netbox_deploy_v1
This is an old revision of the document!
Table of Contents
Netbox Deployment v1
PostgreSQL
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm show values bitnami/postgresql > postgresql-values.yaml
$ vim postgresql-values.yaml [...] 4 global: [...] 16 storageClass: "nfs-client" [...] 121 auth: 122 ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user [...] 130 username: "netbox" 131 ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided [...] 136 database: "netbox" 137 ## @param auth.replicationUsername Name of the replication user [...]
$ kubectl create ns netbox-community
$ helm install netbox-postgresql --namespace netbox-community bitnami/postgresql -f postgresql-values.yaml NAME: netbox-postgresql LAST DEPLOYED: Wed Feb 1 10:23:36 2023 NAMESPACE: netbox-community STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: postgresql CHART VERSION: 12.1.10 APP VERSION: 15.1.0 ** Please be patient while the chart is being deployed ** PostgreSQL can be accessed via port 5432 on the following DNS names from within your cluster: netbox-postgresql.netbox-community.svc.cluster.local - Read/Write connection To get the password for "postgres" run: export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d) To get the password for "netbox" run: export POSTGRES_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-postgresql -o jsonpath="{.data.password}" | base64 -d) To connect to your database run the following command: kubectl run netbox-postgresql-client --rm --tty -i --restart='Never' --namespace netbox-community --image docker.io/bitnami/postgresql:15.1.0-debian-11-r20 --env="PGPASSWORD=$POSTGRES_PASSWORD" \ --command -- psql --host netbox-postgresql -U netbox -d netbox -p 5432 > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID 1001} does not exist" To connect to your database from outside the cluster execute the following commands: kubectl port-forward --namespace netbox-community svc/netbox-postgresql 5432:5432 & PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U netbox -d netbox -p 5432 WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.
$ kubectl get all -n netbox-community NAME READY STATUS RESTARTS AGE pod/netbox-postgresql-0 1/1 Running 0 69s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/netbox-postgresql ClusterIP 10.96.33.75 <none> 5432/TCP 69s service/netbox-postgresql-hl ClusterIP None <none> 5432/TCP 69s NAME READY AGE statefulset.apps/netbox-postgresql 1/1 69s
Redis
$ helm show values bitnami/redis > redis-values.yaml
$ vim redis-values.yaml [...] 12 global: [...] 19 storageClass: "nfs-client" [...]
$ helm install netbox-redis --namespace netbox-community bitnami/redis -f redis-values.yaml NAME: netbox-redis LAST DEPLOYED: Wed Feb 1 10:32:32 2023 NAMESPACE: netbox-community STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: redis CHART VERSION: 17.6.0 APP VERSION: 7.0.8 ** Please be patient while the chart is being deployed ** Redis® can be accessed on the following DNS names from within your cluster: netbox-redis-master.netbox-community.svc.cluster.local for read/write operations (port 6379) netbox-redis-replicas.netbox-community.svc.cluster.local for read-only operations (port 6379) To get your password run: export REDIS_PASSWORD=$(kubectl get secret --namespace netbox-community netbox-redis -o jsonpath="{.data.redis-password}" | base64 -d) To connect to your Redis® server: 1. Run a Redis® pod that you can use as a client: kubectl run --namespace netbox-community redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:7.0.8-debian-11-r0 --command -- sleep infinity Use the following command to attach to the pod: kubectl exec --tty -i redis-client \ --namespace netbox-community -- bash 2. Connect using the Redis® CLI: REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h netbox-redis-master REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h netbox-redis-replicas To connect to your database from outside the cluster execute the following commands: kubectl port-forward --namespace netbox-community svc/netbox-redis-master 6379:6379 & REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379
$ kubectl get all -n netbox-community NAME READY STATUS RESTARTS AGE pod/netbox-postgresql-0 1/1 Running 0 10m pod/netbox-redis-master-0 1/1 Running 0 116s pod/netbox-redis-replicas-0 1/1 Running 0 116s pod/netbox-redis-replicas-1 1/1 Running 0 74s pod/netbox-redis-replicas-2 1/1 Running 0 37s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/netbox-postgresql ClusterIP 10.96.33.75 <none> 5432/TCP 10m service/netbox-postgresql-hl ClusterIP None <none> 5432/TCP 10m service/netbox-redis-headless ClusterIP None <none> 6379/TCP 116s service/netbox-redis-master ClusterIP 10.96.247.236 <none> 6379/TCP 116s service/netbox-redis-replicas ClusterIP 10.96.85.97 <none> 6379/TCP 116s NAME READY AGE statefulset.apps/netbox-postgresql 1/1 10m statefulset.apps/netbox-redis-master 1/1 116s statefulset.apps/netbox-redis-replicas 3/3 116s
Netbox
