance(dst_value, dict): _deep_merge(value, dst_value) else: destination[key] = value return destination def _load_yaml() -> None: """Load YAML from files""" extra_config_base = Path("/run/config/extra") config_files = [Path("/run/config/netbox/netbox.yaml")] config_files.extend(sorted(extra_config_base.glob("*/*.yaml"))) for config_file in config_files: with open(config_file, "r", encoding="utf-8") as f: config = yaml.safe_load(f) _deep_merge(config, globals()) def _read_secret(secret_name: str, secret_key: str, default: str | None = None) -> str | None: """Read secret from file""" try: secret = open( f"/run/secrets/{secret_name}/{secret_key}", "r", encoding="utf-8", ) except EnvironmentError: return default with secret: return secret.read().strip() CORS_ORIGIN_REGEX_WHITELIST = [] DATABASES = {} EMAIL = {} REDIS = {} _load_yaml() provided_secret_name = os.getenv("SECRET_NAME", "netbox") DATABASES["default"]["PASSWORD"] = _read_secret(provided_secret_name, "db_password") EMAIL["PASSWORD"] = _read_secret(provided_secret_name, "email_password") REDIS["tasks"]["PASSWORD"] = _read_secret(provided_secret_name, "tasks_password") REDIS["caching"]["PASSWORD"] = _read_secret(provided_secret_name, "cache_password") SECRET_KEY = _read_secret(provided_secret_name, "secret_key") # Read API token peppers from secret (JSON with integer or string keys) _peppers_raw = _read_secret(provided_secret_name, "api_token_peppers") if _peppers_raw: try: API_TOKEN_PEPPERS = {int(k): v for k, v in json.loads(_peppers_raw).items()} except (json.JSONDecodeError, ValueError, TypeError) as exc: raise ValueError( f"Invalid api_token_peppers secret: expected a JSON object mapping numeric " f'string keys to string values, e.g. {{"1": "random-string..."}}. ' f"Keys are converted to integers at load time. Error: {exc}" ) from exc # Post-process certain values CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in CORS_ORIGIN_REGEX_WHITELIST] if "SENTINELS" in REDIS["tasks"]: REDIS["tasks"]["SENTINELS"] = [tuple(x.split(r":")) for x in REDIS["tasks"]["SENTINELS"]] if "SENTINELS" in REDIS["caching"]: REDIS["caching"]["SENTINELS"] = [tuple(x.split(r":")) for x in REDIS["caching"]["SENTINELS"]] if ALLOWED_HOSTS_INCLUDES_POD_ID: ALLOWED_HOSTS.append(os.getenv("POD_IP")) ================================================ FILE: charts/netbox/files/ldap_config.py ================================================ """ This file serves as a LDAP configuration for Netbox https://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/#configuration https://django-auth-ldap.readthedocs.io/en/latest/reference.html """ from functools import reduce from importlib import import_module from typing import Any import ldap import yaml from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch def _load_yaml() -> None: """Load YAML from file""" with open("/run/config/netbox/ldap.yaml", "r", encoding="utf-8") as f: config = yaml.safe_load(f) globals().update(config) def _read_secret(secret_name: str, secret_key: str, default: str | None = None) -> str | None: """Read secret from file""" try: secret = open( f"/run/secrets/{secret_name}/{secret_key}", "r", encoding="utf-8", ) except EnvironmentError: return default with secret: return secret.readline().strip() def _import_group_type(group_type_name: str) -> Any | None: """Import and return the group type based on name""" mod = import_module("django_auth_ldap.config") try: return getattr(mod, group_type_name)() except AttributeError: return None AUTH_LDAP_USER_SEARCH_FILTER = None AUTH_LDAP_GROUP_SEARCH_FILTER = None AUTH_LDAP_REQUIRE_GROUP = None AUTH_LDAP_USER_FLAGS_BY_GROUP = {} _load_yaml() # The following may be needed if you are binding to Active Directory. AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0} # Set the DN and password for the NetBox service account if needed. AUTH_LDAP_BIND_PASSWORD = _read_secret("netbox", "ldap_bind_password") # This search ought to return all groups to which the user belongs. # django_auth_ldap uses this to determine group # heirarchy. AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER or f"({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)", ) AUTH_LDAP_GROUP_SEARCH = LDAPSearch( AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER or f"(objectClass={AUTH_LDAP_GROUP_SEARCH_CLASS})", ) AUTH_LDAP_GROUP_TYPE = _import_group_type(AUTH_LDAP_GROUP_TYPE) # Define a group required to login. if AUTH_LDAP_REQUIRE_GROUP_LIST: AUTH_LDAP_REQUIRE_GROUP = reduce( lambda query, group: query | LDAPGroupQuery(group), AUTH_LDAP_REQUIRE_GROUP_LIST, LDAPGroupQuery(""), ) # Define special user types using groups. Exercise great caution when assigning superuser status. if AUTH_LDAP_REQUIRE_GROUP is not None: AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": AUTH_LDAP_REQUIRE_GROUP, "is_staff": reduce( lambda query, group: query | LDAPGroupQuery(group), AUTH_LDAP_IS_ADMIN_LIST, LDAPGroupQuery(""), ), "is_superuser": reduce( lambda query, group: query | LDAPGroupQuery(group), AUTH_LDAP_IS_SUPERUSER_LIST, LDAPGroupQuery(""), ), } ================================================ FILE: charts/netbox/templates/NOTES.txt ================================================ CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} ** Please be patient while the chart is being deployed ** Netbox can be accessed through the following DNS name from within the cluster: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.port }}) To access Netbox site from outside the cluster follow the steps below. {{- if .Values.ingress.enabled }} You have configured NetBox to use an ingress controller, exposing the following URL(s): {{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} Get the application URL by running these commands: export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . | quote }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . | quote }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} Get the application URL by running these commands: export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . | quote }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ include "common.names.namespace" . | quote }} svc -w {{ include "common.names.fullname" . }}' {{- else if contains "ClusterIP" .Values.service.type }} Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:8080 {{- end }} {{- include "netbox.validateValues" . }} {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.init.image }} {{- include "common.warnings.resources" (dict "sections" (list "" "worker") "context" $) }} ================================================ FILE: charts/netbox/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name */}} {{- define "netbox.image" -}} {{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global "chart" .Chart) -}} {{- end -}} {{/* Return the proper image name (for the init container image) */}} {{- define "netbox.init.image" -}} {{- include "common.images.image" (dict "imageRoot" .Values.init.image "global" .Values.global) -}} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "netbox.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "common.names.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} {{/* Name of the key in Secret that contains the email password */}} {{- define "netbox.email.secretKey" -}} {{- if .Values.email.existingSecretName -}} {{- .Values.email.existingSecretKey -}} {{- else -}} email_password {{- end -}} {{- end }} {{/* Name of the Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secret" -}} {{- if .Values.postgresql.enabled }} {{- include "postgresql.v1.secretName" .Subcharts.postgresql -}} {{- else }} {{- include "common.secrets.name" (dict "existingSecret" .Values.externalDatabase.existingSecretName "defaultNameSuffix" "postgresql" "context" $) }} {{- end }} {{- end }} {{/* Name of the key in Secret that contains the PostgreSQL password */}} {{- define "netbox.postgresql.secretKey" -}} {{- if .Values.postgresql.enabled -}} {{- include "postgresql.v1.userPasswordKey" .Subcharts.postgresql -}} {{- else if .Values.externalDatabase.existingSecretName -}} {{- .Values.externalDatabase.existingSecretKey -}} {{- else -}} db_password {{- end -}} {{- end }} {{/* Name of the Secret that contains the Valkey tasks password */}} {{- define "netbox.tasksDatabase.secret" -}} {{- if .Values.valkey.enabled }} {{- include "valkey.secretName" .Subcharts.valkey -}} {{- else }} {{- include "common.secrets.name" (dict "existingSecret" .Values.tasksDatabase.existingSecretName "defaultNameSuffix" "kv" "context" $) }} {{- end }} {{- end }} {{/* Name of the key in Secret that contains the Valkey tasks password */}} {{- define "netbox.tasksDatabase.secretKey" -}} {{- if .Values.valkey.enabled -}} {{- include "valkey.secretPasswordKey" .Subcharts.valkey -}} {{- else if .Values.tasksDatabase.existingSecretName -}} {{ .Values.tasksDatabase.existingSecretKey }} {{- else -}} tasks_password {{- end -}} {{- end }} {{/* Name of the Secret that contains the Valkey cache password */}} {{- define "netbox.cachingDatabase.secret" -}} {{- if .Values.valkey.enabled }} {{- include "valkey.secretName" .Subcharts.valkey -}} {{- else }} {{- include "common.secrets.name" (dict "existingSecret" .Values.cachingDatabase.existingSecretName "defaultNameSuffix" "kv" "context" $) }} {{- end }} {{- end }} {{/* Name of the key in Secret that contains the Valkey cache password */}} {{- define "netbox.cachingDatabase.secretKey" -}} {{- if .Values.valkey.enabled -}} {{- include "valkey.secretPasswordKey" .Subcharts.valkey -}} {{- else if .Values.cachingDatabase.existingSecretName -}} {{ .Values.cachingDatabase.existingSecretKey }} {{- else -}} cache_password {{- end -}} {{- end }} {{/* Valkey Sentinels that would result from setting .Values.valkey.enabled=true and .Values.valkey.sentinel.enabled=true */}} {{- define "netbox.valkey.managedSentinels" -}} {{- $sentinels := list }} {{- $fullname := include "common.names.fullname" .Subcharts.valkey }} {{- $headlessService := printf "%s-headless" (include "common.names.fullname" .Subcharts.valkey) }} {{- $sentinelPort := toString .Values.valkey.sentinel.service.ports.sentinel }} {{- range $i := until (int .Values.valkey.replica.replicaCount) }} {{- $sentinels = append $sentinels (printf "%s-node-%s.%s:%s" $fullname (toString $i) $headlessService $sentinelPort) }} {{- end }} {{- toJson $sentinels }} {{- end -}} {{/* Tasks Sentinel: use .Values.tasksDatabase.sentinels if defined. When using embedded Valkey Sentinel feature, fallback to generated sentinels */}} {{- define "netbox.tasksDatabase.sentinels" -}} {{- if .Values.tasksDatabase.sentinels }} {{- toJson .Values.tasksDatabase.sentinels }} {{- else if and .Values.valkey.enabled .Values.valkey.sentinel.enabled }} {{- include "netbox.valkey.managedSentinels" . }} {{- end }} {{- end -}} {{/* Caching Sentinel: use .Values.cachingDatabase.sentinels if defined. When using embedded Valkey Sentinel feature, fallback to generated sentinels */}} {{- define "netbox.cachingDatabase.sentinels" -}} {{- if .Values.cachingDatabase.sentinels }} {{- toJson .Values.cachingDatabase.sentinels }} {{- else if and .Values.valkey.enabled .Values.valkey.sentinel.enabled }} {{- include "netbox.valkey.managedSentinels" . }} {{- end }} {{- end -}} {{/* Volumes that need to be mounted for .Values.extraConfig entries */}} {{- define "netbox.extraConfig.volumes" -}} {{- range $index, $config := .Values.extraConfig }} - name: {{ printf "extra-config-%d" $index | quote }} {{- if $config.values }} configMap: name: {{ include "common.names.fullname" $ }} items: - key: {{ printf "extra-%d.yaml" $index | quote }} path: {{ printf "extra-%d.yaml" $index | quote }} {{- else if $config.configMap }} configMap: {{- include "common.tplvalues.render" (dict "value" $config.configMap "context" $) | nindent 4 }} {{- else if $config.secret }} secret: {{- include "common.tplvalues.render" (dict "value" $config.secret "context" $) | nindent 4 }} {{- end }} {{- end }} {{- end }} {{/* Volume mounts for .Values.extraConfig entries */}} {{- define "netbox.extraConfig.volumeMounts" -}} {{- range $index, $config := .Values.extraConfig }} - name: {{ printf "extra-config-%d" $index | quote }} mountPath: /run/config/extra/{{ $index }} readOnly: true {{- end }} {{- end }} {{/* Generate the api_token_peppers secret value. Returns a base64-encoded, quoted JSON object. Priority: 1. User-provided apiTokenPeppers from values.yaml (always wins for rotation) 2. Existing secret value (preserved across upgrades via lookup) 3. Auto-generated single pepper {"1": ""} */}} {{- define "netbox.apiTokenPeppers.secret" -}} {{- if not (empty .Values.apiTokenPeppers) -}} {{- .Values.apiTokenPeppers | toJson | b64enc | quote }} {{- else -}} {{- $secretName := include "common.secrets.name" (dict "defaultNameSuffix" "config" "context" $) -}} {{- $existingSecret := (lookup "v1" "Secret" (include "common.names.namespace" .) $secretName).data -}} {{- if and $existingSecret (hasKey $existingSecret "api_token_peppers") -}} {{- index $existingSecret "api_token_peppers" | quote }} {{- else -}} {{- $pepper := randAlphaNum 50 -}} {{- dict "1" $pepper | toJson | b64enc | quote }} {{- end -}} {{- end -}} {{- end -}} {{/* Compile all warnings into a single message. */}} {{- define "netbox.validateValues" -}} {{- $messages := list -}} {{- $messages := append $messages (include "netbox.validateValues.postgresql" .) -}} {{- $messages := append $messages (include "netbox.validateValues.ldap" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} {{- if $message -}} {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} {{- end -}} {{- end -}} {{/* Validate values of Netbox Chart - PostgreSQL */}} {{- define "netbox.validateValues.postgresql" -}} {{- if and (not .Values.postgresql.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}} netbox: postgresql PostgreSQL installation has been disabled but without the required parameters to use an external database. To use an external database, please ensure you provide (at least) the following values: externalDatabase.host=DB_SERVER_HOST externalDatabase.database=DB_NAME externalDatabase.port=DB_SERVER_PORT {{- end -}} {{- end -}} {{/* Validate values of Netbox Chart - LDAP */}} {{- define "netbox.validateValues.ldap" -}} {{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) (empty .Values.remoteAuth.ldap.serverUri) -}} netbox: remoteAuth.ldap When LDAP backend is activated, you must provide all the necessary parameters. Review the values under `remoteAuth.ldap`. {{- end -}} {{- end -}} ================================================ FILE: charts/netbox/templates/configmap.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: configuration.py: |- {{ .Files.Get "files/configuration.py" | nindent 4 }} netbox.yaml: |- ALLOWED_HOSTS: {{ toJson .Values.allowedHosts }} ALLOWED_HOSTS_INCLUDES_POD_ID: {{ .Values.allowedHostsIncludesPodIP }} DATABASES: default: {{- if .Values.postgresql.enabled }} HOST: {{ include "postgresql.v1.primary.fullname" .Subcharts.postgresql | quote }} USER: {{ include "postgresql.v1.username" .Subcharts.postgresql | quote }} NAME: {{ include "postgresql.v1.database" .Subcharts.postgresql | quote }} PORT: {{ include "postgresql.v1.service.port" .Subcharts.postgresql | int }} {{- else }} HOST: {{ include "common.tplvalues.render" (dict "value" .Values.externalDatabase.host "context" $) | quote }} USER: {{ include "common.tplvalues.render" (dict "value" .Values.externalDatabase.username "context" $) | quote }} NAME: {{ include "common.tplvalues.render" (dict "value" .Values.externalDatabase.database "context" $) | quote }} PORT: {{ include "common.tplvalues.render" (dict "value" .Values.externalDatabase.port "context" $) | int }} {{- end }} ENGINE: {{ .Values.externalDatabase.engine | quote }} OPTIONS: {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.options "context" $) | nindent 10 }} CONN_MAX_AGE: {{ .Values.externalDatabase.connMaxAge | int }} DISABLE_SERVER_SIDE_CURSORS: {{ toJson .Values.externalDatabase.disableServerSideCursors }} {{- range $key, $db := .Values.additionalDatabases }} {{ $key }}: ENGINE: {{ $db.engine | quote }} NAME: {{ $db.database | quote }} USER: {{ $db.username | quote }} HOST: {{ $db.host | quote }} PORT: {{ $db.port | int }} CONN_MAX_AGE: {{ $db.connMaxAge | int }} OPTIONS: {{- include "common.tplvalues.render" (dict "value" $db.options "context" $) | nindent 10 }} DISABLE_SERVER_SIDE_CURSORS: {{ toJson $db.disableServerSideCursors }} {{- end }} ADMINS: {{ toJson .Values.admins }} ALLOW_TOKEN_RETRIEVAL: {{ toJson .Values.allowTokenRetrieval }} AUTH_PASSWORD_VALIDATORS: {{ toJson .Values.authPasswordValidators }} ALLOWED_URL_SCHEMES: {{ toJson .Values.allowedUrlSchemes }} {{- range $k, $v := .Values.banner }} BANNER_{{ upper $k }}: {{ $v | quote }} {{- end }} BASE_PATH: {{ .Values.basePath | quote }} CHANGELOG_RETENTION: {{ int .Values.changelogRetention }} CUSTOM_VALIDATORS: {{ toJson .Values.customValidators }} DEFAULT_USER_PREFERENCES: {{ toJson .Values.defaultUserPreferences }} CORS_ORIGIN_ALLOW_ALL: {{ toJson .Values.cors.originAllowAll }} CORS_ORIGIN_WHITELIST: {{ toJson .Values.cors.originWhitelist }} CORS_ORIGIN_REGEX_WHITELIST: {{ toJson .Values.cors.originRegexWhitelist }} CSRF_TRUSTED_ORIGINS: {{ toJson .Values.csrf.trustedOrigins }} DATA_UPLOAD_MAX_MEMORY_SIZE: {{ int .Values.dataUploadMaxMemorySize }} DEBUG: {{ toJson .Values.debug }} DEFAULT_LANGUAGE: {{ .Values.defaultLanguage | quote }} EMAIL: SERVER: {{ .Values.email.server | quote }} PORT: {{ .Values.email.port | int }} USERNAME: {{ .Values.email.username | quote }} USE_SSL: {{ toJson .Values.email.useSSL }} USE_TLS: {{ toJson .Values.email.useTLS }} SSL_CERTFILE: {{ .Values.email.sslCertFile | quote }} SSL_KEYFILE: {{ .Values.email.sslKeyFile | quote }} TIMEOUT: {{ .Values.email.timeout | int }} FROM_EMAIL: {{ toJson .Values.email.from }} ENFORCE_GLOBAL_UNIQUE: {{ toJson .Values.enforceGlobalUnique }} EXEMPT_VIEW_PERMISSIONS: {{ toJson .Values.exemptViewPermissions }} FIELD_CHOICES: {{ toJson .Values.fieldChoices }} FILE_UPLOAD_MAX_MEMORY_SIZE: {{ int .Values.fileUploadMaxMemorySize }} GRAPHQL_ENABLED: {{ toJson .Values.graphQlEnabled }} HTTP_PROXIES: {{ toJson .Values.httpProxies }} INTERNAL_IPS: {{ toJson .Values.internalIPs }} JOB_RETENTION: {{ int .Values.jobRetention }} LOGGING: {{ toJson .Values.logging }} LOGIN_PERSISTENCE: {{ toJson .Values.loginPersistence }} LOGIN_REQUIRED: {{ toJson .Values.loginRequired }} LOGIN_TIMEOUT: {{ int .Values.loginTimeout }} LOGOUT_REDIRECT_URL: {{ .Values.logoutRedirectUrl | quote }} {{- if ne nil .Values.maintenanceMode }} MAINTENANCE_MODE: {{ toJson .Values.maintenanceMode }} {{- end }} MAPS_URL: {{ .Values.mapsUrl | quote }} MAX_PAGE_SIZE: {{ int .Values.maxPageSize }} MEDIA_ROOT: /opt/netbox/netbox/media STORAGES: {{ toJson .Values.storages }} METRICS_ENABLED: {{ toJson .Values.metrics.enabled }} PAGINATE_COUNT: {{ int .Values.paginateCount }} PLUGINS: {{ toJson .Values.plugins }} PLUGINS_CONFIG: {{ toJson .Values.pluginsConfig }} POWERFEED_DEFAULT_AMPERAGE: {{ int .Values.powerFeedDefaultAmperage }} POWERFEED_DEFAULT_MAX_UTILIZATION: {{ int .Values.powerFeedMaxUtilisation }} POWERFEED_DEFAULT_VOLTAGE: {{ int .Values.powerFeedDefaultVoltage }} PREFER_IPV4: {{ toJson .Values.preferIPv4 }} RACK_ELEVATION_DEFAULT_UNIT_HEIGHT: {{ int .Values.rackElevationDefaultUnitHeight }} RACK_ELEVATION_DEFAULT_UNIT_WIDTH: {{ int .Values.rackElevationDefaultUnitWidth }} REMOTE_AUTH_ENABLED: {{ toJson .Values.remoteAuth.enabled }} REMOTE_AUTH_BACKEND: {{ toJson .Values.remoteAuth.backends }} REMOTE_AUTH_HEADER: {{ .Values.remoteAuth.header | quote }} REMOTE_AUTH_USER_FIRST_NAME: {{ .Values.remoteAuth.userFirstName | quote }} REMOTE_AUTH_USER_LAST_NAME: {{ .Values.remoteAuth.userLastName | quote }} REMOTE_AUTH_USER_EMAIL: {{ .Values.remoteAuth.userEmail | quote }} REMOTE_AUTH_AUTO_CREATE_USER: {{ toJson .Values.remoteAuth.autoCreateUser }} REMOTE_AUTH_AUTO_CREATE_GROUPS: {{ toJson .Values.remoteAuth.autoCreateGroups }} REMOTE_AUTH_DEFAULT_GROUPS: {{ toJson .Values.remoteAuth.defaultGroups }} REMOTE_AUTH_DEFAULT_PERMISSIONS: {{ toJson .Values.remoteAuth.defaultPermissions }} REMOTE_AUTH_GROUP_SYNC_ENABLED: {{ toJson .Values.remoteAuth.groupSyncEnabled }} REMOTE_AUTH_GROUP_HEADER: {{ .Values.remoteAuth.groupHeader | quote }} REMOTE_AUTH_SUPERUSER_GROUPS: {{ toJson .Values.remoteAuth.superuserGroups }} REMOTE_AUTH_SUPERUSERS: {{ toJson .Values.remoteAuth.superusers }} REMOTE_AUTH_STAFF_GROUPS: {{ toJson .Values.remoteAuth.staffGroups }} REMOTE_AUTH_STAFF_USERS: {{ toJson .Values.remoteAuth.staffUsers }} REMOTE_AUTH_GROUP_SEPARATOR: {{ .Values.remoteAuth.groupSeparator | quote }} RELEASE_CHECK_URL: {{ toJson .Values.releaseCheck.url }} REDIS: tasks: {{- if (include "netbox.tasksDatabase.sentinels" .) }} SENTINELS: {{ include "netbox.tasksDatabase.sentinels" . }} SENTINEL_SERVICE: {{ ternary .Values.valkey.sentinel.primarySet .Values.tasksDatabase.sentinelService (empty .Values.tasksDatabase.sentinels) | quote }} SENTINEL_TIMEOUT: {{ .Values.tasksDatabase.sentinelTimeout | int }} {{- else if .Values.valkey.enabled }} HOST: {{ printf "%s-primary" (include "common.names.fullname" .Subcharts.valkey) | quote }} PORT: {{ .Values.valkey.primary.service.ports.valkey | int }} {{- else }} HOST: {{ .Values.tasksDatabase.host | quote }} PORT: {{ .Values.tasksDatabase.port | int }} {{- end }} USERNAME: {{ .Values.tasksDatabase.username | quote }} DATABASE: {{ int .Values.tasksDatabase.database }} SSL: {{ toJson .Values.tasksDatabase.ssl }} INSECURE_SKIP_TLS_VERIFY: {{ toJson .Values.tasksDatabase.insecureSkipTlsVerify }} CA_CERT_PATH: {{ .Values.tasksDatabase.caCertPath | quote }} caching: {{- if (include "netbox.cachingDatabase.sentinels" .) }} SENTINELS: {{ include "netbox.cachingDatabase.sentinels" . }} SENTINEL_SERVICE: {{ ternary .Values.valkey.sentinel.primarySet .Values.cachingDatabase.sentinelService (empty .Values.cachingDatabase.sentinels) | quote }} SENTINEL_TIMEOUT: {{ .Values.cachingDatabase.sentinelTimeout | int }} {{- else if .Values.valkey.enabled }} HOST: {{ printf "%s-primary" (include "common.names.fullname" .Subcharts.valkey) | quote }} PORT: {{ .Values.valkey.primary.service.ports.valkey | int }} {{- else }} HOST: {{ .Values.cachingDatabase.host | quote }} PORT: {{ .Values.cachingDatabase.port | int}} {{- end }} USERNAME: {{ .Values.cachingDatabase.username | quote }} DATABASE: {{ int .Values.cachingDatabase.database }} SSL: {{ toJson .Values.cachingDatabase.ssl }} INSECURE_SKIP_TLS_VERIFY: {{ toJson .Values.cachingDatabase.insecureSkipTlsVerify }} CA_CERT_PATH: {{ .Values.cachingDatabase.caCertPath | quote }} REPORTS_ROOT: /opt/netbox/netbox/reports RQ_DEFAULT_TIMEOUT: {{ .Values.rqDefaultTimeout | int }} SCRIPTS_ROOT: /opt/netbox/netbox/scripts CSRF_COOKIE_NAME: {{ .Values.csrf.cookieName | quote }} SESSION_COOKIE_NAME: {{ .Values.sessionCookieName }} ENABLE_LOCALIZATION: {{ toJson .Values.enableLocalization }} TIME_ZONE: {{ .Values.timeZone | quote }} DATE_FORMAT: {{ .Values.dateFormat | quote }} SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} TIME_FORMAT: {{ .Values.timeFormat | quote }} SHORT_TIME_FORMAT: {{ .Values.shortTimeFormat | quote }} DATETIME_FORMAT: {{ .Values.dateTimeFormat | quote }} SHORT_DATETIME_FORMAT: {{ .Values.shortDateTimeFormat | quote }} {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} ldap_config.py: |- {{ .Files.Get "files/ldap_config.py" | nindent 4 }} ldap.yaml: |- AUTH_LDAP_SERVER_URI: {{ .Values.remoteAuth.ldap.serverUri | quote }} AUTH_LDAP_BIND_DN: {{ .Values.remoteAuth.ldap.bindDn | quote }} AUTH_LDAP_START_TLS: {{ toJson .Values.remoteAuth.ldap.startTls }} LDAP_IGNORE_CERT_ERRORS: {{ toJson .Values.remoteAuth.ldap.ignoreCertErrors }} {{- if .Values.remoteAuth.ldap.caCertDir }} LDAP_CA_CERT_DIR: {{ .Values.remoteAuth.ldap.caCertDir | quote }} {{- end }} {{- if .Values.remoteAuth.ldap.caCertData }} LDAP_CA_CERT_FILE: /etc/netbox/config/ldap/ldap_ca.crt {{- end }} AUTH_LDAP_USER_DN_TEMPLATE: {{ default nil .Values.remoteAuth.ldap.userDnTemplate }} AUTH_LDAP_USER_SEARCH_BASEDN: {{ .Values.remoteAuth.ldap.userSearchBaseDn | quote }} AUTH_LDAP_USER_SEARCH_ATTR: {{ .Values.remoteAuth.ldap.userSearchAttr | quote }} AUTH_LDAP_GROUP_SEARCH_BASEDN: {{ .Values.remoteAuth.ldap.groupSearchBaseDn | quote }} AUTH_LDAP_GROUP_SEARCH_CLASS: {{ .Values.remoteAuth.ldap.groupSearchClass | quote }} AUTH_LDAP_GROUP_TYPE: {{ .Values.remoteAuth.ldap.groupType | quote }} AUTH_LDAP_FIND_GROUP_PERMS: {{ toJson .Values.remoteAuth.ldap.findGroupPerms }} AUTH_LDAP_MIRROR_GROUPS: {{ toJson .Values.remoteAuth.ldap.mirrorGroups }} AUTH_LDAP_MIRROR_GROUPS_EXCEPT: {{ toJson .Values.remoteAuth.ldap.mirrorGroupsExcept }} AUTH_LDAP_CACHE_TIMEOUT: {{ int .Values.remoteAuth.ldap.cacheTimeout }} AUTH_LDAP_REQUIRE_GROUP_LIST: {{ toJson .Values.remoteAuth.ldap.requireGroupDn }} AUTH_LDAP_IS_ADMIN_LIST: {{ toJson .Values.remoteAuth.ldap.isAdminDn }} AUTH_LDAP_IS_SUPERUSER_LIST: {{ toJson .Values.remoteAuth.ldap.isSuperUserDn }} # Populate the Django user from the LDAP directory. AUTH_LDAP_USER_ATTR_MAP: first_name: {{ .Values.remoteAuth.ldap.attrFirstName | quote }} last_name: {{ .Values.remoteAuth.ldap.attrLastName | quote }} email: {{ .Values.remoteAuth.ldap.attrMail | quote }} {{- if .Values.remoteAuth.ldap.caCertData }} ldap_ca.crt: {{- toYaml .Values.remoteAuth.ldap.caCertData | indent 4 }} {{- end }} {{- end }} {{- range $index, $config := .Values.extraConfig }} {{- if $config.values }} {{ printf "extra-%d.yaml" $index }}: |- {{- include "common.tplvalues.render" (dict "value" $config.values "context" $) | nindent 4 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/cronjob.yaml ================================================ {{- if .Values.housekeeping.enabled -}} apiVersion: batch/v1 kind: CronJob metadata: name: {{ printf "%s-housekeeping" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: housekeeping {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: concurrencyPolicy: {{ .Values.housekeeping.concurrencyPolicy }} failedJobsHistoryLimit: {{ .Values.housekeeping.failedJobsHistoryLimit }} schedule: {{ .Values.housekeeping.schedule | quote }} successfulJobsHistoryLimit: {{ .Values.housekeeping.successfulJobsHistoryLimit }} suspend: {{ .Values.housekeeping.suspend }} {{- if .Values.housekeeping.timezone }} timeZone: {{ .Values.housekeeping.timezone }} {{- end }} jobTemplate: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} spec: template: metadata: {{- if .Values.housekeeping.podAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.housekeeping.podAnnotations "context" $ ) | nindent 12 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.housekeeping.podLabels "context" $ ) | nindent 12 }} app.kubernetes.io/component: housekeeping spec: {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 10 }} serviceAccountName: {{ include "netbox.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }} {{- if .Values.housekeeping.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.housekeeping.podSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.housekeeping.initContainers }} initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.initContainers "context" $) | trim | nindent 12 }} {{- end }} containers: - name: {{ .Chart.Name }}-housekeeping {{- if .Values.housekeeping.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.housekeeping.securityContext "context" $) | nindent 14 }} {{- end }} image: {{ include "netbox.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.housekeeping.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.command "context" $) | nindent 14 }} {{- end }} {{- if .Values.housekeeping.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.args "context" $) | nindent 14 }} {{- end }} {{- if .Values.housekeeping.extraEnvs }} env: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvs "context" $) | nindent 14 }} {{- end }} {{- if or .Values.housekeeping.extraEnvVarsCM .Values.housekeeping.extraEnvVarsSecret }} envFrom: {{- if .Values.housekeeping.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.housekeeping.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} volumeMounts: - name: config mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true {{- if .Values.remoteAuth.ldap.caCertData }} - name: config mountPath: /etc/netbox/config/ldap/ldap_ca.crt subPath: ldap_ca.crt readOnly: true {{- end }} {{- end }} - name: config mountPath: /run/config/netbox readOnly: true - name: secrets mountPath: /run/secrets/netbox readOnly: true {{- include "netbox.extraConfig.volumeMounts" . | nindent 12 }} - name: netbox-tmp mountPath: /tmp - name: media mountPath: /opt/netbox/netbox/media subPath: {{ .Values.persistence.subPath | default "" | quote }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- if .Values.reportsPersistence.enabled }} - name: reports mountPath: /opt/netbox/netbox/reports subPath: {{ .Values.reportsPersistence.subPath | default "" | quote }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts mountPath: /opt/netbox/netbox/scripts subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- end }} {{- if .Values.housekeeping.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.housekeeping.resources }} resources: {{ toYaml .Values.housekeeping.resources | nindent 14 }} {{- else if ne .Values.housekeeping.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.housekeeping.resourcesPreset) | nindent 14 }} {{- end }} {{- if .Values.housekeeping.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.sidecars "context" $) | nindent 10 }} {{- end }} volumes: - name: config configMap: name: {{ include "common.names.fullname" . }} - name: secrets projected: sources: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} optional: true items: - key: api_token_peppers path: api_token_peppers - secret: name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.existingSecret .Values.email.existingSecretName) "defaultNameSuffix" "config" "context" $) }} items: - key: {{ include "netbox.email.secretKey" . | quote }} path: email_password - secret: name: {{ include "netbox.postgresql.secret" . | quote }} items: - key: {{ include "netbox.postgresql.secretKey" . | quote }} path: db_password - secret: name: {{ include "netbox.tasksDatabase.secret" . | quote }} items: - key: {{ include "netbox.tasksDatabase.secretKey" . | quote }} path: tasks_password - secret: name: {{ include "netbox.cachingDatabase.secret" . | quote }} items: - key: {{ include "netbox.cachingDatabase.secretKey" . | quote }} path: cache_password {{- include "netbox.extraConfig.volumes" . | nindent 10 }} - name: netbox-tmp emptyDir: medium: Memory - name: media {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (printf "%s-media" (include "common.names.fullname" .)) }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.reportsPersistence.enabled }} - name: reports persistentVolumeClaim: claimName: {{ .Values.reportsPersistence.existingClaim | default (printf "%s-reports" (include "common.names.fullname" .)) }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts persistentVolumeClaim: claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf "%s-scripts" (include "common.names.fullname" .)) }} readOnly: {{ .Values.housekeeping.readOnlyPersistence | default false }} {{- end }} {{- if .Values.housekeeping.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.extraVolumes "context" $) | nindent 10 }} {{- end }} {{- if .Values.housekeeping.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.housekeeping.nodeSelector "context" $) | nindent 12 }} {{- end }} {{- if .Values.housekeeping.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.housekeeping.affinity "context" $) | nindent 12 }} {{- end }} {{- if .Values.housekeeping.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.tolerations "context" .) | nindent 12 }} {{- end }} restartPolicy: {{ .Values.housekeeping.restartPolicy }} {{- end -}} ================================================ FILE: charts/netbox/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: netbox {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) | nindent 6 }} app.kubernetes.io/component: netbox {{- if .Values.updateStrategy }} strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $) | nindent 4 }} {{- end }} template: metadata: annotations: {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} {{- end }} checksum/config: {{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} {{- if (not .Values.existingSecret) }} checksum/secret: {{ include "common.utils.checksumTemplate" (dict "path" "/secret.yaml" "context" $) }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: netbox spec: {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }} serviceAccountName: {{ include "netbox.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: - name: init-dirs image: {{ include "netbox.init.image" . | quote }} imagePullPolicy: {{ .Values.init.image.pullPolicy | quote }} command: [/bin/sh, -c, mkdir -p /opt/unit/state /opt/unit/tmp] {{- if .Values.init.resources }} resources: {{- toYaml .Values.init.resources | nindent 11 }} {{- else if ne .Values.init.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.init.resourcesPreset) | nindent 10 }} {{- end }} {{- if .Values.init.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.init.securityContext "context" $) | nindent 10 }} {{- end }} volumeMounts: - name: optunit mountPath: /opt/unit {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 6 }} {{- end }} containers: - name: {{ .Chart.Name }} {{- if .Values.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 10 }} {{- end }} image: {{ include "netbox.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 10 }} {{- end }} {{- if .Values.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 10 }} {{- end }} env: - name: SUPERUSER_NAME valueFrom: secretKeyRef: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} key: username - name: SUPERUSER_EMAIL valueFrom: secretKeyRef: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} key: email {{- if and .Values.metrics.enabled .Values.metrics.granian.enabled }} - name: GRANIAN_METRICS_ENABLED value: {{ .Values.metrics.granian.enabled | quote }} {{- if and .Values.metrics.granian.serviceMonitor.enabled .Values.metrics.granian.serviceMonitor.interval }} - name: GRANIAN_METRICS_SCRAPE_INTERVAL value: {{ .Values.metrics.granian.serviceMonitor.interval | quote }} {{- end }} {{- end }} {{- if .Values.dbWaitDebug }} - name: DB_WAIT_DEBUG value: "1" {{- end }} {{- if .Values.allowedHostsIncludesPodIP }} - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP {{- end }} {{- if .Values.extraEnvs }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvs "context" $) | nindent 8 }} {{- end }} {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP {{- if .Values.metrics.granian.serviceMonitor.enabled}} - name: granian-metrics containerPort: 9090 protocol: TCP {{- end }} {{- if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 10 }} {{- else if .Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 10 }} tcpSocket: port: http {{- end }} {{- if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 10 }} {{- else if .Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 10 }} httpGet: path: /{{ .Values.basePath }}login/ port: http {{- if (not (eq (index .Values.allowedHosts 0) "*")) }} httpHeaders: - name: Host value: {{ (index .Values.allowedHosts 0) | quote }} {{- end }} {{- end }} {{- if .Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 10 }} {{- else if .Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 10 }} httpGet: path: /{{ .Values.basePath }}login/ port: http {{- if (not (eq (index .Values.allowedHosts 0) "*")) }} httpHeaders: - name: Host value: {{ (index .Values.allowedHosts 0) | quote }} {{- end }} {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 10 }} {{- end }} volumeMounts: - name: config mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true {{- if .Values.remoteAuth.ldap.caCertData }} - name: config mountPath: /etc/netbox/config/ldap/ldap_ca.crt subPath: ldap_ca.crt readOnly: true {{- end }} {{- end }} - name: config mountPath: /run/config/netbox readOnly: true - name: secrets mountPath: /run/secrets/netbox readOnly: true {{- include "netbox.extraConfig.volumeMounts" . | nindent 8 }} - name: netbox-tmp mountPath: /tmp - name: media mountPath: /opt/netbox/netbox/media subPath: {{ .Values.persistence.subPath | default "" | quote }} {{- if .Values.reportsPersistence.enabled }} - name: reports mountPath: /opt/netbox/netbox/reports subPath: {{ .Values.reportsPersistence.subPath | default "" | quote }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts mountPath: /opt/netbox/netbox/scripts subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }} {{- end }} - name: optunit mountPath: /opt/unit - name: secrets mountPath: /run/secrets/superuser_password subPath: superuser_password readOnly: true - name: secrets mountPath: /run/secrets/superuser_api_token subPath: superuser_api_token readOnly: true {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 8 }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 10 }} {{- else if ne .Values.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 10 }} {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 6 }} {{- end }} volumes: - name: config configMap: name: {{ include "common.names.fullname" . }} - name: secrets projected: sources: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} optional: true items: - key: api_token_peppers path: api_token_peppers - secret: name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.existingSecret .Values.email.existingSecretName) "defaultNameSuffix" "config" "context" $) }} items: - key: {{ include "netbox.email.secretKey" . | quote }} path: email_password - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} items: - key: password path: superuser_password - key: api_token path: superuser_api_token - secret: name: {{ include "netbox.postgresql.secret" . | quote }} items: - key: {{ include "netbox.postgresql.secretKey" . | quote }} path: db_password - secret: name: {{ include "netbox.tasksDatabase.secret" . | quote }} items: - key: {{ include "netbox.tasksDatabase.secretKey" . | quote }} path: tasks_password - secret: name: {{ include "netbox.cachingDatabase.secret" . | quote }} items: - key: {{ include "netbox.cachingDatabase.secretKey" . | quote }} path: cache_password {{- include "netbox.extraConfig.volumes" . | nindent 6 }} - name: netbox-tmp emptyDir: medium: Memory - name: optunit emptyDir: medium: Memory - name: media {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (printf "%s-media" (include "common.names.fullname" .)) }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.reportsPersistence.enabled }} - name: reports persistentVolumeClaim: claimName: {{ .Values.reportsPersistence.existingClaim | default (printf "%s-reports" (include "common.names.fullname" .)) }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts persistentVolumeClaim: claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf "%s-scripts" (include "common.names.fullname" .)) }} {{- end }} {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 6 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} ================================================ FILE: charts/netbox/templates/extra-list.yaml ================================================ {{ range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} {{ end }} ================================================ FILE: charts/netbox/templates/granian-servicemonitor.yaml ================================================ {{- if and .Values.metrics.granian.enabled .Values.metrics.granian.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ printf "%s-granian" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.granian.serviceMonitor.additionalLabels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: jobLabel: {{ include "common.names.fullname" . }} namespaceSelector: matchNames: - {{ include "common.names.namespace" . | quote }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} {{- if .Values.metrics.granian.serviceMonitor.selector }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.granian.serviceMonitor.selector "context" $) | nindent 6 }} {{- end }} endpoints: - port: granian-metrics path: "/metrics" {{- if .Values.metrics.granian.serviceMonitor.interval }} interval: {{ .Values.metrics.granian.serviceMonitor.interval }} {{- end }} {{- if .Values.metrics.granian.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.metrics.granian.serviceMonitor.scrapeTimeout }} {{- end }} {{- if .Values.metrics.granian.serviceMonitor.honorLabels }} honorLabels: {{ .Values.metrics.granian.serviceMonitor.honorLabels }} {{- end }} {{- if .Values.metrics.granian.serviceMonitor.metricRelabelings }} metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.granian.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} {{- end }} {{- if .Values.metrics.granian.serviceMonitor.relabelings }} relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.granian.serviceMonitor.relabelings "context" $) | nindent 6 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/hpa.yaml ================================================ {{- if .Values.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: netbox {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: {{ include "common.names.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} {{- if .Values.autoscaling.behavior }} behavior: {{- if .Values.autoscaling.behavior.scaleUp }} scaleUp: {{- if .Values.