search

martinohmann / home-ops

Wife approved HomeOps driven by Kubernetes and GitOps using Flux
MIT License
14 stars 0 forks source link

feat: install netbox #1301

Closed martinohmann closed 2 months ago

github-actions[bot] commented 2 months ago

kustomization changes in kubernetes/main

--- kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/bootc

+++ kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/bootc

@@ -0,0 +1,13 @@

+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: bootc
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.boo.tc
+
--- kubernetes/main/apps/database/redis-commander/app Kustomization: flux-system/redis-commander ConfigMap: database/redis-commander

+++ kubernetes/main/apps/database/redis-commander/app Kustomization: flux-system/redis-commander ConfigMap: database/redis-commander

@@ -21,12 +21,26 @@

         {
           "label": "forgejo",
           "host": "dragonfly.database.svc.cluster.local",
           "port": "6379",
           "password": "..PLACEHOLDER..",
           "dbIndex": 3
+        },
+        {
+          "label": "netbox-tasks",
+          "host": "dragonfly.database.svc.cluster.local",
+          "port": "6379",
+          "password": "..PLACEHOLDER..",
+          "dbIndex": 4
+        },
+        {
+          "label": "netbox-cache",
+          "host": "dragonfly.database.svc.cluster.local",
+          "port": "6379",
+          "password": "..PLACEHOLDER..",
+          "dbIndex": 5
         }
       ]
     }
 kind: ConfigMap
 metadata:
   labels:
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/netbox

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/netbox

@@ -0,0 +1,35 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: netbox
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: netbox
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  dependsOn:
+  - name: cloudnative-pg-cluster
+  - name: dragonfly-cluster
+  interval: 2h
+  path: ./kubernetes/main/apps/default/netbox/app
+  postBuild:
+    substituteFrom:
+    - kind: Secret
+      name: cluster-secrets
+  prune: true
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  targetNamespace: default
+  timeout: 5m
+  wait: false
+
--- kubernetes/main/apps/default/netbox/app Kustomization: flux-system/netbox HelmRelease: default/netbox

+++ kubernetes/main/apps/default/netbox/app Kustomization: flux-system/netbox HelmRelease: default/netbox

