-
Notifications
You must be signed in to change notification settings - Fork 31
/
netbox-deployment.yaml
188 lines (188 loc) · 5.86 KB
/
netbox-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbox
namespace: netbox-community
labels:
k8s-app: netbox
spec:
replicas: 3
selector:
matchLabels:
k8s-app: netbox
template:
metadata:
labels:
k8s-app: netbox
spec:
containers:
# NetBox container using the netbox-docker image: https://github.com/netbox-community/netbox-docker
- name: netbox
image: quay.io/netboxcommunity/netbox:v2.11.12-ldap
ports:
- name: http
containerPort: 8080
readinessProbe: # will mark the pod as ready once the initialization script is completed and will probe every 20 seconds
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 20
envFrom:
- configMapRef:
name: netbox-configmap
lifecycle: # Will run the post-startup scripts detailed in netbox-startup-configmap.yaml
postStart:
exec:
command:
- /bin/sh
- -c
- >
bash /home/install-plugins.sh &&
bash /home/start-rqworker.sh &&
bash /home/nginx-caching-fix.sh
volumeMounts:
# Mounting secrets for netbox and other related components
- name: auth-ldap-bind-password
mountPath: /run/secrets/auth_ldap_bind_password
subPath: auth_ldap_bind_password
readOnly: true
- name: db-password
mountPath: /run/secrets/db_password
subPath: db_password
readOnly: true
- name: email-password
mountPath: /run/secrets/email_password
subPath: email_password
readOnly: true
- name: napalm-password
mountPath: /run/secrets/napalm_password
subPath: napalm_password
readOnly: true
- name: redis-password
mountPath: /run/secrets/redis_password
subPath: redis_password
- name: secret-key
mountPath: /run/secrets/secret_key
subPath: secret_key
readOnly: true
- name: superuser-api-token
mountPath: /run/secrets/superuser_api_token
subPath: superuser_api_token
- name: superuser-password
mountPath: /run/secrets/superuser_password
subPath: superuser_password
readOnly: true
# Persistent Volume paths
- name: netbox-media-files # Allows for multiple replicas of the netbox pod to be available
mountPath: /opt/netbox/netbox/media
- name: ldap-config # Allows for LDAP authentication to work
subPath: ldap_config.py
mountPath: /opt/netbox/netbox/netbox/ldap_config.py
- mountPath: /etc/netbox/config/netbox-plugins.py
name: netbox-plugins
subPath: netbox-plugins.py
- mountPath: /home/install-plugins.sh
name: install-plugins
subPath: install-plugins.sh
- mountPath: /home/start-rqworker.sh
name: start-rqworker
subPath: start-rqworker.sh
- mountPath: /home/nginx-caching-fix.sh
name: nginx-caching-fix
subPath: nginx-caching-fix.sh
- name: sso-saml2-xml
mountPath: /opt/netbox/sso-saml2.xml
subPath: sso-saml2-metadata.xml
restartPolicy: Always
volumes:
# Reference to configmaps and PVs
- name: netbox-media-files
persistentVolumeClaim:
claimName: netbox-media-pvc
readOnly: false
- name: ldap-config
configMap:
name: netbox-configmap
items:
- key: ldap_config.py
path: ldap_config.py
- name: netbox-plugins
configMap:
name: startup-configmap
items:
- key: "netbox-plugins.py"
path: "netbox-plugins.py"
- name: install-plugins
configMap:
name: startup-configmap
items:
- key: "install-plugins.sh"
path: "install-plugins.sh"
- name: start-rqworker
configMap:
name: startup-configmap
items:
- key: "start-rqworker.sh"
path: "start-rqworker.sh"
- name: nginx-caching-fix
configMap:
name: startup-configmap
items:
- key: "nginx-caching-fix.sh"
path: "nginx-caching-fix.sh"
- name: sso-saml2-xml
configMap:
name: sso-saml2-xml
items:
- key: sso-saml2-metadata.xml
path: sso-saml2-metadata.xml
# Populate via secret
- name: auth-ldap-bind-password
secret:
secretName: netbox-secret
items:
- key: auth_ldap_bind_password
path: auth_ldap_bind_password
- name: db-password
secret:
secretName: netbox-postgresql
items:
- key: password
path: db_password
- name: email-password
secret:
secretName: netbox-secret
items:
- key: email_password
path: email_password
- name: napalm-password
secret:
secretName: netbox-secret
items:
- key: napalm_password
path: napalm_password
- name: redis-password
secret:
secretName: netbox-redis
items:
- key: redis-password
path: redis_password
- name: secret-key
secret:
secretName: netbox-secret
items:
- key: secret_key
path: secret_key
- name: superuser-password
secret:
secretName: netbox-secret
items:
- key: superuser_password
path: superuser_password
- name: superuser-api-token
secret:
secretName: netbox-secret
items:
- key: superuser_api_token
path: superuser_api_token