====== Netbox Deployment v1 ======
===== PostgreSQL =====
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm show values bitnami/postgresql > postgresql-values.yaml
$ vim postgresql-values.yaml
[...]
4 global:
[...]
16 storageClass: "nfs-client"
[...]
121 auth:
122 ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
[...]
130 username: "netbox"
131 ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided
[...]
136 database: "netbox"
137 ## @param auth.replicationUsername Name of the replication user
[...]
$ kubectl create ns netbox-community
$ helm install netbox-postgresql --namespace netbox-community bitnami/postgresql -f postgresql-values.yaml
NAME: netbox-postgresql
LAST DEPLOYED: Wed Feb 1 10:23:36 2023
NAMESPACE: netbox-community
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: postgresql
CHART VERSION: 12.1.10
APP VERSION: 15.1.0
** Please be patient while the chart is being deployed **
PostgreSQL can be accessed via port 5432 on the following DNS names from within your cluster:
netbox-postgresql.netbox-community.svc.cluster.local - Read/Write connection
To get the password for "postgres" run:
export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
To get the password for "netbox" run:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-postgresql -o jsonpath="{.data.password}" | base64 -d)
To connect to your database run the following command:
kubectl run netbox-postgresql-client --rm --tty -i --restart='Never' --namespace netbox-community --image docker.io/bitnami/postgresql:15.1.0-debian-11-r20 --env="PGPASSWORD=$POSTGRES_PASSWORD" \
--command -- psql --host netbox-postgresql -U netbox -d netbox -p 5432
> NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID 1001} does not exist"
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace netbox-community svc/netbox-postgresql 5432:5432 &
PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U netbox -d netbox -p 5432
WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.
$ kubectl get all -n netbox-community
NAME READY STATUS RESTARTS AGE
pod/netbox-postgresql-0 1/1 Running 0 69s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/netbox-postgresql ClusterIP 10.96.33.75 5432/TCP 69s
service/netbox-postgresql-hl ClusterIP None 5432/TCP 69s
NAME READY AGE
statefulset.apps/netbox-postgresql 1/1 69s
===== Redis =====
$ helm show values bitnami/redis > redis-values.yaml
$ vim redis-values.yaml
[...]
12 global:
[...]
19 storageClass: "nfs-client"
[...]
$ helm install netbox-redis --namespace netbox-community bitnami/redis -f redis-values.yaml
NAME: netbox-redis
LAST DEPLOYED: Wed Feb 1 10:32:32 2023
NAMESPACE: netbox-community
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 17.6.0
APP VERSION: 7.0.8
** Please be patient while the chart is being deployed **
Redis® can be accessed on the following DNS names from within your cluster:
netbox-redis-master.netbox-community.svc.cluster.local for read/write operations (port 6379)
netbox-redis-replicas.netbox-community.svc.cluster.local for read-only operations (port 6379)
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-redis -o jsonpath="{.data.redis-password}" | base64 -d)
To connect to your Redis® server:
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace netbox-community redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:7.0.8-debian-11-r0 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace netbox-community -- bash
2. Connect using the Redis® CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h netbox-redis-master
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h netbox-redis-replicas
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace netbox-community svc/netbox-redis-master 6379:6379 &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379
$ kubectl get all -n netbox-community
NAME READY STATUS RESTARTS AGE
pod/netbox-postgresql-0 1/1 Running 0 10m
pod/netbox-redis-master-0 1/1 Running 0 116s
pod/netbox-redis-replicas-0 1/1 Running 0 116s
pod/netbox-redis-replicas-1 1/1 Running 0 74s
pod/netbox-redis-replicas-2 1/1 Running 0 37s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/netbox-postgresql ClusterIP 10.96.33.75 5432/TCP 10m
service/netbox-postgresql-hl ClusterIP None 5432/TCP 10m
service/netbox-redis-headless ClusterIP None 6379/TCP 116s
service/netbox-redis-master ClusterIP 10.96.247.236 6379/TCP 116s
service/netbox-redis-replicas ClusterIP 10.96.85.97 6379/TCP 116s
NAME READY AGE
statefulset.apps/netbox-postgresql 1/1 10m
statefulset.apps/netbox-redis-master 1/1 116s
statefulset.apps/netbox-redis-replicas 3/3 116s
===== Netbox =====
apiVersion: v1
kind: ConfigMap
metadata:
name: netbox-configmap
namespace: netbox-community
data:
ALLOWED_HOSTS: '*'
CHANGELOG_RETENTION: "90"
DB_HOST: netbox-postgresql
DB_NAME: netbox