@@ -0,0 +1,152 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: netbox
+    kustomize.toolkit.fluxcd.io/name: netbox
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: netbox
+  namespace: default
+spec:
+  chart:
+    spec:
+      chart: netbox
+      sourceRef:
+        kind: HelmRepository
+        name: bootc
+        namespace: flux-system
+      version: 4.1.1
+  install:
+    remediation:
+      retries: 3
+  interval: 2h
+  uninstall:
+    keepHistory: false
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  values:
+    admins:
+    - - mohmann
+      - ..PLACEHOLDER..
+    cachingRedis:
+      database: 5
+      existingSecretKey: redis_password
+      existingSecretName: netbox
+      host: dragonfly.database.svc.cluster.local
+    email:
+      from: ..PLACEHOLDER..
+      server: smtp-relay.networking.svc.cluster.local
+    existingSecret: netbox
+    externalDatabase:
+      database: netbox
+      existingSecretKey: INIT_POSTGRES_PASS
+      existingSecretName: netbox-db
+      host: postgres16-rw.database.svc.cluster.local
+      username: netbox
+    extraInitContainers:
+    - envFrom:
+      - secretRef:
+          name: netbox-db
+      image: ghcr.io/onedr0p/postgres-init:16.3@sha256:8ba3204f6b293dd168766009aae2ce4fa986a29b931c2d30ac1b30238ac750b8
+      name: init-db
+    housekeeping:
+      enabled: true
+      failedHistoryLimit: 5
+      historyLimit: 1
+      schedule: 0 0 * * *
+    ingress:
+      annotations:
+        gethomepage.dev/enabled: 'true'
+        gethomepage.dev/group: Infrastructure
+        gethomepage.dev/icon: netbox.png
+        gethomepage.dev/name: Netbox
+        nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+        nginx.ingress.kubernetes.io/auth-signin: https://netbox.18b.haus/outpost.goauthentik.io/start?rd=$escaped_request_uri
+        nginx.ingress.kubernetes.io/auth-snippet: |
+          proxy_set_header X-Forwarded-Host $http_host;
+        nginx.ingress.kubernetes.io/auth-url: http://authentik-outpost-proxy.identity.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+      className: internal
+      enabled: true
+      hosts:
+      - host: netbox.18b.haus
+        paths:
+        - backend:
+            service:
+              name: netbox
+              port:
+                number: 80
+          path: /
+          pathType: Prefix
+      tls:
+      - hosts:
+        - netbox.18b.haus
+        secretName: null
+    logging:
+      disable_existing_loggers: false
+      handlers:
+        console:
+          class: logging.StreamHandler
+      loggers:
+        netbox.authentication.*:
+          handlers:
+          - console
+          level: DEBUG
+      version: 1
+    loginRequired: true
+    metricsEnabled: true
+    persistence:
+      enabled: false
+    podAnnotations:
+      secret.reloader.stakater.com/reload: netbox,netbox-db
+    postgresql:
+      enabled: false
+    readinessProbe:
+      enabled: true
+      initialDelaySeconds: 60
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 1
+    redis:
+      enabled: false
+    remoteAuth:
+      autoCreateUser: true
+      backends:
+      - netbox.authentication.RemoteUserBackend
+      defaultPermissions: None
+      enabled: true
+      groupHeader: HTTP_X_AUTHENTIK_GROUPS
+      groupSeparator: '|'
+      groupSyncEnabled: true
+      header: HTTP_X_AUTHENTIK_USERNAME
+      staffGroups:
+      - infra
+      superuserGroups:
+      - admins
+      userEmail: HTTP_X_AUTHENTIK_EMAIL
+    reportsPersistence:
+      enabled: false
+    storageBackend: storages.backends.s3boto3.S3Boto3Storage
+    storageConfig:
+      AWS_ACCESS_KEY_ID: netbox
+      AWS_S3_ENDPOINT_URL: https://s3.storage.18b.haus
+      AWS_STORAGE_BUCKET_NAME: netbox
+    superuser:
+      email: ..PLACEHOLDER..
+      name: mohmann
+    tasksRedis:
+      database: 4
+      existingSecretKey: redis_password
+      existingSecretName: netbox
+      host: dragonfly.database.svc.cluster.local
+    timezone: Europe/Berlin
+    worker:
+      enabled: true
+  valuesFrom:
+  - kind: Secret
+    name: netbox
+    targetPath: storageConfig.AWS_SECRET_ACCESS_KEY
+    valuesKey: minio-secret-access-key
+
github-actions[bot] commented 2 months ago

helmrelease changes in kubernetes/main

--- HelmRelease: default/netbox ServiceAccount: default/netbox

+++ HelmRelease: default/netbox ServiceAccount: default/netbox

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: netbox
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: default/netbox ConfigMap: default/netbox

