diff --git a/Chart.yaml b/Chart.yaml index 74ec9760..249a87df 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 2.7.7 +appVersion: 2.8.1 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool icon: https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.png name: netbox -version: 2.0.1 +version: 2.1.0 diff --git a/README.md b/README.md index 2957ebf9..87dbdb1c 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ $ helm install bootc/netbox ## Prerequisites - This chart has only been tested on Kubernetes 1.12+, but should work on older versions +- This chart works with NetBox 2.7.11+ +- Recent versions of Helm 2 or 3 are supported ## Installing the Chart @@ -59,7 +61,7 @@ The following table lists the configurable parameters for this chart and their d | --------------------------------------|---------------------------------------------------------------------|----------------------------------------------| | `replicaCount` | The desired number of NetBox pods | `1` | | `image.repository` | NetBox container image repository | `netboxcommunity/netbox` | -| `image.tag` | NetBox container image tag | `v2.7.7` | +| `image.tag` | NetBox container image tag | `v2.8.1` | | `image.pullPolicy` | NetBox container image pull policy | `IfNotPresent` | | `superuser.name` | Initial super-user account to create | `admin` | | `superuser.email` | Email address for the initial super-user account | `admin@example.com` | @@ -95,7 +97,17 @@ The following table lists the configurable parameters for this chart and their d | `napalm.timeout` | Timeout for NAPALM to connect to a device (in seconds) | `30` | | `napalm.args` | A dictionary of optional arguments to pass to NAPALM | `{}` | | `paginateCount` | The default number of objects to display per page in the web UI | `50` | +| `plugins` | Additional plugins to load into NetBox | `[]` | +| `pluginsConfig` | Configuration for the additional plugins | `{}` | | `preferIPv4` | Prefer devices' IPv4 address when determining their primary address | `false` | +| `remoteAuth.enabled` | Enable remote authentication support | `false` | +| `remoteAuth.backend` | Remote authentication backend class | `utilities.auth_backends.RemoteUserBackend` | +| `remoteAuth.header` | The name of the HTTP header which conveys the username | `HTTP_REMOTE_USER` | +| `remoteAuth.autoCreateUser` | Enables the automatic creation of new users | `true` | +| `remoteAuth.defaultGroups` | A list of groups to assign to newly created users | `[]` | +| `remoteAuth.defaultPermissions` | A list of permissions to assign newly created users | `[]` | +| `releaseCheck.timeout` | How often NetBox queries GitHub for new releases, if enabled | `86400` | +| `releaseCheck.url` | Release check URL (GitHub API URL; see `values.yaml`) | `null` (disabled by default) | | `metricsEnabled` | Expose Prometheus metrics at the `/metrics` HTTP endpoint | `false` | | `timeZone` | The time zone NetBox will use when dealing with dates and times | `UTC` | | `dateFormat` | Django date format for long-form date strings | `"N j, Y"` | @@ -162,6 +174,7 @@ The following table lists the configurable parameters for this chart and their d | `nginx.image.tag` | NGINX container image tag | `1.16.0-alpine` | | `nginx.image.pullPolicy` | NGINX container image pull policy | `IfNotPresent` | | `nginx.resources` | Configure resource requests or limits for NGINX | `{}` | +| `podAnnotations` | Additional annotations for NetBox pods | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `updateStrategy` | Configure deployment update strategy | `{}` (defaults to `RollingUpdate`) | @@ -187,10 +200,11 @@ Rather than specifying passwords and secrets as part of the Helm release values, you may pass these to NetBox using a pre-existing `Secret` resource. When using this, the `Secret` must contain the following keys: -| Key | Description | Required? | -| ------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------| -| `db_password` | The password for the external PostgreSQL database | If `postgresql.enabled` is `false` and `externalDatabase.existingSecretName` is unset | -| `email_password` | SMTP user password | Yes, but the value may be left blank if not required | -| `napalm_password` | NAPALM user password | Yes, but the value may be left blank if not required | -| `redis_password` | Password for the external Redis databases | If `redis.enabled` is `false` and `externalRedis.existingSecretName` is unset | -| `secret_key` | Django session and password reset token encryption key | Yes, and should be 50+ random characters | +| Key | Description | Required? | +| -----------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------| +| `db_password` | The password for the external PostgreSQL database | If `postgresql.enabled` is `false` and `externalDatabase.existingSecretName` is unset | +| `email_password` | SMTP user password | Yes, but the value may be left blank if not required | +| `napalm_password` | NAPALM user password | Yes, but the value may be left blank if not required | +| `redis_password` | Password for the external Redis tasks database | If `redis.enabled` is `false` and `webhooksRedis.existingSecretName` is unset | +| `redis_cache_password` | Password for the external Redis cache database | If `redis.enabled` is `false` and `cachingRedis.existingSecretName` is unset | +| `secret_key` | Django session and password reset token encryption key | Yes, and should be 50+ random characters | diff --git a/requirements.yaml b/requirements.yaml index ea6babe7..f3339ff7 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,9 +1,9 @@ dependencies: - name: postgresql version: 8.x.x - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: redis version: 10.x.x - repository: https://kubernetes-charts.storage.googleapis.com/ + repository: https://charts.bitnami.com/bitnami condition: redis.enabled diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 155eb70d..352d6461 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,20 +1,27 @@ -1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} +NetBox should be available at the following URL(s) shortly: +{{ range $host := .Values.ingress.hosts }} {{- range .paths }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} +Get the application URL by running these commands: + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "netbox.