Kubernetes Deployment

---

This role, netbox_kubernetes is part of the Ansible collection nofusscomputing.netbox and contains all of the logic to configure and deploy Netbox to Kubernetes.

To deploy NetBox to kubernetes, run the following playbook.

ansible-playbook -i inventory/ --limit <your hostname> nofusscomputing.netbox.kubernetes

Features

• Custom python configuration files /etc/netbox/config/*

• NetBox Deployment

• NetBox Service

• PVC for Netbox Data

• Redis Deployment

• Deployment of the NetBox-GLPI Integration

  Note

  Deploying the netbox-glpi integration via this role, regardless of your custom variables. Sets the following variables to match this roles variables: Intstance Name, Namespace, and netbox API URL.

Kubernetes Manifests

All manifests within this role, are Jinja Templates. They obtain their variables from defaults/main.yaml

configmap.yaml.j2deployment-redis.yaml.j2deployment.yaml.j2ingress.yaml.j2pvc.yaml.j2secret.yaml.j2service-redis.yaml.j2service.yaml.j2

---
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "configuration-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
data:
  extra.py: |-
    CENSUS_REPORTING_ENABLED = {{ nfc_role_netbox_kubernetes_configuration_census_reporting }}

    # Normal Person date formatting
    DATE_FORMAT = 'j N Y'                # 26 June 2016
    SHORT_DATE_FORMAT = 'Y-m-d'          # 2016-06-26
    TIME_FORMAT = 'H:i:s'
    SHORT_TIME_FORMAT = 'H:i:s'          # 13:23:00
    DATETIME_FORMAT = 'j N Y H:i:s'      # 26 June 2016 13:23:00
    SHORT_DATETIME_FORMAT = 'Y-m-d H:i'  # 2016-06-26 13:23

    MAPS_URL= {{ nfc_role_netbox_kubernetes_configuration_maps_url }}
    METRICS_ENABLED = {{ nfc_role_netbox_kubernetes_configuration_metrics_enabled }}
    PREFER_IPV4 = True

    LOGIN_REQUIRED = True
    LOGIN_TIMEOUT = 900 # Seconds
    LOGIN_PERSISTENCE = True

    {% if nfc_role_netbox_kubernetes_configuration_logging_debug -%}
    LOGGING = {
      "version": 1,
      "disable_existing_loggers": False,
      "handlers": {
          "console": {
              "class": "logging.StreamHandler",
          },
      },
      "root": {
          "handlers": ["console"],
          "level": "DEBUG",
      },
    }{%- endif %}

    CUSTOM_VALIDATORS = {{ nfc_role_netbox_kubernetes_configuration_validators | to_nice_json }}

{% for python_file in nfc_role_netbox_kubernetes_configuration_python_files %}
  {{ python_file.name }}: |
    {{ python_file.content | indent(4) }}

{% endfor %}

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: Redis
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "redis-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: Redis
      app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
      app.kubernetes.io/managed-by: Ansible
      app.kubernetes.io/name: netbox
  replicas: {{ nfc_role_netbox_kubernetes_redis_deployment_replicas }}
  minReadySeconds: 10
  template:
    metadata:
      labels:
        app.kubernetes.io/component: Redis
        app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
        app.kubernetes.io/managed-by: Ansible
        app.kubernetes.io/name: netbox
    spec:
      terminationGracePeriodSeconds: 10
      # affinity:
      #   nodeAffinity:
      #     requiredDuringSchedulingIgnoredDuringExecution:
      #       nodeSelectorTerms:
      #         - matchExpressions:
      #             - key: kubernetes.io/hostname
      #               operator: In
      #               values:
      #                 - node-name-1
      #   podAntiAffinity:
      #     requiredDuringSchedulingIgnoredDuringExecution:
      #     - labelSelector:
      #         matchExpressions:
      #         - key: app
      #           operator: In
      #           values:
      #           - redis
      #       topologyKey: "kubernetes.io/hostname"
      containers:

