Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

feat(netbox): add netbox (#4248) 

* init work netbox

* add basic conf

* add containers

* fix secret

* add some config options

* fix secret and add mail

* add more options

* add redis username

* add more options

* comment out some dummy configs and remove redis username

* try different url

* indentaion

* whoops

* whoops again

* time as int

* execute bit on config.py

* hmm

* notes about healthchecks

* mount file wth numerical order

* add more options

* whops

* more op[tions

* no ldap for now

* precommit

* healktcheck path

* * allowed hosts on CI

* wait for main container

* update questions and additional containers startup cmd

* finish UI and update Plugins

* increase first probe delay on startup

* add some output..

* prec-mmit

* juggle versions

* add metrics

* ffs

* update logging a bit
This commit is contained in:
Stavros Kois 2022-11-10 17:04:19 +02:00 committed by GitHub
parent 49f41f4b6e
commit 93d0c68e59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 1646 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
charts/incubator/netbox/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

34
charts/incubator/netbox/Chart.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: v2
appVersion: "10.6.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.9.4
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.122
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 3.0.121
description: NetBox is the leading solution for modeling and documenting modern networks.
home: https://truecharts.org/docs/charts/stable/airsonic
icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic.png
keywords:
- network
- netbox
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: netbox
sources:
- https://github.com/netbox-community/netbox-docker
version: 0.0.1
annotations:
truecharts.org/catagories: |
- network
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

0
charts/incubator/netbox/README.md Normal file
View File

3
charts/incubator/netbox/ci/ci-values.yaml Normal file
View File

@ -0,0 +1,3 @@
netbox:
allowed_hosts:
- "*"

5
charts/incubator/netbox/docs/default-credentials.md Normal file
View File

@ -0,0 +1,5 @@
# Default Credentials
- Username: `admin`
- Password: `admin`
- API Token: `0123456789abcdef0123456789abcdef01234567`

BIN
charts/incubator/netbox/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