- netbox-configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: name: netbox-configmap namespace: netbox-community data: ALLOWED_HOSTS: '*' CHANGELOG_RETENTION: "90" DB_HOST: netbox-postgresql DB_NAME: netbox DB_USER: netbox EMAIL_FROM: netbox@bar.com EMAIL_PORT: "25" EMAIL_SERVER: localhost EMAIL_TIMEOUT: "10" EMAIL_USERNAME: foo EXEMPT_VIEW_PERMISSIONS: '' LOGIN_REQUIRED: "true" MEDIA_ROOT: /opt/netbox/netbox/media METRICS_ENABLED: "true" NETBOX_USERNAME: guest REDIS_HOST: netbox-redis-master REDIS_CACHE_HOST: netbox-redis-master REDIS_PORT: "6379" REDIS_CACHE_PORT: "6379" REDIS_DATABASE: "0" REDIS_CACHE_DATABASE: "1" SUPERUSER_EMAIL: admin@example.com SUPERUSER_NAME: admin MAINTENANCE_MODE: 'False' DEBUG: 'False'
$ kubectl apply -f netbox-configmap.yaml
- netbox-secrets.yaml
apiVersion: v1 kind: Secret metadata: name: netbox-secret namespace: netbox-community type: Opaque data: email_password: dGVzdAo= napalm_password: Cg== secret_key: ISQ5cW1VQDlxaXhQRTZRbiptZnc5NHRPb2xKZGtFYSNlOEY0NTZlMTdOdmlCNXFsbms= superuser_password: c3VwZXJwYXNzd29yZA== superuser_api_token: NDhjN2JhOTItMGY4Mi00NDNhLThjZjMtOTgxNTU5ZmYzMmNm
$ kubectl apply -f netbox-secrets.yaml
- netbox-startup-configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: name: startup-configmap namespace: netbox-community data: start-rqworker.sh: | /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py rqworker &>/dev/null &disown; nginx-caching-fix.sh: | chown unit:root -R /opt/unit/tmp/
$ kubectl apply -f netbox-startup-configmap.yaml
- netbox-media-pvc.yaml
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: netbox-media-pvc namespace: netbox-community labels: name: netbox-media-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs-client
$ kubectl apply -f netbox-media-pvc.yaml
- netbox-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: netbox namespace: netbox-community labels: k8s-app: netbox spec: replicas: 3 selector: matchLabels: k8s-app: netbox template: metadata: labels: k8s-app: netbox spec: containers: # NetBox container using the netbox-docker image: https://github.com/netbox-community/netbox-docker - name: netbox image: netboxcommunity/netbox:latest-ldap ports: - name: http containerPort: 8080 readinessProbe: # will mark the pod as ready once the initialization script is completed and will probe every 20 seconds httpGet: path: / port: http initialDelaySeconds: 5 periodSeconds: 20 envFrom: - configMapRef: name: netbox-configmap lifecycle: # Will run the post-startup scripts detailed in netbox-startup-configmap.yaml postStart: exec: command: - /bin/sh - -c - > bash /home/start-rqworker.sh && bash /home/nginx-caching-fix.sh volumeMounts: - name: db-password mountPath: /run/secrets/db_password subPath: db_password readOnly: true - name: email-password mountPath: /run/secrets/email_password subPath: email_password readOnly: true - name: napalm-password mountPath: /run/secrets/napalm_password subPath: napalm_password readOnly: true - name: redis-password mountPath: /run/secrets/redis_password subPath: redis_password - name: secret-key mountPath: /run/secrets/secret_key subPath: secret_key readOnly: true - name: superuser-api-token mountPath: /run/secrets/superuser_api_token subPath: superuser_api_token - name: superuser-password mountPath: /run/secrets/superuser_password subPath: superuser_password readOnly: true # Persistent Volume paths - name: netbox-media-files # Allows for multiple replicas of the netbox pod to be available mountPath: /opt/netbox/netbox/media - mountPath: /home/start-rqworker.sh name: start-rqworker subPath: start-rqworker.sh - mountPath: /home/nginx-caching-fix.sh name: nginx-caching-fix subPath: nginx-caching-fix.sh restartPolicy: Always volumes: # Reference to configmaps and PVs - name: netbox-media-files persistentVolumeClaim: claimName: netbox-media-pvc readOnly: false - name: start-rqworker configMap: name: startup-configmap items: - key: "start-rqworker.sh" path: "start-rqworker.sh" - name: nginx-caching-fix configMap: name: startup-configmap items: - key: "nginx-caching-fix.sh" path: "nginx-caching-fix.sh" # Populate via secret - name: db-password secret: secretName: netbox-postgresql items: - key: password path: db_password - name: email-password secret: secretName: netbox-secret items: - key: email_password path: email_password - name: napalm-password secret: secretName: netbox-secret items: - key: napalm_password path: napalm_password - name: redis-password secret: secretName: netbox-redis items: - key: redis-password path: redis_password - name: secret-key secret: secretName: netbox-secret items: - key: secret_key path: secret_key - name: superuser-password secret: secretName: netbox-secret items: - key: superuser_password path: superuser_password - name: superuser-api-token secret: secretName: netbox-secret items: - key: superuser_api_token path: superuser_api_token
$ kubectl apply -f netbox-deployment.yaml
- netbox-service.yaml
apiVersion: v1 kind: Service metadata: name: netbox namespace: netbox-community labels: k8s-app: netbox spec: ports: - port: 80 targetPort: http selector: k8s-app: netbox
$ kubectl apply -f netbox-service.yaml
netbox_deploy_v1.1753560544.txt.gz ยท Last modified: by wikiadm