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }} stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }} {{- end }} {{- if .Values.autoscaling.behavior.scaleUp.selectPolicy }} selectPolicy: {{ .Values.autoscaling.behavior.scaleUp.selectPolicy | quote }} {{- end }} {{- if .Values.autoscaling.behavior.scaleUp.policies }} policies: {{- range .Values.autoscaling.behavior.scaleUp.policies }} - type: {{ .type | quote }} value: {{ .value }} periodSeconds: {{ .periodSeconds }} {{- end }} {{- end }} {{- end }} {{- if .Values.autoscaling.behavior.scaleDown }} scaleDown: {{- if .Values.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }} stabilizationWindowSeconds: {{ .Values.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }} {{- end }} {{- if .Values.autoscaling.behavior.scaleDown.selectPolicy }} selectPolicy: {{ .Values.autoscaling.behavior.scaleDown.selectPolicy | quote }} {{- end }} {{- if .Values.autoscaling.behavior.scaleDown.policies }} policies: {{- range .Values.autoscaling.behavior.scaleDown.policies }} - type: {{ .type | quote }} value: {{ .value }} periodSeconds: {{ .periodSeconds }} {{- end }} {{- end }} {{- end }} {{- end }} metrics: {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/httproute.yaml ================================================ {{- if .Values.httpRoute.enabled -}} apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.httpRoute.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.httpRoute.annotations .Values.commonAnnotations) "context" .) }} annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: {{- with .Values.httpRoute.parentRefs }} parentRefs: {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.httpRoute.hostnames }} hostnames: {{- toYaml . | nindent 4 }} {{- end }} rules: - matches: - path: type: PathPrefix value: / {{- with .Values.httpRoute.filters }} filters: {{- toYaml . | nindent 8 }} {{- end }} backendRefs: - name: {{ include "common.names.fullname" . }} port: {{ .Values.service.port }} {{- end }} ================================================ FILE: charts/netbox/templates/ingress.yaml ================================================ {{- if .Values.ingress.enabled -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.ingress.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} {{- end }} {{- with .Values.ingress.tls }} tls: {{- range . }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: {{- range .paths }} {{- if kindIs "string" . }} - path: {{ . }} pathType: Prefix backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 10 }} {{- else }} {{- (list .) | toYaml | nindent 6 }} {{- end }} {{- end }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/pdb.yaml ================================================ {{- if and .Values.pdb.enabled (or .Values.pdb.minAvailable .Values.pdb.maxUnavailable) }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: netbox {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: selector: matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) | nindent 6 }} app.kubernetes.io/component: netbox {{- if .Values.pdb.minAvailable }} minAvailable: {{ .Values.pdb.minAvailable }} {{- end }} {{- if .Values.pdb.maxUnavailable }} maxUnavailable: {{ .Values.pdb.maxUnavailable }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/pvc.yaml ================================================ {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ printf "%s-media" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.persistence.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- if .Values.persistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} {{- end }} {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} {{- end }} {{- if and .Values.reportsPersistence.enabled (not .Values.reportsPersistence.existingClaim) }} --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ printf "%s-reports" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.reportsPersistence.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.reportsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: accessModes: - {{ .Values.reportsPersistence.accessMode | quote }} resources: requests: storage: {{ .Values.reportsPersistence.size | quote }} {{- if .Values.reportsPersistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" .Values.reportsPersistence.selector "context" $) | nindent 4 }} {{- end }} {{- include "common.storage.class" (dict "persistence" .Values.reportsPersistence "global" .Values.global) | nindent 2 }} {{- end }} {{- if and .Values.scriptsPersistence.enabled (not .Values.scriptsPersistence.existingClaim) }} --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ printf "%s-scripts" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.scriptsPersistence.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.scriptsPersistence.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: accessModes: - {{ .Values.scriptsPersistence.accessMode | quote }} resources: requests: storage: {{ .Values.scriptsPersistence.size | quote }} {{- if .Values.scriptsPersistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" .Values.scriptsPersistence.selector "context" $) | nindent 4 }} {{- end }} {{- include "common.storage.class" (dict "persistence" .Values.scriptsPersistence "global" .Values.global) | nindent 2 }} {{- end }} ================================================ FILE: charts/netbox/templates/role.yaml ================================================ {{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} namespace: {{ include "common.names.namespace" . | quote }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: {{- if and .Values.worker.enabled .Values.worker.waitForBackend.enabled }} - apiGroups: - apps resources: - statefulsets - deployments - replicasets verbs: - get - list - watch {{- end }} {{- if .Values.rbac.rules }} {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/rolebinding.yaml ================================================ {{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} namespace: {{ include "common.names.namespace" . | quote }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} roleRef: kind: Role name: {{ include "common.names.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: {{ include "netbox.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} {{- end }} ================================================ FILE: charts/netbox/templates/secret.yaml ================================================ {{- if not .Values.existingSecret }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "config" "context" $) }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: {{- if not .Values.email.existingSecretName }} email_password: {{ .Values.email.password | b64enc | quote }} {{- end }} secret_key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.secrets.name" (dict "defaultNameSuffix" "config" "context" $)) "key" "secret_key" "providedValues" (list "secretKey") "length" 60 "strong" true "failOnNew" false "context" $) }} api_token_peppers: {{ include "netbox.apiTokenPeppers.secret" . }} {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} ldap_bind_password: {{ .Values.remoteAuth.ldap.bindPassword | b64enc | quote }} {{- end }} {{- end }} {{- if not .Values.superuser.existingSecret }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "superuser" "context" $) }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/basic-auth data: username: {{ .Values.superuser.name | default "admin" | b64enc | quote }} password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.secrets.name" (dict "defaultNameSuffix" "superuser" "context" $)) "key" "password" "providedValues" (list "superuser.password") "context" $) }} email: {{ .Values.superuser.email | b64enc | quote }} api_token: {{ .Values.superuser.apiToken | default uuidv4 | b64enc | quote }} {{- end }} {{- if not (or .Values.postgresql.enabled .Values.externalDatabase.existingSecretName) }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "postgresql" "context" $) }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: db_password: {{ .Values.externalDatabase.password | b64enc | quote }} {{- end }} {{- if not (or .Values.valkey.enabled (and .Values.tasksDatabase.existingSecretName .Values.cachingDatabase.existingSecretName)) }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "kv" "context" $) }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: {{- if not .Values.tasksDatabase.existingSecretName }} tasks_password: {{ .Values.tasksDatabase.password | b64enc | quote }} {{- end }} {{- if not .Values.cachingDatabase.existingSecretName }} cache_password: {{ .Values.cachingDatabase.password | b64enc | quote }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/service.yaml ================================================ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.service.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} nodePort: {{ .Values.service.nodePort }} {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.granian.enabled }} - port: 9090 targetPort: granian-metrics protocol: TCP name: granian-metrics {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} nodePort: {{ .Values.service.nodePort }} {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} {{- end }} selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: netbox {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} clusterIP: {{ .Values.service.clusterIP }} {{- end }} {{- if and .Values.service.clusterIPs (eq .Values.service.type "ClusterIP") }} clusterIPs: {{- include "common.tplvalues.render" (dict "value" .Values.service.clusterIPs "context" $) | nindent 4 }} {{- end }} {{- if .Values.service.externalIPs }} clusterIPs: {{- include "common.tplvalues.render" (dict "value" .Values.service.externalIPs "context" $) | nindent 4 }} {{- end }} {{- if .Values.service.sessionAffinity }} sessionAffinity: {{ .Values.service.sessionAffinity }} {{- end }} {{- if .Values.service.sessionAffinityConfig }} sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} {{- end }} {{- if .Values.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy | quote }} {{- end }} {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerClass)) }} loadBalancerClass: {{ .Values.service.loadBalancerClass | quote }} {{- end }} ================================================ FILE: charts/netbox/templates/serviceaccount.yaml ================================================ {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "netbox.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/servicemonitor.yaml ================================================ {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.additionalLabels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: jobLabel: {{ include "common.names.fullname" . }} namespaceSelector: matchNames: - {{ include "common.names.namespace" . | quote }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} {{- if .Values.metrics.serviceMonitor.selector }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} {{- end }} endpoints: - port: http path: "/metrics" {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} {{- end }} {{- if .Values.metrics.serviceMonitor.honorLabels }} honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} {{- end }} {{- if .Values.metrics.serviceMonitor.metricRelabelings }} metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} {{- end }} {{- if .Values.metrics.serviceMonitor.relabelings }} relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/tests/test-connection.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: {{ printf "%s-test-connection" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} annotations: "helm.sh/hook": test {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: containers: - name: wget image: "{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" imagePullPolicy: {{ .Values.test.image.pullPolicy }} command: ['wget'] args: ['{{ include "common.names.fullname" . }}:{{ .Values.service.port }}'] {{- if .Values.test.resources }} resources: {{ toYaml .Values.test.resources | nindent 6 }} {{- else if ne .Values.test.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.test.resourcesPreset) | nindent 6 }} {{- end }} {{- if .Values.test.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.test.securityContext "context" $) | nindent 6 }} {{- end }} restartPolicy: Never ================================================ FILE: charts/netbox/templates/worker/deployment.yaml ================================================ {{- if .Values.worker.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ printf "%s-worker" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if not .Values.worker.autoscaling.enabled }} replicas: {{ .Values.worker.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.worker.podLabels "context" $) | nindent 6 }} app.kubernetes.io/component: worker {{- if .Values.worker.updateStrategy }} strategy: {{- include "common.tplvalues.render" (dict "value" .Values.worker.updateStrategy "context" $) | nindent 4 }} {{- end }} template: metadata: annotations: {{- if .Values.worker.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.worker.podAnnotations "context" $ ) | nindent 8 }} {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if (not .Values.existingSecret) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.worker.podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: worker spec: {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }} serviceAccountName: {{ include "netbox.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }} {{- if .Values.worker.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} {{- if or .Values.worker.initContainers .Values.worker.waitForBackend.enabled }} initContainers: {{- if .Values.worker.waitForBackend.enabled }} - name: wait-for-backend image: {{ include "common.images.image" (dict "imageRoot" .Values.worker.waitForBackend.image "global" .Values.global) }} imagePullPolicy: {{ .Values.worker.waitForBackend.image.pullPolicy | quote }} {{- if .Values.worker.waitForBackend.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.command "context" $) | nindent 10 }} {{- end }} {{- if .Values.worker.waitForBackend.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.args "context" $) | nindent 10 }} {{- end }} {{- if .Values.worker.waitForBackend.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.waitForBackend.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.worker.waitForBackend.resources }} resources: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.resources "context" $) | nindent 12 }} {{- else if ne .Values.worker.waitForBackend.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.worker.waitForBackend.resourcesPreset) | nindent 12 }} {{- end }} env: - name: DEPLOYMENT_NAME value: {{ include "common.names.fullname" . }} {{- end }} {{- if .Values.worker.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | nindent 8 }} {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-worker {{- if .Values.worker.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.securityContext "context" $) | nindent 10 }} {{- end }} image: {{ include "netbox.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.worker.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.worker.command "context" $) | nindent 10 }} {{- end }} {{- if .Values.worker.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.worker.args "context" $) | nindent 10 }} {{- end }} {{- if .Values.worker.extraEnvs }} env: {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvs "context" $) | nindent 10 }} {{- end }} {{- if or .Values.worker.extraEnvVarsCM .Values.worker.extraEnvVarsSecret }} envFrom: {{- if .Values.worker.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.worker.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} volumeMounts: - name: config mountPath: /etc/netbox/config/configuration.py subPath: configuration.py readOnly: true {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - name: config mountPath: /etc/netbox/config/ldap/ldap_config.py subPath: ldap_config.py readOnly: true {{- if .Values.remoteAuth.ldap.caCertData }} - name: config mountPath: /etc/netbox/config/ldap/ldap_ca.crt subPath: ldap_ca.crt readOnly: true {{- end }} {{- end }} - name: config mountPath: /run/config/netbox readOnly: true - name: secrets mountPath: /run/secrets/netbox readOnly: true {{- include "netbox.extraConfig.volumeMounts" . | nindent 8 }} - name: netbox-tmp mountPath: /tmp - name: media mountPath: /opt/netbox/netbox/media subPath: {{ .Values.persistence.subPath | default "" | quote }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- if .Values.reportsPersistence.enabled }} - name: reports mountPath: /opt/netbox/netbox/reports subPath: {{ .Values.reportsPersistence.subPath | default "" | quote }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts mountPath: /opt/netbox/netbox/scripts subPath: {{ .Values.scriptsPersistence.subPath | default "" | quote }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- end }} {{- if .Values.worker.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumeMounts "context" $) | nindent 8 }} {{- end }} {{- if .Values.worker.resources }} resources: {{ toYaml .Values.worker.resources | nindent 10 }} {{- else if ne .Values.worker.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.worker.resourcesPreset) | nindent 10 }} {{- end }} {{- if .Values.worker.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.sidecars "context" $) | nindent 6 }} {{- end }} volumes: - name: config configMap: name: {{ include "common.names.fullname" . }} - name: secrets projected: sources: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} optional: true items: - key: api_token_peppers path: api_token_peppers - secret: name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.existingSecret .Values.email.existingSecretName) "defaultNameSuffix" "config" "context" $) }} items: - key: {{ include "netbox.email.secretKey" . | quote }} path: email_password - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} items: - key: password path: superuser_password - key: api_token path: superuser_api_token - secret: name: {{ include "netbox.postgresql.secret" . | quote }} items: - key: {{ include "netbox.postgresql.secretKey" . | quote }} path: db_password - secret: name: {{ include "netbox.tasksDatabase.secret" . | quote }} items: - key: {{ include "netbox.tasksDatabase.secretKey" . | quote }} path: tasks_password - secret: name: {{ include "netbox.cachingDatabase.secret" . | quote }} items: - key: {{ include "netbox.cachingDatabase.secretKey" . | quote }} path: cache_password {{- include "netbox.extraConfig.volumes" . | nindent 6 }} - name: netbox-tmp emptyDir: medium: Memory - name: media {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (printf "%s-media" (include "common.names.fullname" .)) }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.reportsPersistence.enabled }} - name: reports persistentVolumeClaim: claimName: {{ .Values.reportsPersistence.existingClaim | default (printf "%s-reports" (include "common.names.fullname" .)) }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- end }} {{- if .Values.scriptsPersistence.enabled }} - name: scripts persistentVolumeClaim: claimName: {{ .Values.scriptsPersistence.existingClaim | default (printf "%s-scripts" (include "common.names.fullname" .)) }} readOnly: {{ .Values.worker.readOnlyPersistence | default false }} {{- end }} {{- if .Values.worker.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumes "context" $) | nindent 6 }} {{- end }} {{- if .Values.worker.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.worker.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.worker.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.worker.affinity "context" $) | nindent 8 }} {{- end }} {{- if .Values.worker.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.worker.tolerations "context" .) | nindent 8 }} {{- end }} {{- if .Values.worker.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.worker.priorityClassName }} priorityClassName: {{ .Values.worker.priorityClassName | quote }} {{- end }} {{- if .Values.worker.schedulerName }} schedulerName: {{ .Values.worker.schedulerName | quote }} {{- end }} {{- if .Values.worker.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.worker.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.worker.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/worker/hpa.yaml ================================================ {{- if and .Values.worker.enabled .Values.worker.