782
charts/incubator/netbox/questions.yaml Normal file
View File

@ -0,0 +1,782 @@
# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{controller}
# Include{controllerDeployment}
# Include{replicas}
# Include{replica1}
# Include{strategy}
# Include{recreate}
# Include{controllerExpert}
# Include{controllerExpertExtraArgs}
- variable: netbox
group: Container Configuration
label: Netbox Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: allowed_hosts
label: Allowed Hosts
description: This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. (127.0.0.1 and ::1) added automatically
schema:
type: list
default: []
items:
- variable: allowed_hosts_entry
label: Allowed Host
schema:
type: string
required: true
default: ""
- variable: allowed_urls_schemes
label: Allowed URL Schemes
description: URL schemes that are allowed within links in NetBox.
schema:
type: list
default: []
items:
- variable: allowed_url_scheme_entry
label: Allowed URL Scheme
schema:
type: string
required: true
default: ""
- variable: admins
label: Admins
description: Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of application errors (assuming correct email settings are provided).
schema:
type: list
default: []
items:
- variable: admin_entry
label: Admin
schema:
type: dict
additional_attrs: true
attrs:
- variable: name
label: Name
schema:
type: string
required: true
default: ""
- variable: email
label: Email
schema:
type: string
required: true
default: ""
- variable: auth_password_validators
label: Auth Password Validators
description: Enable any desired validators for local account passwords below. For a list of included validators, please see the Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.
schema:
type: list
default: []
items:
- variable: auth_password_validators_entry
label: Auth Password Validator
schema:
type: dict
additional_attrs: true
attrs:
- variable: name
label: Name
schema:
type: string
required: true
default: ""
- variable: options
label: Options
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: Key
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
required: true
default: ""
- variable: banner
label: Banner
schema:
additional_attrs: true
type: dict
attrs:
- variable: login
label: Login Banner
description: Text to include on the login page above the login form. HTML is allowed
schema:
type: string
default: ""
- variable: top
label: Top Banner
description: Optionally display a persistent banner at the top of every page.
schema:
type: string
default: ""
- variable: bottom
label: Bottom Banner
description: Optionally display a persistent banner at the bottom of every page.
schema:
type: string
default: ""
- variable: retention
label: Retention
schema:
additional_attrs: true
type: dict
attrs:
- variable: changelog
label: Changelog
description: Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely.
schema:
type: int
default: 90
- variable: job_result
label: Job Results
description: Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely.
schema:
type: int
default: 90
- variable: prefer_ipv4
label: Prefer IPv4
description: When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default.
schema:
type: boolean
default: false
- variable: enforce_global_unique
label: Enforce Global Unique
description: Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
schema:
type: boolean
default: true
- variable: cors_origin_allow_all
label: CORS Origin Allow All
description: If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
schema:
type: boolean
default: false
show_subquestions_if: false
- variable: cors_origin_whitelist
label: CORS Origin Whitelist
description: Example 127.0.0.1
schema:
type: list
default: []
items:
- variable: cors_origin_whitelist_entry
label: CORS Origin Whitelist Entry
schema:
type: string
required: true
default: ""
- variable: cors_origin_regex_whitelist
label: CORS Origin Regex Whitelist
description: Example r'^(https?://)?(\w+\.)?example\.com$'
schema:
type: list
default: []
items:
- variable: cors_origin_whitelist_entry
label: CORS Origin Regex Whitelist Entry
schema:
type: string
required: true
default: ""
- variable: csrf_trusted_origin
label: CSRF Trusted Origin
description: Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set this
schema:
type: list
default: []
items:
- variable: csrf_trusted_origin_entry
label: CSRF Trusted Origin Entry
schema:
type: string
required: true
default: ""
- variable: csrf_cookie_name
label: CSRF Cookie Name
description: The name to use for the csrf token cookie.
schema:
type: string
default: csrftoken
- variable: session_cookie_name
label: Session Cookie Name
description: The name to use for the session cookie.
schema:
type: string
default: sessionid
- variable: email
label: Email
schema:
additional_attrs: true
type: dict
attrs:
- variable: server
label: Server
schema:
type: string
default: ""
- variable: port
label: Port
schema:
type: int
default: 587
- variable: from_email
label: From Email
schema:
type: string
default: ""
- variable: username
label: Username
schema:
type: string
default: ""
- variable: password
label: Password
schema:
type: string
private: true
default: ""
- variable: use_ssl
label: Use SSL
schema:
type: boolean
default: false
- variable: use_tls
label: Use TLS
schema:
type: boolean
default: true
- variable: timeout
label: Timeout
schema:
type: int
default: 10
- variable: exempt_view_permissions
label: Exempt View Permissions
description: Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
schema:
type: list
default: []
items:
- variable: exempt_view_permissions_entry
label: Exempt View Permission
schema:
type: string
required: true
default: ""
- variable: http_proxies
label: HTTP Proxies
description: HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
schema:
type: list
default: []
items:
- variable: http_proxy_entry
label: HTTP Proxy Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: Key
schema:
type: string
required: true
default: ""
- variable: url
label: URL
schema:
type: string
required: true
default: ""
- variable: internal_ips
label: Internal IPs
description: IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing NetBox from an internal IP. (127.0.0.1 and ::1) added automatically
schema:
type: list
default: []
items:
- variable: internal_ips_entry
label: Internal IP
schema:
type: string
required: true
default: ""
- variable: login_persistence
label: Login Persistence
description: Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain authenticated to NetBox indefinitely.
schema:
type: boolean
default: false
- variable: login_required
label: Login Required
description: Setting this to true will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox but not make any changes.
schema:
type: boolean
default: true
- variable: login_timeout
label: Login Timeout
description: The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to re-authenticate.
schema:
type: int
default: 1209600
- variable: graphql_enabled
label: Enable GraphQL
