Merge branch 'develop' into 'master'

Chart 2.1.0

See merge request charts/netbox!13

Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: 2.7.7
+appVersion: 2.8.1
 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool
 icon: https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.png
 name: netbox
-version: 2.0.1
+version: 2.1.0

README.md

@@ -13,6 +13,8 @@ $ helm install bootc/netbox
 ## Prerequisites
 
 - This chart has only been tested on Kubernetes 1.12+, but should work on older versions
+- This chart works with NetBox 2.7.11+
+- Recent versions of Helm 2 or 3 are supported
 
 ## Installing the Chart
 
@@ -59,7 +61,7 @@ The following table lists the configurable parameters for this chart and their d
 | --------------------------------------|---------------------------------------------------------------------|----------------------------------------------|
 | `replicaCount`                        | The desired number of NetBox pods                                   | `1`                                          |
 | `image.repository`                    | NetBox container image repository                                   | `netboxcommunity/netbox`                     |
-| `image.tag`                           | NetBox container image tag                                          | `v2.7.7`                                     |
+| `image.tag`                           | NetBox container image tag                                          | `v2.8.1`                                     |
 | `image.pullPolicy`                    | NetBox container image pull policy                                  | `IfNotPresent`                               |
 | `superuser.name`                      | Initial super-user account to create                                | `admin`                                      |
 | `superuser.email`                     | Email address for the initial super-user account                    | `[email protected]`                          |
@@ -95,7 +97,17 @@ The following table lists the configurable parameters for this chart and their d
 | `napalm.timeout`                      | Timeout for NAPALM to connect to a device (in seconds)              | `30`                                         |
 | `napalm.args`                         | A dictionary of optional arguments to pass to NAPALM                | `{}`                                         |
 | `paginateCount`                       | The default number of objects to display per page in the web UI     | `50`                                         |
+| `plugins`                             | Additional plugins to load into NetBox                              | `[]`                                         |
+| `pluginsConfig`                       | Configuration for the additional plugins                            | `{}`                                         |
 | `preferIPv4`                          | Prefer devices' IPv4 address when determining their primary address | `false`                                      |
+| `remoteAuth.enabled`                  | Enable remote authentication support                                | `false`                                      |
+| `remoteAuth.backend`                  | Remote authentication backend class                                 | `utilities.auth_backends.RemoteUserBackend`  |
+| `remoteAuth.header`                   | The name of the HTTP header which conveys the username              | `HTTP_REMOTE_USER`                           |
+| `remoteAuth.autoCreateUser`           | Enables the automatic creation of new users                         | `true`                                       |
+| `remoteAuth.defaultGroups`            | A list of groups to assign to newly created users                   | `[]`                                         |
+| `remoteAuth.defaultPermissions`       | A list of permissions to assign newly created users                 | `[]`                                         |
+| `releaseCheck.timeout`                | How often NetBox queries GitHub for new releases, if enabled        | `86400`                                      |
+| `releaseCheck.url`                    | Release check URL (GitHub API URL; see `values.yaml`)               | `null` (disabled by default)                 |
 | `metricsEnabled`                      | Expose Prometheus metrics at the `/metrics` HTTP endpoint           | `false`                                      |
 | `timeZone`                            | The time zone NetBox will use when dealing with dates and times     | `UTC`                                        |
 | `dateFormat`                          | Django date format for long-form date strings                       | `"N j, Y"`                                   |
@@ -162,6 +174,7 @@ The following table lists the configurable parameters for this chart and their d
 | `nginx.image.tag`                     | NGINX container image tag                                           | `1.16.0-alpine`                              |
 | `nginx.image.pullPolicy`              | NGINX container image pull policy                                   | `IfNotPresent`                               |
 | `nginx.resources`                     | Configure resource requests or limits for NGINX                     | `{}`                                         |
+| `podAnnotations`                      | Additional annotations for NetBox pods                              | `{}`                                         |
 | `nodeSelector`                        | Node labels for pod assignment                                      | `{}`                                         |
 | `tolerations`                         | Toleration labels for pod assignment                                | `[]`                                         |
 | `updateStrategy`                      | Configure deployment update strategy                                | `{}` (defaults to `RollingUpdate`)           |
@@ -187,10 +200,11 @@ Rather than specifying passwords and secrets as part of the Helm release values,
 you may pass these to NetBox using a pre-existing `Secret` resource. When using
 this, the `Secret` must contain the following keys:
 