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ printf "%s-worker" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: {{ include "common.names.fullname" . }}-worker minReplicas: {{ .Values.worker.autoscaling.minReplicas }} maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} {{- if .Values.worker.autoscaling.behavior }} behavior: {{- if .Values.worker.autoscaling.behavior.scaleUp }} scaleUp: {{- if .Values.worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }} stabilizationWindowSeconds: {{ .Values.worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds }} {{- end }} {{- if .Values.worker.autoscaling.behavior.scaleUp.selectPolicy }} selectPolicy: {{ .Values.worker.autoscaling.behavior.scaleUp.selectPolicy | quote }} {{- end }} {{- if .Values.worker.autoscaling.behavior.scaleUp.policies }} policies: {{- range .Values.worker.autoscaling.behavior.scaleUp.policies }} - type: {{ .type | quote }} value: {{ .value }} periodSeconds: {{ .periodSeconds }} {{- end }} {{- end }} {{- end }} {{- if .Values.worker.autoscaling.behavior.scaleDown }} scaleDown: {{- if .Values.worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }} stabilizationWindowSeconds: {{ .Values.worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds }} {{- end }} {{- if .Values.worker.autoscaling.behavior.scaleDown.selectPolicy }} selectPolicy: {{ .Values.worker.autoscaling.behavior.scaleDown.selectPolicy | quote }} {{- end }} {{- if .Values.worker.autoscaling.behavior.scaleDown.policies }} policies: {{- range .Values.worker.autoscaling.behavior.scaleDown.policies }} - type: {{ .type | quote }} value: {{ .value }} periodSeconds: {{ .periodSeconds }} {{- end }} {{- end }} {{- end }} {{- end }} metrics: {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization averageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory target: type: Utilization averageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/templates/worker/pdb.yaml ================================================ {{- if and .Values.worker.enabled .Values.worker.pdb.enabled (or .Values.worker.pdb.minAvailable .Values.worker.pdb.maxUnavailable) }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ printf "%s-worker" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: selector: matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.worker.podLabels "context" $) | nindent 6 }} app.kubernetes.io/component: worker {{- if .Values.worker.pdb.minAvailable }} minAvailable: {{ .Values.worker.pdb.minAvailable }} {{- end }} {{- if .Values.worker.pdb.maxUnavailable }} maxUnavailable: {{ .Values.worker.pdb.maxUnavailable }} {{- end }} {{- end }} ================================================ FILE: charts/netbox/values.schema.json ================================================ { "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "Netbox Helm Chart Schema", "type": "object", "$defs": { "image": { "title": "Container image description", "type": "object", "properties": { "pullPolicy": { "title": "Specify a imagePullPolicy", "description": "Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'", "type": "string", "enum": ["IfNotPresent", "Always", "Never"] }, "pullSecrets": { "title": "Optionally specify an array of imagePullSecrets", "description": "https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/", "type": "array" }, "registry": { "type": "string" }, "repository": { "type": "string" }, "tag": { "type": "string" }, "digest": { "type": "string" } }, "required": ["repository", "pullPolicy"] }, "probe": { "type": "object", "properties": { "enabled": { "type": "boolean" }, "failureThreshold": { "type": "integer" }, "httpGet": { "type": "object", "properties": { "httpHeaders": { "type": "array" }, "path": { "type": "string" }, "port": { "type": "string" }, "scheme": { "type": "string" } } }, "initialDelaySeconds": { "type": "integer" }, "periodSeconds": { "type": "integer" }, "successThreshold": { "type": "integer" }, "timeoutSeconds": { "type": "integer" } } }, "resources": { "type": "object", "title": "Required Resources", "description": "Configure resource requests", "form": true, "properties": { "requests": { "type": "object", "properties": { "memory": { "type": "string", "form": true, "render": "slider", "title": "Memory Request", "sliderMin": 10, "sliderMax": 2048, "sliderUnit": "Mi" }, "cpu": { "type": "string", "form": true, "render": "slider", "title": "CPU Request", "sliderMin": 10, "sliderMax": 2000, "sliderUnit": "m" } } }, "limits": { "type": "object", "properties": { "memory": { "type": "string", "form": true, "render": "slider", "title": "Memory Request", "sliderMin": 10, "sliderMax": 2048, "sliderUnit": "Mi" }, "cpu": { "type": "string", "form": true, "render": "slider", "title": "CPU Request", "sliderMin": 10, "sliderMax": 2000, "sliderUnit": "m" } } } } } }, "properties": { "admins": { "type": "array" }, "affinity": { "properties": {}, "type": ["object", "string"] }, "allowTokenRetrieval": { "type": "boolean" }, "allowedHosts": { "items": { "type": "string" }, "type": "array" }, "allowedHostsIncludesPodIP": { "type": "boolean" }, "allowedUrlSchemes": { "items": { "type": "string" }, "type": "array" }, "args": { "items": { "type": "string" }, "type": ["array", "string"] }, "authPasswordValidators": { "type": "array" }, "automountServiceAccountToken": { "type": "boolean" }, "autoscaling": { "properties": { "enabled": { "type": "boolean" }, "maxReplicas": { "type": "integer" }, "minReplicas": { "type": "integer" }, "targetCPUUtilizationPercentage": { "type": ["integer", "null"] }, "targetMemoryUtilizationPercentage": { "type": ["integer", "null"], "default": null }, "behavior": { "type": "object", "default": {}, "properties": { "scaleUp": { "type": "object", "properties": { "stabilizationWindowSeconds": { "type": "integer" }, "selectPolicy": { "type": "string" }, "policies": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string" }, "value": { "type": "integer" }, "periodSeconds": { "type": "integer" } }, "required": ["type", "value", "periodSeconds"] } } } }, "scaleDown": { "type": "object", "properties": { "stabilizationWindowSeconds": { "type": "integer" }, "selectPolicy": { "type": "string" }, "policies": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string" }, "value": { "type": "integer" }, "periodSeconds": { "type": "integer" } }, "required": ["type", "value", "periodSeconds"] } } } } } } }, "type": "object" }, "banner": { "properties": { "bottom": { "type": ["string", "null"] }, "login": { "type": ["string", "null"] }, "top": { "type": ["string", "null"] } }, "type": ["object", "null"] }, "basePath": { "type": "string" }, "cachingDatabase": { "properties": { "caCertPath": { "type": "string" }, "database": { "type": "integer" }, "existingSecretKey": { "type": "string" }, "existingSecretName": { "type": "string" }, "host": { "type": "string" }, "insecureSkipTlsVerify": { "type": "boolean" }, "password": { "type": "string" }, "port": { "type": "integer" }, "sentinelService": { "type": "string" }, "sentinelTimeout": { "type": "integer" }, "sentinels": { "type": "array" }, "ssl": { "type": "boolean" }, "username": { "type": "string" } }, "type": "object" }, "changelogRetention": { "type": "integer" }, "clusterDomain": { "type": "string" }, "command": { "items": { "type": "string" }, "type": ["array", "string"] }, "commonAnnotations": { "properties": {}, "type": ["object", "string"] }, "commonLabels": { "properties": {}, "type": ["object", "string"] }, "cors": { "properties": { "originAllowAll": { "type": "boolean" }, "originRegexWhitelist": { "type": "array" }, "originWhitelist": { "type": "array" } }, "type": "object" }, "csrf": { "properties": { "cookieName": { "type": "string" }, "trustedOrigins": { "type": "array" } }, "type": "object" }, "customLivenessProbe": { "properties": {}, "type": ["object", "string"] }, "customReadinessProbe": { "properties": {}, "type": ["object", "string"] }, "customStartupProbe": { "properties": {}, "type": ["object", "string"] }, "customValidators": { "properties": {}, "type": "object" }, "dataUploadMaxMemorySize": { "type": "integer" }, "dateFormat": { "type": "string" }, "dateTimeFormat": { "type": "string" }, "dbWaitDebug": { "type": "boolean" }, "debug": { "type": "boolean" }, "defaultLanguage": { "type": "string" }, "defaultUserPreferences": { "properties": {}, "type": "object" }, "email": { "properties": { "from": { "type": "string" }, "password": { "type": "string" }, "port": { "type": "integer" }, "server": { "type": "string" }, "sslCertFile": { "type": "string" }, "sslKeyFile": { "type": "string" }, "timeout": { "type": "integer" }, "useSSL": { "type": "boolean" }, "useTLS": { "type": "boolean" }, "username": { "type": "string" } }, "type": "object" }, "enableLocalization": { "type": "boolean" }, "enforceGlobalUnique": { "type": "boolean" }, "exemptViewPermissions": { "type": "array" }, "existingSecret": { "type": "string" }, "externalDatabase": { "properties": { "connMaxAge": { "type": "integer" }, "database": { "type": "string" }, "disableServerSideCursors": { "type": "boolean" }, "engine": { "type": "string" }, "existingSecretKey": { "type": "string" }, "existingSecretName": { "type": "string" }, "host": { "type": "string" }, "password": { "type": "string" }, "port": { "type": ["integer", "string"] }, "options": { "type": ["object", "string"] }, "username": { "type": "string" } }, "type": "object" }, "additionalDatabases": { "type": "object" }, "extraConfig": { "type": "array" }, "extraDeploy": { "type": ["array", "string"] }, "extraEnvs": { "type": ["array", "string"] }, "extraEnvVarsCM": { "type": "string", "description": "Name of existing ConfigMap containing extra env vars", "default": "" }, "extraEnvVarsSecret": { "type": "string", "description": "Name of existing Secret containing extra env vars", "default": "" }, "extraVolumeMounts": { "type": ["array", "string"] }, "extraVolumes": { "type": ["array", "string"] }, "fieldChoices": { "properties": {}, "type": "object" }, "fileUploadMaxMemorySize": { "type": "integer" }, "fullnameOverride": { "type": "string" }, "global": { "properties": { "imagePullSecrets": { "type": "array" }, "imageRegistry": { "type": "string" }, "storageClass": { "type": "string" } }, "type": "object" }, "graphQlEnabled": { "type": "boolean" }, "hostAliases": { "type": ["array", "string"] }, "housekeeping": { "properties": { "affinity": { "properties": {}, "type": ["object", "string"] }, "args": { "items": { "type": "string" }, "type": ["array", "string"] }, "automountServiceAccountToken": { "type": "boolean" }, "command": { "items": { "type": "string" }, "type": ["array", "string"] }, "concurrencyPolicy": { "type": "string" }, "enabled": { "type": "boolean" }, "extraEnvs": { "type": ["array", "string"] }, "extraEnvVarsCM": { "type": "string", "description": "Name of existing ConfigMap containing extra env vars", "default": "" }, "extraEnvVarsSecret": { "type": "string", "description": "Name of existing Secret containing extra env vars", "default": "" }, "extraVolumeMounts": { "type": ["array", "string"] }, "extraVolumes": { "type": ["array", "string"] }, "failedHistoryLimit": { "type": "integer" }, "historyLimit": { "type": "integer" }, "initContainers": { "type": ["array", "string"] }, "nodeSelector": { "properties": {}, "type": ["object", "string"] }, "podAnnotations": { "properties": {}, "type": ["object", "string"] }, "podLabels": { "properties": {}, "type": ["object", "string"] }, "podSecurityContext": { "properties": { "enabled": { "type": "boolean" }, "fsGroup": { "type": "integer" }, "fsGroupChangePolicy": { "type": "string" }, "supplementalGroups": { "type": "array" }, "sysctls": { "type": "array" } }, "type": "object" }, "readOnlyPersistence": { "type": "boolean" }, "resources": { "$ref": "#/$defs/resources" }, "resourcesPreset": { "type": "string" }, "restartPolicy": { "type": "string" }, "schedule": { "type": "string" }, "securityContext": { "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "privileged": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" }, "sidecars": { "type": ["array", "string"] }, "suspend": { "type": "boolean" }, "timezone": { "type": "string" }, "tolerations": { "type": ["array", "string"] } }, "type": "object" }, "httpProxies": { "properties": { "http": { "type": "string" }, "https": { "type": "string" } }, "type": "object" }, "image": { "$ref": "#/$defs/image" }, "ingress": { "properties": { "annotations": { "properties": {}, "type": ["object", "string"] }, "className": { "type": "string" }, "enabled": { "type": "boolean" }, "hosts": { "items": { "properties": { "host": { "type": "string" }, "paths": { "items": { "type": ["string", "object"] }, "type": "array" } }, "type": "object" }, "type": "array" }, "pathType": { "type": "string" }, "tls": { "type": "array" } }, "type": "object" }, "init": { "properties": { "image": { "$ref": "#/$defs/image" }, "resources": { "$ref": "#/$defs/resources" }, "resourcesPreset": { "type": "string" }, "securityContext": { "properties": { "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "initContainers": { "type": ["array", "string"] }, "internalIPs": { "items": { "type": "string" }, "type": "array" }, "jobRetention": { "type": "integer" }, "lifecycleHooks": { "properties": {}, "type": ["object", "string"] }, "livenessProbe": { "$ref": "#/$defs/probe" }, "logging": { "properties": {}, "type": "object" }, "loginPersistence": { "type": "boolean" }, "loginRequired": { "type": "boolean" }, "loginTimeout": { "type": "integer" }, "logoutRedirectUrl": { "type": "string" }, "maintenanceMode": { "type": ["boolean", "null"] }, "mapsUrl": { "type": "string" }, "maxPageSize": { "type": "integer" }, "metrics": { "properties": { "granian": { "properties": { "enabled": { "type": "boolean" }, "serviceMonitor": { "properties": { "additionalLabels": { "properties": {}, "type": "object" }, "enabled": { "type": "boolean" }, "honorLabels": { "type": "boolean" }, "interval": { "type": "string" }, "metricRelabelings": { "type": ["array", "string"] }, "relabelings": { "type": ["array", "string"] }, "scrapeTimeout": { "type": "string" }, "selector": { "properties": {}, "type": ["object", "string"] } }, "type": "object" } }, "type": "object" }, "enabled": { "type": "boolean" }, "serviceMonitor": { "properties": { "additionalLabels": { "properties": {}, "type": "object" }, "enabled": { "type": "boolean" }, "honorLabels": { "type": "boolean" }, "interval": { "type": "string" }, "metricRelabelings": { "type": ["array", "string"] }, "relabelings": { "type": ["array", "string"] }, "scrapeTimeout": { "type": "string" }, "selector": { "properties": {}, "type": ["object", "string"] } }, "type": "object" } }, "type": "object" }, "nameOverride": { "type": "string" }, "nodeSelector": { "properties": {}, "type": ["object", "string"] }, "paginateCount": { "type": "integer" }, "persistence": { "properties": { "accessMode": { "type": "string" }, "annotations": { "properties": {}, "type": ["object", "string"] }, "enabled": { "type": "boolean" }, "existingClaim": { "type": "string" }, "selector": { "properties": {}, "type": ["object", "string"] }, "size": { "type": "string" }, "storageClass": { "type": "string" }, "subPath": { "type": "string" } }, "type": "object" }, "pdb": { "title": "PodDisruptionBudget for NetBox web", "type": "object", "properties": { "enabled": { "type": "boolean" }, "minAvailable": { "type": ["integer", "string"], "default": "" }, "maxUnavailable": { "type": ["integer", "string"], "default": "" } } }, "plugins": { "type": "array" }, "pluginsConfig": { "properties": {}, "type": "object" }, "podAnnotations": { "properties": {}, "type": ["object", "string"] }, "podLabels": { "properties": {}, "type": ["object", "string"] }, "podSecurityContext": { "properties": { "enabled": { "type": "boolean" }, "fsGroup": { "type": "integer" }, "fsGroupChangePolicy": { "type": "string" }, "supplementalGroups": { "type": "array" }, "sysctls": { "type": "array" } }, "type": "object" }, "postgresql": { "title": "PostgreSQL chart configuration", "description": "https://artifacthub.io/packages/helm/bitnami/postgresql", "properties": { "enabled": { "type": "boolean" } }, "type": "object" }, "powerFeedDefaultAmperage": { "type": "integer" }, "powerFeedDefaultVoltage": { "type": "integer" }, "powerFeedMaxUtilisation": { "type": "integer" }, "preferIPv4": { "type": "boolean" }, "priorityClassName": { "type": "string" }, "rackElevationDefaultUnitHeight": { "type": "integer" }, "rackElevationDefaultUnitWidth": { "type": "integer" }, "rbac": { "type": "object", "properties": { "create": { "type": "boolean" }, "rules": { "type": ["array", "string"] } } }, "readinessProbe": { "$ref": "#/$defs/probe" }, "valkey": { "title": "Valkey chart configuration", "description": "https://artifacthub.io/packages/helm/bitnami/valkey", "properties": { "enabled": { "type": "boolean" } }, "type": "object" }, "releaseCheck": { "properties": { "url": { "type": "string" } }, "type": "object" }, "remoteAuth": { "properties": { "autoCreateGroups": { "type": "boolean" }, "autoCreateUser": { "type": "boolean" }, "backends": { "items": { "type": "string" }, "type": "array" }, "defaultGroups": { "type": "array" }, "defaultPermissions": { "properties": {}, "type": "object" }, "enabled": { "type": "boolean" }, "groupHeader": { "type": "string" }, "groupSeparator": { "type": "string" }, "groupSyncEnabled": { "type": "boolean" }, "header": { "type": "string" }, "staffGroups": { "type": "array" }, "staffUsers": { "type": "array" }, "superuserGroups": { "type": "array" }, "superusers": { "type": "array" }, "userEmail": { "type": "string" }, "userFirstName": { "type": "string" }, "userLastName": { "type": "string" }, "ldap": { "type": "object", "additionalProperties": false, "properties": { "serverUri": { "type": "string" }, "startTls": { "type": "boolean" }, "ignoreCertErrors": { "type": "boolean" }, "caCertDir": { "type": "string" }, "caCertData": { "type": "string" }, "bindDn": { "type": "string" }, "bindPassword": { "type": "string" }, "userDnTemplate": { "type": "string" }, "userSearchBaseDn": { "type": "string" }, "userSearchAttr": { "type": "string" }, "groupSearchBaseDn": { "type": "string" }, "groupSearchClass": { "type": "string" }, "groupType": { "type": "string" }, "requireGroupDn": { "type": "array", "items": { "type": "string" } }, "isAdminDn": { "type": "array", "items": { "type": "string" } }, "isSuperUserDn": { "type": "array", "items": { "type": "string" } }, "findGroupPerms": { "type": "boolean" }, "mirrorGroups": { "type": ["boolean", "string", "array"] }, "mirrorGroupsExcept": { "type": ["null", "string", "array"] }, "cacheTimeout": { "type": "integer" }, "attrFirstName": { "type": "string" }, "attrLastName": { "type": "string" }, "attrMail": { "type": "string" } } } }, "type": "object" }, "replicaCount": { "type": "integer" }, "reportsPersistence": { "properties": { "accessMode": { "type": "string" }, "annotations": { "properties": {}, "type": ["object", "string"] }, "enabled": { "type": "boolean" }, "existingClaim": { "type": "string" }, "selector": { "properties": {}, "type": ["object", "string"] }, "size": { "type": "string" }, "storageClass": { "type": "string" }, "subPath": { "type": "string" } }, "type": "object" }, "resources": { "properties": {}, "type": ["object", "string"] }, "resourcesPreset": { "type": "string" }, "revisionHistoryLimit": { "type": "integer" }, "rqDefaultTimeout": { "type": "integer" }, "schedulerName": { "type": "string" }, "scriptsPersistence": { "properties": { "accessMode": { "type": "string" }, "annotations": { "properties": {}, "type": ["object", "string"] }, "enabled": { "type": "boolean" }, "existingClaim": { "type": "string" }, "selector": { "properties": {}, "type": ["object", "string"] }, "size": { "type": "string" }, "storageClass": { "type": "string" }, "subPath": { "type": "string" } }, "type": "object" }, "apiTokenPeppers": { "type": "object", "patternProperties": { "^[0-9]+$": { "type": "string", "minLength": 50 } }, "additionalProperties": false }, "secretKey": { "type": "string" }, "securityContext": { "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "privileged": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" }, "service": { "properties": { "annotations": { "properties": {}, "type": ["object", "string"] }, "clusterIP": { "type": "string" }, "clusterIPs": { "type": ["array", "string"] }, "externalIPs": { "type": ["array", "string"] }, "externalTrafficPolicy": { "type": "string" }, "ipFamilyPolicy": { "type": "string" }, "loadBalancerClass": { "type": "string" }, "loadBalancerIP": { "type": "string" }, "loadBalancerSourceRanges": { "type": "array" }, "nodePort": { "type": "string" }, "port": { "type": "integer" }, "sessionAffinity": { "type": "string" }, "sessionAffinityConfig": { "properties": {}, "type": ["object", "string"] }, "type": { "type": "string" } }, "type": "object" }, "serviceAccount": { "properties": { "annotations": { "properties": {}, "type": ["object", "string"] }, "automountServiceAccountToken": { "type": "boolean" }, "create": { "type": "boolean" }, "name": { "type": "string" } }, "type": "object" }, "sessionCookieName": { "type": "string" }, "shortDateFormat": { "type": "string" }, "shortDateTimeFormat": { "type": "string" }, "shortTimeFormat": { "type": "string" }, "sidecars": { "type": ["array", "string"] }, "startupProbe": { "$ref": "#/$defs/probe" }, "storages": { "properties": {}, "type": "object" }, "superuser": { "properties": { "apiToken": { "type": "string" }, "email": { "type": "string" }, "existingSecret": { "type": "string" }, "name": { "type": "string" }, "password": { "type": "string" } }, "type": "object" }, "tasksDatabase": { "properties": { "caCertPath": { "type": "string" }, "database": { "type": "integer" }, "existingSecretKey": { "type": "string" }, "existingSecretName": { "type": "string" }, "host": { "type": "string" }, "insecureSkipTlsVerify": { "type": "boolean" }, "password": { "type": "string" }, "port": { "type": "integer" }, "sentinelService": { "type": "string" }, "sentinelTimeout": { "type": "integer" }, "sentinels": { "type": "array" }, "ssl": { "type": "boolean" }, "username": { "type": "string" } }, "type": "object" }, "terminationGracePeriodSeconds": { "type": ["null", "number"] }, "test": { "properties": { "image": { "$ref": "#/$defs/image" }, "resources": { "$ref": "#/$defs/resources" }, "resourcesPreset": { "type": "string" }, "securityContext": { "properties": { "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "timeFormat": { "type": "string" }, "timeZone": { "type": "string" }, "tolerations": { "type": ["array", "string"] }, "topologySpreadConstraints": { "type": ["array", "string"] }, "updateStrategy": { "properties": { "type": { "type": "string" } }, "type": ["object", "string"] }, "worker": { "properties": { "affinity": { "properties": {}, "type": ["object", "string"] }, "args": { "items": { "type": "string" }, "type": ["array", "string"] }, "automountServiceAccountToken": { "type": "boolean" }, "autoscaling": { "properties": { "enabled": { "type": "boolean" }, "maxReplicas": { "type": "integer" }, "minReplicas": { "type": "integer" }, "targetCPUUtilizationPercentage": { "type": ["integer", "null"] }, "targetMemoryUtilizationPercentage": { "type": ["integer", "null"], "default": null }, "behavior": { "type": "object", "default": {}, "properties": { "scaleUp": { "type": "object", "properties": { "stabilizationWindowSeconds": { "type": "integer" }, "selectPolicy": { "type": "string" }, "policies": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string" }, "value": { "type": "integer" }, "periodSeconds": { "type": "integer" } }, "required": ["type", "value", "periodSeconds"] } } } }, "scaleDown": { "type": "object", "properties": { "stabilizationWindowSeconds": { "type": "integer" }, "selectPolicy": { "type": "string" }, "policies": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string" }, "value": { "type": "integer" }, "periodSeconds": { "type": "integer" } }, "required": ["type", "value", "periodSeconds"] } } } } } } }, "type": "object" }, "command": { "items": { "type": "string" }, "type": ["array", "string"] }, "enabled": { "type": "boolean" }, "extraEnvs": { "type": ["array", "string"] }, "extraEnvVarsCM": { "type": "string", "description": "Name of existing ConfigMap containing extra env vars", "default": "" }, "extraEnvVarsSecret": { "type": "string", "description": "Name of existing Secret containing extra env vars", "default": "" }, "extraVolumeMounts": { "type": ["array", "string"] }, "extraVolumes": { "type": ["array", "string"] }, "hostAliases": { "type": ["array", "string"] }, "initContainers": { "type": ["array", "string"] }, "nodeSelector": { "properties": {}, "type": ["object", "string"] }, "podAnnotations": { "properties": {}, "type": ["object", "string"] }, "podLabels": { "properties": {}, "type": ["object", "string"] }, "podSecurityContext": { "properties": { "enabled": { "type": "boolean" }, "fsGroup": { "type": "integer" }, "fsGroupChangePolicy": { "type": "string" }, "supplementalGroups": { "type": "array" }, "sysctls": { "type": "array" } }, "type": "object" }, "priorityClassName": { "type": "string" }, "replicaCount": { "type": "integer" }, "readOnlyPersistence": { "type": "boolean" }, "resources": { "properties": {}, "type": ["object", "string"] }, "resourcesPreset": { "type": "string" }, "schedulerName": { "type": "string" }, "securityContext": { "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "privileged": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" }, "sidecars": { "type": ["array", "string"] }, "terminationGracePeriodSeconds": { "type": ["null", "number"] }, "tolerations": { "type": ["array", "string"] }, "topologySpreadConstraints": { "type": ["array", "string"] }, "updateStrategy": { "properties": { "type": { "type": "string" } }, "type": ["object", "string"] }, "pdb": { "title": "PodDisruptionBudget for NetBox worker", "type": "object", "properties": { "enabled": { "type": "boolean" }, "minAvailable": { "type": ["integer", "string"], "default": 0 }, "maxUnavailable": { "type": ["integer", "string"], "default": 0 } } }, "waitForBackend": { "properties": { "args": { "items": { "type": "string" }, "type": ["array", "string"] }, "command": { "items": { "type": "string" }, "type": ["array", "string"] }, "enabled": { "type": "boolean" }, "podSecurityContext": { "properties": { "enabled": { "type": "boolean" }, "fsGroup": { "type": "integer" }, "fsGroupChangePolicy": { "type": "string" }, "supplementalGroups": { "type": "array" }, "sysctls": { "type": "array" } }, "type": "object" }, "resources": { "properties": {}, "type": ["object", "string"] }, "resourcesPreset": { "type": "string" }, "securityContext": { "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { "properties": { "drop": { "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "enabled": { "type": "boolean" }, "privileged": { "type": "boolean" }, "readOnlyRootFilesystem": { "type": "boolean" }, "runAsGroup": { "type": "integer" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { "type": "integer" }, "seLinuxOptions": { "properties": {}, "type": "object" }, "seccompProfile": { "properties": { "type": { "type": "string" } }, "type": "object" } }, "type": "object" } }, "type": "object" } }, "type": "object" } } } ================================================ FILE: charts/netbox/values.yaml ================================================ # Default values for NetBox. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ## @section Global parameters ## Global container image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global container image registry ## @param global.imagePullSecrets Global container registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## @param nameOverride String to partially override common.names.fullname ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## Example: ## extraDeploy: ## - | ## apiVersion: v1 ## kind: ConfigMap ## metadata: ## name: sso-pipeline-roles ## namespace: netbox ## data: ## sso_pipeline_roles.py: | ## from netbox.authentication import Group ## ... ## extraDeploy: [] ## @section NetBox Image parameters ## @param image.registry Image registry ## @param image.repository Image repository ## @param image.tag Image tag ## @param image.digest Image digest in the way sha256:aa... ## @param image.pullPolicy MariaDB image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: ghcr.io repository: netbox-community/netbox pullPolicy: IfNotPresent ## Defaults to '{{ .Chart.AppVersion }}' ## tag: "" ## If set, override the tag ## digest: "" ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @section NetBox Configuration parameters # You can also use an existing secret for the superuser password and API token # See `existingSecret` for details superuser: name: admin email: admin@example.com password: "" apiToken: "" existingSecret: "" # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox # server. NetBox will not permit write access to the server via any other # hostnames. The first FQDN in the list will be treated as the preferred name. allowedHosts: - "*" # Include Pod IP in list of allowed hosts by providing it as the 'POD_IP' envvar # at runtime, which is then used in the configuration.py. allowedHostsIncludesPodIP: true # Specify one or more name and email address tuples representing NetBox # administrators. These people will be notified of application errors (assuming # correct email settings are provided). # admins: # - ['John Doe', 'jdoe@example.com'] admins: [] # Permit the retrieval of API tokens after their creation. allowTokenRetrieval: false # This parameter acts as a pass-through for configuring Django's built-in # password validators for local user accounts. If configured, these will be # applied whenever a user's password is updated to ensure that it meets minimum # criteria such as length or complexity. # https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#auth_password_validators authPasswordValidators: [] # URL schemes that are allowed within links in NetBox allowedUrlSchemes: - file - ftp - ftps - http - https - irc - mailto - sftp - ssh - tel - telnet - tftp - vnc - xmpp # Setting this to null will allow all banners to be managed from the web interface. # Setting any individual banner (top/bottom/login) under this key to null with allow # to manage it from the web interface. banner: # Optionally display a persistent banner at the top and/or bottom of every # page. HTML is allowed. top: "" bottom: "" # Text to include on the login page above the login form. HTML is allowed. login: "" # Base URL path if accessing NetBox within a directory. For example, if # installed at http://example.com/netbox/, set to 'netbox/'. If using # Kubernetes Ingress, make sure you set ingress.hosts[].paths[] appropriately. basePath: "" # Maximum number of days to retain logged changes. Set to 0 to retain change # logs indefinitely. (Default: 90) changelogRetention: 90 # This is a mapping of models to custom validators that have been defined # locally to enforce custom validation logic. # https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#custom_validators customValidators: {} # This is a dictionary defining the default preferences to be set for newly- # created user accounts. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_user_preferences # defaultUserPreferences: # pagination: # per_page: 100 defaultUserPreferences: {} # API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll # is set to true, all origins will be allowed. Otherwise, define a list of # allowed origins using either originWhitelist or originRegexWhitelist. For # more information, see https://github.com/ottoyiu/django-cors-headers cors: originAllowAll: false originWhitelist: [] originRegexWhitelist: [] # - '^(https?://)?(\w+\.)?example\.com$' # CSRF settings. Needed for netbox v3.2.0 and newer. For more information # see https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#csrf_trusted_origins csrf: # The name of the cookie to use for the cross-site request forgery (CSRF) # authentication token. cookieName: csrftoken # Defines a list of trusted origins for unsafe (e.g. POST) requests. This is # a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each # host listed must specify a scheme (e.g. http:// or `https://). trustedOrigins: [] # Note: this is where the CUSTOM_VALIDATORS setting naturally fits in relation # to the upstream NetBox configuration, but the setting cannot be reflected in # YAML/JSON as it depends on creating instances of Python classes. # Set the default preferred language/locale defaultLanguage: en-us # The maximum size (in bytes) of an incoming HTTP request (i.e. GET or POST data). # Requests which exceed this size will raise a RequestDataTooBig exception. dataUploadMaxMemorySize: 2621440 # Set to True to enable server debugging. WARNING: Debugging introduces a # substantial performance penalty and may reveal sensitive information about # your installation. Only enable debugging while performing testing. Never # enable debugging on a production system. debug: false # Display full traceback of errors that occur when applying database # migrations. dbWaitDebug: false # Email settings email: server: localhost port: 25 username: "" password: "" useSSL: false useTLS: false sslCertFile: "" sslKeyFile: "" # Timeout in seconds timeout: 10 from: "" existingSecretName: "" existingSecretKey: email-password # Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce # unique IP space within the global table (all prefixes and IP addresses not # assigned to a VRF), set enforceGlobalUnique to True. enforceGlobalUnique: true # Exempt certain models from the enforcement of view permissions. Models listed # here will be viewable by all users and by anonymous users. List models in the # form `.`. Add '*' to this list to exempt all models. exemptViewPermissions: [] # - dcim.site # - dcim.region # - ipam.prefix # Some static choice fields on models can be configured with custom values. # Each choice in the list must have a database value and a human-friendly # label, and may optionally specify a color. # https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#field_choices # fieldChoices: # 'dcim.Site.status': # - [foo, Foo, red] # - [bar, Bar, green] # - [baz, Baz, blue] # 'dcim.Site.status+': # ... fieldChoices: {} # The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem. # Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts # for processing. fileUploadMaxMemorySize: 2621440 # Enable the GraphQL API graphQlEnabled: true # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for # webhooks). # httpProxies: # http: http://10.10.1.10:3128 # https: http://10.10.1.10:1080 httpProxies: {} # IP addresses recognized as internal to the system. The debugging toolbar will # be available only to clients accessing NetBox from an internal IP. internalIPs: ["127.0.0.1", "::1"] # The number of days to retain job results (scripts and reports). Set this to 0 # to retain job results in the database indefinitely. # https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#job_retention jobRetention: 90 # Enable custom logging. Please see the Django documentation for detailed # guidance on configuring custom logs: # https://docs.djangoproject.com/en/1.11/topics/logging/ logging: {} # Automatically reset the lifetime of a valid session upon each authenticated # request. Enables users to remain authenticated to NetBox indefinitely. loginPersistence: false # Setting this to True will permit only authenticated users to access any part # of NetBox. By default, anonymous users are permitted to access most data in # NetBox but not make any changes. loginRequired: false # The length of time (in seconds) for which a user will remain logged into the # web UI before being prompted to re-authenticate. # Default value 1209600 is 14 days loginTimeout: 1209600 # The view name or URL to which users are redirected after logging out. logoutRedirectUrl: home # Setting this to True will display a "maintenance mode" banner at the top of # every page. Setting this to null will allow to manage maintenance mode from # the web interface. maintenanceMode: false # The URL to use when mapping physical addresses or GPS coordinates mapsUrl: "https://maps.google.com/?q=" # An API consumer can request an arbitrary number of objects by appending the # "limit" parameter to the URL (e.g. "?limit=1000"). This setting defines the # maximum limit. Setting it to 0 or None will allow an API consumer to request # all objects by specifying "?limit=0". maxPageSize: 1000 ## The backend storage engine for handling uploaded files such as image ## attachments and custom scripts. NetBox integrates with the ## django-storages and django-storage-swift libraries, which provide backends ## for several popular file storage services. If not configured, local ## filesystem storage will be used. ## Note these values are not stored securely. If the configuration must be ## setup in a more secure way, a propor Secret can be used with extraEnvVarsSecret. ## ref: https://netboxlabs.com/docs/netbox/en/stable/configuration/system/#storages ## e.g: ## storages: ## default: ## BACKEND: "django.core.files.storage.FileSystemStorage" ## scripts: ## BACKEND: "storages.backends.s3.S3Storage" ## OPTIONS: ## access_key: "access key" ## secret_key: "secret key" storages: {} # Determine how many objects to display per page within a list. (Default: 50) paginateCount: 50 # Enable installed plugins. Add the name of each plugin to the list. plugins: [] # Plugins configuration settings. These settings are used by various plugins # that the user may have installed. Each key in the dictionary is the name of # an installed plugin and its value is a dictionary of settings. pluginsConfig: {} # The default value for the amperage field when creating new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_amperage powerFeedDefaultAmperage: 15 # The default value (percentage) for the max_utilization field when creating # new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_max_utilization powerFeedMaxUtilisation: 80 # The default value for the voltage field when creating new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_voltage powerFeedDefaultVoltage: 120 # When determining the primary IP address for a device, IPv6 is preferred over # IPv4 by default. Set this to True to prefer IPv4 instead. preferIPv4: false # Rack elevation size defaults, in pixels. For best results, the ratio of width # to height should be roughly 10:1. rackElevationDefaultUnitHeight: 22 rackElevationDefaultUnitWidth: 220 # Remote authentication support remoteAuth: enabled: false backends: - netbox.authentication.RemoteUserBackend header: HTTP_REMOTE_USER userFirstName: HTTP_REMOTE_USER_FIRST_NAME userLastName: HTTP_REMOTE_USER_LAST_NAME userEmail: HTTP_REMOTE_USER_EMAIL autoCreateUser: false autoCreateGroups: false defaultGroups: [] defaultPermissions: {} groupSyncEnabled: false groupHeader: HTTP_REMOTE_USER_GROUP superuserGroups: [] superusers: [] staffGroups: [] staffUsers: [] groupSeparator: "|" # The following options are specific for backend "netbox.authentication.LDAPBackend" # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" # see https://django-auth-ldap.readthedocs.io ldap: # serverUri: ldap://example.com serverUri: "" startTls: true ignoreCertErrors: false caCertDir: "" caCertData: "" # bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com bindDn: "" bindPassword: "" userDnTemplate: "" # userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com userSearchBaseDn: "" userSearchAttr: sAMAccountName # groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com groupSearchBaseDn: "" groupSearchClass: group groupType: GroupOfNamesType # requireGroupDn: # - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com # - CN=Domain Admins,CN=Users,DC=example,dc=com requireGroupDn: [] # isAdminDn: # - CN=Domain Admins,CN=Users,DC=example,dc=com isAdminDn: [] # isSuperUserDn: # - CN=Domain Admins,CN=Users,DC=example,dc=com isSuperUserDn: [] findGroupPerms: true mirrorGroups: true mirrorGroupsExcept: [] cacheTimeout: 3600 attrFirstName: givenName attrLastName: sn attrMail: mail releaseCheck: # This repository is used to check whether there is a new release of NetBox # available. Set to null to disable the version check or use the URL below to # check for release in the official NetBox repository. # url: https://api.github.com/repos/netbox-community/netbox/releases url: "" # Maximum execution time for background tasks, in seconds. # Default value 300 is 5 minutes rqDefaultTimeout: 300 # The name to use for the session cookie. sessionCookieName: sessionid # Localization enableLocalization: false # Time zone (default: UTC) timeZone: UTC # Date/time formatting. See the following link for supported formats: # https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date dateFormat: "N j, Y" shortDateFormat: "Y-m-d" timeFormat: "g:i a" shortTimeFormat: "H:i:s" dateTimeFormat: "N j, Y g:i a" shortDateTimeFormat: "Y-m-d H:i" ## Extra configuration settings # You can pass additional YAML files to be loaded into NetBox's configuration. # These can be passed as arbitrary configuration values set in the chart, or # you can load arbitrary *.yaml keys from ConfigMaps and Secrets. # extraConfig: # - values: # EXTRA_SETTING_ONE: example # ANOTHER_SETTING: foobar # - configMap: # pod.spec.volumes.configMap # name: netbox-extra # items: [] # optional: false # - secret: # same as pod.spec.volumes.secret # secretName: netbox-extra # items: [] # optional: false extraConfig: [] # If provided, this should be a 50+ character string of random characters. It # will be randomly generated if left blank. # You can also use an existing secret with "secret_key" instead of "secretKey" # See `existingSecret` for details secretKey: "" # API token peppers used for v2 API token HMAC signing. # https://netboxlabs.com/docs/netbox/configuration/required-parameters/#api_token_peppers # Keys must be integers (0-32767), values must be 50+ character random strings. # If empty, one pepper (key 1) will be auto-generated and preserved across upgrades. # New tokens always use the highest-numbered pepper. To rotate, add a new # higher-numbered entry; do NOT remove old entries or existing tokens will break. # You can also use an existing secret with "api_token_peppers" instead. # See `existingSecret` for details. # apiTokenPeppers: # 1: "<50+ random characters>" # 2: "<50+ random characters>" apiTokenPeppers: {} ## Provide passwords using existing secret # If set, this Secret must contain the following keys: # - secret_key: session encryption token (50+ random characters) # It may optionally contain: # - api_token_peppers: JSON object mapping integer pepper IDs to 50+ char strings, # e.g. {"1": "abcdef..."