description: Enable GraphQL API.
schema:
type: boolean
default: true
- variable: maps_url
label: Maps URl
description: Maps provider
schema:
type: string
default: https://maps.google.com/?q=
- variable: max_page_size
label: Max Page Size
description: This setting defines the maximum limit of objects an API can request. Setting it to 0 or None will allow an API consumer to request all objects.
schema:
type: int
default: 1000
- variable: paginate_count
label: Paginate Count
description: Determine how many objects to display per page within a list.
schema:
type: int
default: 50
- variable: powerfeed
label: Power Feed
schema:
additional_attrs: true
type: dict
attrs:
- variable: default_amperage
label: Default Amperage
description: The default value for the amperage field when creating new power feeds.
schema:
type: int
default: 15
- variable: default_max_utilization
label: Default Max Utilization
description: The default value (percentage) for the max_utilization field when creating new power feeds.
schema:
type: int
default: 80
- variable: default_voltage
label: Default Voltage
description: The default value for the voltage field when creating new power feeds.
schema:
type: int
default: 120
- variable: rack
label: Rack
description: Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
schema:
additional_attrs: true
type: dict
attrs:
- variable: elevation_default_unit_height
label: Elevation Default Unit Height
schema:
type: int
default: 22
- variable: elevation_default_unit_width
label: Elevation Default Unit Width
schema:
type: int
default: 220
- variable: napalm
label: Napalm
description: Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
schema:
additional_attrs: true
type: dict
attrs:
- variable: username
label: Username
schema:
type: string
default: ""
- variable: password
label: Password
schema:
type: string
private: true
default: ""
- variable: timeout
label: Timeout
schema:
type: int
default: 30
- variable: args
label: Args
description: NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments).
schema:
type: list
default: []
items:
- variable: arg_entry
label: Arg Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: arg
label: Arg
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
required: true
default: ""
- variable: storage_backend
label: Storage Backend
description: By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the class path of the storage driver in storage_backend and any configuration options in storage_config.
schema:
type: string
required: true
default: ""
- variable: storage_config
label: Storage Config
schema:
show_if: [["storage_backend", "!=", ""]]
type: list
default: []
items:
- variable: storage_config_entry
label: Storage Config Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: Key
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
required: true
default: ""
- variable: rq_default_timeout
label: RQ Default Timeout
description: Maximum execution time for background tasks, in seconds.
schema:
type: int
required: true
default: 300
- variable: remote_auth
label: Remote Auth
description: Remote authentication support
schema:
type: dict
additional_attrs: true
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
- variable: backend
label: Backend
schema:
type: string
required: true
default: ""
- variable: header
label: Header
schema:
type: string
required: true
default: ""
- variable: auto_create_user
label: Auto Create User
schema:
type: boolean
default: false
- variable: default_groups
label: Default Groups
schema:
type: list
default: []
items:
- variable: default_group_entry
label: Default Group
schema:
type: string
required: true
default: ""
- variable: default_permissions
label: Default Permissions
schema:
type: list
default: []
items:
- variable: default_permissions_entry
label: Default Permission Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: Key
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
required: true
default: ""
- variable: date_time
label: Date Time
description: Date/time formatting. See the following link for supported formats https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
schema:
type: dict
additional_attrs: true
attrs:
- variable: date_format
label: Date Format
schema:
type: string
required: true
default: N j, Y
- variable: short_date_format
label: Short Date Format
schema:
type: string
required: true
default: Y-m-d
- variable: time_format
label: Time Format
schema:
type: string
required: true
default: g:i a
- variable: short_time_format
label: Short Time Format
schema:
type: string
required: true
default: H:i:s
- variable: date_time_format
label: Date Time Format
schema:
type: string
required: true
default: N j, Y g:i a
- variable: short_date_time_format
label: Short Date Time Format
schema:
type: string
required: true
default: Y-m-d H:i
- variable: plugins_config
label: Plugins Config
description: Plugins configuration settings. These settings are used by various plugins that the user may have installed.
schema:
type: list
default: []
items:
- variable: plugin_entry
label: Plugin Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: plugin_name
label: Plugin Name
schema:
type: string
required: true
default: ""
- variable: enabled
label: Enable Plugin
schema:
type: boolean
default: true
- variable: config
label: Config
schema:
type: list
default: []
items:
- variable: config_entry
label: Config Entry
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: Key
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
required: true
default: ""
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 10265
required: true
# Include{advancedPortHTTP}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 8080
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: config
label: App Config Storage
description: Stores the Application Configuration.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: reports
label: App Reports Storage
description: Stores the Application Reports.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: scripts
label: App Scripts Storage
description: Stores the Application Scripts.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: media
label: App Media Storage
description: Stores the Application Media.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: Main Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
# Include{securityContextAdvancedRoot}
- variable: privileged
label: Privileged mode
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: ReadOnly Root Filesystem
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: Allow Privilege Escalation
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: runAsNonRoot
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
# Include{podSecurityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 0
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{metrics}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{promtail}
# Include{netshoot}
# Include{vpn}
# Include{documentation}