-| Key               | Description                                            | Required? |
-| ------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------|
-| `db_password`     | The password for the external PostgreSQL database      | If `postgresql.enabled` is `false` and `externalDatabase.existingSecretName` is unset |
-| `email_password`  | SMTP user password                                     | Yes, but the value may be left blank if not required                                  |
-| `napalm_password` | NAPALM user password                                   | Yes, but the value may be left blank if not required                                  |
-| `redis_password`  | Password for the external Redis databases              | If `redis.enabled` is `false` and `externalRedis.existingSecretName` is unset         |
-| `secret_key`      | Django session and password reset token encryption key | Yes, and should be 50+ random characters                                              |
+| Key                    | Description                                            | Required? |
+| -----------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------|
+| `db_password`          | The password for the external PostgreSQL database      | If `postgresql.enabled` is `false` and `externalDatabase.existingSecretName` is unset |
+| `email_password`       | SMTP user password                                     | Yes, but the value may be left blank if not required                                  |
+| `napalm_password`      | NAPALM user password                                   | Yes, but the value may be left blank if not required                                  |
+| `redis_password`       | Password for the external Redis tasks database         | If `redis.enabled` is `false` and `webhooksRedis.existingSecretName` is unset         |
+| `redis_cache_password` | Password for the external Redis cache database         | If `redis.enabled` is `false` and `cachingRedis.existingSecretName` is unset          |
+| `secret_key`           | Django session and password reset token encryption key | Yes, and should be 50+ random characters                                              |

requirements.yaml

@@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
   version: 8.x.x
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  repository: https://charts.bitnami.com/bitnami
   condition: postgresql.enabled
 - name: redis
   version: 10.x.x
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  repository: https://charts.bitnami.com/bitnami
   condition: redis.enabled

templates/NOTES.txt

@@ -1,20 +1,27 @@
-1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
+NetBox should be available at the following URL(s) shortly:
+{{ range $host := .Values.ingress.hosts }}
   {{- range .paths }}
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
+Get the application URL by running these commands:
+
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netbox.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netbox.fullname" . }}'
+Get the application URL by running these commands:
+
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netbox.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP:{{ .Values.service.port }}
+
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netbox.fullname" . }}'
 {{- else if contains "ClusterIP" .Values.service.type }}
+Get the application URL by running these commands:
+
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netbox.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl port-forward $POD_NAME 8080:80

templates/configmap.yaml

@@ -33,7 +33,7 @@ data:
       {{- end -}}
       {{- end -}})
     NAPALM_PASSWORD = _load_secret('netbox', 'napalm_password')
-    REDIS['webhooks']['PASSWORD'] = _load_secret(
+    REDIS['tasks']['PASSWORD'] = _load_secret(
       {{- if .Values.redis.enabled -}}
       'redis', 'redis-password'
       {{- else -}}
@@ -109,10 +109,20 @@ data:
     NAPALM_TIMEOUT: {{ int .Values.napalm.timeout }}
     NAPALM_ARGS: {{ toJson .Values.napalm.args }}
     PAGINATE_COUNT: {{ int .Values.paginateCount }}
+    PLUGINS: {{ toJson .Values.plugins }}
+    PLUGINS_CONFIG: {{ toJson .Values.pluginsConfig }}
     PREFER_IPV4: {{ toJson .Values.preferIPv4 }}
+    REMOTE_AUTH_ENABLED: {{ toJson .Values.remoteAuth.enabled }}
+    REMOTE_AUTH_BACKEND: {{ .Values.remoteAuth.backend | quote }}
+    REMOTE_AUTH_HEADER: {{ .Values.remoteAuth.header | quote }}
+    REMOTE_AUTH_AUTO_CREATE_USER: {{ toJson .Values.remoteAuth.autoCreateUser }}
+    REMOTE_AUTH_DEFAULT_GROUPS: {{ toJson .Values.remoteAuth.defaultGroups }}
+    REMOTE_AUTH_DEFAULT_PERMISSIONS: {{ toJson .Values.remoteAuth.defaultPermissions }}
+    RELEASE_CHECK_TIMEOUT: {{ .Values.releaseCheck.timeout | int }}
+    RELEASE_CHECK_URL: {{ toJson .Values.releaseCheck.url }}
 