}. Keys may be integers or strings (converted at runtime). existingSecret: "" ## @section Deployment parameters ## @param command Override default container command (useful when using custom images) ## command: [] ## @param args Override default container args (useful when using custom images) ## args: [] ## @param replicaCount Number of replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param persistence.enabled Enable persistence using PVC ## @param persistence.storageClass PVC Storage Class for volume ## @param persistence.accessMode PVC Access Mode for volume ## @param persistence.size PVC Storage Request for volume ## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param persistence.existingClaim Name of an existing PVC to be used ## @param persistence.annotations Annotations to add to the PVC ## persistence: enabled: true ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" subPath: "" accessMode: ReadWriteOnce size: 1Gi existingClaim: "" annotations: {} ## Enable reports persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param reportsPersistence.enabled Enable reports persistence using PVC ## @param reportsPersistence.storageClass PVC Storage Class for volume ## @param reportsPersistence.accessMode PVC Access Mode for volume ## @param reportsPersistence.size PVC Storage Request for volume ## @param reportsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param reportsPersistence.existingClaim Name of an existing PVC to be used ## @param reportsPersistence.annotations Annotations to add to the PVC ## reportsPersistence: enabled: false existingClaim: "" subPath: "" ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} ## Enable scripts persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param scriptsPersistence.enabled Enable reports persistence using PVC ## @param scriptsPersistence.storageClass PVC Storage Class for volume ## @param scriptsPersistence.accessMode PVC Access Mode for volume ## @param scriptsPersistence.size PVC Storage Request for volume ## @param scriptsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param scriptsPersistence.existingClaim Name of an existing PVC to be used ## @param scriptsPersistence.annotations Annotations to add to the PVC ## scriptsPersistence: enabled: false existingClaim: "" subPath: "" ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} ## @param updateStrategy.type Deployment strategy type ## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: true annotations: {} name: "" automountServiceAccountToken: false ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: true ## @param rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## @param podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param priorityClassName Pods' priorityClassName ## priorityClassName: "" ## @param schedulerName Name of the k8s scheduler (other than default) for pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template. ## e.g: ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: topology.kubernetes.io/zone ## whenUnsatisfiable: DoNotSchedule ## labelSelector: ## matchLabels: ## "app.kubernetes.io/component": netbox ## "app.kubernetes.io/name": netbox ## topologySpreadConstraints: [] ## @section Pod disruption budget ## Configure PodDisruptionBudget for NetBox web pods ## @param pdb.enabled Enable PodDisruptionBudget for NetBox web pods ## @param pdb.minAvailable Minimum number/percentage of pods that must be available ## @param pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable ## If neither minAvailable nor maxUnavailable is set, a sensible default is applied: ## - Single replica: minAvailable: 1 ## - Multiple replicas or HPA enabled: minAvailable: 50% ## pdb: enabled: false minAvailable: "" maxUnavailable: "" ## Container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). ## This is ignored if resources is set (resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "medium" ## Containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param resources.limits The resources limits for the container ## @param resources.requests [object] The requested resources for the container ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable pods' Security Context ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Pods' group ID ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1000 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param securityContext.enabled Enabled containers' Security Context ## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param securityContext.runAsUser Set containers' Security Context runAsUser ## @param securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param securityContext.privileged Set container's Security Context privileged ## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param securityContext.capabilities.drop List of capabilities to be dropped ## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile ## securityContext: enabled: true seLinuxOptions: {} runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param readinessProbe.enabled Enable readinessProbe ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param startupProbe.enabled Enable startupProbe ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 100 successThreshold: 1 ## @param customLivenessProbe Override default liveness probe for containers ## customLivenessProbe: {} ## @param customReadinessProbe Override default readiness probe for containers ## customReadinessProbe: {} ## @param customStartupProbe Override default startup probe for containers ## customStartupProbe: {} ## @param lifecycleHooks for containers to automate configuration before or after startup ## lifecycleHooks: {} ## @param extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers ## extraEnvVarsSecret: "" ## Configure revision history limit for deployments ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy revisionHistoryLimit: 10 ## @section Traffic Exposure Parameters ## Service parameters ## @param service.type Kubernetes Service type ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) ## @param service.loadBalancerIP loadBalancerIP for the service (optional, cloud specific) ## @param service.loadBalancerClass Load Balancer class (optional, cloud specific) ## @param service.nodePort Kubernetes node port ## @param service.externalTrafficPolicy Enable client source IP preservation ## @param service.clusterIP Service Cluster IP ## @param service.annotations Additional custom annotations for Matomo service ## service: annotations: {} type: ClusterIP port: 80 ## nodePort: ## nodePort: "" clusterIP: "" externalTrafficPolicy: Cluster loadBalancerIP: "" ## e.g: ## loadBalancerSourceRanges: ## - 0.0.0.0/0 ## loadBalancerSourceRanges: [] loadBalancerClass: "" externalIPs: [] clusterIPs: [] ipFamilyPolicy: "" ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Configure the ingress resource that allows you to access the app ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation ## enabled: false ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## className: "" ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: traefik ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} hosts: - host: chart-example.local paths: # You can manually specify the service name and service port if # required. This could be useful if for example you are using the AWS # ALB Ingress Controller and want to set up automatic SSL redirect. # https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#redirect-traffic-from-http-to-https # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation # # Or you can let the template set it for you. # Both types of rule can be combined. # NB: You may also want to set the basePath above - / tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local ## Configure the HTTPRoute resource that allows you to access the app using Gateway API ## ref: https://gateway-api.sigs.k8s.io/api-types/httproute/ ## httpRoute: ## @param httpRoute.enabled Enable HTTPRoute resource generation ## enabled: false ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource ## annotations: {} ## @param httpRoute.parentRefs References to the parent Gateway(s) ## e.g: ## parentRefs: ## - name: my-gateway ## namespace: gateway-namespace ## sectionName: https ## parentRefs: [] ## @param httpRoute.hostnames Hostnames that the HTTPRoute should match ## e.g: ## hostnames: ## - netbox.example.com ## hostnames: [] ## @param httpRoute.filters Optional filters to apply to the route ## e.g: ## filters: ## - type: RequestHeaderModifier ## requestHeaderModifier: ## add: ## - name: X-Custom-Header ## value: custom-value ## filters: [] ## @section Metrics parameters ## Prometheus Exporter / Metrics ## metrics: ## @param Enable Granian metrics. granian: enabled: true ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics ## metricRelabelings: [] ## @param metrics.serviceMonitor.relabelings Specify general relabeling ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} additionalLabels: {} ## @param metrics.enabled Enable the export of Prometheus metrics ## enabled: false ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics ## metricRelabelings: [] ## @param metrics.serviceMonitor.relabelings Specify general relabeling ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} additionalLabels: {} ## @section Databases parameters ## PostgreSQL chart configuration ## https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml ## postgresql: ## @param postgresql.enabled Whether to deploy a PostgreSQL server to satisfy the applications database requirements ## To use an external database set this to false and configure the externalDatabase parameters ## enabled: true auth: username: netbox database: netbox ## External database configuration ## @param externalDatabase.host Host of the existing database ## @param externalDatabase.port Port of the existing database ## @param externalDatabase.username Existing username in the external db ## @param externalDatabase.password Password for the above username ## @param externalDatabase.database Name of the existing database ## @param externalDatabase.existingSecretName Name of a secret containing the database credentials ## @param externalDatabase.existingSecretKey Key of a secret containing the database credentials ## externalDatabase: host: localhost port: 5432 database: netbox username: netbox password: "" existingSecretName: "" existingSecretKey: postgresql-password # The following settings also apply when using the bundled PostgreSQL chart: engine: django.db.backends.postgresql connMaxAge: 300 disableServerSideCursors: false ## @param externalDatabase.options Additional PostgreSQL client parameters ## Ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS ## options: sslmode: "prefer" target_session_attrs: "read-write" ## Additional databases configuration ## @param additionalDatabases.*.host Host of the existing database ## @param additionalDatabases.*.port Port of the existing database ## @param additionalDatabases.*.username Existing username in the external db ## @param additionalDatabases.*.password Password for the above username ## @param additionalDatabases.*.database Name of the existing database ## e.g: ## additionalDatabases: ## external2: ## host: localhost ## port: 5432 ## database: netbox ## username: netbox ## password: "" ## engine: django.db.backends.postgresql ## connMaxAge: 300 ## disableServerSideCursors: false ## options: ## sslmode: "prefer" ## target_session_attrs: "read-write" ## additionalDatabases: {} ## Valkey chart configuration ## https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml ## @param valkey.enabled Whether to deploy a Valkey server to satisfy the applications database requirements ## valkey: enabled: true sentinel: enabled: false primarySet: netbox-kv auth: # Sentinel auth is disabled by default, as Netbox does not support configuring SENTINEL_KWARGS. sentinel: false tasksDatabase: database: 0 ssl: false insecureSkipTlsVerify: false # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers caCertPath: "" # Used only when valkey.enabled is false. host and port are not used if # sentinels are given. host: netbox-kv port: 6379 sentinels: [] # - mysentinel:26379 sentinelService: netbox-kv sentinelTimeout: 300 username: "" password: "" existingSecretName: "" existingSecretKey: tasks-password cachingDatabase: database: 1 ssl: false insecureSkipTlsVerify: false # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers caCertPath: "" # Used only when valkey.enabled is false. host and port are not used if # sentinels are given. host: netbox-kv port: 6379 sentinels: [] # - mysentinel:26379 sentinelService: netbox-kv sentinelTimeout: 300 username: "" password: "" existingSecretName: "" existingSecretKey: cache-password ## @section Autoscaling parameters ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param autoscaling.enabled Enable Horizontal POD autoscaling ## @param autoscaling.minReplicas Minimum number of replicas ## @param autoscaling.maxReplicas Maximum number of replicas ## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage ## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ## @param autoscaling.behavior.scaleUp.stabilizationWindowSeconds Scale-up stabilization window in seconds ## @param autoscaling.behavior.scaleUp.selectPolicy Policy selection for scale-up (Max|Min|Disabled) ## @param autoscaling.behavior.scaleUp.policies List of scale-up policies [{type,value,periodSeconds}] ## @param autoscaling.behavior.scaleDown.stabilizationWindowSeconds Scale-down stabilization window in seconds ## @param autoscaling.behavior.scaleDown.selectPolicy Policy selection for scale-down (Max|Min|Disabled) ## @param autoscaling.behavior.scaleDown.policies List of scale-down policies [{type,value,periodSeconds}] ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: null behavior: {} # scaleUp: # stabilizationWindowSeconds: 0 # selectPolicy: Max # policies: # - type: Percent # value: 100 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # selectPolicy: Max # policies: # - type: Percent # value: 100 # periodSeconds: 60 ## @section Volume permissions parameters ## Init Container parameters ## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup' ## values from the securityContext section. ## init: ## @param init.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry ## @param init.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name ## @param init.image.tag Init container volume-permissions image tag ## @param init.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param init.image.pullPolicy Init container volume-permissions image pull policy ## @param init.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: busybox tag: 1.37.0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param init.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container' Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below init.securityContext.runAsUser ## @param init.securityContext.enabled Enabled containers' Security Context ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param init.securityContext.runAsUser User ID for the init container ## @param init.securityContext.runAsGroup Group ID for the init container ## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container ## securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: RuntimeDefault capabilities: drop: - ALL readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @section Test parameters test: ## @param test.image.registry [default: REGISTRY_NAME] test container volume-permissions image registry ## @param test.image.repository [default: REPOSITORY_NAME/os-shell] test container volume-permissions image name ## @param test.image.tag test container volume-permissions image tag ## @param test.image.digest test container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param test.image.pullPolicy test container volume-permissions image pull policy ## @param test.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: busybox tag: 1.37.0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## test container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param test.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if test.resources is set (test.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param test.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## test container' Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below test.securityContext.runAsUser ## @param test.securityContext.enabled Enabled containers' Security Context ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param test.securityContext.runAsUser User ID for the test container ## @param test.securityContext.runAsGroup Group ID for the test container ## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container ## securityContext: enabled: false seLinuxOptions: {} seccompProfile: type: RuntimeDefault capabilities: drop: - ALL readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @section Cron housekeeping job parameters ## Configuration of Cron settings ## housekeeping: ## @param housekeeping.enabled Enable housekeeping job ## enabled: true ## @param housekeeping.schedule Schedule in Cron format to save snapshots ## See https://en.wikipedia.org/wiki/Cron ## schedule: "0 0 * * *" ## @param housekeeping.timezone Set time zone for cron job ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones ## timezone: "" ## @param housekeeping.historyLimit Number of successful finished jobs to retain ## successfulJobsHistoryLimit: 5 ## @param housekeeping.failedHistoryLimit Number of failed finished jobs to retain ## failedJobsHistoryLimit: 5 ## @param housekeeping.command The command to execute in the housekeeping job ## To append another command, e.g. in order to shut down a DB sidecar container, use something like ## - /bin/bash ## - -c ## - > ## /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping ## && curl -X POST http://localhost:9190/quitquitquit" ## command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping ## @param housekeeping.args Override default housekeeping args ## args: [] ## @param housekeeping.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## K8s Security Context for Housekeeping Cronjob pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param housekeeping.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods ## @param housekeeping.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param housekeeping.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param housekeeping.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param housekeeping.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem ## podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] ## K8s Security Context for Housekeeping Cronjob containers ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param housekeeping.securityContext.enabled Enabled containers' Security Context ## @param housekeeping.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param housekeeping.securityContext.runAsUser Set containers' Security Context runAsUser ## @param housekeeping.securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param housekeeping.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param housekeeping.securityContext.privileged Set container's Security Context privileged ## @param housekeeping.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param housekeeping.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param housekeeping.securityContext.capabilities.drop List of capabilities to be dropped ## @param housekeeping.securityContext.seccompProfile.type Set container's Security Context seccomp profile securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: "RuntimeDefault" capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @param housekeeping.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param housekeeping.