33
charts/incubator/netbox/templates/_housekeeper.tpl Normal file
View File

@ -0,0 +1,33 @@
{{/* Define the housekeeper container */}}
{{- define "netbox.housekeeper" -}}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: {{ .Values.podSecurityContext.runAsUser }}
runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
command:
- /bin/bash
- -c
- |
echo "Starting housekeeper..."
until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:8080/login); do
echo "Housekeeper: Waiting for the main netbox container..."
sleep 5
done
/opt/netbox/housekeeping.sh
echo "Housekeeper finished, exiting..."
volumeMounts:
- name: config
mountPath: /etc/netbox/config
- name: reports
mountPath: /etc/netbox/reports
- name: scripts
mountPath: /etc/netbox/scritps
- name: media
mountPath: /opt/netbox/netbox/media
- name: configfile
mountPath: /etc/netbox/config/01-config.py
subPath: config.py
{{- end -}}

376
charts/incubator/netbox/templates/_secret.tpl Normal file
View File

@ -0,0 +1,376 @@
{{/* Define the secret */}}
{{- define "netbox.secret" -}}
{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) }}
{{- $secret_key := "" }}
{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }}
{{- $secret_key = (index .data "secret_key") }}
{{- else }}
{{- $secret_key = randAlphaNum 64 }}
{{- end }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $secretName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
secret_key: {{ $secret_key | b64enc }}
stringData:
config.py: |
ALLOWED_HOSTS = [
'127.0.0.1',
'::1',
{{- range .Values.netbox.allowed_hosts }}
{{ . | squote }},
{{- end }}
]
DATABASE = {
'NAME': '{{ .Values.postgresql.postgresqlDatabase }}',
'USER': '{{ .Values.postgresql.postgresqlUsername }}',
'PASSWORD': '{{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}',
'HOST': '{{ printf "%v-%v" .Release.Name "postgresql" }}',
'PORT': '5432',
'CONN_MAX_AGE': 300,
}
REDIS = {
'tasks': {
'HOST': '{{ printf "%v-%v" .Release.Name "redis" }}',
'PORT': 6379,
'PASSWORD': '{{ .Values.redis.redisPassword | trimAll "\"" }}',
'DATABASE': 0,
'SSL': False,
},
'caching': {
'HOST': '{{ printf "%v-%v" .Release.Name "redis" }}',
'PORT': 6379,
'PASSWORD': '{{ .Values.redis.redisPassword | trimAll "\"" }}',
'DATABASE': 1,
'SSL': False,
}
}
SECRET_KEY = '{{ $secret_key }}'
{{- with .Values.netbox.admins }}
ADMINS = [
{{- range . }}
({{ .name | squote }},{{ .email | squote }}),
{{- end }}
]
{{- end }}
{{- with .Values.netbox.allowed_urls_schemes}}
ALLOWED_URL_SCHEMES = [
{{- range . }}
{{ . | squote }},
{{- end }}
]
{{- end }}
{{- with .Values.netbox.auth_password_validators }}
AUTH_PASSWORD_VALIDATORS = [
{{- range . }}
{
'NAME': {{ .name | squote }},
'OPTIONS': {
{{- range .options }}
{{ .key | squote }}: {{ .value }},
{{- end }}
}
},
{{- end }}
]
{{- end }}
{{- with .Values.netbox.banner.top }}
BANNER_TOP = {{ . | squote }}
{{- end }}
{{- with .Values.netbox.banner.bottom }}
BANNER_BOTTOM = {{ . | squote }}
{{- end }}
{{- with .Values.netbox.banner.login }}
BANNER_LOGIN = {{ . | squote }}
{{- end }}
{{- if or .Values.netbox.retention.changelog (eq (int .Values.netbox.retention.changelog) 0) }}
CHANGELOG_RETENTION = {{ .Values.netbox.retention.changelog }}
