From b10b525719243b4bef948b15d1d5f3168fe12a0e Mon Sep 17 00:00:00 2001 From: Chris Boot Date: Tue, 28 Jan 2020 20:54:00 +0000 Subject: [PATCH] Chart 2.0 for NetBox 2.7.6 This represents a large body of work required to update the chart for compatibility with NetBox 2.7. --- Chart.yaml | 4 +-- README.md | 37 ++++++++++++++++------- templates/configmap.yaml | 62 +++++++++++++++++++++++++++++---------- templates/deployment.yaml | 30 +++++++++++++++---- templates/secret.yaml | 7 +++-- values.yaml | 43 +++++++++++++++++++-------- 6 files changed, 133 insertions(+), 50 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 76a4d3ce..7d6fa03e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 2.6.12 +appVersion: 2.7.6 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool icon: https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.png name: netbox -version: 1.0.4 +version: 2.0.0 diff --git a/README.md b/README.md index bee58c50..c84a76a3 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,14 @@ $ helm delete my-release ## Upgrading +### From 1.x to 2.x + +If you use an external Redis you will need to update your configuration values +due to the chart reflecting upstream changes in how it uses Redis. There are +now separate Redis configuration blocks for webhooks and for caching, though +they can both point at the same Redis instance as long as the database numbers +are different. + ### From 0.x to 1.x The chart dependencies on PostgreSQL and Redis have been upgraded, so you may @@ -51,7 +59,7 @@ The following table lists the configurable parameters for this chart and their d | --------------------------------------|---------------------------------------------------------------------|----------------------------------------------| | `replicaCount` | The desired number of NetBox pods | `1` | | `image.repository` | NetBox container image repository | `netboxcommunity/netbox` | -| `image.tag` | NetBox container image tag | `v2.6.12` | +| `image.tag` | NetBox container image tag | `v2.7.6` | | `image.pullPolicy` | NetBox container image pull policy | `IfNotPresent` | | `superuser.name` | Initial super-user account to create | `admin` | | `superuser.email` | Email address for the initial super-user account | `admin@example.com` | @@ -65,6 +73,7 @@ The following table lists the configurable parameters for this chart and their d | `banner.login` | Banner text to display on the login page | `""` | | `basePath` | Base URL path if accessing NetBox within a directory | `""` | | `cacheTimeout` | Cached object time-to-live, in seconds | `900` (15 minutes) | +| `changelogRetention` | Maximum number of days to retain logged changes (0 = forever) | `90` | | `cors.originAllowAll` | [CORS]: allow all origins | `false` | | `cors.originWhitelist` | [CORS]: list of origins authorised to make cross-site HTTP requests | `[]` | | `cors.originRegexWhitelist` | [CORS]: list of regex strings matching authorised origins | `[]` | @@ -88,7 +97,6 @@ The following table lists the configurable parameters for this chart and their d | `paginateCount` | The default number of objects to display per page in the web UI | `50` | | `preferIPv4` | Prefer devices' IPv4 address when determining their primary address | `false` | | `metricsEnabled` | Expose Prometheus metrics at the `/metrics` HTTP endpoint | `false` | -| `webhooksEnabled` | Enable NetBox's outgoing webhook functionality | `true` | | `timeZone` | The time zone NetBox will use when dealing with dates and times | `UTC` | | `dateFormat` | Django date format for long-form date strings | `"N j, Y"` | | `shortDateFormat` | Django date format for short-form date strings | `"Y-m-d"` | @@ -109,17 +117,24 @@ The following table lists the configurable parameters for this chart and their d | `externalDatabase.password` | Password for external PostgreSQL (see also `existingSecret`) | `""` | | `externalDatabase.existingSecretName` | Fetch password for external PostgreSQL from a different `Secret` | `""` | | `externalDatabase.existingSecretKey` | Key to fetch the password in the above `Secret` | `postgresql-password` | -| `redisDatabase` | Redis database number used for NetBox webhooks queue | `0` | -| `redisCacheDatabase` | Redis database number used for caching views, etc... | `1` | -| `redisTimeout` | Redis connection timeout, in seconds | `300` (5 minutes) | -| `redisSsl` | Enable SSL when connecting to Redis | `false` | | `redis.enabled` | Deploy Redis using bundled Bitnami Redis chart | `true` | | `redis.