# Default values for NetBox. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ## @section Global parameters ## Global container image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global container image registry ## @param global.imagePullSecrets Global container registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: openebs-3-replicas ## @section Common parameters ## @param nameOverride String to partially override common.names.fullname ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## Example: ## extraDeploy: ## - | ## apiVersion: v1 ## kind: ConfigMap ## metadata: ## name: sso-pipeline-roles ## namespace: netbox ## data: ## sso_pipeline_roles.py: | ## from netbox.authentication import Group ## ... ## extraDeploy: [] ## @section NetBox Image parameters ## @param image.registry Image registry ## @param image.repository Image repository ## @param image.tag Image tag ## @param image.digest Image digest in the way sha256:aa... ## @param image.pullPolicy MariaDB image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: ghcr.io repository: netbox-community/netbox pullPolicy: IfNotPresent ## Defaults to '{{ .Chart.AppVersion }}' ## tag: "" ## If set, override the tag ## digest: "" ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @section NetBox Configuration parameters # You can also use an existing secret for the superuser password and API token # See `existingSecret` for details superuser: name: admin email: admin@borninpain.de password: "" apiToken: "" existingSecret: "netbox-superuser" # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox # server. NetBox will not permit write access to the server via any other # hostnames. The first FQDN in the list will be treated as the preferred name. allowedHosts: - "*" # Include Pod IP in list of allowed hosts by providing it as the 'POD_IP' envvar # at runtime, which is then used in the configuration.py. allowedHostsIncludesPodIP: true # Specify one or more name and email address tuples representing NetBox # administrators. These people will be notified of application errors (assuming # correct email settings are provided). # admins: # - ['John Doe', 'jdoe@example.com'] admins: [] # Permit the retrieval of API tokens after their creation. allowTokenRetrieval: false # This parameter acts as a pass-through for configuring Django's built-in # password validators for local user accounts. If configured, these will be # applied whenever a user's password is updated to ensure that it meets minimum # criteria such as length or complexity. # https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#auth_password_validators authPasswordValidators: [] # URL schemes that are allowed within links in NetBox allowedUrlSchemes: - file - ftp - ftps - http - https - irc - mailto - sftp - ssh - tel - telnet - tftp - vnc - xmpp banner: # Optionally display a persistent banner at the top and/or bottom of every # page. HTML is allowed. top: "" bottom: "" # Text to include on the login page above the login form. HTML is allowed. login: "" # Base URL path if accessing NetBox within a directory. For example, if # installed at http://example.com/netbox/, set to 'netbox/'. If using # Kubernetes Ingress, make sure you set ingress.hosts[].paths[] appropriately. # This will also require customising the NGINX Unit application server # configuration. basePath: "" # Maximum number of days to retain logged changes. Set to 0 to retain change # logs indefinitely. (Default: 90) changelogRetention: 90 # This is a mapping of models to custom validators that have been defined # locally to enforce custom validation logic. # https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#custom_validators customValidators: {} # This is a dictionary defining the default preferences to be set for newly- # created user accounts. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_user_preferences # defaultUserPreferences: # pagination: # per_page: 100 defaultUserPreferences: {} # API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll # is set to true, all origins will be allowed. Otherwise, define a list of # allowed origins using either originWhitelist or originRegexWhitelist. For # more information, see https://github.com/ottoyiu/django-cors-headers cors: originAllowAll: false originWhitelist: [] originRegexWhitelist: [] # - '^(https?://)?(\w+\.)?example\.com$' # CSRF settings. Needed for netbox v3.2.0 and newer. For more information # see https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#csrf_trusted_origins csrf: # The name of the cookie to use for the cross-site request forgery (CSRF) # authentication token. cookieName: csrftoken # Defines a list of trusted origins for unsafe (e.g. POST) requests. This is # a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each # host listed must specify a scheme (e.g. http:// or `https://). trustedOrigins: [] # Note: this is where the CUSTOM_VALIDATORS setting naturally fits in relation # to the upstream NetBox configuration, but the setting cannot be reflected in # YAML/JSON as it depends on creating instances of Python classes. # Set the default preferred language/locale defaultLanguage: en-us # The maximum size (in bytes) of an incoming HTTP request (i.e. GET or POST data). # Requests which exceed this size will raise a RequestDataTooBig