{{- end }}
{{- if or .Values.netbox.retention.job_result (eq (int .Values.netbox.retention.job_result) 0) }}
JOBRESULT_RETENTION = {{ .Values.netbox.retention.job_result }}
{{- end }}
PREFER_IPV4 = {{ ternary "True" "False" .Values.netbox.prefer_ipv4 }}
ENFORCE_GLOBAL_UNIQUE = {{ ternary "True" "False" .Values.netbox.enforce_global_unique }}
GRAPHQL_ENABLED = {{ ternary "True" "False" .Values.netbox.graphql_enabled }}
{{- with .Values.netbox.maps_url }}
MAPS_URL = {{ . | squote }}
{{- end }}
{{- if or .Values.netbox.max_page_size (eq (int .Values.netbox.max_page_size) 0) }}
MAX_PAGE_SIZE = {{ .Values.netbox.max_page_size }}
{{- end }}
{{- if or .Values.netbox.paginate_count (eq (int .Values.netbox.paginate_count) 0) }}
PAGINATE_COUNT = {{ .Values.netbox.paginate_count }}
{{- end }}
{{- with .Values.netbox.powerfeed.default_amperage }}
POWERFEED_DEFAULT_AMPERAGE = {{ . }}
{{- end }}
{{- with .Values.netbox.powerfeed.default_max_utilization }}
POWERFEED_DEFAULT_MAX_UTILIZATION = {{ . }}
{{- end }}
{{- with .Values.netbox.powerfeed.default_voltage }}
POWERFEED_DEFAULT_VOLTAGE = {{ . }}
{{- end }}
{{- with .Values.netbox.rack.elevation_default_unit_height }}
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = {{ . }}
{{- end }}
{{- with .Values.netbox.rack.elevation_default_unit_width }}
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = {{ . }}
{{- end }}
{{- with .Values.netbox.napalm.username }}
NAPALM_USERNAME = {{ . | squote }}
{{- end }}
{{- with .Values.netbox.napalm.password }}
NAPALM_PASSWORD = {{ . | squote }}
{{- end }}
{{- with .Values.netbox.napalm.timeout }}
NAPALM_TIMEOUT = {{ . }}
{{- end }}
{{- with .Values.netbox.napalm.args }}
NAPALM_ARGS = {
{{- range . }}
{{ .arg | squote }}: {{ .value | squote }},
{{- end }}
}
{{- end }}
{{- with .Values.netbox.csrf_trusted_origin }}
CSRF_TRUSTED_ORIGINS = [
{{ . | squote }},
]
{{- end }}
{{- with .Values.netbox.csrf_cookie_name }}
CSRF_COOKIE_NAME = {{ . | squote }}
{{- end }}
CORS_ORIGIN_ALLOW_ALL = {{ ternary "True" "False" .Values.netbox.cors_origin_allow_all }}
{{- with .Values.netbox.cors_origin_whitelist }}
CORS_ORIGIN_WHITELIST = [
{{- range . }}
{{ . | squote }},
{{- end }}
]
{{- end }}
{{- with .Values.netbox.cors_origin_regex_whitelist }}
CORS_ORIGIN_REGEX_WHITELIST = [
{{- range . }}
{{ . }},
{{- end }}
]
{{- end }}
DEBUG = {{ ternary "True" "False" .Values.netbox.debug }}
{{- if .Values.netbox.email }}
{{- if .Values.netbox.email.server }}
EMAIL = {
{{- with .Values.netbox.email.server }}
'SERVER': {{ . | squote }},
{{- end }}
{{- with .Values.netbox.email.port }}
'PORT': {{ . }},
{{- end }}
{{- with .Values.netbox.email.username }}
'USERNAME': {{ . | squote }},
{{- end }}
{{- with .Values.netbox.email.password }}
'PASSWORD': {{ . | squote }},
{{- end }}
'USE_SSL': {{ ternary "True" "False" .Values.netbox.email.use_ssl }},
'USE_TLS': {{ ternary "True" "False" .Values.netbox.email.use_tls }},
{{- with .Values.netbox.email.timeout }}
'TIMEOUT': {{ . }},
{{- end }}
{{- with .Values.netbox.email.from_email }}
'FROM_EMAIL': {{ . | squote }},
{{- end }}
}
{{- end }}
{{- end }}
{{- with .Values.netbox.exempt_view_permissions }}
EXEMPT_VIEW_PERMISSIONS = [