        - name: redis
          image: |-
            {% if nfc_role_netbox_kubernetes_redis_image.registry is defined and nfc_role_netbox_kubernetes_redis_image != '' -%}
              {{ nfc_role_netbox_kubernetes_redis_image.registry }}/
            {%- endif -%}
              {{- nfc_role_netbox_kubernetes_redis_image.image -}}:
              {{- nfc_role_netbox_kubernetes_redis_image.tag }}
            {%- if nfc_role_netbox_kubernetes_redis_image.sha256 is defined and nfc_role_netbox_kubernetes_redis_image.sha256 != '' -%}
              @sha256:{{- nfc_role_netbox_kubernetes_redis_image.sha256 }}
            {%- endif %}

          resources:
            limits:
              cpu: 200m
              memory: 300Mi
            requests:
              cpu: 10m
              memory: 20Mi
          env:
            - name: TZ
              value: "UTC"

          command:
            - sh
            - -c # this is to evaluate the $REDIS_PASSWORD from the env
            - |-
              redis-server --appendonly yes {% if nfc_role_netbox_kubernetes_redis_password | default('') != '' -%}
                --requirepass {{ nfc_role_netbox_kubernetes_redis_password }}
              {%- endif %}

          ports:
            - containerPort: {{ nfc_role_netbox_kubernetes_redis_port }}
              name: redis

          volumeMounts:
            - name: data
              mountPath: /data

      tolerations:
        - effect: NoExecute
          key: CriticalAddonsOnly
          value: "true"
      volumes:

        - name: data
          emptyDir:
            sizeLimit: 2Gi

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: NetBox
      app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
      app.kubernetes.io/managed-by: Ansible
      app.kubernetes.io/name: netbox
  replicas: {{ nfc_role_netbox_kubernetes_deployment_netbox_replicas }}
  minReadySeconds: 10
  template:
    metadata:
      labels:
        app.kubernetes.io/component: NetBox
        app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
        app.kubernetes.io/managed-by: Ansible
        app.kubernetes.io/name: netbox
    spec:
      terminationGracePeriodSeconds: 10
      {% if nfc_role_netbox_kubernetes_affinity | length > 0 -%}
      affinity:
        {{ nfc_role_netbox_kubernetes_affinity | to_nice_yaml(indent=0) | indent(8) }}
      {% endif +%}
      containers:

        - name: web
          image: |-
            {% if nfc_role_netbox_kubernetes_netbox_image.registry is defined and nfc_role_netbox_kubernetes_netbox_image != '' -%}
              {{ nfc_role_netbox_kubernetes_netbox_image.registry }}/
            {%- endif -%}
              {{- nfc_role_netbox_kubernetes_netbox_image.image -}}:
              {{- nfc_role_netbox_kubernetes_netbox_image.tag }}
            {%- if nfc_role_netbox_kubernetes_netbox_image.sha256 is defined and nfc_role_netbox_kubernetes_netbox_image.sha256 != '' -%}
              @sha256:{{- nfc_role_netbox_kubernetes_netbox_image.sha256 }}
            {%- endif +%}
          resources:
            limits:
              cpu: "{{ nfc_role_netbox_kubernetes_deployment_netbox_limit_cpu }}"
              memory: "{{ nfc_role_netbox_kubernetes_deployment_netbox_limit_memory }}"
            requests:
              cpu: 10m
              memory: 20Mi

          env:
            - name: TZ
              value: "UTC"

            - name: DB_WAIT_DEBUG
              value: "1"

            - name: SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "secretkey-{{ nfc_role_netbox_kubernetes_instance_name }}"
                  key: secret_key

          ports:
            - containerPort: 8080
              name: http

          volumeMounts:
            - name: data
              mountPath: /opt/netbox/netbox/media
              subPath: media

            - name: data
              mountPath: /opt/netbox/netbox/reports
              subPath: reports

            - name: data
              mountPath: /opt/netbox/netbox/scripts
              subPath: scripts

            - name: configuration
              mountPath: /etc/netbox/config/extra.py
              subPath: extra.py
              readOnly: true

            - name: config-secret
              mountPath: /etc/netbox/config/database.py
              subPath: database.py
              readOnly: true

            - name: config-secret
              mountPath: /etc/netbox/config/redis.py
              subPath: redis.py
              readOnly: true