exception. dataUploadMaxMemorySize: 2621440 # Set to True to enable server debugging. WARNING: Debugging introduces a # substantial performance penalty and may reveal sensitive information about # your installation. Only enable debugging while performing testing. Never # enable debugging on a production system. debug: false # Display full traceback of errors that occur when applying database # migrations. dbWaitDebug: false # Email settings email: server: mxe965.netcup.net port: 587 username: philip.haupt@borninpain.de password: "" useSSL: true useTLS: false sslCertFile: "" sslKeyFile: "" # Timeout in seconds timeout: 10 from: noreply@borninpain.de existingSecretName: netbox existingSecretKey: email-password # Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce # unique IP space within the global table (all prefixes and IP addresses not # assigned to a VRF), set enforceGlobalUnique to True. enforceGlobalUnique: true # Exempt certain models from the enforcement of view permissions. Models listed # here will be viewable by all users and by anonymous users. List models in the # form `.`. Add '*' to this list to exempt all models. exemptViewPermissions: [] # - dcim.site # - dcim.region # - ipam.prefix # Some static choice fields on models can be configured with custom values. # Each choice in the list must have a database value and a human-friendly # label, and may optionally specify a color. # https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#field_choices # fieldChoices: # 'dcim.Site.status': # - [foo, Foo, red] # - [bar, Bar, green] # - [baz, Baz, blue] # 'dcim.Site.status+': # ... fieldChoices: {} # The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem. # Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts # for processing. fileUploadMaxMemorySize: 2621440 # Enable the GraphQL API graphQlEnabled: true # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for # webhooks). # httpProxies: # http: http://10.10.1.10:3128 # https: http://10.10.1.10:1080 httpProxies: {} # IP addresses recognized as internal to the system. The debugging toolbar will # be available only to clients accessing NetBox from an internal IP. internalIPs: ["127.0.0.1", "::1"] # The number of days to retain job results (scripts and reports). Set this to 0 # to retain job results in the database indefinitely. # https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#job_retention jobRetention: 90 # Enable custom logging. Please see the Django documentation for detailed # guidance on configuring custom logs: # https://docs.djangoproject.com/en/1.11/topics/logging/ logging: {} # Automatically reset the lifetime of a valid session upon each authenticated # request. Enables users to remain authenticated to NetBox indefinitely. loginPersistence: false # Setting this to True will permit only authenticated users to access any part # of NetBox. By default, anonymous users are permitted to access most data in # NetBox but not make any changes. loginRequired: false # The length of time (in seconds) for which a user will remain logged into the # web UI before being prompted to re-authenticate. # Default value 1209600 is 14 days loginTimeout: 1209600 # The view name or URL to which users are redirected after logging out. logoutRedirectUrl: home # Setting this to True will display a "maintenance mode" banner at the top of # every page. maintenanceMode: false # The URL to use when mapping physical addresses or GPS coordinates mapsUrl: "https://maps.google.com/?q=" # An API consumer can request an arbitrary number of objects by appending the # "limit" parameter to the URL (e.g. "?limit=1000"). This setting defines the # maximum limit. Setting it to 0 or None will allow an API consumer to request # all objects by specifying "?limit=0". maxPageSize: 1000 ## The backend storage engine for handling uploaded files such as image ## attachments and custom scripts. NetBox integrates with the ## django-storages and django-storage-swift libraries, which provide backends ## for several popular file storage services. If not configured, local ## filesystem storage will be used. ## Note these values are not stored securely. If the configuration must be ## setup in a more secure way, a propor Secret can be used with extraEnvVarsSecret. ## ref: https://netboxlabs.com/docs/netbox/en/stable/configuration/system/#storages ## e.g: ## storages: ## default: ## BACKEND: "django.core.files.storage.FileSystemStorage" ## scripts: ## BACKEND: "storages.backends.s3.S3Storage" ## OPTIONS: ## access_key: "access key" ## secret_key: "secret key" storages: {} # Determine how many objects to display per page within a list. (Default: 50) paginateCount: 50 # Enable installed plugins. Add the name of each plugin to the list. plugins: [] # Plugins configuration settings. These settings are used by various plugins # that the user may have installed. Each key in the dictionary is the name of # an installed plugin and its value is a dictionary of settings. pluginsConfig: {} # The default value for the amperage field when creating new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_amperage powerFeedDefaultAmperage: 15 # The default value (percentage) for the max_utilization field when creating # new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_max_utilization