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param housekeeping.readOnlyPersistence Whether to mount media, script, and report directories as read-only ## readOnlyPersistence: false ## @param housekeeping.extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param housekeeping.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for housekeeping containers ## extraEnvVarsCM: "" ## @param housekeeping.extraEnvVarsSecret Name of existing Secret containing extra env vars for housekeeping containers ## extraEnvVarsSecret: "" ## @param housekeeping.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param housekeeping.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param housekeeping.sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param housekeeping.initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## @param housekeeping.affinity Housekeeping™ Affinity for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param housekeeping.nodeSelector Housekeeping™ Node labels for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param housekeeping.tolerations Housekeeping™ Tolerations for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param housekeeping.podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false concurrencyPolicy: Forbid restartPolicy: OnFailure suspend: false ## @section Worker for Netbox parameters ## Worker for Netbox ## Only required for Netbox Jobs, e.g. Webhooks ## worker: ## @param worker.enabled Enable worker job ## enabled: true ## @param worker.command The command to execute in the worker container ## command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - rqworker ## @param worker.args Override worker container args ## args: [] ## @param worker.replicaCount Number of replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## Configure PodDisruptionBudget for worker pods ## @param worker.pdb.enabled Enable PodDisruptionBudget for worker pods ## @param worker.pdb.minAvailable Minimum number/percentage of pods that must be available ## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable ## If neither minAvailable nor maxUnavailable is set, a sensible default is applied: ## - Single replica: minAvailable: 1 ## - Multiple replicas or HPA enabled: minAvailable: 50% pdb: enabled: false minAvailable: "" maxUnavailable: "" ## @param worker.podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param worker.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## K8s Security Context for worker pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param worker.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param worker.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem ## podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] ## K8s Security Context for worker containers ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param worker.securityContext.enabled Enabled containers' Security Context ## @param worker.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param worker.securityContext.runAsUser Set containers' Security Context runAsUser ## @param worker.securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param worker.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param worker.securityContext.privileged Set container's Security Context privileged ## @param worker.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param worker.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param worker.securityContext.capabilities.drop List of capabilities to be dropped ## @param worker.securityContext.seccompProfile.type Set container's Security Context seccomp profile securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: "RuntimeDefault" capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param worker.readOnlyPersistence Whether to mount media, script, and report directories as read-only ## readOnlyPersistence: false ## @param worker.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: true ## @param worker.affinity Affinity for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param worker.nodeSelector Node labels for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param worker.tolerations Tolerations for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param worker.priorityClassName Pods' priorityClassName ## priorityClassName: "" ## @param worker.schedulerName Name of the k8s scheduler (other than default) for pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param worker.terminationGracePeriodSeconds Seconds pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: ## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template. ## e.g: ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: topology.kubernetes.io/zone ## whenUnsatisfiable: DoNotSchedule ## labelSelector: ## matchLabels: ## "app.kubernetes.io/component": netbox ## "app.kubernetes.io/name": netbox ## topologySpreadConstraints: [] ## @param worker.hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param worker.updateStrategy.type Deployment strategy type ## @param worker.updateStrategy.rollingUpdate Deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param worker.autoscaling.enabled Enable Horizontal POD autoscaling ## @param worker.autoscaling.minReplicas Minimum number of replicas ## @param worker.autoscaling.maxReplicas Maximum number of replicas ## @param worker.autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage ## @param worker.autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ## @param worker.autoscaling.behavior.scaleUp.stabilizationWindowSeconds Scale-up stabilization window in seconds ## @param worker.autoscaling.behavior.scaleUp.selectPolicy Policy selection for scale-up (Max|Min|Disabled) ## @param worker.autoscaling.behavior.scaleUp.policies List of scale-up policies [{type,value,periodSeconds}] ## @param worker.autoscaling.behavior.scaleDown.stabilizationWindowSeconds Scale-down stabilization window in seconds ## @param worker.autoscaling.behavior.scaleDown.selectPolicy Policy selection for scale-down (Max|Min|Disabled) ## @param worker.autoscaling.behavior.scaleDown.policies List of scale-down policies [{type,value,periodSeconds}] ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: null behavior: {} # scaleUp: # stabilizationWindowSeconds: 0 # selectPolicy: Max # policies: # - type: Percent # value: 100 # periodSeconds: 60 # scaleDown: # stabilizationWindowSeconds: 300 # selectPolicy: Max # policies: # - type: Percent # value: 100 # periodSeconds: 60 ## @param worker.extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers ## extraEnvVarsCM: "" ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers ## extraEnvVarsSecret: "" ## @param worker.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param worker.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param worker.sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param worker.initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## Init containers parameters: ## wait-for-backend: Wait for NetBox backend before running workers ## waitForBackend: ## @param waitForBackend.enabled Wait for NetBox backend before running workers ## enabled: true ## @param waitForBackend.image.registry [default: REGISTRY_NAME] Init container wait-for-backend image registry ## @param waitForBackend.image.repository [default: REPOSITORY_NAME/kubectl] Init container wait-for-backend image name ## @param waitForBackend.image.tag Init container wait-for-backend image tag ## @param waitForBackend.image.digest Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param waitForBackend.image.pullPolicy Init container wait-for-backend image pull policy ## @param waitForBackend.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: rancher/kubectl tag: v1.36.0 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param waitForBackend.command The command to execute in the wait-for-backend container ## command: - /bin/kubectl ## @param waitForBackend.args Override wait-for-backend container args ## args: - rollout - status - deployment - "$(DEPLOYMENT_NAME)" ## waitForBackend containers' Security Context (init container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param waitForBackend.containerSecurityContext.enabled Enabled containers' Security Context ## @param waitForBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param waitForBackend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param waitForBackend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param waitForBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param waitForBackend.containerSecurityContext.privileged Set container's Security Context privileged ## @param waitForBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param waitForBackend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param waitForBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param waitForBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## Init container resource requests and limits. ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param waitForBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackend.resources is set (waitForBackend.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param waitForBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ================================================ FILE: charts/netbox-operator/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ # OWNERS file for Kubernetes OWNERS # example production yaml values-production.yaml # ci files ci/ ================================================ FILE: charts/netbox-operator/Chart.yaml ================================================ apiVersion: v2 name: netbox-operator version: 1.2.65 # renovate: image=ghcr.io/netbox-community/netbox-operator appVersion: "0.2.51" type: application kubeVersion: ^1.25.0-0 description: Operator to manage NetBox resources directly through Kubernetes home: https://netbox.dev/ icon: https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg sources: - https://github.com/netbox-community/netbox-operator - https://github.com/netbox-community/netbox-chart maintainers: - name: netbox-community url: https://github.com/netbox-community dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts version: ^2.38.0 tags: - bitnami-common - name: netbox version: ^8.2.6 repository: oci://ghcr.io/netbox-community/netbox-chart condition: netbox.enabled annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Upstream Project url: https://github.com/netbox-community/netbox-operator artifacthub.io/changes: | - kind: changed description: New release links: - name: Changelog on GitHub Releases url: https://github.com/netbox-community/netbox-chart/releases?q=netbox-operator- ================================================ FILE: charts/netbox-operator/README.md ================================================ # NetBox Operator [Operator](https://github.com/netbox-community/netbox-operator) to manage [NetBox](https://netbox.dev) resources directly through Kubernetes. ## TL;DR ```shell helm install netbox-operator oci://ghcr.io/netbox-community/netbox-chart/netbox-operator ``` ## Prerequisites - Kubernetes [1.25+](https://kubernetes.io/releases/) - Helm [3.10+](https://helm.sh/docs/topics/version_skew/) - NetBox [4.0+](https://netboxlabs.com/docs/netbox/en/stable/release-notes/) > [!warning] > NetBox Operator requires additional NetBox configuration. > A custom field (by default `netboxOperatorRestorationHash`) must be added before operator installation. ## Installing the Chart To install the chart with the release name `my-release` and default configuration: ```shell helm install my-release oci://ghcr.io/netbox-community/netbox-chart/netbox-operator ``` ## Configuration The configurable parameters for this chart and their default values are listed on the [`values.yaml`](./values.yaml) file. ## License This project is licensed under [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0). ================================================ FILE: charts/netbox-operator/ci/default-values.yaml ================================================ https: true ================================================ FILE: charts/netbox-operator/crds/ipaddressclaims.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: ipaddressclaims.netbox.dev spec: group: netbox.dev names: kind: IpAddressClaim listKind: IpAddressClaimList plural: ipaddressclaims shortNames: - ipc singular: ipaddressclaim scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.ipAddress name: IpAddress type: string - jsonPath: .status.conditions[?(@.type=="IPAssigned")].status name: IpAssigned type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: |- IpAddressClaim allows to claim a NetBox IP Address from an existing Prefix. The IpAddressClaim Controller will try to assign an available IP Address from the Prefix that is defined in the spec and if successful it will create the IpAddress CR. More info about NetBox IP Addresses: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: IpAddressClaimSpec defines the desired state of IpAddressClaim properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string parentPrefix: description: |- The NetBox Prefix from which this IP Address should be claimed from Field is immutable, required Example: "192.168.0.0/20" format: cidr type: string x-kubernetes-validations: - message: Field 'parentPrefix' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - parentPrefix type: object status: description: IpAddressClaimStatus defines the observed state of IpAddressClaim properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array ipAddress: description: The assigned IP Address in CIDR notation type: string ipAddressDotDecimal: description: The assigned IP Address in Dot Decimal notation type: string ipAddressName: description: The name of the IpAddress CR created by the IpAddressClaim Controller type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/crds/ipaddresses.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: ipaddresses.netbox.dev spec: group: netbox.dev names: kind: IpAddress listKind: IpAddressList plural: ipaddresses shortNames: - ip singular: ipaddress scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.ipAddress name: IpAddress type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.id name: ID type: string - jsonPath: .status.url name: URL type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: "IpAddress allows to create a NetBox IP Address. More info about NetBox IP Addresses: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md" properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: IpAddressSpec defines the desired state of IpAddress properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string ipAddress: description: |- The IP Address in CIDR notation that should be reserved in NetBox Field is immutable, required Example: "192.168.0.1/32" format: cidr type: string x-kubernetes-validations: - message: Field 'ipAddress' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - ipAddress type: object status: description: IpAddressStatus defines the observed state of IpAddress properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array id: description: The ID of the resource in NetBox format: int64 type: integer url: description: |- The URL to the resource in the NetBox UI. Note that the base of this URL depends on the runtime config of NetBox Operator type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/crds/iprangeclaims.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: iprangeclaims.netbox.dev spec: group: netbox.dev names: kind: IpRangeClaim listKind: IpRangeClaimList plural: iprangeclaims shortNames: - iprc singular: iprangeclaim scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.ipRange name: IpRange type: string - jsonPath: .status.conditions[?(@.type=="IPRangeAssigned")].status name: IpRangeAssigned type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: |- IpRangeClaim allows to claim a NetBox IP Range from an existing Prefix. The IpRangeClaim Controller will try to assign an available IP Range from the Prefix that is defined in the spec and if successful it will create the IpRange CR. More info about NetBox IP Ranges: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/iprange.md properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: IpRangeClaimSpec defines the desired state of IpRangeClaim properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string parentPrefix: description: |- The NetBox Prefix from which this IP Range should be claimed from Field is immutable, required Example: "192.168.0.0/20" format: cidr type: string x-kubernetes-validations: - message: Field 'parentPrefix' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean size: description: |- The amount of consecutive IP Addresses you wish to reserve. Currently only sizes up to 50 are supported due to pagination of the NetBox API. In practice, this might be even lower depending on the fragmentation of the parent prefix. Field is immutable, required, range from 2-50 maximum: 50 minimum: 2 type: integer x-kubernetes-validations: - message: Field 'size' is immutable rule: self == oldSelf tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - parentPrefix - size type: object status: description: IpRangeClaimStatus defines the observed state of IpRangeClaim properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array endAddress: description: The last IP Addresses in CIDR notation type: string endAddressDotDecimal: description: The last IP Addresses in Dot Decimal notation type: string ipAddressName: description: The name of the IpRange CR created by the IpRangeClaim Controller type: string ipAddresses: description: The full list of IP Addresses in CIDR notation items: type: string type: array ipAddressesDotDecimal: description: The full list of IP Addresses in Dot Decimal notation items: type: string type: array ipRange: description: The assigned IP Range in CIDR notation (e.g. 192.168.0.1/32-192.168.0.123/32) type: string ipRangeDotDecimal: description: The assigned IP Range in Dot Decimal notation (e.g. 192.168.0.1-192.168.0.123) type: string startAddress: description: The first IP Addresses in CIDR notation type: string startAddressDotDecimal: description: The first IP Addresses in Dot Decimal notation type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/crds/ipranges.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: ipranges.netbox.dev spec: group: netbox.dev names: kind: IpRange listKind: IpRangeList plural: ipranges shortNames: - ipr singular: iprange scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.startAddress name: StartAddress type: string - jsonPath: .spec.endAddress name: EndAddress type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.id name: ID type: string - jsonPath: .status.url name: URL type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: "IpRange allows to create a NetBox IP Range. More info about NetBox IP Ranges: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/iprange.md" properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: IpRangeSpec defines the desired state of IpRange properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string endAddress: description: |- The last IP in CIDR notation that should be included in the NetBox IP Range Field is immutable, required Example: "192.168.0.20/32" format: cidr type: string x-kubernetes-validations: - message: Field 'endAddress' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean startAddress: description: |- The first IP in CIDR notation that should be included in the NetBox IP Range Field is immutable, required Example: "192.168.0.1/32" format: cidr type: string x-kubernetes-validations: - message: Field 'startAddress' is immutable rule: self == oldSelf tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - endAddress - startAddress type: object status: description: IpRangeStatus defines the observed state of IpRange properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array id: description: The ID of the resource in NetBox format: int64 type: integer url: description: |- The URL to the resource in the NetBox UI. Note that the base of this URL depends on the runtime config of NetBox Operator type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/crds/prefixclaims.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: prefixclaims.netbox.dev spec: group: netbox.dev names: kind: PrefixClaim listKind: PrefixClaimList plural: prefixclaims shortNames: - pxc singular: prefixclaim scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.prefix name: Prefix type: string - jsonPath: .status.conditions[?