{{- range . }}
{{ . | squote }},
{{- end }}
]
{{- end }}
{{- with .Values.netbox.http_proxies }}
HTTP_PROXIES = {
{{- range . }}
{{ .key | squote }}: {{ .url | squote }},
{{- end }}
}
{{- end }}
{{- with .Values.netbox.internal_ips }}
INTERNAL_IPS = (
'127.0.0.1',
'::1',
{{- range . }}
{{ . | squote }},
{{- end }}
)
{{- end }}
LOGIN_PERSISTENCE = {{ ternary "True" "False" .Values.netbox.login_persistence }}
LOGIN_REQUIRED = {{ ternary "True" "False" .Values.netbox.login_required }}
{{- with .Values.netbox.login_timeout }}
LOGIN_TIMEOUT = {{ . }}
{{- end }}
METRICS_ENABLED = {{ ternary "True" "False" .Values.metrics.enabled }}
TIME_ZONE = {{ .Values.TZ | squote }}
MEDIA_ROOT = '/opt/netbox/netbox/media'
REPORTS_ROOT = '/opt/netbox/netbox/reports'
SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
{{- with .Values.netbox.storage_backend }}
STORAGE_BACKEND = {{ . | squote }}
{{- end }}
{{- with .Values.netbox.storage_config }}
STORAGE_CONFIG = {
{{- range . }}
{{ .key | squote }}: {{ .value | squote }},
{{- end }}
}
{{- end }}
{{- $enabled_plugins := list -}}
{{- with .Values.netbox.plugin_config -}}
{{- range . -}}
{{- if .enabled -}}
{{- $enabled_plugins = append $enabled_plugins .plugin_name -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with $enabled_plugins }}
PLUGINS = [
{{- range . }}
{{ . | squote }},
{{- end }}
]
{{- end }}
{{/*
TODO: Consider template plugins here, so it's easier to config on UI
https://github.com/netbox-community/netbox/wiki/Plugins
*/}}
{{- with .Values.netbox.plugin_config }}
PLUGINS_CONFIG = {
{{- range . }}
{{- if .enabled }}
{{ .plugin_name | squote }}: {
{{- range .config }}
{{ .key | squote }}: {{ .value | squote }},
{{- end }}
}
{{- end }}
{{- end }}
}
{{- end }}
{{- with .Values.netbox.rq_default_timeout }}
RQ_DEFAULT_TIMEOUT = {{ . }}
{{- end }}
{{- with .Values.netbox.session_cookie_name }}
SESSION_COOKIE_NAME = {{ . | squote }}
{{- end }}
RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
{{- with .Values.netbox.remote_auth }}
{{- if .enabled }}
REMOTE_AUTH_ENABLED = True
{{- with .backend }}
REMOTE_AUTH_BACKEND = {{ . | squote }}
{{- end }}
{{- with .header }}
REMOTE_AUTH_HEADER = {{ . | squote }}
{{- end }}
REMOTE_AUTH_AUTO_CREATE_USER = {{ ternary "True" "False" .auto_create_user }}
{{- with .default_groups }}
REMOTE_AUTH_DEFAULT_GROUPS = [
{{- range . }}
{{ . | squote }},
{{- end }}
]
{{- end }}
{{- with .default_permissions }}
REMOTE_AUTH_DEFAULT_PERMISSIONS = {
{{- range . }}
{{ .key | squote }}: {{ if eq .value "None" }}{{ .value }}{{ else }}{{ .value | squote }}{{ end }},
{{- end }}
}
{{- end }}
{{- end }}
{{- end }}
SESSION_FILE_PATH = None
{{- with .Values.netbox.date_time }}
{{- with .date_format }}
DATE_FORMAT = {{ . | squote }}
{{- end }}
{{- with .short_date_format }}
SHORT_DATE_FORMAT = {{ . | squote }}
{{- end }}
{{- with .time_format }}
TIME_FORMAT = {{ . | squote }}
{{- end }}
{{- with .shot_time_format }}
SHORT_TIME_FORMAT = {{ . | squote }}
{{- end }}
{{- with .date_time_format }}
DATETIME_FORMAT = {{ . | squote }}
{{- end }}
{{- with .short_date_time_format }}
SHORT_DATETIME_FORMAT = {{ . | squote }}
{{- end }}
{{- end }}
{{- end }}