+++ HelmRelease: default/netbox ConfigMap: default/netbox

@@ -0,0 +1,170 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: netbox
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+data:
+  configuration.py: |
+    import re
+    import yaml
+
+    from pathlib import Path
+
+    def _deep_merge(source, destination):
+      """Inspired by https://stackoverflow.com/a/20666342"""
+      for key, value in source.items():
+        dst_value = destination.get(key)
+
+        if isinstance(value, dict) and isinstance(dst_value, dict):
+          _deep_merge(value, dst_value)
+        else:
+          destination[key] = value
+
+      return destination
+
+    def _load_yaml():
+      extraConfigBase = Path('/run/config/extra')
+      configFiles = [Path('/run/config/netbox/netbox.yaml')]
+
+      configFiles.extend(sorted(extraConfigBase.glob('*/*.yaml')))
+
+      for configFile in configFiles:
+        with open(configFile, 'r') as f:
+          config = yaml.safe_load(f)
+
+        _deep_merge(config, globals())
+
+    def _load_secret(name, key):
+      path = "/run/secrets/{name}/{key}".format(name=name, key=key)
+      with open(path, 'r') as f:
+        return f.read()
+
+    _load_yaml()
+
+    DATABASE['PASSWORD'] = _load_secret('netbox', 'db_password')
+    EMAIL['PASSWORD'] = _load_secret('netbox', 'email_password')
+    NAPALM_PASSWORD = _load_secret('netbox', 'napalm_password')
+    REDIS['tasks']['PASSWORD'] = _load_secret('netbox', 'redis_tasks_password')
+    REDIS['caching']['PASSWORD'] = _load_secret('netbox', 'redis_cache_password')
+    SECRET_KEY = _load_secret('netbox', 'secret_key')
+
+    # Post-process certain values
+    CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r
+                                   in CORS_ORIGIN_REGEX_WHITELIST]
+  netbox.yaml: |
+    ALLOWED_HOSTS: ["*"]
+
+    DATABASE:
+      HOST: "postgres16-rw.database.svc.cluster.local"
+      USER: "netbox"
+      NAME: "netbox"
+      PORT: 5432
+      OPTIONS:
+        sslmode: "prefer"
+        target_session_attrs: 'read-write'
+      CONN_MAX_AGE: 300
+      DISABLE_SERVER_SIDE_CURSORS: false
+
+    ADMINS: [["mohmann","..PLACEHOLDER.."]]
+    AUTH_PASSWORD_VALIDATORS: []
+    ALLOWED_URL_SCHEMES: ["file","ftp","ftps","http","https","irc","mailto","sftp","ssh","tel","telnet","tftp","vnc","xmpp"]
+    BANNER_TOP: ""
+    BANNER_BOTTOM: ""
+    BANNER_LOGIN: ""
+    BASE_PATH: ""
+    CHANGELOG_RETENTION: 90
+    CUSTOM_VALIDATORS: {}
+    DEFAULT_USER_PREFERENCES: {}
+    CORS_ORIGIN_ALLOW_ALL: false
+    CORS_ORIGIN_WHITELIST: []
+    CORS_ORIGIN_REGEX_WHITELIST: []
+    CSRF_TRUSTED_ORIGINS: []
+    DEBUG: false
+
+    EMAIL:
+      SERVER: "smtp-relay.networking.svc.cluster.local"
+      PORT: 25
+      USERNAME: ""
+      USE_SSL: false
