diff --git a/charts/incubator/netbox/.helmignore b/charts/incubator/netbox/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/netbox/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/netbox/Chart.yaml b/charts/incubator/netbox/Chart.yaml new file mode 100644 index 00000000000..cbbcaf26111 --- /dev/null +++ b/charts/incubator/netbox/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +appVersion: "10.6.2" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.9.4 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 8.0.122 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 3.0.121 +description: NetBox is the leading solution for modeling and documenting modern networks. +home: https://truecharts.org/docs/charts/stable/airsonic +icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic.png +keywords: + - network + - netbox +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: netbox +sources: + - https://github.com/netbox-community/netbox-docker +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/netbox/README.md b/charts/incubator/netbox/README.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/charts/incubator/netbox/ci/ci-values.yaml b/charts/incubator/netbox/ci/ci-values.yaml new file mode 100644 index 00000000000..8d76902de98 --- /dev/null +++ b/charts/incubator/netbox/ci/ci-values.yaml @@ -0,0 +1,3 @@ +netbox: + allowed_hosts: + - "*" diff --git a/charts/incubator/netbox/docs/default-credentials.md b/charts/incubator/netbox/docs/default-credentials.md new file mode 100644 index 00000000000..c005dc3c1c2 --- /dev/null +++ b/charts/incubator/netbox/docs/default-credentials.md @@ -0,0 +1,5 @@ +# Default Credentials + +- Username: `admin` +- Password: `admin` +- API Token: `0123456789abcdef0123456789abcdef01234567` diff --git a/charts/incubator/netbox/icon.png b/charts/incubator/netbox/icon.png new file mode 100644 index 00000000000..b12be3a2b30 Binary files /dev/null and b/charts/incubator/netbox/icon.png differ diff --git a/charts/incubator/netbox/questions.yaml b/charts/incubator/netbox/questions.yaml new file mode 100644 index 00000000000..db0be879348 --- /dev/null +++ b/charts/incubator/netbox/questions.yaml @@ -0,0 +1,782 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{controller} +# Include{controllerDeployment} +# Include{replicas} +# Include{replica1} +# Include{strategy} +# Include{recreate} +# Include{controllerExpert} +# Include{controllerExpertExtraArgs} + - variable: netbox + group: Container Configuration + label: Netbox Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: allowed_hosts + label: Allowed Hosts + description: This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. (127.0.0.1 and ::1) added automatically + schema: + type: list + default: [] + items: + - variable: allowed_hosts_entry + label: Allowed Host + schema: + type: string + required: true + default: "" + - variable: allowed_urls_schemes + label: Allowed URL Schemes + description: URL schemes that are allowed within links in NetBox. + schema: + type: list + default: [] + items: + - variable: allowed_url_scheme_entry + label: Allowed URL Scheme + schema: + type: string + required: true + default: "" + - variable: admins + label: Admins + description: Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of application errors (assuming correct email settings are provided). + schema: + type: list + default: [] + items: + - variable: admin_entry + label: Admin + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: email + label: Email + schema: + type: string + required: true + default: "" + - variable: auth_password_validators + label: Auth Password Validators + description: Enable any desired validators for local account passwords below. For a list of included validators, please see the Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation. + schema: + type: list + default: [] + items: + - variable: auth_password_validators_entry + label: Auth Password Validator + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: options + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: Key + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + required: true + default: "" + - variable: banner + label: Banner + schema: + additional_attrs: true + type: dict + attrs: + - variable: login + label: Login Banner + description: Text to include on the login page above the login form. HTML is allowed + schema: + type: string + default: "" + - variable: top + label: Top Banner + description: Optionally display a persistent banner at the top of every page. + schema: + type: string + default: "" + - variable: bottom + label: Bottom Banner + description: Optionally display a persistent banner at the bottom of every page. + schema: + type: string + default: "" + - variable: retention + label: Retention + schema: + additional_attrs: true + type: dict + attrs: + - variable: changelog + label: Changelog + description: Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. + schema: + type: int + default: 90 + - variable: job_result + label: Job Results + description: Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. + schema: + type: int + default: 90 + - variable: prefer_ipv4 + label: Prefer IPv4 + description: When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. + schema: + type: boolean + default: false + - variable: enforce_global_unique + label: Enforce Global Unique + description: Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table + schema: + type: boolean + default: true + - variable: cors_origin_allow_all + label: CORS Origin Allow All + description: If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers + schema: + type: boolean + default: false + show_subquestions_if: false + - variable: cors_origin_whitelist + label: CORS Origin Whitelist + description: Example 127.0.0.1 + schema: + type: list + default: [] + items: + - variable: cors_origin_whitelist_entry + label: CORS Origin Whitelist Entry + schema: + type: string + required: true + default: "" + - variable: cors_origin_regex_whitelist + label: CORS Origin Regex Whitelist + description: Example r'^(https?://)?(\w+\.)?example\.com$' + schema: + type: list + default: [] + items: + - variable: cors_origin_whitelist_entry + label: CORS Origin Regex Whitelist Entry + schema: + type: string + required: true + default: "" + - variable: csrf_trusted_origin + label: CSRF Trusted Origin + description: Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set this + schema: + type: list + default: [] + items: + - variable: csrf_trusted_origin_entry + label: CSRF Trusted Origin Entry + schema: + type: string + required: true + default: "" + - variable: csrf_cookie_name + label: CSRF Cookie Name + description: The name to use for the csrf token cookie. + schema: + type: string + default: csrftoken + - variable: session_cookie_name + label: Session Cookie Name + description: The name to use for the session cookie. + schema: + type: string + default: sessionid + - variable: email + label: Email + schema: + additional_attrs: true + type: dict + attrs: + - variable: server + label: Server + schema: + type: string + default: "" + - variable: port + label: Port + schema: + type: int + default: 587 + - variable: from_email + label: From Email + schema: + type: string + default: "" + - variable: username + label: Username + schema: + type: string + default: "" + - variable: password + label: Password + schema: + type: string + private: true + default: "" + - variable: use_ssl + label: Use SSL + schema: + type: boolean + default: false + - variable: use_tls + label: Use TLS + schema: + type: boolean + default: true + - variable: timeout + label: Timeout + schema: + type: int + default: 10 + - variable: exempt_view_permissions + label: Exempt View Permissions + description: Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. + schema: + type: list + default: [] + items: + - variable: exempt_view_permissions_entry + label: Exempt View Permission + schema: + type: string + required: true + default: "" + - variable: http_proxies + label: HTTP Proxies + description: HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). + schema: + type: list + default: [] + items: + - variable: http_proxy_entry + label: HTTP Proxy Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: Key + schema: + type: string + required: true + default: "" + - variable: url + label: URL + schema: + type: string + required: true + default: "" + - variable: internal_ips + label: Internal IPs + description: IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing NetBox from an internal IP. (127.0.0.1 and ::1) added automatically + schema: + type: list + default: [] + items: + - variable: internal_ips_entry + label: Internal IP + schema: + type: string + required: true + default: "" + - variable: login_persistence + label: Login Persistence + description: Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain authenticated to NetBox indefinitely. + schema: + type: boolean + default: false + - variable: login_required + label: Login Required + description: Setting this to true will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox but not make any changes. + schema: + type: boolean + default: true + - variable: login_timeout + label: Login Timeout + description: The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to re-authenticate. + schema: + type: int + default: 1209600 + - variable: graphql_enabled + label: Enable GraphQL + description: Enable GraphQL API. + schema: + type: boolean + default: true + - variable: maps_url + label: Maps URl + description: Maps provider + schema: + type: string + default: https://maps.google.com/?q= + - variable: max_page_size + label: Max Page Size + description: This setting defines the maximum limit of objects an API can request. Setting it to 0 or None will allow an API consumer to request all objects. + schema: + type: int + default: 1000 + - variable: paginate_count + label: Paginate Count + description: Determine how many objects to display per page within a list. + schema: + type: int + default: 50 + - variable: powerfeed + label: Power Feed + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_amperage + label: Default Amperage + description: The default value for the amperage field when creating new power feeds. + schema: + type: int + default: 15 + - variable: default_max_utilization + label: Default Max Utilization + description: The default value (percentage) for the max_utilization field when creating new power feeds. + schema: + type: int + default: 80 + - variable: default_voltage + label: Default Voltage + description: The default value for the voltage field when creating new power feeds. + schema: + type: int + default: 120 + - variable: rack + label: Rack + description: Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. + schema: + additional_attrs: true + type: dict + attrs: + - variable: elevation_default_unit_height + label: Elevation Default Unit Height + schema: + type: int + default: 22 + - variable: elevation_default_unit_width + label: Elevation Default Unit Width + schema: + type: int + default: 220 + - variable: napalm + label: Napalm + description: Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM. + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + default: "" + - variable: password + label: Password + schema: + type: string + private: true + default: "" + - variable: timeout + label: Timeout + schema: + type: int + default: 30 + - variable: args + label: Args + description: NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). + schema: + type: list + default: [] + items: + - variable: arg_entry + label: Arg Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: arg + label: Arg + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + required: true + default: "" + - variable: storage_backend + label: Storage Backend + description: By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the class path of the storage driver in storage_backend and any configuration options in storage_config. + schema: + type: string + required: true + default: "" + - variable: storage_config + label: Storage Config + schema: + show_if: [["storage_backend", "!=", ""]] + type: list + default: [] + items: + - variable: storage_config_entry + label: Storage Config Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: Key + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + required: true + default: "" + - variable: rq_default_timeout + label: RQ Default Timeout + description: Maximum execution time for background tasks, in seconds. + schema: + type: int + required: true + default: 300 + - variable: remote_auth + label: Remote Auth + description: Remote authentication support + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: backend + label: Backend + schema: + type: string + required: true + default: "" + - variable: header + label: Header + schema: + type: string + required: true + default: "" + - variable: auto_create_user + label: Auto Create User + schema: + type: boolean + default: false + - variable: default_groups + label: Default Groups + schema: + type: list + default: [] + items: + - variable: default_group_entry + label: Default Group + schema: + type: string + required: true + default: "" + - variable: default_permissions + label: Default Permissions + schema: + type: list + default: [] + items: + - variable: default_permissions_entry + label: Default Permission Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: Key + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + required: true + default: "" + - variable: date_time + label: Date Time + description: Date/time formatting. See the following link for supported formats https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date + schema: + type: dict + additional_attrs: true + attrs: + - variable: date_format + label: Date Format + schema: + type: string + required: true + default: N j, Y + - variable: short_date_format + label: Short Date Format + schema: + type: string + required: true + default: Y-m-d + - variable: time_format + label: Time Format + schema: + type: string + required: true + default: g:i a + - variable: short_time_format + label: Short Time Format + schema: + type: string + required: true + default: H:i:s + - variable: date_time_format + label: Date Time Format + schema: + type: string + required: true + default: N j, Y g:i a + - variable: short_date_time_format + label: Short Date Time Format + schema: + type: string + required: true + default: Y-m-d H:i + - variable: plugins_config + label: Plugins Config + description: Plugins configuration settings. These settings are used by various plugins that the user may have installed. + schema: + type: list + default: [] + items: + - variable: plugin_entry + label: Plugin Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: plugin_name + label: Plugin Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enable Plugin + schema: + type: boolean + default: true + - variable: config + label: Config + schema: + type: list + default: [] + items: + - variable: config_entry + label: Config Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: Key + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + required: true + default: "" +# Include{containerConfig} +# Include{serviceRoot} + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10265 + required: true +# Include{advancedPortHTTP} + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 8080 +# Include{serviceExpertRoot} + default: false +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: config + label: App Config Storage + description: Stores the Application Configuration. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} + - variable: reports + label: App Reports Storage + description: Stores the Application Reports. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} + - variable: scripts + label: App Scripts Storage + description: Stores the Application Scripts. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} + - variable: media + label: App Media Storage + description: Stores the Application Media. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressExpert} +# Include{ingressList} +# Include{security} +# Include{securityContextAdvancedRoot} + - variable: privileged + label: Privileged mode + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: ReadOnly Root Filesystem + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: Allow Privilege Escalation + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: runAsNonRoot + schema: + type: boolean + default: false +# Include{securityContextAdvanced} +# Include{podSecurityContextRoot} + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 0 + - variable: runAsGroup + label: runAsGroup + description: The groupID this App of the user running the application + schema: + type: int + default: 0 + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} +# Include{resources} +# Include{metrics} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{promtail} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/netbox/templates/_housekeeper.tpl b/charts/incubator/netbox/templates/_housekeeper.tpl new file mode 100644 index 00000000000..43edc3ea6ab --- /dev/null +++ b/charts/incubator/netbox/templates/_housekeeper.tpl @@ -0,0 +1,33 @@ +{{/* Define the housekeeper container */}} +{{- define "netbox.housekeeper" -}} +image: {{ .Values.image.repository }}:{{ .Values.image.tag }} +imagePullPolicy: {{ .Values.image.pullPolicy }} +securityContext: + runAsUser: {{ .Values.podSecurityContext.runAsUser }} + runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} + readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} +command: + - /bin/bash + - -c + - | + echo "Starting housekeeper..." + until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:8080/login); do + echo "Housekeeper: Waiting for the main netbox container..." + sleep 5 + done + /opt/netbox/housekeeping.sh + echo "Housekeeper finished, exiting..." +volumeMounts: + - name: config + mountPath: /etc/netbox/config + - name: reports + mountPath: /etc/netbox/reports + - name: scripts + mountPath: /etc/netbox/scritps + - name: media + mountPath: /opt/netbox/netbox/media + - name: configfile + mountPath: /etc/netbox/config/01-config.py + subPath: config.py +{{- end -}} diff --git a/charts/incubator/netbox/templates/_secret.tpl b/charts/incubator/netbox/templates/_secret.tpl new file mode 100644 index 00000000000..6d53f94fded --- /dev/null +++ b/charts/incubator/netbox/templates/_secret.tpl @@ -0,0 +1,376 @@ +{{/* Define the secret */}} +{{- define "netbox.secret" -}} + +{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) }} + +{{- $secret_key := "" }} +{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }} + {{- $secret_key = (index .data "secret_key") }} +{{- else }} + {{- $secret_key = randAlphaNum 64 }} +{{- end }} + +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $secretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + secret_key: {{ $secret_key | b64enc }} +stringData: + config.py: | + ALLOWED_HOSTS = [ + '127.0.0.1', + '::1', + {{- range .Values.netbox.allowed_hosts }} + {{ . | squote }}, + {{- end }} + ] + + DATABASE = { + 'NAME': '{{ .Values.postgresql.postgresqlDatabase }}', + 'USER': '{{ .Values.postgresql.postgresqlUsername }}', + 'PASSWORD': '{{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}', + 'HOST': '{{ printf "%v-%v" .Release.Name "postgresql" }}', + 'PORT': '5432', + 'CONN_MAX_AGE': 300, + } + + REDIS = { + 'tasks': { + 'HOST': '{{ printf "%v-%v" .Release.Name "redis" }}', + 'PORT': 6379, + 'PASSWORD': '{{ .Values.redis.redisPassword | trimAll "\"" }}', + 'DATABASE': 0, + 'SSL': False, + }, + 'caching': { + 'HOST': '{{ printf "%v-%v" .Release.Name "redis" }}', + 'PORT': 6379, + 'PASSWORD': '{{ .Values.redis.redisPassword | trimAll "\"" }}', + 'DATABASE': 1, + 'SSL': False, + } + } + + SECRET_KEY = '{{ $secret_key }}' + + {{- with .Values.netbox.admins }} + ADMINS = [ + {{- range . }} + ({{ .name | squote }},{{ .email | squote }}), + {{- end }} + ] + {{- end }} + + {{- with .Values.netbox.allowed_urls_schemes}} + ALLOWED_URL_SCHEMES = [ + {{- range . }} + {{ . | squote }}, + {{- end }} + ] + {{- end }} + + {{- with .Values.netbox.auth_password_validators }} + AUTH_PASSWORD_VALIDATORS = [ + {{- range . }} + { + 'NAME': {{ .name | squote }}, + 'OPTIONS': { + {{- range .options }} + {{ .key | squote }}: {{ .value }}, + {{- end }} + } + + }, + {{- end }} + ] + {{- end }} + + {{- with .Values.netbox.banner.top }} + BANNER_TOP = {{ . | squote }} + {{- end }} + + {{- with .Values.netbox.banner.bottom }} + BANNER_BOTTOM = {{ . | squote }} + {{- end }} + + {{- with .Values.netbox.banner.login }} + BANNER_LOGIN = {{ . | squote }} + {{- end }} + + {{- if or .Values.netbox.retention.changelog (eq (int .Values.netbox.retention.changelog) 0) }} + CHANGELOG_RETENTION = {{ .Values.netbox.retention.changelog }} + {{- end }} + + {{- if or .Values.netbox.retention.job_result (eq (int .Values.netbox.retention.job_result) 0) }} + JOBRESULT_RETENTION = {{ .Values.netbox.retention.job_result }} + {{- end }} + + PREFER_IPV4 = {{ ternary "True" "False" .Values.netbox.prefer_ipv4 }} + + ENFORCE_GLOBAL_UNIQUE = {{ ternary "True" "False" .Values.netbox.enforce_global_unique }} + + GRAPHQL_ENABLED = {{ ternary "True" "False" .Values.netbox.graphql_enabled }} + + {{- with .Values.netbox.maps_url }} + MAPS_URL = {{ . | squote }} + {{- end }} + + {{- if or .Values.netbox.max_page_size (eq (int .Values.netbox.max_page_size) 0) }} + MAX_PAGE_SIZE = {{ .Values.netbox.max_page_size }} + {{- end }} + + {{- if or .Values.netbox.paginate_count (eq (int .Values.netbox.paginate_count) 0) }} + PAGINATE_COUNT = {{ .Values.netbox.paginate_count }} + {{- end }} + + {{- with .Values.netbox.powerfeed.default_amperage }} + POWERFEED_DEFAULT_AMPERAGE = {{ . }} + {{- end }} + + {{- with .Values.netbox.powerfeed.default_max_utilization }} + POWERFEED_DEFAULT_MAX_UTILIZATION = {{ . }} + {{- end }} + + {{- with .Values.netbox.powerfeed.default_voltage }} + POWERFEED_DEFAULT_VOLTAGE = {{ . }} + {{- end }} + + {{- with .Values.netbox.rack.elevation_default_unit_height }} + RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = {{ . }} + {{- end }} + + {{- with .Values.netbox.rack.elevation_default_unit_width }} + RACK_ELEVATION_DEFAULT_UNIT_WIDTH = {{ . }} + {{- end }} + + {{- with .Values.netbox.napalm.username }} + NAPALM_USERNAME = {{ . | squote }} + {{- end }} + + {{- with .Values.netbox.napalm.password }} + NAPALM_PASSWORD = {{ . | squote }} + {{- end }} + + {{- with .Values.netbox.napalm.timeout }} + NAPALM_TIMEOUT = {{ . }} + {{- end }} + + {{- with .Values.netbox.napalm.args }} + NAPALM_ARGS = { + {{- range . }} + {{ .arg | squote }}: {{ .value | squote }}, + {{- end }} + } + {{- end }} + + {{- with .Values.netbox.csrf_trusted_origin }} + CSRF_TRUSTED_ORIGINS = [ + {{ . | squote }}, + ] + {{- end }} + + {{- with .Values.netbox.csrf_cookie_name }} + CSRF_COOKIE_NAME = {{ . | squote }} + {{- end }} + + CORS_ORIGIN_ALLOW_ALL = {{ ternary "True" "False" .Values.netbox.cors_origin_allow_all }} + + {{- with .Values.netbox.cors_origin_whitelist }} + CORS_ORIGIN_WHITELIST = [ + {{- range . }} + {{ . | squote }}, + {{- end }} + ] + {{- end }} + + {{- with .Values.netbox.cors_origin_regex_whitelist }} + CORS_ORIGIN_REGEX_WHITELIST = [ + {{- range . }} + {{ . }}, + {{- end }} + ] + {{- end }} + + DEBUG = {{ ternary "True" "False" .Values.netbox.debug }} + + {{- if .Values.netbox.email }} + {{- if .Values.netbox.email.server }} + EMAIL = { + {{- with .Values.netbox.email.server }} + 'SERVER': {{ . | squote }}, + {{- end }} + {{- with .Values.netbox.email.port }} + 'PORT': {{ . }}, + {{- end }} + {{- with .Values.netbox.email.username }} + 'USERNAME': {{ . | squote }}, + {{- end }} + {{- with .Values.netbox.email.password }} + 'PASSWORD': {{ . | squote }}, + {{- end }} + 'USE_SSL': {{ ternary "True" "False" .Values.netbox.email.use_ssl }}, + 'USE_TLS': {{ ternary "True" "False" .Values.netbox.email.use_tls }}, + {{- with .Values.netbox.email.timeout }} + 'TIMEOUT': {{ . }}, + {{- end }} + {{- with .Values.netbox.email.from_email }} + 'FROM_EMAIL': {{ . | squote }}, + {{- end }} + } + {{- end }} + {{- end }} + + {{- with .Values.netbox.exempt_view_permissions }} + EXEMPT_VIEW_PERMISSIONS = [ + {{- range . }} + {{ . | squote }}, + {{- end }} + ] + {{- end }} + + {{- with .Values.netbox.http_proxies }} + HTTP_PROXIES = { + {{- range . }} + {{ .key | squote }}: {{ .url | squote }}, + {{- end }} + } + {{- end }} + + {{- with .Values.netbox.internal_ips }} + INTERNAL_IPS = ( + '127.0.0.1', + '::1', + {{- range . }} + {{ . | squote }}, + {{- end }} + ) + {{- end }} + + LOGIN_PERSISTENCE = {{ ternary "True" "False" .Values.netbox.login_persistence }} + + LOGIN_REQUIRED = {{ ternary "True" "False" .Values.netbox.login_required }} + + {{- with .Values.netbox.login_timeout }} + LOGIN_TIMEOUT = {{ . }} + {{- end }} + + METRICS_ENABLED = {{ ternary "True" "False" .Values.metrics.enabled }} + + TIME_ZONE = {{ .Values.TZ | squote }} + + MEDIA_ROOT = '/opt/netbox/netbox/media' + REPORTS_ROOT = '/opt/netbox/netbox/reports' + SCRIPTS_ROOT = '/opt/netbox/netbox/scripts' + + {{- with .Values.netbox.storage_backend }} + STORAGE_BACKEND = {{ . | squote }} + {{- end }} + + {{- with .Values.netbox.storage_config }} + STORAGE_CONFIG = { + {{- range . }} + {{ .key | squote }}: {{ .value | squote }}, + {{- end }} + } + {{- end }} + + {{- $enabled_plugins := list -}} + {{- with .Values.netbox.plugin_config -}} + {{- range . -}} + {{- if .enabled -}} + {{- $enabled_plugins = append $enabled_plugins .plugin_name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- with $enabled_plugins }} + PLUGINS = [ + {{- range . }} + {{ . | squote }}, + {{- end }} + ] + {{- end }} + + {{/* + TODO: Consider template plugins here, so it's easier to config on UI + https://github.com/netbox-community/netbox/wiki/Plugins + */}} + {{- with .Values.netbox.plugin_config }} + PLUGINS_CONFIG = { + {{- range . }} + {{- if .enabled }} + {{ .plugin_name | squote }}: { + {{- range .config }} + {{ .key | squote }}: {{ .value | squote }}, + {{- end }} + } + {{- end }} + {{- end }} + } + {{- end }} + + {{- with .Values.netbox.rq_default_timeout }} + RQ_DEFAULT_TIMEOUT = {{ . }} + {{- end }} + + {{- with .Values.netbox.session_cookie_name }} + SESSION_COOKIE_NAME = {{ . | squote }} + {{- end }} + + RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases' + + {{- with .Values.netbox.remote_auth }} + {{- if .enabled }} + REMOTE_AUTH_ENABLED = True + {{- with .backend }} + REMOTE_AUTH_BACKEND = {{ . | squote }} + {{- end }} + {{- with .header }} + REMOTE_AUTH_HEADER = {{ . | squote }} + {{- end }} + REMOTE_AUTH_AUTO_CREATE_USER = {{ ternary "True" "False" .auto_create_user }} + {{- with .default_groups }} + REMOTE_AUTH_DEFAULT_GROUPS = [ + {{- range . }} + {{ . | squote }}, + {{- end }} + ] + {{- end }} + {{- with .default_permissions }} + REMOTE_AUTH_DEFAULT_PERMISSIONS = { + {{- range . }} + {{ .key | squote }}: {{ if eq .value "None" }}{{ .value }}{{ else }}{{ .value | squote }}{{ end }}, + {{- end }} + } + {{- end }} + {{- end }} + {{- end }} + SESSION_FILE_PATH = None + + {{- with .Values.netbox.date_time }} + {{- with .date_format }} + DATE_FORMAT = {{ . | squote }} + {{- end }} + {{- with .short_date_format }} + SHORT_DATE_FORMAT = {{ . | squote }} + {{- end }} + {{- with .time_format }} + TIME_FORMAT = {{ . | squote }} + {{- end }} + {{- with .shot_time_format }} + SHORT_TIME_FORMAT = {{ . | squote }} + {{- end }} + {{- with .date_time_format }} + DATETIME_FORMAT = {{ . | squote }} + {{- end }} + {{- with .short_date_time_format }} + SHORT_DATETIME_FORMAT = {{ . | squote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/incubator/netbox/templates/_worker.tpl b/charts/incubator/netbox/templates/_worker.tpl new file mode 100644 index 00000000000..41ff2f01b72 --- /dev/null +++ b/charts/incubator/netbox/templates/_worker.tpl @@ -0,0 +1,56 @@ +{{/* Define the worker container */}} +{{- define "netbox.worker" -}} +image: {{ .Values.image.repository }}:{{ .Values.image.tag }} +imagePullPolicy: {{ .Values.image.pullPolicy }} +securityContext: + runAsUser: {{ .Values.podSecurityContext.runAsUser }} + runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} + readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} +command: + - /bin/bash + - -c + - | + echo "Starting worker...." + until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:8080/login); do + echo "Worker: Waiting for the main netbox container..." + sleep 5 + done + /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py rqworker +volumeMounts: + - name: config + mountPath: /etc/netbox/config + - name: reports + mountPath: /etc/netbox/reports + - name: scripts + mountPath: /etc/netbox/scritps + - name: media + mountPath: /opt/netbox/netbox/media + - name: configfile + mountPath: /etc/netbox/config/01-config.py + subPath: config.py +{{/*readinessProbe: + exec: + command: + - TODO: find a healthcheck + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + exec: + command: + - TODO: find a healthcheck + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + exec: + command: + - TODO: find a healthcheck + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}*/}} +{{- end -}} diff --git a/charts/incubator/netbox/templates/common.yaml b/charts/incubator/netbox/templates/common.yaml new file mode 100644 index 00000000000..36d5d8539ea --- /dev/null +++ b/charts/incubator/netbox/templates/common.yaml @@ -0,0 +1,16 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- include "netbox.secret" . }} + +{{- $_ := set .Values.additionalContainers "worker" (include "netbox.worker" . | fromYaml) -}} +{{- $_ := set .Values.additionalContainers "housekeeper" (include "netbox.housekeeper" . | fromYaml) -}} + +{{- if .Values.metrics.enabled -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | toString) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/netbox/templates/prometheusrules.yaml b/charts/incubator/netbox/templates/prometheusrules.yaml new file mode 100644 index 00000000000..35b77edf0f6 --- /dev/null +++ b/charts/incubator/netbox/templates/prometheusrules.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "tc.common.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "tc.common.names.fullname" . }} + rules: + {{- with .Values.metrics.prometheusRule.rules }} + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/incubator/netbox/templates/servicemonitor.yaml b/charts/incubator/netbox/templates/servicemonitor.yaml new file mode 100644 index 00000000000..3a719d761e1 --- /dev/null +++ b/charts/incubator/netbox/templates/servicemonitor.yaml @@ -0,0 +1,24 @@ +{{- if .Values.metrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "tc.common.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} + endpoints: + - port: http + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics +{{- end }} diff --git a/charts/incubator/netbox/values.yaml b/charts/incubator/netbox/values.yaml new file mode 100644 index 00000000000..5d14e4cf7ec --- /dev/null +++ b/charts/incubator/netbox/values.yaml @@ -0,0 +1,268 @@ +image: + repository: tccr.io/truecharts/netbox + tag: 3.3.6@sha256:4084b61c588dd2f15d117f30017a5c15fd03c3de38ed49e3241c48bce54048d7 + pullPolicy: IfNotPresent + +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +probes: + liveness: + type: HTTP + path: /login + readiness: + type: HTTP + path: /login + startup: + type: HTTP + path: /login + # Gives some time for app to run db migrations + initialDelaySeconds: 60 + +service: + main: + ports: + main: + port: 10265 + protocol: HTTP + targetPort: 8080 + +netbox: + # -- This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write + # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. + # 127.0.0.1 added automatically + allowed_hosts: + [] + # - netbox.example.com + # - URL schemes that are allowed within links in NetBox + allowed_urls_schemes: + [] + # - file + # - ftp + # -- Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of + # application errors (assuming correct email settings are provided). + admins: + [] + # - name: John Doe + # email: jdoe@example.com + # -- Enable any desired validators for local account passwords below. For a list of included validators, please see the + # Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation. + auth_password_validators: + [] + # - name: django.contrib.auth.password_validation.MinimumLengthValidator + # options: + # - key: min_length + # value: 10 + banner: + # -- Optionally display a persistent banner at the top of every page. + top: "" + # -- Optionally display a persistent banner at the bottom of every page. + bottom: "" + # -- Text to include on the login page above the login form. HTML is allowed + login: "" + retention: + # -- Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. + changelog: 90 + # -- Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. + job_result: 90 + # -- When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. + prefer_ipv4: false + # -- Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table + enforce_global_unique: true + # - API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be + # - allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or + # - CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers + cors_origin_allow_all: false + cors_origin_whitelist: + [] + # - "127.0.0.1" + cors_origin_regex_whitelist: + [] + # - r'^(https?://)?(\w+\.)