*` | Values under this key are passed to the bundled Redis chart | n/a | -| `externalRedis.host` | Redis host to use when `redis.enabled` is `false` | `localhost` | -| `externalRedis.port` | Port number for external Redis | `6379` | -| `externalRedis.password` | Password for external Redis (see also `existingSecret`) | `""` | -| `externalRedis.existingSecretName` | Fetch password for external Redis from a different `Secret` | `""` | -| `externalRedis.existingSecretKey` | Key to fetch the password in the above `Secret` | `redis-password` | +| `webhooksRedis.database` | Redis database number used for NetBox webhooks queue | `0` | +| `webhooksRedis.timeout` | Redis connection timeout, in seconds | `300` (5 minutes) | +| `webhooksRedis.ssl` | Enable SSL when connecting to Redis | `false` | +| `webhooksRedis.host` | Redis host to use when `redis.enabled` is `false` | `""` | +| `webhooksRedis.port` | Port number for external Redis | `6379` | +| `webhooksRedis.password` | Password for external Redis (see also `existingSecret`) | `""` | +| `webhooksRedis.existingSecretName` | Fetch password for external Redis from a different `Secret` | `""` | +| `webhooksRedis.existingSecretKey` | Key to fetch the password in the above `Secret` | `redis-password` | +| `cachingRedis.database` | Redis database number used for caching views | `1` | +| `cachingRedis.timeout` | Redis connection timeout, in seconds | `300` (5 minutes) | +| `cachingRedis.ssl` | Enable SSL when connecting to Redis | `false` | +| `cachingRedis.host` | Redis host to use when `redis.enabled` is `false` | `""` | +| `cachingRedis.port` | Port number for external Redis | `6379` | +| `cachingRedis.password` | Password for external Redis (see also `existingSecret`) | `""` | +| `cachingRedis.existingSecretName` | Fetch password for external Redis from a different `Secret` | `""` | +| `cachingRedis.existingSecretKey` | Key to fetch the password in the above `Secret` | `redis-password` | | `imagePullSecrets` | List of `Secret` names containing private registry credentials | `[]` | | `nameOverride` | Override the application name (`netbox`) used throughout the chart | `""` | | `fullnameOverride` | Override the full name of resources created as part of the release | `""` | diff --git a/templates/configmap.yaml b/templates/configmap.yaml index e41490e1..ce43ca04 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -6,6 +6,7 @@ metadata: {{ include "netbox.labels" . | indent 4 }} data: configuration.py: | + import re import yaml def _load_yaml(): @@ -32,18 +33,32 @@ data: {{- end -}} {{- end -}}) NAPALM_PASSWORD = _load_secret('netbox', 'napalm_password') - REDIS['PASSWORD'] = _load_secret( + REDIS['webhooks']['PASSWORD'] = _load_secret( {{- if .Values.redis.enabled -}} 'redis', 'redis-password' {{- else -}} - {{- if .Values.externalRedis.existingSecretName -}} - 'redis', {{ .Values.externalRedis.existingSecretKey | squote }} + {{- if .Values.webhooksRedis.existingSecretName -}} + 'redis_webhooks', {{ .Values.webhooksRedis.existingSecretKey | squote }} {{- else -}} 'netbox', 'redis_password' {{- end -}} {{- end -}}) + REDIS['caching']['PASSWORD'] = _load_secret( + {{- if .Values.redis.enabled -}} + 'redis', 'redis-password' + {{- else -}} + {{- if .Values.cachingRedis.existingSecretName -}} + 'redis_caching', {{ .Values.cachingRedis.existingSecretKey | squote }} + {{- else -}} + 'netbox', 'redis_cache_password' + {{- end -}} + {{- end -}}) SECRET_KEY = _load_secret('netbox', 'secret_key') + # Post-process