+      USE_TLS: false
+      SSL_CERTFILE: ""
+      SSL_KEYFILE: ""
+      TIMEOUT: 10
+      FROM_EMAIL: "..PLACEHOLDER.."
+
+    ENFORCE_GLOBAL_UNIQUE: false
+    EXEMPT_VIEW_PERMISSIONS: []
+    FIELD_CHOICES: {}
+    GRAPHQL_ENABLED: true
+    HTTP_PROXIES: null
+    INTERNAL_IPS: ["127.0.0.1","::1"]
+    JOBRESULT_RETENTION: 90
+    LOGGING: {"disable_existing_loggers":false,"handlers":{"console":{"class":"logging.StreamHandler"}},"loggers":{"netbox.authentication.*":{"handlers":["console"],"level":"DEBUG"}},"version":1}
+    LOGIN_PERSISTENCE: false
+    LOGIN_REQUIRED: true
+    LOGIN_TIMEOUT: 1209600
+    MAINTENANCE_MODE: false
+    MAPS_URL: "https://maps.google.com/?q="
+    MAX_PAGE_SIZE: 1000
+    MEDIA_ROOT: /opt/netbox/netbox/media
+    STORAGE_BACKEND: "storages.backends.s3boto3.S3Boto3Storage"
+    STORAGE_CONFIG:  {"AWS_ACCESS_KEY_ID":"netbox","AWS_S3_ENDPOINT_URL":"https://s3.storage.18b.haus","AWS_SECRET_ACCESS_KEY":"..PLACEHOLDER..","AWS_STORAGE_BUCKET_NAME":"netbox"}
+    METRICS_ENABLED: true
+    NAPALM_USERNAME: ""
+    NAPALM_TIMEOUT: 30
+    NAPALM_ARGS: {}
+    PAGINATE_COUNT: 50
+    PLUGINS: []
+    PLUGINS_CONFIG: {}
+    POWERFEED_DEFAULT_AMPERAGE: 15
+    POWERFEED_DEFAULT_MAX_UTILIZATION: 80
+    POWERFEED_DEFAULT_VOLTAGE: 120
+    PREFER_IPV4: false
+    RACK_ELEVATION_DEFAULT_UNIT_HEIGHT: 22
+    RACK_ELEVATION_DEFAULT_UNIT_WIDTH: 220
+    REMOTE_AUTH_ENABLED: true
+    REMOTE_AUTH_BACKEND: "netbox.authentication.RemoteUserBackend"
+    REMOTE_AUTH_HEADER: "HTTP_X_AUTHENTIK_USERNAME"
+    REMOTE_AUTH_AUTO_CREATE_USER: true
+    REMOTE_AUTH_DEFAULT_GROUPS: []
+    REMOTE_AUTH_DEFAULT_PERMISSIONS: "None"
+    REMOTE_AUTH_GROUP_SYNC_ENABLED: true
+    REMOTE_AUTH_GROUP_HEADER: "HTTP_X_AUTHENTIK_GROUPS"
+    REMOTE_AUTH_SUPERUSER_GROUPS: ["admins"]
+    REMOTE_AUTH_SUPERUSERS: []
+    REMOTE_AUTH_STAFF_GROUPS: ["infra"]
+    REMOTE_AUTH_STAFF_USERS: []
+    REMOTE_AUTH_GROUP_SEPARATOR: "|"
+    RELEASE_CHECK_URL: null
+
+    REDIS:
+      tasks:
+        HOST: "dragonfly.database.svc.cluster.local"
+        PORT: 6379
+        DATABASE: 4
+        SSL: false
+        INSECURE_SKIP_TLS_VERIFY: false
+      caching:
+        HOST: "dragonfly.database.svc.cluster.local"
+        PORT: 6379
+        DATABASE: 5
+        SSL: false
+        INSECURE_SKIP_TLS_VERIFY: false
+
+    REPORTS_ROOT: /opt/netbox/netbox/reports
+    RQ_DEFAULT_TIMEOUT: 300
+    SCRIPTS_ROOT: /opt/netbox/netbox/scripts
+    CSRF_COOKIE_NAME: "csrftoken"
+    SESSION_COOKIE_NAME: sessionid
+    TIME_ZONE: "UTC"
+    DATE_FORMAT: "N j, Y"
+    SHORT_DATE_FORMAT: "Y-m-d"
+    TIME_FORMAT: "g:i a"
+    SHORT_TIME_FORMAT: "H:i:s"
+    DATETIME_FORMAT: "N j, Y g:i a"
+    SHORT_DATETIME_FORMAT: "Y-m-d H:i"
+
--- HelmRelease: default/netbox Service: default/netbox