(@.type=="PrefixAssigned")].status name: PrefixAssigned type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: |- PrefixClaim allows to claim a NetBox Prefix from an existing Prefix (parentPrefix) or a dynamically selected Prefix (parentPrefixSelector). The PrefixClaim Controller will try to assign an available Prefix from the Prefix that is defined in the spec and if successful it will create the Prefix CR. More info about NetBox IP Addresses: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/ipaddress.md properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PrefixClaimSpec defines the desired state of PrefixClaim properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string parentPrefix: description: |- The NetBox Prefix from which this Prefix should be claimed from Field is immutable, required (`parentPrefix` and `parentPrefixSelector` are mutually exclusive) Example: "192.168.0.0/20" format: cidr type: string x-kubernetes-validations: - message: Field 'parentPrefix' is immutable rule: self == oldSelf parentPrefixSelector: additionalProperties: type: string description: |- The `parentPrefixSelector` is a key-value map, where all the entries are of data type `` The map contains a set of query conditions for selecting a set of prefixes that can be used as the parent prefix The query conditions will be chained by the AND operator, and exact match of the keys and values will be performed The built-in fields `tenant`, `site`, and `family`, along with custom fields, can be used. Note that since the key value pairs in this map are used to generate the URL for the query in NetBox, this also supports non-Text Custom Field types. For more information, please see ParentPrefixSelectorGuide.md Field is immutable, required (`parentPrefix` and `parentPrefixSelector` are mutually exclusive) Example: customfield1: "Production" family: "IPv4" type: object x-kubernetes-validations: - message: Field 'parentPrefixSelector' is immutable rule: self == oldSelf - rule: "!has(self.family) || (self.family == 'IPv4' || self.family == 'IPv6')" prefixLength: description: |- The desired prefix length of your Prefix using slash notation. Example: `/24` for an IPv4 Prefix or `/64` for an IPv6 Prefix Field is immutable, required Example: "/24" pattern: ^\/[0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]$ type: string x-kubernetes-validations: - message: Field 'prefixLength' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean site: description: |- The NetBox Site to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "DM-Buffalo" type: string x-kubernetes-validations: - message: Field 'site' is immutable rule: self == oldSelf tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - prefixLength type: object x-kubernetes-validations: - message: Site is required once set rule: "!has(oldSelf.site) || has(self.site)" - rule: (!has(self.parentPrefix) && has(self.parentPrefixSelector)) || (has(self.parentPrefix) && !has(self.parentPrefixSelector)) status: description: PrefixClaimStatus defines the observed state of PrefixClaim properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array parentPrefix: description: |- Due to the fact that the parentPrefix can be specified directly in `.spec.parentPrefix` or selected from `.spec.parentPrefixSelector`, we use this field to store exactly which parent prefix we are using for all subsequent reconcile loop calls. type: string prefix: description: The assigned Prefix in CIDR notation type: string prefixName: description: The name of the Prefix CR created by the PrefixClaim Controller type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/crds/prefixes.yaml ================================================ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 name: prefixes.netbox.dev spec: group: netbox.dev names: kind: Prefix listKind: PrefixList plural: prefixes shortNames: - px singular: prefix scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.prefix name: Prefix type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.id name: ID type: string - jsonPath: .status.url name: URL type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: "Prefix allows to create a NetBox Prefix. More info about NetBox Prefixes: https://github.com/netbox-community/netbox/blob/main/docs/models/ipam/prefix.md" properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PrefixSpec defines the desired state of Prefix properties: comments: description: |- Comment that should be added to the resource in NetBox Field is mutable, not required type: string customFields: additionalProperties: type: string description: |- The NetBox Custom Fields that should be added to the resource in NetBox. Note that currently only Text Type is supported (GitHub #129) More info on NetBox Custom Fields: https://github.com/netbox-community/netbox/blob/main/docs/customization/custom-fields.md Field is mutable, not required Example: customfield1: "Production" customfield2: "This is a string" type: object description: description: |- Description that should be added to the resource in NetBox Field is mutable, not required type: string prefix: description: |- The Prefix in CIDR notation that should be reserved in NetBox Field is immutable, required Example: "192.168.0.0/24" format: cidr type: string x-kubernetes-validations: - message: Field 'prefix' is immutable rule: self == oldSelf preserveInNetbox: description: |- Defines whether the Resource should be preserved in NetBox when the Kubernetes Resource is deleted. - When set to true, the resource will not be deleted but preserved in NetBox upon CR deletion - When set to false, the resource will be cleaned up in NetBox upon CR deletion Setting preserveInNetbox to true is mandatory if the user wants to restore resources from NetBox (e.g. Sticky CIDRs even if resources are deleted and recreated in Kubernetes) Field is mutable, not required type: boolean site: description: |- The NetBox Site to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required type: string x-kubernetes-validations: - message: Field 'site' is required once set rule: self == oldSelf || self != '' tenant: description: |- The NetBox Tenant to be assigned to this resource in NetBox. Use the `name` value instead of the `slug` value Field is immutable, not required Example: "Initech" or "Cyberdyne Systems" type: string x-kubernetes-validations: - message: Field 'tenant' is immutable rule: self == oldSelf required: - prefix type: object x-kubernetes-validations: - message: Site is required once set rule: "!has(oldSelf.site) || has(self.site)" status: description: PrefixStatus defines the observed state of Prefix properties: conditions: description: Conditions represent the latest available observations of an object's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array id: description: The ID of the resource in NetBox format: int64 type: integer url: description: |- The URL to the resource in the NetBox UI. Note that the base of this URL depends on the runtime config of NetBox Operator type: string type: object type: object served: true storage: true subresources: status: {} ================================================ FILE: charts/netbox-operator/templates/NOTES.txt ================================================ CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} ================================================ FILE: charts/netbox-operator/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Create the name of the service account to use */}} {{- define "netbox-operator.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "common.names.fullname" .) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} {{- else }} {{- default "default" .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} {{/* Name of the Secret that contains the NetBox API Token */}} {{- define "netbox-operator.netbox.secret" -}} {{- if .Values.netbox.enabled }} {{- printf "%s-%s" (include "common.names.dependency.fullname" (dict "chartName" "netbox" "chartValues" .Values.netbox "context" .)) "superuser" | trunc 63 | trimSuffix "-" }} {{- else }} {{- include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "defaultNameSuffix" "netbox-auth" "context" .) }} {{- end }} {{- end }} ================================================ FILE: charts/netbox-operator/templates/clusterrole.yaml ================================================ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - netbox.dev resources: - ipaddressclaims - ipaddresses - iprangeclaims - ipranges - prefixclaims - prefixes verbs: - create - delete - get - list - patch - update - watch - apiGroups: - netbox.dev resources: - ipaddressclaims/finalizers - ipaddresses/finalizers - iprangeclaims/finalizers - ipranges/finalizers - prefixclaims/finalizers - prefixes/finalizers verbs: - update - apiGroups: - netbox.dev resources: - ipaddressclaims/status - ipaddresses/status - iprangeclaims/status - ipranges/status - prefixclaims/status - prefixes/status verbs: - get - patch - update ================================================ FILE: charts/netbox-operator/templates/clusterrolebinding.yaml ================================================ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ include "common.names.fullname" . }} subjects: - kind: ServiceAccount name: {{ include "netbox-operator.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} ================================================ FILE: charts/netbox-operator/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: netbox-operator {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) | nindent 6 }} app.kubernetes.io/component: netbox-operator {{- if .Values.updateStrategy }} strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $) | nindent 4 }} {{- end }} template: metadata: {{- if .Values.podAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: netbox-operator spec: {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }} serviceAccountName: {{ include "netbox-operator.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} image: {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global "chart" .Chart) }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.securityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} {{- end }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NETBOX_HOST {{- if .Values.netbox.enabled }} value: {{ include "common.names.dependency.fullname" (dict "chartName" "netbox" "chartValues" .Values.netbox "context" $) }} {{- else }} value: {{ .Values.host | quote }} {{- end }} - name: NETBOX_RESTORATION_HASH_FIELD_NAME value: {{ .Values.restorationHashFieldName | quote }} - name: HTTPS_ENABLE value: {{ .Values.https | quote }} - name: AUTH_TOKEN valueFrom: secretKeyRef: name: {{ include "netbox-operator.netbox.secret" $ }} key: api_token - name: DEBUG_ENABLE value: {{ .Values.debug | quote }} - name: CA_CERT value: {{ .Values.caCertPath | quote }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} ports: - name: http-metrics containerPort: 8080 protocol: TCP - name: http-probe containerPort: 8081 protocol: TCP {{- if .Values.extraContainerPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} {{- end }} {{- if .Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /healthz port: http-probe {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /readyz port: http-probe {{- end }} {{- if .Values.extraVolumeMounts }} volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- else if ne .Values.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.extraVolumes }} volumes: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} ================================================ FILE: charts/netbox-operator/templates/leaderelect/role.yaml ================================================ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ printf "%s-leader-election" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch ================================================ FILE: charts/netbox-operator/templates/leaderelect/rolebinding.yaml ================================================ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ printf "%s-leader-election" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ printf "%s-leader-election" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} subjects: {{- if .Values.serviceAccount.create }} - kind: ServiceAccount name: {{ include "netbox-operator.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} {{- end }} ================================================ FILE: charts/netbox-operator/templates/secret.yaml ================================================ {{- if not (or .Values.netbox.enabled .Values.auth.existingSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "netbox-auth" "context" $) }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: api_token: {{ .Values.auth.apiToken | b64enc | quote }} {{- end }} ================================================ FILE: charts/netbox-operator/templates/serviceaccount.yaml ================================================ {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "netbox-operator.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} ================================================ FILE: charts/netbox-operator/templates/servicemonitor.yaml ================================================ {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.additionalLabels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: jobLabel: {{ include "common.names.fullname" . }} namespaceSelector: matchNames: - {{ include "common.names.namespace" . | quote }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} {{- if .Values.metrics.serviceMonitor.selector }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} {{- end }} endpoints: - port: http-metrics scheme: https bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token path: /metrics {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} {{- end }} {{- if .Values.metrics.serviceMonitor.honorLabels }} honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} {{- end }} {{- if .Values.metrics.serviceMonitor.metricRelabelings }} metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} {{- end }} {{- if .Values.metrics.serviceMonitor.relabelings }} relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} {{- end }} {{- end }} ================================================ FILE: charts/netbox-operator/values.yaml ================================================ # Default values for NetBox Operator. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ## @section Global parameters ## Global container image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global container image registry ## @param global.imagePullSecrets Global container registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## @param nameOverride String to partially override common.names.fullname ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## Example: ## extraDeploy: ## - | ## apiVersion: v1 ## kind: ConfigMap ## metadata: ## name: sso-pipeline-roles ## namespace: netbox ## data: ## sso_pipeline_roles.py: | ## from netbox.authentication import Group ## ... ## extraDeploy: [] ## @section NetBox Operator Image parameters ## @param image.registry Image registry ## @param image.repository Image repository ## @param image.tag Image tag ## @param image.digest Image digest in the way sha256:aa... ## @param image.pullPolicy MariaDB image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: ghcr.io repository: netbox-community/netbox-operator pullPolicy: IfNotPresent ## Defaults to '{{ .Chart.AppVersion }}' ## tag: "" ## If set, override the tag ## digest: "" ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @section NetBox Operator Configuration parameters ## NetBox Operator settings based on environment variables # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers caCertPath: "" host: "" https: false restorationHashFieldName: "" debug: false auth: apiToken: "" existingSecret: "" netbox: enabled: false nameOverride: netbox-app ## @section Deployment parameters ## @param command Override default container command (useful when using custom images) ## command: - /manager ## @param args Override default container args (useful when using custom images) ## args: - --leader-elect ## @param replicaCount Number of replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## @param updateStrategy.type Deployment strategy type ## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param master.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param master.serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param master.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: true annotations: {} name: "" automountServiceAccountToken: true ## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: ca-cert ## secret: ## secretName: ca-cert ## extraVolumes: [] ## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: ca-cert ## mountPath: /tmp/ca.cert ## subPath: ca-cert ## readOnly: true ## extraVolumeMounts: [] ## @param sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## @param podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param priorityClassName Pods' priorityClassName ## priorityClassName: "" ## @param schedulerName Name of the k8s scheduler (other than default) for pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: 10 ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template. ## e.g: ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: topology.kubernetes.io/zone ## whenUnsatisfiable: DoNotSchedule ## labelSelector: ## matchLabels: ## "app.kubernetes.io/component": netbox ## "app.kubernetes.io/name": netbox ## topologySpreadConstraints: [] ## Container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). ## This is ignored if resources is set (resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "small" ## Containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param resources.limits The resources limits for the container ## @param resources.requests [object] The requested resources for the container ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable pods' Security Context ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Pods' group ID ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1000 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param securityContext.enabled Enabled containers' Security Context ## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param securityContext.runAsUser Set containers' Security Context runAsUser ## @param securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param securityContext.privileged Set container's Security Context privileged ## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param securityContext.capabilities.drop List of capabilities to be dropped ## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile ## securityContext: enabled: true seLinuxOptions: {} runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: true ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param readinessProbe.enabled Enable readinessProbe ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param extraEnvVars Array with extra environment variables to add to containers ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers ## extraEnvVarsSecret: "" ## Configure revision history limit for deployments ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy revisionHistoryLimit: 10 ## @section Metrics parameters ## Prometheus Exporter / Metrics ## metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## enabled: false ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics ## metricRelabelings: [] ## @param metrics.serviceMonitor.relabelings Specify general relabeling ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} additionalLabels: {} ## @section Autoscaling parameters ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param autoscaling.enabled Enable Horizontal POD autoscaling ## @param autoscaling.minReplicas Minimum number of replicas ## @param autoscaling.maxReplicas Maximum number of replicas ## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage ## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 ================================================ FILE: config.yaml ================================================ owner: netbox-community repo: netbox-chart remote: origin target-branch: main sign: true key: builds@netboxlabs.com keyring: ~/.cr-gpg/secring.gpg chart-dirs: - charts chart-repos: - bitnami=https://charts.bitnami.com/bitnami helm-extra-args: "--timeout 15m" generate-release-notes: true ================================================ FILE: pyproject.toml ================================================ [tool.black] line_length = 100 target-version = ["py38"] include = '\.pyi?$' exclude = ''' ( /( \.git | \.venv | \.netbox | \.vscode | configuration )/ ) ''' [tool.isort] profile = "black" multi_line_output = 3 line_length = 100 [tool.pylint.main] disable = [ "duplicate-code", "import-error", "possibly-used-before-assignment", "used-before-assignment", "undefined-variable", ] [tool.pylint.format] max-line-length = "100" [tool.ruff.lint] ignore = ["F821"]