certain values + CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r + in CORS_ORIGIN_REGEX_WHITELIST] + netbox.yaml: | ALLOWED_HOSTS: {{ toJson .Values.allowedHosts }} @@ -57,8 +72,11 @@ data: HOST: {{ .Values.externalDatabase.host | quote }} USER: {{ .Values.externalDatabase.username | quote }} NAME: {{ .Values.externalDatabase.database | quote }} - PORT: {{ .Values.externalDatabase.port | int}} + PORT: {{ .Values.externalDatabase.port | int }} {{- end }} + OPTIONS: + sslmode: {{ .Values.externalDatabase.sslMode | quote }} + CONN_MAX_AGE: {{ .Values.externalDatabase.connMaxAge | int }} ADMINS: {{ toJson .Values.admins }} BANNER_TOP: {{ .Values.banner.top | quote }} @@ -66,6 +84,7 @@ data: BANNER_LOGIN: {{ .Values.banner.login | quote }} BASE_PATH: {{ .Values.basePath | quote }} CACHE_TIMEOUT: {{ int .Values.cacheTimeout }} + CHANGELOG_RETENTION: {{ int .Values.changelogRetention }} CORS_ORIGIN_ALLOW_ALL: {{ toJson .Values.cors.originAllowAll }} CORS_ORIGIN_WHITELIST: {{ toJson .Values.cors.originWhitelist }} CORS_ORIGIN_REGEX_WHITELIST: {{ toJson .Values.cors.originRegexWhitelist }} @@ -91,22 +110,33 @@ data: NAPALM_ARGS: {{ toJson .Values.napalm.args }} PAGINATE_COUNT: {{ int .Values.paginateCount }} PREFER_IPV4: {{ toJson .Values.preferIPv4 }} - WEBHOOKS_ENABLED: {{ toJson .Values.webhooksEnabled }} REDIS: - {{ if .Values.redis.enabled -}} - HOST: {{ printf "%s-master" (include "netbox.redis.fullname" .) | quote }} - PORT: {{ .Values.redis.redisPort | int }} - {{- else -}} - HOST: {{ .Values.externalRedis.host | quote }} - PORT: {{ .Values.externalRedis.port | int}} - {{- end }} - DATABASE: {{ int .Values.redisDatabase }} - CACHE_DATABASE: {{ int .Values.redisCacheDatabase }} - DEFAULT_TIMEOUT: {{ int .Values.redisTimeout }} - SSL: {{ toJson .Values.redisSsl }} + webhooks: + {{ if .Values.redis.enabled -}} + HOST: {{ printf "%s-master" (include "netbox.redis.fullname" .) | quote }} + PORT: {{ .Values.redis.redisPort | int }} + {{- else -}} + HOST: {{ .Values.webhooksRedis.host | quote }} + PORT: {{ .Values.webhooksRedis.port | int}} + {{- end }} + DATABASE: {{ int .Values.webhooksRedis.database }} + DEFAULT_TIMEOUT: {{ int .Values.webhooksRedis.timeout }} + SSL: {{ toJson .Values.webhooksRedis.ssl }} + caching: + {{ if .Values.redis.enabled -}} + HOST: {{ printf "%s-master" (include "netbox.redis.fullname" .) | quote }} + PORT: {{ .Values.redis.redisPort | int }} + {{- else -}} + HOST: {{ .Values.cachingRedis.host | quote }} + PORT: {{ .Values.cachingRedis.port | int}} + {{- end }} + DATABASE: {{ int .Values.cachingRedis.database }} + DEFAULT_TIMEOUT: {{ int .Values.cachingRedis.timeout }} + SSL: {{ toJson .Values.cachingRedis.ssl }} REPORTS_ROOT: /opt/netbox/netbox/reports + SCRIPTS_ROOT: /opt/netbox/netbox/scripts TIME_ZONE: {{ .Values.timeZone | quote }} DATE_FORMAT: {{ .Values.dateFormat | quote }} SHORT_DATE_FORMAT: {{ .Values.shortDateFormat | quote }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 934999e7..10deb290 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -72,10 +72,21 @@ spec: mountPath: /run/secrets/database readOnly: true {{- end }} - {{- if or .Values.redis.enabled .Values.externalRedis.existingSecretName }} + {{- if .Values.redis.enabled }} - name: redis-secret mountPath: /run/secrets/redis readOnly: true + {{- else }} + {{- if .Values.webhooksRedis.existingSecretName }} + - name: redis-webhooks-secret + mountPath: /run/secrets/redis_webhooks + readOnly: true + {{- end }} + {{- if .Values.cachingRedis.existingSecretName }} + - name: redis-caching-secret + mountPath: /run/secrets/redis_caching + readOnly: true + {{- end }} {{- end }} - name: secrets mountPath: /run/secrets/superuser_password @@ -152,14 +163,21 @@ spec: secretName: {{ .Values.externalDatabase.existingSecretName | quote }} {{- end }} {{- end }} - {{- if or .Values.redis.enabled .Values.externalRedis.existingSecretName }} + {{- if .Values.redis.enabled }} - name: redis-secret secret: - {{- if .Values.redis.enabled }} secretName: {{ include "netbox.redis.fullname" . | quote }} - {{- else }} - secretName: {{ .Values.externalRedis.existingSecretName | quote }} - {{- end }} + {{- else }} + {{- if .Values.webhooksRedis.existingSecretName }} + - name: redis-webhooks-secret + secret: + secretName: {{ .Values.webhooksRedis.existingSecretName | quote }} + {{- end }} + {{- if .Values.cachingRedis.existingSecretName }} + - name: redis-caching-secret + secret: + secretName: {{ .Values.cachingRedis.existingSecretName | quote }} + {{- end }} {{- end }} {{- with .Values.extraVolumes }} {{ toYaml . | indent 8 | trim }} diff --git a/templates/secret.yaml b/templates/secret.yaml index 4415e611..9617ce70 100644 --- a/templates/secret.yaml +++ b/templates/secret.yaml @@ -12,8 +12,11 @@ data: {{ end -}} email_password: {{ .Values.email.password | b64enc | quote }} napalm_password: {{ .Values.napalm.password | b64enc | quote }} - {{ if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecretName) -}} - redis_password: {{ .Values.externalRedis.password | b64enc | quote }} + {{ if and (not .Values.redis.enabled) (not .Values.webhooksRedis.existingSecretName) -}} + redis_password: {{ .Values.webhooksRedis.password | b64enc | quote }} + {{ end -}} + {{ if and (not .Values.redis.enabled) (not .Values.cachingRedis.existingSecretName) -}} + redis_cache_password: {{ .Values.cachingRedis.password | b64enc | quote }} {{ end -}} secret_key: {{ .Values.secretKey | default (randAscii 60) | b64enc }} superuser_password: {{ .Values.superuser.password | default (randAlphaNum 16) | b64enc }} diff --git a/values.yaml b/values.yaml index eac372ec..5c563a4a 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: netboxcommunity/netbox - tag: v2.6.12 + tag: v2.7.6 pullPolicy: IfNotPresent superuser: @@ -50,6 +50,10 @@ basePath: '' # (15 minutes). cacheTimeout: 900 +# Maximum number of days to retain logged changes. Set to 0 to retain change +# logs indefinitely. (Default: 90) +changelogRetention: 90 + # API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll # is set to true, all origins will be allowed. Otherwise, define a list of # allowed origins using either originWhitelist or originRegexWhitelist. For @@ -131,9 +135,6 @@ preferIPv4: false # Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' metricsEnabled: false -# Webhooks can be disabled to remove the dependency on Redis. -webhooksEnabled: true - # Time zone (default: UTC) timeZone: UTC @@ -156,8 +157,10 @@ secretKey: "" # externalDatabase.existingSecretName is blank) # - email_password: SMTP user password # - napalm_password: NAPALM user password -# - redis_password: Redis password (if redis.enabled is false and -# externalRedis.existingSecretName is blank) +# - redis_password: Redis password for webhooks Redis instance (if +# redis.enabled is false and webhooksRedis.existingSecretName is blank) +# - redis_cache_password: Redis password for caching Redis instance (if +# redis.enabled is false and cachingRedis.existingSecretName is blank) # - secret_key: session encryption token (50+ random characters) existingSecret: "" @@ -180,25 +183,39 @@ externalDatabase: password: "" existingSecretName: "" existingSecretKey: postgresql-password - -redisDatabase: 0 -redisCacheDatabase: 1 -redisTimeout: 300 -redisSsl: false + sslMode: prefer + connMaxAge: 300 redis: ## Deploy Redis using bundled chart # To use an external Redis instance, set this to false and configure the - # settings under externalRedis + # settings under *both* webhooksRedis *and* cachingRedis enabled: true -externalRedis: +webhooksRedis: + database: 0 + timeout: 300 + ssl: false + + # Used only when redis.enabled is false host: localhost port: 6379 password: "" existingSecretName: "" existingSecretKey: redis-password +cachingRedis: + database: 1 + timeout: 300 + ssl: false + + # Used only when redis.enabled is false + host: "" + port: 6379 + password: "" + existingSecretName: "" + existingSecretKey: redis-password + imagePullSecrets: [] nameOverride: "" fullnameOverride: ""