            - name: config-secret
              mountPath: /etc/netbox/config/remote_auth.py
              subPath: remote_auth.py
              readOnly: true

        - name: worker
          image: |-
            {% if nfc_role_netbox_kubernetes_netbox_image.registry is defined and nfc_role_netbox_kubernetes_netbox_image != '' -%}
              {{ nfc_role_netbox_kubernetes_netbox_image.registry }}/
            {%- endif -%}
              {{- nfc_role_netbox_kubernetes_netbox_image.image -}}:
              {{- nfc_role_netbox_kubernetes_netbox_image.tag }}
            {%- if nfc_role_netbox_kubernetes_netbox_image.sha256 is defined and nfc_role_netbox_kubernetes_netbox_image.sha256 != '' -%}
              @sha256:{{- nfc_role_netbox_kubernetes_netbox_image.sha256 }}
            {%- endif %}

          command:
            - /opt/netbox/venv/bin/python
            - /opt/netbox/netbox/manage.py
            - rqworker
          resources:
            limits:
              cpu: 500m
              memory: 1500Mi
            requests:
              cpu: 10m
              memory: 20Mi

          env:
            - name: TZ
              value: "UTC"

            - name: SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "secretkey-{{ nfc_role_netbox_kubernetes_instance_name }}"
                  key: secret_key

          volumeMounts:
            - name: data
              mountPath: /opt/netbox/netbox/media
              subPath: media

            - name: data
              mountPath: /opt/netbox/netbox/reports
              subPath: reports

            - name: data
              mountPath: /opt/netbox/netbox/scripts
              subPath: scripts

            - name: configuration
              mountPath: /etc/netbox/config/extra.py
              subPath: extra.py
              readOnly: true

            {% for python_file in nfc_role_netbox_kubernetes_configuration_python_files +%}
            - name: configuration
              mountPath: "/etc/netbox/config/{{ python_file.name }}"
              subPath: "{{ python_file.name }}"
              readOnly: true
            {% endfor %}

            - name: config-secret
              mountPath: /etc/netbox/config/database.py
              subPath: database.py
              readOnly: true

            - name: config-secret
              mountPath: /etc/netbox/config/redis.py
              subPath: redis.py
              readOnly: true

      {% if nfc_role_netbox_kubernetes_tolerations | length > 0 -%}
      tolerations:
        {{ nfc_role_netbox_kubernetes_tolerations | to_nice_yaml(indent=0) | indent(8) }}
      {% endif +%}
      volumes:

        - name: configuration
          configMap:
            name: "configuration-{{ nfc_role_netbox_kubernetes_instance_name }}"
            items:
              - key: extra.py
                path: extra.py
            {% for python_file in nfc_role_netbox_kubernetes_configuration_python_files +%}
              - key: "{{ python_file.name }}"
                path: "{{ python_file.name }}"
            {% endfor %}

        - name: config-secret
          secret:
            secretName: "configuration-{{ nfc_role_netbox_kubernetes_instance_name }}"
            items:
            - key: database.py
              path: database.py
            - key: redis.py
              path: redis.py
            - key: remote_auth.py
              path: remote_auth.py

        - name: data
          persistentVolumeClaim:
            claimName: data-{{ nfc_role_netbox_kubernetes_instance_name }}

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  {% if nfc_role_netbox_kubernetes_ingress_annotations | length > 0 -%}
  annotations: 
    {{ nfc_role_netbox_kubernetes_ingress_annotations | to_nice_yaml(indent=0) | indent(4) }}
  {% endif +%}
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:
  rules:
  - host: "{{ nfc_role_netbox_kubernetes_fqdn_name }}"
    http:
      paths:
      - backend:
          service:
            name: netbox
            port:
              name: http
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - "{{ nfc_role_netbox_kubernetes_fqdn_name }}"
    secretName: "certificate-tls-{{ nfc_role_netbox_kubernetes_instance_name }}"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "data-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:

  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: "{{ nfc_role_netbox_kubernetes_pvc_size }}"