     REDIS:
-      webhooks:
+      tasks:
         {{ if .Values.redis.enabled -}}
         HOST: {{ printf "%s-master" (include "netbox.redis.fullname" .) | quote }}
         PORT: {{ .Values.redis.redisPort | int }}

templates/deployment.yaml

@@ -19,6 +19,14 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "netbox.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- if (not .Values.existingSecret) }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
     spec:
     {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -46,6 +54,11 @@ spec:
             httpGet:
               path: /login/
               port: netbox
+              {{- if (not (eq (index .Values.allowedHosts 0) "*")) }}
+              httpHeaders:
+                - name: Host
+                  value: {{ (index .Values.allowedHosts 0) | quote }}
+              {{- end }}
           volumeMounts:
             - name: config
               mountPath: /etc/netbox/config/configuration.py
@@ -139,7 +152,11 @@ spec:
             name: {{ include "netbox.fullname" . }}
         - name: secrets
           secret:
+            {{- if .Values.existingSecret }}
+            secretName: {{ .Values.existingSecret | quote }}
+            {{- else }}
             secretName: {{ include "netbox.fullname" . }}
+            {{- end }}
         - name: media
         {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

templates/service.yaml

@@ -16,5 +16,5 @@ spec:
     app.kubernetes.io/instance: {{ .Release.Name }}
   {{ if .Values.service.loadBalancerSourceRanges -}}
   loadBalancerSourceRanges:
-    {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
+    {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 | trim }}
   {{- end }}

values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: netboxcommunity/netbox
-  tag: v2.7.7
+  tag: v2.8.1
   pullPolicy: IfNotPresent
 
 superuser:
@@ -128,10 +128,38 @@ napalm:
 # Determine how many objects to display per page within a list. (Default: 50)
 paginateCount: 50
 
+# Enable installed plugins. Add the name of each plugin to the list.
+plugins: []
+
+# Plugins configuration settings. These settings are used by various plugins
+# that the user may have installed. Each key in the dictionary is the name of
+# an installed plugin and its value is a dictionary of settings.
+pluginsConfig: {}
+
 # When determining the primary IP address for a device, IPv6 is preferred over
 # IPv4 by default. Set this to True to prefer IPv4 instead.
 preferIPv4: false
 
+# Remote authentication support
+remoteAuth:
+  enabled: false
+  backend: utilities.auth_backends.RemoteUserBackend
+  header: HTTP_REMOTE_USER
+  autoCreateUser: true
+  defaultGroups: []
+  defaultPermissions: []
+
+releaseCheck:
+  # This determines how often the GitHub API is called to check the latest
+  # release of NetBox. Must be at least 1 hour.
+  timeout: 86400
+
+  # This repository is used to check whether there is a new release of NetBox
+  # available. Set to null to disable the version check or use the URL below to
+  # check for release in the official NetBox repository.
+  url: null
+  # url: https://api.github.com/repos/netbox-community/netbox/releases
+
 # Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
 metricsEnabled: false
 
@@ -298,11 +326,13 @@ resources: {}
 nginx:
   image:
     repository: nginx
-    tag: 1.16.1-alpine
+    tag: 1.18.0-alpine
     pullPolicy: IfNotPresent
 
   resources: {}
 
+podAnnotations: {}
+
 nodeSelector: {}
 
 tolerations: []