====== Netbox Deployment v2 ======
===== Database PostgreSQL =====
# CREATE ROLE netbox LOGIN;
# CREATE DATABASE netbox OWNER netbox;
# \password netbox
# \q
$ vim ${PGDATA}/pg_hba.conf
[...]
# Acesso netbox Kubernetes
host netbox netbox 2804:694:4c00:4007::/64 scram-sha-256
$ pg_ctl reload
===== Database/Caching Redis =====
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install redis bitnami/redis --create-namespace -n netbox --set global.storageClass=nfs-client
NAME: redis
LAST DEPLOYED: Thu Feb 2 10:24:00 2023
NAMESPACE: netbox
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 17.6.0
APP VERSION: 7.0.8
** Please be patient while the chart is being deployed **
Redis® can be accessed on the following DNS names from within your cluster:
redis-master.netbox.svc.cluster.local for read/write operations (port 6379)
redis-replicas.netbox.svc.cluster.local for read-only operations (port 6379)
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace netbox redis -o jsonpath="{.data.redis-password}" | base64 -d)
To connect to your Redis® server:
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace netbox redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:7.0.8-debian-11-r0 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace netbox -- bash
2. Connect using the Redis® CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-replicas
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace netbox svc/redis-master 6379:6379 &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379
$ kubectl get all -n netbox
NAME READY STATUS RESTARTS AGE
pod/redis-master-0 1/1 Running 0 2m43s
pod/redis-replicas-0 1/1 Running 0 2m43s
pod/redis-replicas-1 1/1 Running 0 2m7s
pod/redis-replicas-2 1/1 Running 0 100s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/redis-headless ClusterIP None 6379/TCP 2m44s
service/redis-master ClusterIP 10.96.158.194 6379/TCP 2m43s
service/redis-replicas ClusterIP 10.96.127.204 6379/TCP 2m44s
NAME READY AGE
statefulset.apps/redis-master 1/1 2m43s
statefulset.apps/redis-replicas 3/3 2m43s
$ kubectl get pvc -n netbox
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
redis-data-redis-master-0 Bound pvc-588529fe-aae3-4e6b-ad97-d91fbd8db311 8Gi RWO nfs-client 3m23s
redis-data-redis-replicas-0 Bound pvc-9def509a-8f50-4a42-aa78-1910afd96b06 8Gi RWO nfs-client 3m23s
redis-data-redis-replicas-1 Bound pvc-30ff64b8-cfa2-4486-b127-0f4870dc542f 8Gi RWO nfs-client 2m47s
redis-data-redis-replicas-2 Bound pvc-8df8310d-4a7e-4c9f-90f5-9132e9c0d488 8Gi RWO nfs-client 2m20s
$ kubectl get cm -n netbox
NAME DATA AGE
kube-root-ca.crt 1 3m57s
redis-configuration 3 3m57s
redis-health 6 3m57s
redis-scripts 2 3m57s
$ kubectl get secret -n netbox
NAME TYPE DATA AGE
default-token-g7579 kubernetes.io/service-account-token 3 4m33s
redis Opaque 1 4m33s
redis-token-brk6n kubernetes.io/service-account-token 3 4m33s
sh.helm.release.v1.redis.v1 helm.sh/release.v1 1 4m33s
===== Netbox =====
==== ConfigMap ====
apiVersion: v1
data:
DB_HOST: pgsql.juntotelecom.com.br
DB_NAME: netbox
DB_PORT: "5432"
DB_USER: netbox
REDIS_HOST: redis-master
REDIS_PORT: "6379"
REDIS_SSL: "false"
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: netbox
name: netbox
namespace: netbox
$ kubectl apply -f netbox-cm.yaml
apiVersion: v1
data:
nginx.conf: |-
daemon off;
worker_processes 1;
error_log /dev/stderr info;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
server_tokens off;
client_max_body_size 10M;
upstream netbox {
server localhost:8001 fail_timeout=0;
}
server {
listen 8080;
access_log off;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://netbox;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
server {
listen 8081;
access_log off;
location = /stub_status {
stub_status;
}
}
}
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: netbox
name: netbox-config-files
namespace: netbox
$ kubectl apply -f netbox-cm-config.yaml
==== Secret ====
apiVersion: v1
data:
SECRET_KEY: ZGgxczBSUHg4MG1LTVBjRXN2Ukx3eDllS1A4bHNZTzFiN01jdmwwdk94aFlBbEFzSjU=
kind: Secret
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: netbox
name: netbox
namespace: netbox
type: Opaque
$ kubectl apply -f netbox-secret.yaml
apiVersion: v1
data:
postgres-password: aXd6dHlSIUppT0VPbGg1cQ==
kind: Secret
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: postgresql