---
apiVersion: v1
kind: Secret
metadata:
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "configuration-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
type: Opaque
stringData:
  database.py: |
    DATABASE = {
      'ENGINE':       'django.db.backends.postgresql',
      'NAME':         '{{ nfc_role_netbox_kubernetes_database_name }}',
      'USER':         '{{ nfc_role_netbox_kubernetes_database_user }}',
      'PASSWORD':     '{{ nfc_role_netbox_kubernetes_database_password }}',
      'HOST':         '{{ nfc_role_netbox_kubernetes_database_host }}',
      'PORT':         '{{ nfc_role_netbox_kubernetes_database_port }}',
      'CONN_MAX_AGE': 300,
    }

  redis.py: |
    REDIS = {
        'tasks': {
            'HOST':                     '

            {%- if nfc_role_netbox_kubernetes_redis_enabled -%}

              redis-netbox.{{ nfc_role_netbox_kubernetes_namespace }}.svc

            {%- else -%}

              {{ nfc_role_netbox_kubernetes_redis_host }}

            {%- endif -%}
            ',
            'PORT':                     {{ nfc_role_netbox_kubernetes_redis_port }},
            'USERNAME':                 '{{ nfc_role_netbox_kubernetes_redis_username }}',
            'PASSWORD':                 '{{ nfc_role_netbox_kubernetes_redis_password }}',
            'DATABASE':                 '{{ nfc_role_netbox_kubernetes_redis_database }}',
            'SSL':                      {{ nfc_role_netbox_kubernetes_redis_ssl }},
            'INSECURE_SKIP_TLS_VERIFY': {{ nfc_role_netbox_kubernetes_redis_tls_skip_verify }},
        },
        'caching': {
            'HOST':                     '

            {%- if nfc_role_netbox_kubernetes_redis_enabled -%}

              redis-netbox.{{ nfc_role_netbox_kubernetes_namespace }}.svc

            {%- else -%}

              {{ nfc_role_netbox_kubernetes_redis_cache_host | default(nfc_role_netbox_kubernetes_redis_host) }}

            {%- endif -%}
            ',
            'PORT':                     {{ nfc_role_netbox_kubernetes_redis_cache_port | default(nfc_role_netbox_kubernetes_redis_port) }},
            'USERNAME':                 '{{ nfc_role_netbox_kubernetes_redis_cache_username | default(nfc_role_netbox_kubernetes_redis_username) }}',
            'PASSWORD':                 '{{ nfc_role_netbox_kubernetes_redis_cache_password | default(nfc_role_netbox_kubernetes_redis_password) }}',
            'DATABASE':                 '{{ nfc_role_netbox_kubernetes_redis_cache_database }}',
            'SSL':                      {{ nfc_role_netbox_kubernetes_redis_cache_ssl | default(nfc_role_netbox_kubernetes_redis_ssl) }},
            'INSECURE_SKIP_TLS_VERIFY': {{ nfc_role_netbox_kubernetes_redis_cache_tls_skip_verify | default(nfc_role_netbox_kubernetes_redis_tls_skip_verify) }},
        },
    }

  remote_auth.py: |
    {% if nfc_role_netbox_kubernetes_configuration_remote_auth_enabled +%}
    REMOTE_AUTH_ENABLED=True
    REMOTE_AUTH_BACKEND="social_core.backends.keycloak.KeycloakOAuth2"
    SOCIAL_AUTH_KEYCLOAK_KEY = '{{ nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_client }}'
    SOCIAL_AUTH_KEYCLOAK_SECRET = '{{ nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_secret }}'
    SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = '{{ nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_public_key }}'
    SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = '{{ nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_auth_url }}'
    SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = '{{ nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_token_url }}'
    {% endif +%}

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: Redis
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "redis-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:
  selector:
    app.kubernetes.io/component: Redis
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  ports:
    - name: redis
      port: {{ nfc_role_netbox_kubernetes_redis_port }}
      targetPort: redis

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  name: "web-{{ nfc_role_netbox_kubernetes_instance_name }}"
  namespace: "{{ nfc_role_netbox_kubernetes_namespace }}"
spec:
  # type: LoadBalancer
  selector:
    app.kubernetes.io/component: NetBox
    app.kubernetes.io/instance: "{{ nfc_role_netbox_kubernetes_instance_name }}"
    app.kubernetes.io/managed-by: Ansible
    app.kubernetes.io/name: netbox
  ports:
    - name: http
      port: 80
      targetPort: http