+++ HelmRelease: default/netbox Service: default/netbox

@@ -0,0 +1,21 @@

+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: netbox
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/component: netbox
+
--- HelmRelease: default/netbox Deployment: default/netbox

+++ HelmRelease: default/netbox Deployment: default/netbox

@@ -0,0 +1,155 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netbox
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: netbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: netbox
+      app.kubernetes.io/instance: netbox
+      app.kubernetes.io/component: netbox
+  template:
+    metadata:
+      annotations:
+        secret.reloader.stakater.com/reload: netbox,netbox-db
+      labels:
+        app.kubernetes.io/name: netbox
+        app.kubernetes.io/instance: netbox
+        app.kubernetes.io/component: netbox
+    spec:
+      serviceAccountName: netbox
+      securityContext:
+        fsGroup: 1000
+        runAsNonRoot: true
+      initContainers:
+      - name: init-dirs
+        image: busybox:1.32.1
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/sh
+        - -c
+        - mkdir -p /opt/unit/state /opt/unit/tmp
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - name: optunit
+          mountPath: /opt/unit
+      - envFrom:
+        - secretRef:
+            name: netbox-db
+        image: ghcr.io/onedr0p/postgres-init:16.3@sha256:8ba3204f6b293dd168766009aae2ce4fa986a29b931c2d30ac1b30238ac750b8
+        name: init-db
+      containers:
+      - name: netbox
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+        image: netboxcommunity/netbox:v3.2.8
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: SUPERUSER_NAME
+          value: mohmann
+        - name: SUPERUSER_EMAIL
+          value: ..PLACEHOLDER..
+        - name: SKIP_STARTUP_SCRIPTS
+          value: 'true'
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /login/
+            port: http
+          initialDelaySeconds: 60
+          timeoutSeconds: 1
+          successThreshold: 1
+          periodSeconds: 10
+        volumeMounts:
+        - name: config
+          mountPath: /etc/netbox/config/configuration.py
+          subPath: configuration.py
+          readOnly: true
+        - name: config
+          mountPath: /run/config/netbox
+          readOnly: true
+        - name: secrets
+          mountPath: /run/secrets/netbox
+          readOnly: true
+        - name: netbox-tmp
+          mountPath: /tmp
+        - name: media
+          mountPath: /opt/netbox/netbox/media
+          subPath: ''
+        - name: optunit
+          mountPath: /opt/unit
+        - name: secrets
+          mountPath: /run/secrets/superuser_password
+          subPath: superuser_password
+          readOnly: true
+        - name: secrets
+          mountPath: /run/secrets/superuser_api_token
+          subPath: superuser_api_token
+          readOnly: true
+      volumes:
+      - name: config
+        configMap:
+          name: netbox
+      - name: secrets
+        projected:
+          sources:
+          - secret:
+              name: netbox
+              items:
+              - key: superuser_password
+                path: superuser_password
+              - key: superuser_api_token
+                path: superuser_api_token
+              - key: email_password
+                path: email_password
+              - key: napalm_password
+                path: napalm_password
+              - key: secret_key
+                path: secret_key
+          - secret:
+              name: netbox-db
+              items:
+              - key: INIT_POSTGRES_PASS
+                path: db_password
+          - secret:
+              name: netbox
+              items:
+              - key: redis_password
+                path: redis_tasks_password
+          - secret:
+              name: netbox
+              items:
+              - key: redis_password
+                path: redis_cache_password
+      - name: netbox-tmp
+        emptyDir:
+          medium: Memory
+      - name: optunit
+        emptyDir:
+          medium: Memory
+      - name: media
+        emptyDir: {}
+
--- HelmRelease: default/netbox Deployment: default/netbox-worker

+++ HelmRelease: default/netbox Deployment: default/netbox-worker

@@ -0,0 +1,97 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netbox-worker
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: netbox
+      app.kubernetes.io/instance: netbox
+      app.kubernetes.io/component: worker
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: netbox
+        app.kubernetes.io/instance: netbox
+        app.kubernetes.io/component: worker
+    spec:
+      serviceAccountName: netbox
+      securityContext:
+        fsGroup: 1000
+        runAsNonRoot: true
+      containers:
+      - name: netbox-worker
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+        image: netboxcommunity/netbox:v3.2.8
+        command:
+        - /opt/netbox/venv/bin/python
+        - /opt/netbox/netbox/manage.py
+        - rqworker
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+        - name: config
+          mountPath: /etc/netbox/config/configuration.py
+          subPath: configuration.py
+          readOnly: true
+        - name: config
+          mountPath: /run/config/netbox
+          readOnly: true
+        - name: secrets
+          mountPath: /run/secrets/netbox
+          readOnly: true
+        - name: netbox-tmp
+          mountPath: /tmp
+        - name: media
+          mountPath: /opt/netbox/netbox/media
+          subPath: ''
+      volumes:
+      - name: config
+        configMap:
+          name: netbox
+      - name: secrets
+        projected:
+          sources:
+          - secret:
+              name: netbox
+              items:
+              - key: email_password
+                path: email_password
+              - key: napalm_password
+                path: napalm_password
+              - key: secret_key
+                path: secret_key
+          - secret:
+              name: netbox-db
+              items:
+              - key: INIT_POSTGRES_PASS
+                path: db_password
+          - secret:
+              name: netbox
+              items:
+              - key: redis_password
+                path: redis_tasks_password
+          - secret:
+              name: netbox
+              items:
+              - key: redis_password
+                path: redis_cache_password
+      - name: netbox-tmp
+        emptyDir:
+          medium: Memory
+      - name: media
+        emptyDir: {}
+
--- HelmRelease: default/netbox CronJob: default/netbox-housekeeping

