cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://cisagov.github.io/Malcolm/
Other
1.97k stars 331 forks source link

investigate bitnami postgresql image for netbox use #410

Open mmguero opened 2 weeks ago

mmguero commented 2 weeks ago

@mmguero cloned issue idaholab/Malcolm#398 on 2024-01-30:

A partner suggested we look into using the bitnami postgresql image instead of our alpine-based one as it is already set up to be high-availability/scale out/etc. Need to see if it's feasible as the basis of both the docker-compose as well as the kubernetes deployment of Malcolm

mmguero commented 2 weeks ago

@mmguero commented on 2024-01-30:

From the ones making the suggestion:

chart:


  - name: netbox-postgres-chart

    description: Deploy high availability portgres database for netbox

    required: true

    charts:

    - name: netbox-postgres

      version: 12.3.7

      namespace: malcolm

      url: oci://registry-1.docker.io/bitnamicharts/postgresql-ha

      valuesFiles:

        - manifests/netbox-postgres/values.yaml

    images:

      - docker.io/bitnami/postgresql-repmgr:16.1.0-debian-11-r15

      - docker.io/bitnami/pgpool:4.5.0-debian-11-r0

values.yaml for the chart


# https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha

global:

  storageClass: ###ZARF_VAR_MALCOLM_LOCAL_STORAGE_CLASS###

postgresql:

  username: netbox

  database: netbox

  existingSecret: postgresql-secret

pgpool:

  existingSecret: pgpool-secret

values override using zarf on the Malcolm-Helm


netbox:

      database:

        host: netbox-postgres-postgresql-ha-pgpool

        is_custom: ###ZARF_VAR_CUSTOM_DATABASE###

        # Helm chart will generate passwords for empty values

        extra_secrets:

          - postgresql-secret:

              password: ""

              postgres-password: ""

              repmgr-password: ""

          - pgpool-secret:

              admin-password: ""