powerFeedMaxUtilisation: 80 # The default value for the voltage field when creating new power feeds. # https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_voltage powerFeedDefaultVoltage: 120 # When determining the primary IP address for a device, IPv6 is preferred over # IPv4 by default. Set this to True to prefer IPv4 instead. preferIPv4: false # Rack elevation size defaults, in pixels. For best results, the ratio of width # to height should be roughly 10:1. rackElevationDefaultUnitHeight: 22 rackElevationDefaultUnitWidth: 220 # Remote authentication support remoteAuth: enabled: true backends: - social_core.backends.open_id_connect.OpenIdConnectAuth header: HTTP_REMOTE_USER userFirstName: HTTP_REMOTE_USER_FIRST_NAME userLastName: HTTP_REMOTE_USER_LAST_NAME userEmail: HTTP_REMOTE_USER_EMAIL autoCreateUser: false autoCreateGroups: false defaultGroups: [] defaultPermissions: {} groupSyncEnabled: false groupHeader: HTTP_REMOTE_USER_GROUP superuserGroups: [] superusers: [] staffGroups: [] staffUsers: [] groupSeparator: "|" # The following options are specific for backend "netbox.authentication.LDAPBackend" # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" # see https://django-auth-ldap.readthedocs.io ldap: # serverUri: ldap://example.com serverUri: "" startTls: true ignoreCertErrors: false caCertDir: "" caCertData: "" # bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com bindDn: "" bindPassword: "" userDnTemplate: "" # userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com userSearchBaseDn: "" userSearchAttr: sAMAccountName # groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com groupSearchBaseDn: "" groupSearchClass: group groupType: GroupOfNamesType # requireGroupDn: # - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com # - CN=Domain Admins,CN=Users,DC=example,dc=com requireGroupDn: [] # isAdminDn: # - CN=Domain Admins,CN=Users,DC=example,dc=com isAdminDn: [] # isSuperUserDn: # - CN=Domain Admins,CN=Users,DC=example,dc=com isSuperUserDn: [] findGroupPerms: true mirrorGroups: true mirrorGroupsExcept: [] cacheTimeout: 3600 attrFirstName: givenName attrLastName: sn attrMail: mail releaseCheck: # This repository is used to check whether there is a new release of NetBox # available. Set to null to disable the version check or use the URL below to # check for release in the official NetBox repository. # url: https://api.github.com/repos/netbox-community/netbox/releases url: "" # Maximum execution time for background tasks, in seconds. # Default value 300 is 5 minutes rqDefaultTimeout: 300 # The name to use for the session cookie. sessionCookieName: sessionid # Localization enableLocalization: false # Time zone (default: UTC) timeZone: CET # Date/time formatting. See the following link for supported formats: # https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date dateFormat: "N j, Y" shortDateFormat: "Y-m-d" timeFormat: "g:i a" shortTimeFormat: "H:i:s" dateTimeFormat: "N j, Y g:i a" shortDateTimeFormat: "Y-m-d H:i" ## Extra configuration settings # You can pass additional YAML files to be loaded into NetBox's configuration. # These can be passed as arbitrary configuration values set in the chart, or # you can load arbitrary *.yaml keys from ConfigMaps and Secrets. # extraConfig: # - values: # EXTRA_SETTING_ONE: example # ANOTHER_SETTING: foobar # - configMap: # pod.spec.volumes.configMap # name: netbox-extra # items: [] # optional: false # - secret: # same as pod.spec.volumes.secret # secretName: netbox-extra # items: [] # optional: false extraConfig: - secret: secretName: netbox items: - key: oidc-secret path: oidc_secret.yaml optional: false # If provided, this should be a 50+ character string of random characters. It # will be randomly generated if left blank. # You can also use an existing secret with "secret_key" instead of "secretKey" # See `existingSecret` for details secretKey: "secret_key" ## Provide passwords using existing secret # If set, this Secret must contain the following keys: # - secret_key: session encryption token (50+ random characters) existingSecret: "netbox" # Override the NGINX Unit configuration inside the container. When enabled, this # overrides the default configuration loaded into Unit. The upstream config is: # https://github.com/netbox-community/netbox-docker/blob/release/docker/nginx-unit.json # Remember that JSON is valid YAML: you can safely copy-and-paste from the above # into your values.yaml, or you can copy the YAML version from below as a # starting point. # overrideUnitConfig: # listeners: # "0.0.0.0:8080": # pass: routes/main # "[::]:8080": # pass: routes/main # "0.0.0.0:8081": # pass: routes/status # "[::]:8081": # pass: routes/status # routes: # main: # - match: # uri: "/static/*" # action: # share: "/opt/netbox/netbox${uri}" # - action: # pass: applications/netbox # status: # - match: # uri: "/status/*" # action: # proxy: "http://unix:/opt/unit/unit.sock" # applications: # netbox: # type: "python 3" # path: /opt/netbox/netbox/ # module: netbox.wsgi # home: /opt/netbox/venv # processes: # max: 4 # spare: 1 # idle_timeout: 120 # access_log: /dev/stdout overrideUnitConfig: {} ## @section Deployment parameters ## @param command Override default container command (useful when using custom images) ## command: [] ## @param args Override