+++ HelmRelease: default/netbox CronJob: default/netbox-housekeeping

@@ -0,0 +1,106 @@

+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: netbox-housekeeping
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: housekeeping
+spec:
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 5
+  schedule: 0 0 * * *
+  successfulJobsHistoryLimit: 5
+  suspend: false
+  jobTemplate:
+    metadata:
+      labels:
+        helm.sh/chart: netbox-4.1.1
+        app.kubernetes.io/name: netbox
+        app.kubernetes.io/instance: netbox
+        app.kubernetes.io/version: v3.2.8
+        app.kubernetes.io/managed-by: Helm
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: netbox
+            app.kubernetes.io/instance: netbox
+            app.kubernetes.io/component: housekeeping
+        spec:
+          serviceAccountName: netbox
+          securityContext:
+            fsGroup: 1000
+            runAsNonRoot: true
+          containers:
+          - name: netbox-housekeeping
+            securityContext:
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
+              runAsGroup: 1000
+              runAsNonRoot: true
+              runAsUser: 1000
+            image: netboxcommunity/netbox:v3.2.8
+            command:
+            - /opt/netbox/venv/bin/python
+            - /opt/netbox/netbox/manage.py
+            - housekeeping
+            imagePullPolicy: IfNotPresent
+            volumeMounts:
+            - name: config
+              mountPath: /etc/netbox/config/configuration.py
+              subPath: configuration.py
+              readOnly: true
+            - name: config
+              mountPath: /run/config/netbox
+              readOnly: true
+            - name: secrets
+              mountPath: /run/secrets/netbox
+              readOnly: true
+            - name: netbox-tmp
+              mountPath: /tmp
+            - name: media
+              mountPath: /opt/netbox/netbox/media
+              subPath: ''
+          volumes:
+          - name: config
+            configMap:
+              name: netbox
+          - name: secrets
+            projected:
+              sources:
+              - secret:
+                  name: netbox
+                  items:
+                  - key: email_password
+                    path: email_password
+                  - key: napalm_password
+                    path: napalm_password
+                  - key: secret_key
+                    path: secret_key
+              - secret:
+                  name: netbox-db
+                  items:
+                  - key: INIT_POSTGRES_PASS
+                    path: db_password
+              - secret:
+                  name: netbox
+                  items:
+                  - key: redis_password
+                    path: redis_tasks_password
+              - secret:
+                  name: netbox
+                  items:
+                  - key: redis_password
+                    path: redis_cache_password
+          - name: netbox-tmp
+            emptyDir:
+              medium: Memory
+          - name: media
+            emptyDir: {}
+          restartPolicy: OnFailure
+
--- HelmRelease: default/netbox Ingress: default/netbox

+++ HelmRelease: default/netbox Ingress: default/netbox

@@ -0,0 +1,37 @@

+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netbox
+  labels:
+    app.kubernetes.io/name: netbox
+    app.kubernetes.io/instance: netbox
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    gethomepage.dev/enabled: 'true'
+    gethomepage.dev/group: Infrastructure
+    gethomepage.dev/icon: netbox.png
+    gethomepage.dev/name: Netbox
+    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-signin: https://netbox.18b.haus/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-snippet: |
+      proxy_set_header X-Forwarded-Host $http_host;
+    nginx.ingress.kubernetes.io/auth-url: http://authentik-outpost-proxy.identity.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+spec:
+  ingressClassName: internal
+  tls:
+  - hosts:
+    - netbox.18b.haus
+    secretName: null
+  rules:
+  - host: netbox.18b.haus
+    http:
+      paths:
+      - backend:
+          service:
+            name: netbox
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+