Default Variables

As part of this role variables that are considered secrets can be set via environmental variables on the Ansible controller. This allows these values to be set via an AWX credential. The available variables are:

• POSTGRES_HOST = nfc_role_netbox_kubernetes_database_host

• POSTGRES_PORT = nfc_role_netbox_kubernetes_database_port

• POSTGRES_USER = nfc_role_netbox_kubernetes_database_user

• POSTGRES_PASSWORD = nfc_role_netbox_kubernetes_database_password

• REDIS_HOST = nfc_role_netbox_kubernetes_redis_host

• REDIS_PORT = nfc_role_netbox_kubernetes_redis_port

• REDIS_USER = nfc_role_netbox_kubernetes_redis_username

• REDIS_PASSWORD = nfc_role_netbox_kubernetes_redis_password

The above listed variables will default to the value within your inventory if not set via an environmental variable.

---
#
# GLPI Integration
#
# Notes:
#   Even though the deployment of netbox-glpi is occurring as part of this role
#   you will still need to configure the required variables for role
#   nofusscomputing.netbox.netbox_glpi
nfc_role_netbox_kubernetes_integration_glpi_deploy: false


nfc_role_netbox_kubernetes_instance_name: netbox    # Mandatory, String. Name of the deployment

nfc_role_netbox_kubernetes_namespace: netbox        # Namespace to deploy Netbox to

#
# PostgreSQL connection settings
#
nfc_role_netbox_kubernetes_database_name: netbox
nfc_role_netbox_kubernetes_database_user: netbox
nfc_role_netbox_kubernetes_database_password:       # Mandatory, String. PostgreSQL password
nfc_role_netbox_kubernetes_database_host:           # Mandatory, String. PostgreSQL host
nfc_role_netbox_kubernetes_database_port: 5432

#
# Redis Deployment
#
nfc_role_netbox_kubernetes_redis_enabled: true               # Optional, Boolean. Whether to deploy redis
nfc_role_netbox_kubernetes_redis_deployment_replicas: 1      # Mandatory, Integer. How many redis replicas to deploy

nfc_role_netbox_kubernetes_redis_image:    # The Deployed Image
  name: Redis                              # Optional, String. Name of the image.
  registry: docker.io                      # Optional, String. Name of the registry to fetch the image from
  image: redis                             # Mandatory, String. Name of the image to fetch
  tag: 7-alpine                            # Mandatory, String. Image tag to pull
  # sha256:                                # Optional, String. The sh256 of the image to lock the tag to.


# Redis connection Settings
nfc_role_netbox_kubernetes_redis_host: localhost             # Not Required if deploying Redis.
nfc_role_netbox_kubernetes_redis_port: 6379                  # Mandatory, Integer. Port for redis to connect. (Deployment uses this port number too)
nfc_role_netbox_kubernetes_redis_username: ''                # Optional, String. Redis Username
nfc_role_netbox_kubernetes_redis_password: ''                # Optional, String. Redis Password
nfc_role_netbox_kubernetes_redis_database: 0                 # Mandatory, Integer. Database to use
nfc_role_netbox_kubernetes_redis_ssl: 'False'
nfc_role_netbox_kubernetes_redis_tls_skip_verify: 'False'


# Redis Cache defaults to vars 'nfc_role_netbox_kubernetes_redis_'
# nfc_role_netbox_kubernetes_redis_cache_host:               # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*
# nfc_role_netbox_kubernetes_redis_cache_port:               # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*
# nfc_role_netbox_kubernetes_redis_cache_username:           # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*
# nfc_role_netbox_kubernetes_redis_cache_password:           # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*
nfc_role_netbox_kubernetes_redis_cache_database: 1           # Mandatory, Integer. Database to use
# nfc_role_netbox_kubernetes_redis_cache_ssl:                # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*
# nfc_role_netbox_kubernetes_redis_cache_tls_skip_verify:    # Optional, Defaults to nfc_role_netbox_kubernetes_redis_*