default container args (useful when using custom images) ## args: [] ## @param replicaCount Number of replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param persistence.enabled Enable persistence using PVC ## @param persistence.storageClass PVC Storage Class for volume ## @param persistence.accessMode PVC Access Mode for volume ## @param persistence.size PVC Storage Request for volume ## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param persistence.existingClaim Name of an existing PVC to be used ## @param persistence.annotations Annotations to add to the PVC ## persistence: enabled: true ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" subPath: "media" accessMode: ReadWriteOnce size: 1Gi existingClaim: "netbox-media" annotations: {} ## Enable reports persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param reportsPersistence.enabled Enable reports persistence using PVC ## @param reportsPersistence.storageClass PVC Storage Class for volume ## @param reportsPersistence.accessMode PVC Access Mode for volume ## @param reportsPersistence.size PVC Storage Request for volume ## @param reportsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param reportsPersistence.existingClaim Name of an existing PVC to be used ## @param reportsPersistence.annotations Annotations to add to the PVC ## reportsPersistence: enabled: false existingClaim: "" subPath: "" ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} ## Enable scripts persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param scriptsPersistence.enabled Enable reports persistence using PVC ## @param scriptsPersistence.storageClass PVC Storage Class for volume ## @param scriptsPersistence.accessMode PVC Access Mode for volume ## @param scriptsPersistence.size PVC Storage Request for volume ## @param scriptsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional) ## @param scriptsPersistence.existingClaim Name of an existing PVC to be used ## @param scriptsPersistence.annotations Annotations to add to the PVC ## scriptsPersistence: enabled: false existingClaim: "" subPath: "" ## Data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} ## @param updateStrategy.type Deployment strategy type ## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: true annotations: {} name: "" automountServiceAccountToken: false ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: true ## @param rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## @param podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param priorityClassName Pods' priorityClassName ## priorityClassName: "" ## @param schedulerName Name of the k8s scheduler (other than default) for pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template. ## e.g: ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: topology.kubernetes.io/zone ## whenUnsatisfiable: DoNotSchedule ## labelSelector: ## matchLabels: ## "app.kubernetes.io/component": netbox ## "app.kubernetes.io/name": netbox ## topologySpreadConstraints: [] ## @section Pod disruption budget ## Configure PodDisruptionBudget for NetBox web pods ## @param pdb.enabled Enable PodDisruptionBudget for NetBox web pods ## @param pdb.minAvailable Minimum number/percentage of pods that must be available ## @param pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable ## If neither minAvailable nor maxUnavailable is set, a sensible default is applied: ## - Single replica: minAvailable: 1 ## - Multiple replicas or HPA enabled: minAvailable: 50% ## pdb: enabled: false minAvailable: "" maxUnavailable: "" ## Container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). ## This is ignored if resources is set (resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "medium" ## Containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param resources.limits The resources limits for the container ## @param resources.requests [object] The requested resources for the container ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable pods' Security Context ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Pods' group ID ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1000 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param securityContext.enabled Enabled containers' Security Context ## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param securityContext.runAsUser Set containers' Security Context runAsUser ## @param securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param securityContext.privileged Set container's Security Context privileged ## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param securityContext.capabilities.drop List of capabilities to be dropped ## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile ## securityContext: enabled: true seLinuxOptions: {} runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param readinessProbe.enabled Enable readinessProbe ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param startupProbe.enabled Enable startupProbe ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 100 successThreshold: 1 ## @param customLivenessProbe Override default liveness probe for containers ## customLivenessProbe: {} ## @param customReadinessProbe Override default readiness probe for containers ## customReadinessProbe: {} ## @param customStartupProbe