?example\.com$' + debug: false + email: + server: "" + port: 587 + username: "" + password: "" + use_ssl: false + use_tls: true + timeout: 10 + from_email: "" + # -- Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and + # by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. + exempt_view_permissions: + [] + # - dcim.site + # - dcim.region + # - ipam.prefix + # - HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). + http_proxies: + [] + # - key: http + # url: http://10.10.1.10:3128 + # - key: https + # url: http://10.10.1.10:1080 + # -- IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing + # NetBox from an internal IP. (127.0.0.1 and ::1) added automatically + internal_ips: + [] + # - "10.10.10.5" + # -- Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain + # authenticated to NetBox indefinitely. + login_persistence: false + # -- Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users + # are permitted to access most data in NetBox but not make any changes. + login_required: true + # -- The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to + # re-authenticate. (Default: 1209600 [14 days]) + login_timeout: 1209600 + # -- Enable GraphQL API. + graphql_enabled: true + # -- Maps provider + maps_url: https://maps.google.com/?q= + # -- An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. + # "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request + # all objects by specifying "?limit=0". + max_page_size: 1000 + # -- Determine how many objects to display per page within a list. (Default: 50) + paginate_count: 50 + powerfeed: + # -- The default value for the amperage field when creating new power feeds. + default_amperage: 15 + # -- The default value (percentage) for the max_utilization field when creating new power feeds. + default_max_utilization: 80 + # -- The default value for the voltage field when creating new power feeds. + default_voltage: 120 + # -- Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. + rack: + elevation_default_unit_height: 22 + elevation_default_unit_width: 220 + # -- Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM. + napalm: + username: "" + password: "" + timeout: 30 + # -- NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). + args: + [] + # - arg: allow_agent + # value: "False" + # -- Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set this + csrf_trusted_origin: + [] + # - https://netbox.mydomain.com + # -- The name to use for the session cookie. + session_cookie_name: sessionid + # -- The name to use for the csrf token cookie. + csrf_cookie_name: csrftoken + # -- By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the + # class path of the storage driver in storage_backend and any configuration options in storage_config. For example: + # Example storages.backends.s3boto3.S3Boto3Storage + storage_backend: "" + storage_config: + [] + # - key: AWS_ACCESS_KEY_ID + # value: KeyID + # - key: AWS_SECRET_ACCESS_KEY + # value: Secret + # - key: AWS_STORAGE_BUCKET_NAME + # value: netbox + # - key: AWS_S3_REGION_NAME + # value: eu-west-1 + # -- Plugins configuration settings. These settings are used by various plugins that the user may have installed. + plugin_config: + # - plugin_name: plugin1 + # enabled: false + # config: + # - key: foo + # value: bar + # - key: fizz + # value: bizz + # -- Maximum execution time for background tasks, in seconds. + rq_default_timeout: 300 + # -- Remote authentication support + remote_auth: + {} + # enabled: false + # backend: netbox.authentication.RemoteUserBackend + # header: header + # auto_create_user: false + # default_groups: [] + # default_permissions: + # - key: dcim.change_site + # value: None + # -- Date/time formatting. See the following link for supported formats: + # https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date + date_time: + date_format: N j, Y + short_date_format: Y-m-d + time_format: g:i a + short_time_format: H:i:s + date_time_format: N j, Y g:i a + short_date_time_format: Y-m-d H:i + +metrics: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: false + serviceMonitor: + interval: 1m + scrapeTimeout: 30s + labels: {} + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: + [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical + +persistence: + config: + enabled: true + mountPath: /etc/netbox/config + reports: + enabled: true + mountPath: /etc/netbox/reports + scripts: + enabled: true + mountPath: /etc/netbox/scripts + media: + enabled: true + mountPath: /opt/netbox/netbox/media + configfile: + enabled: true + type: secret + objectName: '{{ include "tc.common.names.fullname" . }}-secret' + mountPath: /etc/netbox/config/01-config.py + subPath: config.py + +postgresql: + enabled: true + existingSecret: dbcreds + postgresqlUsername: netbox + postgresqlDatabase: netbox + +redis: + enabled: true + existingSecret: rediscreds + +portal: + enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index 00bdc81dbc4..35b89f8b303 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -161,6 +161,7 @@ words: - multihost - nbclassic - neko + - netbox - netdata - networkv - nextcloud