#
# NetBox Configuration
#
# Notes: these configuration settings populate the extra.py configuration file
#        As this is a python file, attention needs to be payed towards the values
#        as some of them are python values, not yaml. if it's quoted, thats a 
#        good indicator of it being pythonic.
nfc_role_netbox_kubernetes_configuration_census_reporting: 'False'

nfc_role_netbox_kubernetes_configuration_maps_url: 'None'

nfc_role_netbox_kubernetes_configuration_metrics_enabled: 'False'

nfc_role_netbox_kubernetes_configuration_logging_debug: false

nfc_role_netbox_kubernetes_configuration_python_files: []    # Optional, List. Custom Python Configuration files.
  # - name: validators.py
  #   content: |
  #     {{ lookup('file', 'my_validators.py') }}
  # - name: other.py
  #   content: |
  #     any valid netbox config


# Remote Auth
nfc_role_netbox_kubernetes_configuration_remote_auth_enabled: false

nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_client: 'your keycloak oidc client id'
nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_secret: 'your keycloak oidc client secret'
nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_public_key: 'keycloak oidc public key'
nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_auth_url: 'https://your-keycloak.com/realms/<your realm name>/protocol/openid-connect/auth'
nfc_role_netbox_kubernetes_configuration_remote_auth_keycloak_token_url: 'https://your-keycloak.com/realms/<your realm name>/protocol/openid-connect/token'


nfc_role_netbox_kubernetes_configuration_validators: {}    # Optional, JSON dict.

#
# Persistent Volume Claim
#
nfc_role_netbox_kubernetes_pvc_size: 5Gi


#
# NetBox Deployment
#

nfc_role_netbox_kubernetes_affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app.kubernetes.io/component
                operator: In
                values:
                  - NetBox
          topologyKey: kubernetes.io/hostname
  # nodeAffinity:
  #   requiredDuringSchedulingIgnoredDuringExecution:
  #     nodeSelectorTerms:
  #       - matchExpressions:
  #           - key: kubernetes.io/hostname
  #             operator: In
  #             values:
  #               - node-name

nfc_role_netbox_kubernetes_netbox_image:    # The Deployed Image
  name: NetBox                              # Optional, String. Name of the image.
  registry: docker.io                       # Optional, String. Name of the registry to fetch the image from
  image: netboxcommunity/netbox             # Mandatory, String. Name of the image to fetch
  tag: v3.7.5-2.8.0                         # Mandatory, String. Image tag to pull
  # sha256:                                 # Optional, String. The sh256 of the image to lock the tag to.

nfc_role_netbox_kubernetes_deployment_netbox_limit_cpu: 1000m
nfc_role_netbox_kubernetes_deployment_netbox_limit_memory: 2Gi

nfc_role_netbox_kubernetes_deployment_netbox_replicas: 1

nfc_role_netbox_kubernetes_tolerations: {}
  # - effect: NoExecute
  #   key: CriticalAddonsOnly
  #   value: "true"


#
# NetBox Ingress
#
nfc_role_netbox_kubernetes_ingress_enabled: false

nfc_role_netbox_kubernetes_fqdn_name: my-netbox.com    # Mandatory, String. Mandatory if deploying Ingress


nfc_role_netbox_kubernetes_ingress_annotations:
  # cert-manager.io/cluster-issuer: letsencrypt-prod
  # cert-manager.io/common-name:
  cert-manager.io/duration: 2160h
  cert-manager.io/private-key-algorithm: ECDSA
  cert-manager.io/private-key-rotation-policy: Always
  cert-manager.io/private-key-size: "384"
  cert-manager.io/subject-countries: N/A
  cert-manager.io/subject-organizationalunits: N/A
  cert-manager.io/subject-organizations: N/A
  cert-manager.io/subject-provinces: N/A

About:

This page forms part of our Project Netbox Ansible Collection.

Page Metadata

Version: ToDo: place files short git commit here
Date Created: 2024-04-11
Date Edited: 2024-04-13

Contribution:

Would You like to contribute to our Netbox Ansible Collection project? You can assist in the following ways:

• Edit This Page If there is a mistake or a way you can improve it.
• Add a Page to the Manual if you would like to add an item to our manual
• Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.

 

ToDo: Add the page list of contributors