Override default startup probe for containers ## customStartupProbe: {} ## @param lifecycleHooks for containers to automate configuration before or after startup ## lifecycleHooks: {} ## @param extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers ## extraEnvVarsSecret: "" ## Configure revision history limit for deployments ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy revisionHistoryLimit: 10 ## @section Traffic Exposure Parameters ## Service parameters ## @param service.type Kubernetes Service type ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) ## @param service.loadBalancerIP loadBalancerIP for the service (optional, cloud specific) ## @param service.loadBalancerClass Load Balancer class (optional, cloud specific) ## @param service.nodePort Kubernetes node port ## @param service.externalTrafficPolicy Enable client source IP preservation ## @param service.clusterIP Service Cluster IP ## @param service.annotations Additional custom annotations for Matomo service ## service: annotations: {} type: ClusterIP port: 80 ## nodePort: ## nodePort: "" clusterIP: "" externalTrafficPolicy: Cluster loadBalancerIP: "" ## e.g: ## loadBalancerSourceRanges: ## - 0.0.0.0/0 ## loadBalancerSourceRanges: [] loadBalancerClass: "" externalIPs: [] clusterIPs: [] ipFamilyPolicy: "" ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Configure the ingress resource that allows you to access the app ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation ## enabled: false ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## className: "" ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} hosts: - host: chart-example.local paths: # You can manually specify the service name and service port if # required. This could be useful if for exemple you are using the AWS # ALB Ingress Controller and want to set up automatic SSL redirect. # https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#redirect-traffic-from-http-to-https # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation # # Or you can let the template set it for you. # Both types of rule can be combined. # NB: You may also want to set the basePath above - / tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local ## @section Metrics parameters ## Prometheus Exporter / Metrics ## metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## enabled: false ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics ## metricRelabelings: [] ## @param metrics.serviceMonitor.relabelings Specify general relabeling ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} additionalLabels: {} ## @section Databases parameters ## PostgreSQL chart configuration ## https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml ## postgresql: ## @param postgresql.enabled Whether to deploy a PostgreSQL server to satisfy the applications database requirements ## To use an external database set this to false and configure the externalDatabase parameters ## enabled: false auth: username: netbox database: netbox ## External database configuration ## @param externalDatabase.host Host of the existing database ## @param externalDatabase.port Port of the existing database ## @param externalDatabase.username Existing username in the external db ## @param externalDatabase.password Password for the above username ## @param externalDatabase.database Name of the existing database ## @param externalDatabase.existingSecretName Name of a secret containing the database credentials ## @param externalDatabase.existingSecretKey Key of a secret containing the database credentials ## externalDatabase: host: cnpg-netbox-cluster-rw port: 5432 database: netbox username: netbox password: "" existingSecretName: cnpg-netbox-cluster-app existingSecretKey: password # The following settings also apply when using the bundled PostgreSQL chart: engine: django.db.backends.postgresql connMaxAge: 300 disableServerSideCursors: false ## @param externalDatabase.options Additional PostgreSQL client parameters ## Ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS ## options: sslmode: "prefer" target_session_attrs: "read-write" ## Additional databases configuration ## @param additionalDatabases.*.host Host of the existing database ## @param additionalDatabases.*.port Port of the existing database ## @param additionalDatabases.*.username Existing username in the external db ## @param additionalDatabases.*.password Password for the above username ## @param additionalDatabases.*.database Name of the existing database ## e.g: ## additionalDatabases: ## external2: ## host: localhost ## port: 5432 ## database: netbox ## username: netbox ## password: "" ## engine: django.db.backends.postgresql ## connMaxAge: 300 ## disableServerSideCursors: false ## options: ## sslmode: "prefer" ## target_session_attrs: "read-write" ## additionalDatabases: {} ## Valkey chart configuration ## https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml ## @param valkey.enabled Whether to deploy a Valkey server to satisfy the applications database requirements ## valkey: enabled: false sentinel: enabled: false primarySet: netbox-kv auth: # Sentinel auth is disabled by default, as Netbox does not support configuring SENTINEL_KWARGS. sentinel: false tasksDatabase: database: 3 ssl: false insecureSkipTlsVerify: false # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers caCertPath: "" # Used only when valkey.enabled is false. host and port are not used if # sentinels are given. host: valkey.valkey.svc.cluster.local port: 6379 sentinels: [] # - mysentinel:26379 sentinelService: netbox-kv sentinelTimeout: 300 username: "" password: "" existingSecretName: "netbox" existingSecretKey: kv-password cachingDatabase: database: 4 ssl: false insecureSkipTlsVerify: false # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers caCertPath: "" # Used only when valkey.enabled is false. host and port are not used if # sentinels are given. host: valkey.valkey.svc.cluster.local port: 6379 sentinels: [] # - mysentinel:26379 sentinelService: netbox-kv sentinelTimeout: 300 username: "" password: "" existingSecretName: "netbox" existingSecretKey: kv-password ## @section Autoscaling parameters ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param autoscaling.enabled Enable Horizontal POD autoscaling ## @param autoscaling.minReplicas Minimum number of replicas ## @param autoscaling.maxReplicas Maximum number of replicas ## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage ## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 ## @section Volume permissions parameters ## Init Container parameters ## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup' ## values from the securityContext section. ## init: ## @param init.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry ## @param init.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name ## @param init.image.tag Init container volume-permissions image tag ## @param init.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param init.image.pullPolicy Init container volume-permissions image pull policy ## @param init.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: busybox tag: 1.37.0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param init.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container' Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below init.securityContext.runAsUser ## @param init.securityContext.enabled Enabled containers' Security Context ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param init.securityContext.runAsUser User ID for the init container ## @param init.securityContext.runAsGroup Group ID for the init container ## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container ## securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: RuntimeDefault capabilities: drop: - ALL readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @section Test parameters test: ## @param test.image.registry [default: REGISTRY_NAME] test container volume-permissions image registry ## @param test.image.repository [default: REPOSITORY_NAME/os-shell] test container volume-permissions image name ## @param test.image.tag test container volume-permissions image tag ## @param test.image.digest test container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param test.image.pullPolicy test container volume-permissions image pull policy ## @param test.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: busybox tag: 1.37.0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## test container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param test.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if test.resources is set (test.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param test.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## test container' Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below test.securityContext.runAsUser ## @param test.securityContext.enabled Enabled containers' Security Context ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param test.securityContext.runAsUser User ID for the test container ## @param test.securityContext.runAsGroup Group ID for the test container ## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container ## securityContext: enabled: false seLinuxOptions: {} seccompProfile: type: RuntimeDefault capabilities: drop: - ALL readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @section Cron housekeeping job parameters ## Configuration of Cron settings ## housekeeping: ## @param housekeeping.enabled Enable housekeeping job ## enabled: true ## @param housekeeping.schedule Schedule in Cron format to save snapshots ## See https://en.wikipedia.org/wiki/Cron ## schedule: "0 0 * * *" ## @param housekeeping.timezone Set time zone for cron job ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones ## timezone: "" ## @param housekeeping.historyLimit Number of successful finished jobs to retain ## successfulJobsHistoryLimit: 5 ## @param housekeeping.failedHistoryLimit Number of failed finished jobs to retain ## failedJobsHistoryLimit: 5 ## @param housekeeping.command The command to execute in the housekeeping job ## To append another command, e.g. in order to shut down a DB sidecar container, use something like ## - /bin/bash ## - -c ## - > ## /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping ## && curl -X POST http://localhost:9190/quitquitquit" ## command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - housekeeping ## @param housekeeping.args Override default housekeeping args ## args: [] ## @param housekeeping.