DB_USER: netbox
EMAIL_FROM: netbox@bar.com
EMAIL_PORT: "25"
EMAIL_SERVER: localhost
EMAIL_TIMEOUT: "10"
EMAIL_USERNAME: foo
EXEMPT_VIEW_PERMISSIONS: ''
LOGIN_REQUIRED: "true"
MEDIA_ROOT: /opt/netbox/netbox/media
METRICS_ENABLED: "true"
NETBOX_USERNAME: guest
REDIS_HOST: netbox-redis-master
REDIS_CACHE_HOST: netbox-redis-master
REDIS_PORT: "6379"
REDIS_CACHE_PORT: "6379"
REDIS_DATABASE: "0"
REDIS_CACHE_DATABASE: "1"
SUPERUSER_EMAIL: admin@example.com
SUPERUSER_NAME: admin
MAINTENANCE_MODE: 'False'
DEBUG: 'False'
$ kubectl apply -f netbox-configmap.yaml
apiVersion: v1
kind: Secret
metadata:
name: netbox-secret
namespace: netbox-community
type: Opaque
data:
email_password: dGVzdAo=
napalm_password: Cg==
secret_key: ISQ5cW1VQDlxaXhQRTZRbiptZnc5NHRPb2xKZGtFYSNlOEY0NTZlMTdOdmlCNXFsbms=
superuser_password: c3VwZXJwYXNzd29yZA==
superuser_api_token: NDhjN2JhOTItMGY4Mi00NDNhLThjZjMtOTgxNTU5ZmYzMmNm
$ kubectl apply -f netbox-secrets.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: startup-configmap
namespace: netbox-community
data:
start-rqworker.sh: |
/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py rqworker &>/dev/null &disown;
nginx-caching-fix.sh: |
chown unit:root -R /opt/unit/tmp/
$ kubectl apply -f netbox-startup-configmap.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: netbox-media-pvc
namespace: netbox-community
labels:
name: netbox-media-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
$ kubectl apply -f netbox-media-pvc.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbox
namespace: netbox-community
labels:
k8s-app: netbox
spec:
replicas: 3
selector:
matchLabels:
k8s-app: netbox
template:
metadata:
labels:
k8s-app: netbox
spec:
containers:
# NetBox container using the netbox-docker image: https://github.com/netbox-community/netbox-docker
- name: netbox
image: netboxcommunity/netbox:latest-ldap
ports:
- name: http
containerPort: 8080
readinessProbe: # will mark the pod as ready once the initialization script is completed and will probe every 20 seconds
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 20
envFrom:
- configMapRef:
name: netbox-configmap
lifecycle: # Will run the post-startup scripts detailed in netbox-startup-configmap.yaml
postStart:
exec:
command:
- /bin/sh
- -c
- >
bash /home/start-rqworker.sh &&
bash /home/nginx-caching-fix.sh
volumeMounts:
- name: db-password
mountPath: /run/secrets/db_password
subPath: db_password
readOnly: true
- name: email-password
mountPath: /run/secrets/email_password
subPath: email_password
readOnly: true
- name: napalm-password
mountPath: /run/secrets/napalm_password
subPath: napalm_password
readOnly: true
- name: redis-password
mountPath: /run/secrets/redis_password
subPath: redis_password
- name: secret-key
mountPath: /run/secrets/secret_key
subPath: secret_key
readOnly: true
- name: superuser-api-token
mountPath: /run/secrets/superuser_api_token
subPath: superuser_api_token
- name: superuser-password
mountPath: /run/secrets/superuser_password
subPath: superuser_password
readOnly: true
# Persistent Volume paths
- name: netbox-media-files # Allows for multiple replicas of the netbox pod to be available
mountPath: /opt/netbox/netbox/media
- mountPath: /home/start-rqworker.sh
name: start-rqworker
subPath: start-rqworker.sh
- mountPath: /home/nginx-caching-fix.sh
name: nginx-caching-fix
subPath: nginx-caching-fix.sh
restartPolicy: Always
volumes:
# Reference to configmaps and PVs
- name: netbox-media-files
persistentVolumeClaim:
claimName: netbox-media-pvc
readOnly: false
- name: start-rqworker
configMap:
name: startup-configmap
items:
- key: "start-rqworker.sh"
path: "start-rqworker.sh"
- name: nginx-caching-fix
configMap:
name: startup-configmap
items:
- key: "nginx-caching-fix.sh"
path: "nginx-caching-fix.sh"
# Populate via secret
- name: db-password
secret:
secretName: netbox-postgresql
items:
- key: password
path: db_password
- name: email-password
secret:
secretName: netbox-secret
items:
- key: email_password
path: email_password
- name: napalm-password
secret:
secretName: netbox-secret
items:
- key: napalm_password
path: napalm_password
- name: redis-password
secret:
secretName: netbox-redis
items:
- key: redis-password
path: redis_password
- name: secret-key
secret:
secretName: netbox-secret
items:
- key: secret_key
path: secret_key
- name: superuser-password
secret:
secretName: netbox-secret
items:
- key: superuser_password
path: superuser_password
- name: superuser-api-token
secret:
secretName: netbox-secret
items:
- key: superuser_api_token
path: superuser_api_token
$ kubectl apply -f netbox-deployment.yaml
apiVersion: v1
kind: Service
metadata:
name: netbox
namespace: netbox-community
labels:
k8s-app: netbox
spec:
ports:
- port: 80
targetPort: http
selector:
k8s-app: netbox
$ kubectl apply -f netbox-service.yaml