name: netbox-postgresql
namespace: netbox
type: Opaque
$ kubectl apply -f netbox-secret-postgres.yaml
==== persistentVolumeClaim ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: netbox
name: netbox
namespace: netbox
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: nfs-client
$ kubectl apply -f netbox-pvc.yaml
==== Deployment ====
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
app.kubernetes.io/name: netbox
name: netbox-worker
namespace: netbox
spec:
selector:
matchLabels:
app.kubernetes.io/name: netbox
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: netbox
spec:
containers:
- command:
- /opt/netbox/venv/bin/python3
- /opt/netbox/netbox/manage.py
- rqworker
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: redis
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: netbox-postgresql
envFrom:
- configMapRef:
name: netbox
- secretRef:
name: netbox
image: netboxcommunity/netbox:v3.4.2
imagePullPolicy: Always
name: netbox-worker
resources: {}
restartPolicy: Always
securityContext: {}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
app.kubernetes.io/name: netbox
name: netbox
namespace: netbox
spec:
selector:
matchLabels:
app.kubernetes.io/name: netbox
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: netbox
spec:
containers:
- env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: redis
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: netbox-postgresql
envFrom:
- configMapRef:
name: netbox
- secretRef:
name: netbox
image: netboxcommunity/netbox:v3.4.2
imagePullPolicy: Always
name: netbox
ports:
- containerPort: 8080
name: http
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /etc/netbox/media
name: data
restartPolicy: Always
securityContext: {}
volumes:
- configMap:
defaultMode: 420
name: netbox-config-files
name: netbox-config-files
- name: data
persistentVolumeClaim:
claimName: netbox
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
app.kubernetes.io/name: netbox
name: netbox-housekeeping
namespace: netbox
spec:
selector:
matchLabels:
app.kubernetes.io/name: netbox
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: netbox
spec:
containers:
- command:
- /opt/netbox/housekeeping.sh
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: redis
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: netbox-postgresql
envFrom:
- configMapRef:
name: netbox
- secretRef:
name: netbox
image: netboxcommunity/netbox:v3.4.2
imagePullPolicy: Always
name: netbox-housekeeping
resources: {}
restartPolicy: Always
securityContext: {}
$ kubectl apply -f netbox-worker-deployment.yaml -f netbox-deployment.yaml -f netbox-housekeeping-deployment.yaml
==== Service ====
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: netbox
meta.helm.sh/release-namespace: netbox
labels:
app.kubernetes.io/name: netbox
name: netbox
namespace: netbox
spec:
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/name: netbox
sessionAffinity: None
type: ClusterIP
$ kubectl apply -f netbox-svc.yaml
==== Ingress ====
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netbox
namespace: netbox
spec:
ingressClassName: nginx
rules:
- host: netbox.juntotelecom.com.br
http:
paths:
- backend:
service:
name: netbox
port:
number: 80
path: /
pathType: Prefix
$ kubectl apply -f netbox-ingress.yaml
$ kubectl get all -n netbox
NAME READY STATUS RESTARTS AGE
pod/netbox-789fd8cb69-kmb78 1/1 Running 0 15m
pod/netbox-housekeeping-84bb87786c-9bwxg 1/1 Running 0 15m
pod/netbox-worker-5998c9f9c5-q4wvt 1/1 Running 0 15m
pod/redis-master-0 1/1 Running 0 99m
pod/redis-replicas-0 1/1 Running 0 99m
pod/redis-replicas-1 1/1 Running 0 98m
pod/redis-replicas-2 1/1 Running 0 98m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/netbox ClusterIP 10.96.234.47 80/TCP 5m16s
service/redis-headless ClusterIP None 6379/TCP 99m
service/redis-master ClusterIP 10.96.158.194 6379/TCP 99m
service/redis-replicas ClusterIP 10.96.127.204 6379/TCP 99m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/netbox 1/1 1 1 15m
deployment.apps/netbox-housekeeping 1/1 1 1 15m
deployment.apps/netbox-worker 1/1 1 1 15m
NAME DESIRED CURRENT READY AGE
replicaset.apps/netbox-789fd8cb69 1 1 1 15m
replicaset.apps/netbox-housekeeping-84bb87786c 1 1 1 15m
replicaset.apps/netbox-worker-5998c9f9c5 1 1 1 15m
NAME READY AGE
statefulset.apps/redis-master 1/1 99m
statefulset.apps/redis-replicas 3/3 99m