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## K8s Security Context for Housekeeping Cronjob pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param housekeeping.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods ## @param housekeeping.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param housekeeping.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param housekeeping.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param housekeeping.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem ## podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] ## K8s Security Context for Housekeeping Cronjob containers ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param housekeeping.securityContext.enabled Enabled containers' Security Context ## @param housekeeping.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param housekeeping.securityContext.runAsUser Set containers' Security Context runAsUser ## @param housekeeping.securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param housekeeping.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param housekeeping.securityContext.privileged Set container's Security Context privileged ## @param housekeeping.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param housekeeping.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param housekeeping.securityContext.capabilities.drop List of capabilities to be dropped ## @param housekeeping.securityContext.seccompProfile.type Set container's Security Context seccomp profile securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: "RuntimeDefault" capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @param housekeeping.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param housekeeping.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param housekeeping.readOnlyPersistence Whether to mount media, script, and report directories as read-only ## readOnlyPersistence: false ## @param housekeeping.extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param housekeeping.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for housekeeping containers ## extraEnvVarsCM: "" ## @param housekeeping.extraEnvVarsSecret Name of existing Secret containing extra env vars for housekeeping containers ## extraEnvVarsSecret: "" ## @param housekeeping.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param housekeeping.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param housekeeping.sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param housekeeping.initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## @param housekeeping.affinity Housekeeping™ Affinity for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param housekeeping.nodeSelector Housekeeping™ Node labels for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param housekeeping.tolerations Housekeeping™ Tolerations for housekeeping pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param housekeeping.podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false concurrencyPolicy: Forbid restartPolicy: OnFailure suspend: false ## @section Worker for Netbox parameters ## Worker for Netbox ## Only required for Netbox Jobs, e.g. Webhooks ## worker: ## @param worker.enabled Enable worker job ## enabled: true ## @param worker.command The command to execute in the worker container ## command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - rqworker ## @param worker.args Override worker container args ## args: [] ## @param worker.replicaCount Number of replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## Configure PodDisruptionBudget for worker pods ## @param worker.pdb.enabled Enable PodDisruptionBudget for worker pods ## @param worker.pdb.minAvailable Minimum number/percentage of pods that must be available ## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable ## If neither minAvailable nor maxUnavailable is set, a sensible default is applied: ## - Single replica: minAvailable: 1 ## - Multiple replicas or HPA enabled: minAvailable: 50% pdb: enabled: false minAvailable: "" maxUnavailable: "" ## @param worker.podLabels Extra labels for pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param worker.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## K8s Security Context for worker pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param worker.podSecurityContext.enabled Enable security context for InfluxDB™ housekeeping pods ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param worker.podSecurityContext.fsGroup Group ID for the InfluxDB™ filesystem ## podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] ## K8s Security Context for worker containers ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param worker.securityContext.enabled Enabled containers' Security Context ## @param worker.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param worker.securityContext.runAsUser Set containers' Security Context runAsUser ## @param worker.securityContext.runAsGroup Set containers' Security Context runAsGroup ## @param worker.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param worker.securityContext.privileged Set container's Security Context privileged ## @param worker.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param worker.