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netbox.fullname" . }}' +Get the application URL by running these commands: + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "netbox.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.port }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "netbox.fullname" . }}' {{- else if contains "ClusterIP" .Values.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "netbox.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 diff --git a/templates/configmap.yaml b/templates/configmap.yaml index ce43ca04..113c03d3 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -33,7 +33,7 @@ data: {{- end -}} {{- end -}}) NAPALM_PASSWORD = _load_secret('netbox', 'napalm_password') - REDIS['webhooks']['PASSWORD'] = _load_secret( + REDIS['tasks']['PASSWORD'] = _load_secret( {{- if .Values.redis.enabled -}} 'redis', 'redis-password' {{- else -}} @@ -109,10 +109,20 @@ data: NAPALM_TIMEOUT: {{ int .Values.napalm.timeout }} NAPALM_ARGS: {{ toJson .Values.napalm.args }} PAGINATE_COUNT: {{ int .Values.paginateCount }} + PLUGINS: {{ toJson .Values.plugins }} + PLUGINS_CONFIG: {{ toJson .Values.pluginsConfig }} PREFER_IPV4: {{ toJson .Values.preferIPv4 }} + REMOTE_AUTH_ENABLED: {{ toJson .Values.remoteAuth.enabled }} + REMOTE_AUTH_BACKEND: {{ .Values.remoteAuth.backend | quote }} + REMOTE_AUTH_HEADER: {{ .Values.remoteAuth.header | quote }} + REMOTE_AUTH_AUTO_CREATE_USER: {{ toJson .Values.remoteAuth.autoCreateUser }} + REMOTE_AUTH_DEFAULT_GROUPS: {{ toJson .Values.remoteAuth.defaultGroups }} + REMOTE_AUTH_DEFAULT_PERMISSIONS: {{ toJson .Values.remoteAuth.defaultPermissions }} + RELEASE_CHECK_TIMEOUT: {{ .Values.releaseCheck.timeout | int }} + RELEASE_CHECK_URL: {{ toJson .Values.releaseCheck.url }} REDIS: - webhooks: + tasks: {{ if .Values.redis.enabled -}} HOST: {{ printf "%s-master" (include "netbox.redis.fullname" .) | quote }} PORT: {{ .Values.redis.redisPort | int }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 10deb290..4c11eb50 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -19,6 +19,14 @@ spec: labels: app.kubernetes.io/name: {{ include "netbox.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if (not .Values.existingSecret) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -46,6 +54,11 @@ spec: httpGet: path: /login/ port: netbox + {{- if (not (eq (index .Values.allowedHosts 0) "*")) }} + httpHeaders: + - name: Host + value: {{ (index .Values.allowedHosts 0) | quote }} + {{- end }} volumeMounts: - name: config mountPath: /etc/netbox/config/configuration.py @@ -139,7 +152,11 @@ spec: name: {{ include "netbox.fullname" . }} - name: secrets secret: + {{- if .Values.existingSecret }} + secretName: {{ .Values.existingSecret | quote }} + {{- else }} secretName: {{ include "netbox.fullname" . }} + {{- end }} - name: media {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/templates/service.yaml b/templates/service.yaml index fda179a7..47a26661 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -16,5 +16,5 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} {{ if .Values.service.loadBalancerSourceRanges -}} loadBalancerSourceRanges: - {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 | trim }} {{- end }} diff --git a/values.yaml b/values.yaml index 0d5e7455..263663c3 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: netboxcommunity/netbox - tag: v2.7.7 + tag: v2.8.1 pullPolicy: IfNotPresent superuser: @@ -128,10 +128,38 @@ napalm: # Determine how many objects to display per page within a list. (Default: 50) paginateCount: 50 +# Enable installed plugins. Add the name of each plugin to the list. +plugins: [] + +# Plugins configuration settings. These settings are used by various plugins +# that the user may have installed. Each key in the dictionary is the name of +# an installed plugin and its value is a dictionary of settings. +pluginsConfig: {} + # When determining the primary IP address for a device, IPv6 is preferred over # IPv4 by default. Set this to True to prefer IPv4 instead. preferIPv4: false +# Remote authentication support +remoteAuth: + enabled: false + backend: utilities.auth_backends.RemoteUserBackend + header: HTTP_REMOTE_USER + autoCreateUser: true + defaultGroups: [] + defaultPermissions: [] + +releaseCheck: + # This determines how often the GitHub API is called to check the latest + # release of NetBox. Must be at least 1 hour. + timeout: 86400 + + # This repository is used to check whether there is a new release of NetBox + # available. Set to null to disable the version check or use the URL below to + # check for release in the official NetBox repository. + url: null + # url: https://api.github.com/repos/netbox-community/netbox/releases + # Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' metricsEnabled: false @@ -298,11 +326,13 @@ resources: {} nginx: image: repository: nginx - tag: 1.16.1-alpine + tag: 1.18.0-alpine pullPolicy: IfNotPresent resources: {} +podAnnotations: {} + nodeSelector: {} tolerations: []