56
charts/incubator/netbox/templates/_worker.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/* Define the worker container */}}
{{- define "netbox.worker" -}}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: {{ .Values.podSecurityContext.runAsUser }}
runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
command:
- /bin/bash
- -c
- |
echo "Starting worker...."
until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:8080/login); do
echo "Worker: Waiting for the main netbox container..."
sleep 5
done
/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py rqworker
volumeMounts:
- name: config
mountPath: /etc/netbox/config
- name: reports
mountPath: /etc/netbox/reports
- name: scripts
mountPath: /etc/netbox/scritps
- name: media
mountPath: /opt/netbox/netbox/media
- name: configfile
mountPath: /etc/netbox/config/01-config.py
subPath: config.py
{{/*readinessProbe:
exec:
command:
- TODO: find a healthcheck
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
exec:
command:
- TODO: find a healthcheck
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
exec:
command:
- TODO: find a healthcheck
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}*/}}
{{- end -}}

16
charts/incubator/netbox/templates/common.yaml Normal file
View File

@ -0,0 +1,16 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- include "netbox.secret" . }}
{{- $_ := set .Values.additionalContainers "worker" (include "netbox.worker" . | fromYaml) -}}
{{- $_ := set .Values.additionalContainers "housekeeper" (include "netbox.housekeeper" . | fromYaml) -}}
{{- if .Values.metrics.enabled -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | toString) -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

18
charts/incubator/netbox/templates/prometheusrules.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "tc.common.names.fullname" . }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
{{- with .Values.metrics.prometheusRule.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "tc.common.names.fullname" . }}
rules:
{{- with .Values.metrics.prometheusRule.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

24
charts/incubator/netbox/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if .Values.metrics.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "tc.common.names.fullname" . }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
{{- with .Values.metrics.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
endpoints:
- port: http
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- end }}

268
charts/incubator/netbox/values.yaml Normal file
View File

@ -0,0 +1,268 @@
image:
repository: tccr.io/truecharts/netbox
tag: 3.3.6@sha256:4084b61c588dd2f15d117f30017a5c15fd03c3de38ed49e3241c48bce54048d7
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
probes:
liveness:
type: HTTP
path: /login
readiness:
type: HTTP
path: /login
startup:
type: HTTP
path: /login
# Gives some time for app to run db migrations
initialDelaySeconds: 60
service:
main:
ports:
main:
port: 10265
protocol: HTTP
targetPort: 8080
netbox:
# -- This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
# 127.0.0.1 added automatically
allowed_hosts:
[]
# - netbox.example.com
# - URL schemes that are allowed within links in NetBox
allowed_urls_schemes:
[]
# - file
# - ftp
# -- Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
# application errors (assuming correct email settings are provided).
admins:
[]
# - name: John Doe
# email: jdoe@example.com
# -- Enable any desired validators for local account passwords below. For a list of included validators, please see the
# Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.
auth_password_validators:
[]
# - name: django.contrib.auth.password_validation.MinimumLengthValidator
# options:
# - key: min_length
# value: 10
banner:
# -- Optionally display a persistent banner at the top of every page.
top: ""
# -- Optionally display a persistent banner at the bottom of every page.
bottom: ""
# -- Text to include on the login page above the login form. HTML is allowed
login: ""
retention:
# -- Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely.
changelog: 90
# -- Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely.
job_result: 90
# -- When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default.
prefer_ipv4: false
# -- Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
enforce_global_unique: true
# - API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# - allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# - CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
cors_origin_allow_all: false
cors_origin_whitelist:
[]
# - "127.0.0.1"
cors_origin_regex_whitelist:
[]
# - r'^(https?://)?(\w+\.)?example\.com$'
debug: false
email:
server: ""
port: 587
username: ""
password: ""
use_ssl: false
use_tls: true
timeout: 10
from_email: ""
# -- Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
exempt_view_permissions:
[]
# - dcim.site
# - dcim.region
# - ipam.prefix
# - HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
http_proxies:
[]
# - key: http
# url: http://10.10.1.10:3128
# - key: https
# url: http://10.10.1.10:1080
# -- IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP. (127.0.0.1 and ::1) added automatically
internal_ips:
[]
# - "10.10.10.5"
# -- Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
# authenticated to NetBox indefinitely.
login_persistence: false
# -- Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox but not make any changes.
login_required: true
# -- The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
login_timeout: 1209600
# -- Enable GraphQL API.
graphql_enabled: true
# -- Maps provider
maps_url: https://maps.google.com/?q=
# -- An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
max_page_size: 1000
# -- Determine how many objects to display per page within a list. (Default: 50)
paginate_count: 50
powerfeed:
# -- The default value for the amperage field when creating new power feeds.
default_amperage: 15
# -- The default value (percentage) for the max_utilization field when creating new power feeds.
default_max_utilization: 80
# -- The default value for the voltage field when creating new power feeds.
default_voltage: 120
# -- Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
rack:
elevation_default_unit_height: 22
elevation_default_unit_width: 220
# -- Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
napalm:
username: ""
password: ""
timeout: 30
# -- NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments).
args:
[]
# - arg: allow_agent
# value: "False"
# -- Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set this
csrf_trusted_origin:
[]
# - https://netbox.mydomain.com
# -- The name to use for the session cookie.
session_cookie_name: sessionid
# -- The name to use for the csrf token cookie.
csrf_cookie_name: csrftoken
# -- By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
# class path of the storage driver in storage_backend and any configuration options in storage_config. For example:
# Example storages.backends.s3boto3.S3Boto3Storage
storage_backend: ""
storage_config:
[]
# - key: AWS_ACCESS_KEY_ID
# value: KeyID
# - key: AWS_SECRET_ACCESS_KEY
# value: Secret
# - key: AWS_STORAGE_BUCKET_NAME
# value: netbox
# - key: AWS_S3_REGION_NAME
# value: eu-west-1
# -- Plugins configuration settings. These settings are used by various plugins that the user may have installed.
plugin_config:
# - plugin_name: plugin1
# enabled: false
# config:
# - key: foo
# value: bar
# - key: fizz
# value: bizz
# -- Maximum execution time for background tasks, in seconds.
rq_default_timeout: 300
# -- Remote authentication support
remote_auth:
{}
# enabled: false
# backend: netbox.authentication.RemoteUserBackend
# header: header
# auto_create_user: false
# default_groups: []
# default_permissions:
# - key: dcim.change_site
# value: None
# -- Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
date_time:
date_format: N j, Y
short_date_format: Y-m-d
time_format: g:i a
short_time_format: H:i:s
date_time_format: N j, Y g:i a
short_date_time_format: Y-m-d H:i
metrics:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: false
serviceMonitor:
interval: 1m
scrapeTimeout: 30s
labels: {}
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
persistence:
config:
enabled: true
mountPath: /etc/netbox/config
reports:
enabled: true
mountPath: /etc/netbox/reports
scripts:
enabled: true
mountPath: /etc/netbox/scripts
media:
enabled: true
mountPath: /opt/netbox/netbox/media
configfile:
enabled: true
type: secret
objectName: '{{ include "tc.common.names.fullname" . }}-secret'
mountPath: /etc/netbox/config/01-config.py
subPath: config.py
postgresql:
enabled: true
existingSecret: dbcreds
postgresqlUsername: netbox
postgresqlDatabase: netbox
redis:
enabled: true
existingSecret: rediscreds
portal:
enabled: true

1
cspell.config.yaml
View File

@ -161,6 +161,7 @@ words:
- multihost
- nbclassic
- neko
- netbox
- netdata
- networkv
- nextcloud