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param worker.securityContext.capabilities.drop List of capabilities to be dropped ## @param worker.securityContext.seccompProfile.type Set container's Security Context seccomp profile securityContext: enabled: true seLinuxOptions: {} seccompProfile: type: "RuntimeDefault" capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param worker.readOnlyPersistence Whether to mount media, script, and report directories as read-only ## readOnlyPersistence: false ## @param worker.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: true ## @param worker.affinity Affinity for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param worker.nodeSelector Node labels for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param worker.tolerations Tolerations for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param worker.priorityClassName Pods' priorityClassName ## priorityClassName: "" ## @param worker.schedulerName Name of the k8s scheduler (other than default) for pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param worker.terminationGracePeriodSeconds Seconds pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: ## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template. ## e.g: ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: topology.kubernetes.io/zone ## whenUnsatisfiable: DoNotSchedule ## labelSelector: ## matchLabels: ## "app.kubernetes.io/component": netbox ## "app.kubernetes.io/name": netbox ## topologySpreadConstraints: [] ## @param worker.hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param worker.updateStrategy.type Deployment strategy type ## @param worker.updateStrategy.rollingUpdate Deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param worker.autoscaling.enabled Enable Horizontal POD autoscaling ## @param worker.autoscaling.minReplicas Minimum number of replicas ## @param worker.autoscaling.maxReplicas Maximum number of replicas ## @param worker.autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage ## @param worker.autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 ## @param worker.extraEnvs Extra environment variables to be set on containers ## E.g: ## extraEnvs: ## - name: FOO ## valueFrom: ## secretKeyRef: ## key: FOO ## name: secret-resource extraEnvs: [] ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers ## extraEnvVarsCM: "" ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers ## extraEnvVarsSecret: "" ## @param worker.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` ## e.g: ## extraVolumes: ## - name: kv-ca ## secret: ## secretName: kv-ca ## extraVolumes: [] ## @param worker.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. ## e.g: ## extraVolumeMounts: ## - name: kv-ca ## mountPath: /tmp/kv-ca ## subPath: kv_ca ## readOnly: true ## extraVolumeMounts: [] ## @param worker.sidecars Add additional sidecar containers to the pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param worker.initContainers Add additional init containers to the pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] ## Init containers parameters: ## wait-for-backend: Wait for NetBox backend before running workers ## waitForBackend: ## @param waitForBackend.enabled Wait for NetBox backend before running workers ## enabled: true ## @param waitForBackend.image.registry [default: REGISTRY_NAME] Init container wait-for-backend image registry ## @param waitForBackend.image.repository [default: REPOSITORY_NAME/kubectl] Init container wait-for-backend image name ## @param waitForBackend.image.tag Init container wait-for-backend image tag ## @param waitForBackend.image.digest Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param waitForBackend.image.pullPolicy Init container wait-for-backend image pull policy ## @param waitForBackend.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: rancher/kubectl tag: v1.34.1 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param waitForBackend.command The command to execute in the wait-for-backend container ## command: - /bin/kubectl ## @param waitForBackend.args Override wait-for-backend container args ## args: - rollout - status - deployment - "$(DEPLOYMENT_NAME)" ## waitForBackend containers' Security Context (init container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param waitForBackend.containerSecurityContext.enabled Enabled containers' Security Context ## @param waitForBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param waitForBackend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param waitForBackend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param waitForBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param waitForBackend.containerSecurityContext.privileged Set container's Security Context privileged ## @param waitForBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param waitForBackend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param waitForBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param waitForBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## Init container resource requests and limits. ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param waitForBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackend.resources is set (waitForBackend.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param waitForBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {}