k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63de3d0a1f561674ce14dde1dff04c99ae75fc27
apps/netbox/src/values.yaml
Philip Haupt ae3e68d4db netbox pvc
2025-11-07 22:08:05 +01:00

1812 lines
70 KiB
YAML
Raw Blame History

# Default values for NetBox.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @section Global parameters
## Global container image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global container image registry
## @param global.imagePullSecrets Global container registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: openebs-3-replicas
## @section Common parameters
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
## Example:
## extraDeploy:
## - |
## apiVersion: v1
## kind: ConfigMap
## metadata:
## name: sso-pipeline-roles
## namespace: netbox
## data:
## sso_pipeline_roles.py: |
## from netbox.authentication import Group
## ...
##
extraDeploy: []
## @section NetBox Image parameters
## @param image.registry Image registry
## @param image.repository Image repository
## @param image.tag Image tag
## @param image.digest Image digest in the way sha256:aa...
## @param image.pullPolicy MariaDB image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: ghcr.io
repository: netbox-community/netbox
pullPolicy: IfNotPresent
## Defaults to '{{ .Chart.AppVersion }}'
##
tag: ""
## If set, override the tag
##
digest: ""
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section NetBox Configuration parameters
# You can also use an existing secret for the superuser password and API token
# See `existingSecret` for details
superuser:
name: admin
email: admin@borninpain.de
password: ""
apiToken: ""
existingSecret: "netbox-superuser"
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox
# server. NetBox will not permit write access to the server via any other
# hostnames. The first FQDN in the list will be treated as the preferred name.
allowedHosts:
- "*"
# Include Pod IP in list of allowed hosts by providing it as the 'POD_IP' envvar
# at runtime, which is then used in the configuration.py.
allowedHostsIncludesPodIP: true
# Specify one or more name and email address tuples representing NetBox
# administrators. These people will be notified of application errors (assuming
# correct email settings are provided).
# admins:
# - ['John Doe', 'jdoe@example.com']
admins: []
# Permit the retrieval of API tokens after their creation.
allowTokenRetrieval: false
# This parameter acts as a pass-through for configuring Django's built-in
# password validators for local user accounts. If configured, these will be
# applied whenever a user's password is updated to ensure that it meets minimum
# criteria such as length or complexity.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#auth_password_validators
authPasswordValidators: []
# URL schemes that are allowed within links in NetBox
allowedUrlSchemes:
- file
- ftp
- ftps
- http
- https
- irc
- mailto
- sftp
- ssh
- tel
- telnet
- tftp
- vnc
- xmpp
banner:
# Optionally display a persistent banner at the top and/or bottom of every
# page. HTML is allowed.
top: ""
bottom: ""
# Text to include on the login page above the login form. HTML is allowed.
login: ""
# Base URL path if accessing NetBox within a directory. For example, if
# installed at http://example.com/netbox/, set to 'netbox/'. If using
# Kubernetes Ingress, make sure you set ingress.hosts[].paths[] appropriately.
# This will also require customising the NGINX Unit application server
# configuration.
basePath: ""
# Maximum number of days to retain logged changes. Set to 0 to retain change
# logs indefinitely. (Default: 90)
changelogRetention: 90
# This is a mapping of models to custom validators that have been defined
# locally to enforce custom validation logic.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#custom_validators
customValidators: {}
# This is a dictionary defining the default preferences to be set for newly-
# created user accounts.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_user_preferences
# defaultUserPreferences:
# pagination:
# per_page: 100
defaultUserPreferences: {}
# API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll
# is set to true, all origins will be allowed. Otherwise, define a list of
# allowed origins using either originWhitelist or originRegexWhitelist. For
# more information, see https://github.com/ottoyiu/django-cors-headers
cors:
originAllowAll: false
originWhitelist: []
originRegexWhitelist: []
# - '^(https?://)?(\w+\.)?example\.com$'
# CSRF settings. Needed for netbox v3.2.0 and newer. For more information
# see https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#csrf_trusted_origins
csrf:
# The name of the cookie to use for the cross-site request forgery (CSRF)
# authentication token.
cookieName: csrftoken
# Defines a list of trusted origins for unsafe (e.g. POST) requests. This is
# a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each
# host listed must specify a scheme (e.g. http:// or `https://).
trustedOrigins: []
# Note: this is where the CUSTOM_VALIDATORS setting naturally fits in relation
# to the upstream NetBox configuration, but the setting cannot be reflected in
# YAML/JSON as it depends on creating instances of Python classes.
# Set the default preferred language/locale
defaultLanguage: en-us
# The maximum size (in bytes) of an incoming HTTP request (i.e. GET or POST data).
# Requests which exceed this size will raise a RequestDataTooBig exception.
dataUploadMaxMemorySize: 2621440
# Set to True to enable server debugging. WARNING: Debugging introduces a
# substantial performance penalty and may reveal sensitive information about
# your installation. Only enable debugging while performing testing. Never
# enable debugging on a production system.
debug: false
# Display full traceback of errors that occur when applying database
# migrations.
dbWaitDebug: false
# Email settings
email:
server: mxe965.netcup.net
port: 587
username: philip.haupt@borninpain.de
password: ""
useSSL: true
useTLS: false
sslCertFile: ""
sslKeyFile: ""
# Timeout in seconds
timeout: 10
from: noreply@borninpain.de
existingSecretName: netbox
existingSecretKey: email-password
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce
# unique IP space within the global table (all prefixes and IP addresses not
# assigned to a VRF), set enforceGlobalUnique to True.
enforceGlobalUnique: true
# Exempt certain models from the enforcement of view permissions. Models listed
# here will be viewable by all users and by anonymous users. List models in the
# form `<app>.<model>`. Add '*' to this list to exempt all models.
exemptViewPermissions: []
# - dcim.site
# - dcim.region
# - ipam.prefix
# Some static choice fields on models can be configured with custom values.
# Each choice in the list must have a database value and a human-friendly
# label, and may optionally specify a color.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#field_choices
# fieldChoices:
# 'dcim.Site.status':
# - [foo, Foo, red]
# - [bar, Bar, green]
# - [baz, Baz, blue]
# 'dcim.Site.status+':
# ...
fieldChoices: {}
# The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem.
# Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts
# for processing.
fileUploadMaxMemorySize: 2621440
# Enable the GraphQL API
graphQlEnabled: true
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for
# webhooks).
# httpProxies:
# http: http://10.10.1.10:3128
# https: http://10.10.1.10:1080
httpProxies: {}
# IP addresses recognized as internal to the system. The debugging toolbar will
# be available only to clients accessing NetBox from an internal IP.
internalIPs: ["127.0.0.1", "::1"]
# The number of days to retain job results (scripts and reports). Set this to 0
# to retain job results in the database indefinitely.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#job_retention
jobRetention: 90
# Enable custom logging. Please see the Django documentation for detailed
# guidance on configuring custom logs:
# https://docs.djangoproject.com/en/1.11/topics/logging/
logging: {}
# Automatically reset the lifetime of a valid session upon each authenticated
# request. Enables users to remain authenticated to NetBox indefinitely.
loginPersistence: false
# Setting this to True will permit only authenticated users to access any part
# of NetBox. By default, anonymous users are permitted to access most data in
# NetBox but not make any changes.
loginRequired: false
# The length of time (in seconds) for which a user will remain logged into the
# web UI before being prompted to re-authenticate.
# Default value 1209600 is 14 days
loginTimeout: 1209600
# The view name or URL to which users are redirected after logging out.
logoutRedirectUrl: home
# Setting this to True will display a "maintenance mode" banner at the top of
# every page.
maintenanceMode: false
# The URL to use when mapping physical addresses or GPS coordinates
mapsUrl: "https://maps.google.com/?q="
# An API consumer can request an arbitrary number of objects by appending the
# "limit" parameter to the URL (e.g. "?limit=1000"). This setting defines the
# maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
maxPageSize: 1000
## The backend storage engine for handling uploaded files such as image
## attachments and custom scripts. NetBox integrates with the
## django-storages and django-storage-swift libraries, which provide backends
## for several popular file storage services. If not configured, local
## filesystem storage will be used.
## Note these values are not stored securely. If the configuration must be
## setup in a more secure way, a propor Secret can be used with extraEnvVarsSecret.
## ref: https://netboxlabs.com/docs/netbox/en/stable/configuration/system/#storages
## e.g:
## storages:
## default:
## BACKEND: "django.core.files.storage.FileSystemStorage"
## scripts:
## BACKEND: "storages.backends.s3.S3Storage"
## OPTIONS:
## access_key: "access key"
## secret_key: "secret key"
storages: {}
# Determine how many objects to display per page within a list. (Default: 50)
paginateCount: 50
# Enable installed plugins. Add the name of each plugin to the list.
plugins: []
# Plugins configuration settings. These settings are used by various plugins
# that the user may have installed. Each key in the dictionary is the name of
# an installed plugin and its value is a dictionary of settings.
pluginsConfig: {}
# The default value for the amperage field when creating new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_amperage
powerFeedDefaultAmperage: 15
# The default value (percentage) for the max_utilization field when creating
# new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_max_utilization
powerFeedMaxUtilisation: 80
# The default value for the voltage field when creating new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_voltage
powerFeedDefaultVoltage: 120
# When determining the primary IP address for a device, IPv6 is preferred over
# IPv4 by default. Set this to True to prefer IPv4 instead.
preferIPv4: false
# Rack elevation size defaults, in pixels. For best results, the ratio of width
# to height should be roughly 10:1.
rackElevationDefaultUnitHeight: 22
rackElevationDefaultUnitWidth: 220
# Remote authentication support
remoteAuth:
enabled: true
backends:
- social_core.backends.open_id_connect.OpenIdConnectAuth
header: HTTP_REMOTE_USER
userFirstName: HTTP_REMOTE_USER_FIRST_NAME
userLastName: HTTP_REMOTE_USER_LAST_NAME
userEmail: HTTP_REMOTE_USER_EMAIL
autoCreateUser: false
autoCreateGroups: false
defaultGroups: []
defaultPermissions: {}
groupSyncEnabled: false
groupHeader: HTTP_REMOTE_USER_GROUP
superuserGroups: []
superusers: []
staffGroups: []
staffUsers: []
groupSeparator: "|"
# The following options are specific for backend "netbox.authentication.LDAPBackend"
# you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword"
# see https://django-auth-ldap.readthedocs.io
ldap:
# serverUri: ldap://example.com
serverUri: ""
startTls: true
ignoreCertErrors: false
caCertDir: ""
caCertData: ""
# bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com
bindDn: ""
bindPassword: ""
userDnTemplate: ""
# userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com
userSearchBaseDn: ""
userSearchAttr: sAMAccountName
# groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com
groupSearchBaseDn: ""
groupSearchClass: group
groupType: GroupOfNamesType
# requireGroupDn:
# - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com
# - CN=Domain Admins,CN=Users,DC=example,dc=com
requireGroupDn: []
# isAdminDn:
# - CN=Domain Admins,CN=Users,DC=example,dc=com
isAdminDn: []
# isSuperUserDn:
# - CN=Domain Admins,CN=Users,DC=example,dc=com
isSuperUserDn: []
findGroupPerms: true
mirrorGroups: true
mirrorGroupsExcept: []
cacheTimeout: 3600
attrFirstName: givenName
attrLastName: sn
attrMail: mail
releaseCheck:
# This repository is used to check whether there is a new release of NetBox
# available. Set to null to disable the version check or use the URL below to
# check for release in the official NetBox repository.
# url: https://api.github.com/repos/netbox-community/netbox/releases
url: ""
# Maximum execution time for background tasks, in seconds.
# Default value 300 is 5 minutes
rqDefaultTimeout: 300
# The name to use for the session cookie.
sessionCookieName: sessionid
# Localization
enableLocalization: false
# Time zone (default: UTC)
timeZone: CET
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date
dateFormat: "N j, Y"
shortDateFormat: "Y-m-d"
timeFormat: "g:i a"
shortTimeFormat: "H:i:s"
dateTimeFormat: "N j, Y g:i a"
shortDateTimeFormat: "Y-m-d H:i"
## Extra configuration settings
# You can pass additional YAML files to be loaded into NetBox's configuration.
# These can be passed as arbitrary configuration values set in the chart, or
# you can load arbitrary *.yaml keys from ConfigMaps and Secrets.
# extraConfig:
# - values:
# EXTRA_SETTING_ONE: example
# ANOTHER_SETTING: foobar
# - configMap: # pod.spec.volumes.configMap
# name: netbox-extra
# items: []
# optional: false
# - secret: # same as pod.spec.volumes.secret
# secretName: netbox-extra
# items: []
# optional: false
extraConfig:
- secret:
secretName: netbox
items:
- key: oidc-secret
path: oidc_secret.yaml
optional: false
# If provided, this should be a 50+ character string of random characters. It
# will be randomly generated if left blank.
# You can also use an existing secret with "secret_key" instead of "secretKey"
# See `existingSecret` for details
secretKey: "secret_key"
## Provide passwords using existing secret
# If set, this Secret must contain the following keys:
# - secret_key: session encryption token (50+ random characters)
existingSecret: "netbox"
# Override the NGINX Unit configuration inside the container. When enabled, this
# overrides the default configuration loaded into Unit. The upstream config is:
# https://github.com/netbox-community/netbox-docker/blob/release/docker/nginx-unit.json
# Remember that JSON is valid YAML: you can safely copy-and-paste from the above
# into your values.yaml, or you can copy the YAML version from below as a
# starting point.
# overrideUnitConfig:
# listeners:
# "0.0.0.0:8080":
# pass: routes/main
# "[::]:8080":
# pass: routes/main
# "0.0.0.0:8081":
# pass: routes/status
# "[::]:8081":
# pass: routes/status
# routes:
# main:
# - match:
# uri: "/static/*"
# action:
# share: "/opt/netbox/netbox${uri}"
# - action:
# pass: applications/netbox
# status:
# - match:
# uri: "/status/*"
# action:
# proxy: "http://unix:/opt/unit/unit.sock"
# applications:
# netbox:
# type: "python 3"
# path: /opt/netbox/netbox/
# module: netbox.wsgi
# home: /opt/netbox/venv
# processes:
# max: 4
# spare: 1
# idle_timeout: 120
# access_log: /dev/stdout
overrideUnitConfig: {}
## @section Deployment parameters
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param replicaCount Number of replicas to deploy
## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1
##
replicaCount: 1
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param persistence.enabled Enable persistence using PVC
## @param persistence.storageClass PVC Storage Class for volume
## @param persistence.accessMode PVC Access Mode for volume
## @param persistence.size PVC Storage Request for volume
## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param persistence.existingClaim Name of an existing PVC to be used
## @param persistence.annotations Annotations to add to the PVC
##
persistence:
enabled: true
## Data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
subPath: "media"
accessMode: ReadWriteOnce
size: 1Gi
existingClaim: "netbox-media"
annotations: {}
## Enable reports persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param reportsPersistence.enabled Enable reports persistence using PVC
## @param reportsPersistence.storageClass PVC Storage Class for volume
## @param reportsPersistence.accessMode PVC Access Mode for volume
## @param reportsPersistence.size PVC Storage Request for volume
## @param reportsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param reportsPersistence.existingClaim Name of an existing PVC to be used
## @param reportsPersistence.annotations Annotations to add to the PVC
##
reportsPersistence:
enabled: false
existingClaim: ""
subPath: ""
## Data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
annotations: {}
## Enable scripts persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param scriptsPersistence.enabled Enable reports persistence using PVC
## @param scriptsPersistence.storageClass PVC Storage Class for volume
## @param scriptsPersistence.accessMode PVC Access Mode for volume
## @param scriptsPersistence.size PVC Storage Request for volume
## @param scriptsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param scriptsPersistence.existingClaim Name of an existing PVC to be used
## @param scriptsPersistence.annotations Annotations to add to the PVC
##
scriptsPersistence:
enabled: false
existingClaim: ""
subPath: ""
## Data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
annotations: {}
## @param updateStrategy.type Deployment strategy type
## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
annotations: {}
name: ""
automountServiceAccountToken: false
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: true
## @param rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
## e.g:
## extraVolumes:
## - name: kv-ca
## secret:
## secretName: kv-ca
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
## e.g:
## extraVolumeMounts:
## - name: kv-ca
## mountPath: /tmp/kv-ca
## subPath: kv_ca
## readOnly: true
##
extraVolumeMounts: []
## @param sidecars Add additional sidecar containers to the pod
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Add additional init containers to the pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "init"']
##
initContainers: []
## @param podLabels Extra labels for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param priorityClassName Pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default) for pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds:
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template.
## e.g:
## topologySpreadConstraints:
## - maxSkew: 1
## topologyKey: topology.kubernetes.io/zone
## whenUnsatisfiable: DoNotSchedule
## labelSelector:
## matchLabels:
## "app.kubernetes.io/component": netbox
## "app.kubernetes.io/name": netbox
##
topologySpreadConstraints: []
## @section Pod disruption budget
## Configure PodDisruptionBudget for NetBox web pods
## @param pdb.enabled Enable PodDisruptionBudget for NetBox web pods
## @param pdb.minAvailable Minimum number/percentage of pods that must be available
## @param pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable
## If neither minAvailable nor maxUnavailable is set, a sensible default is applied:
## - Single replica: minAvailable: 1
## - Multiple replicas or HPA enabled: minAvailable: 50%
##
pdb:
enabled: false
minAvailable: ""
maxUnavailable: ""
## Container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
## This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "medium"
## Containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.limits The resources limits for the container
## @param resources.requests [object] The requested resources for the container
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Pods' group ID
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1000
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param securityContext.enabled Enabled containers' Security Context
## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param securityContext.runAsUser Set containers' Security Context runAsUser
## @param securityContext.runAsGroup Set containers' Security Context runAsGroup
## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param securityContext.privileged Set container's Security Context privileged
## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param securityContext.capabilities.drop List of capabilities to be dropped
## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile
##
securityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## Configure extra options for startupProbe probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 100
successThreshold: 1
## @param customLivenessProbe Override default liveness probe for containers
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe for containers
##
customReadinessProbe: {}
## @param customStartupProbe Override default startup probe for containers
##
customStartupProbe: {}
## @param lifecycleHooks for containers to automate configuration before or after startup
##
lifecycleHooks: {}
## @param extraEnvs Extra environment variables to be set on containers
## E.g:
## extraEnvs:
## - name: FOO
## valueFrom:
## secretKeyRef:
## key: FOO
## name: secret-resource
extraEnvs: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers
##
extraEnvVarsSecret: ""
## Configure revision history limit for deployments
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 10
## @section Traffic Exposure Parameters
## Service parameters
## @param service.type Kubernetes Service type
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## @param service.loadBalancerIP loadBalancerIP for the service (optional, cloud specific)
## @param service.loadBalancerClass Load Balancer class (optional, cloud specific)
## @param service.nodePort Kubernetes node port
## @param service.externalTrafficPolicy Enable client source IP preservation
## @param service.clusterIP Service Cluster IP
## @param service.annotations Additional custom annotations for Matomo service
##
service:
annotations: {}
type: ClusterIP
port: 80
## nodePort: <to set explicitly, choose port between 30000-32767>
##
nodePort: ""
clusterIP: ""
externalTrafficPolicy: Cluster
loadBalancerIP: ""
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
loadBalancerClass: ""
externalIPs: []
clusterIPs: []
ipFamilyPolicy: ""
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the app
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation
##
enabled: false
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
className: ""
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
hosts:
- host: chart-example.local
paths:
# You can manually specify the service name and service port if
# required. This could be useful if for exemple you are using the AWS
# ALB Ingress Controller and want to set up automatic SSL redirect.
# https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#redirect-traffic-from-http-to-https
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
#
# Or you can let the template set it for you.
# Both types of rule can be combined.
# NB: You may also want to set the basePath above
- /
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## @section Metrics parameters
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
##
enabled: false
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## interval: 10s
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## selector:
## prometheus: my-prometheus
##
selector: {}
additionalLabels: {}
## @section Databases parameters
## PostgreSQL chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
##
postgresql:
## @param postgresql.enabled Whether to deploy a PostgreSQL server to satisfy the applications database requirements
## To use an external database set this to false and configure the externalDatabase parameters
##
enabled: false
auth:
username: netbox
database: netbox
## External database configuration
## @param externalDatabase.host Host of the existing database
## @param externalDatabase.port Port of the existing database
## @param externalDatabase.username Existing username in the external db
## @param externalDatabase.password Password for the above username
## @param externalDatabase.database Name of the existing database
## @param externalDatabase.existingSecretName Name of a secret containing the database credentials
## @param externalDatabase.existingSecretKey Key of a secret containing the database credentials
##
externalDatabase:
host: cnpg-netbox-cluster-rw
port: 5432
database: netbox
username: netbox
password: ""
existingSecretName: cnpg-netbox-cluster-app
existingSecretKey: password
# The following settings also apply when using the bundled PostgreSQL chart:
engine: django.db.backends.postgresql
connMaxAge: 300
disableServerSideCursors: false
## @param externalDatabase.options Additional PostgreSQL client parameters
## Ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
##
options:
sslmode: "prefer"
target_session_attrs: "read-write"
## Additional databases configuration
## @param additionalDatabases.*.host Host of the existing database
## @param additionalDatabases.*.port Port of the existing database
## @param additionalDatabases.*.username Existing username in the external db
## @param additionalDatabases.*.password Password for the above username
## @param additionalDatabases.*.database Name of the existing database
## e.g:
## additionalDatabases:
## external2:
## host: localhost
## port: 5432
## database: netbox
## username: netbox
## password: ""
## engine: django.db.backends.postgresql
## connMaxAge: 300
## disableServerSideCursors: false
## options:
## sslmode: "prefer"
## target_session_attrs: "read-write"
##
additionalDatabases: {}
## Valkey chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml
## @param valkey.enabled Whether to deploy a Valkey server to satisfy the applications database requirements
##
valkey:
enabled: false
sentinel:
enabled: false
primarySet: netbox-kv
auth:
# Sentinel auth is disabled by default, as Netbox does not support configuring SENTINEL_KWARGS.
sentinel: false
tasksDatabase:
database: 3
ssl: false
insecureSkipTlsVerify: false
# When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers
caCertPath: ""
# Used only when valkey.enabled is false. host and port are not used if
# sentinels are given.
host: valkey.valkey.svc.cluster.local
port: 6379
sentinels: []
# - mysentinel:26379
sentinelService: netbox-kv
sentinelTimeout: 300
username: ""
password: ""
existingSecretName: "netbox"
existingSecretKey: kv-password
cachingDatabase:
database: 4
ssl: false
insecureSkipTlsVerify: false
# When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers
caCertPath: ""
# Used only when valkey.enabled is false. host and port are not used if
# sentinels are given.
host: valkey.valkey.svc.cluster.local
port: 6379
sentinels: []
# - mysentinel:26379
sentinelService: netbox-kv
sentinelTimeout: 300
username: ""
password: ""
existingSecretName: "netbox"
existingSecretKey: kv-password
## @section Autoscaling parameters
## Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## @param autoscaling.enabled Enable Horizontal POD autoscaling
## @param autoscaling.minReplicas Minimum number of replicas
## @param autoscaling.maxReplicas Maximum number of replicas
## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage
## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## @section Volume permissions parameters
## Init Container parameters
## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup'
## values from the securityContext section.
##
init:
## @param init.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param init.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
## @param init.image.tag Init container volume-permissions image tag
## @param init.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param init.image.pullPolicy Init container volume-permissions image pull policy
## @param init.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: busybox
tag: 1.37.0
digest: ""
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param init.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Init container' Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below init.securityContext.runAsUser
## @param init.securityContext.enabled Enabled containers' Security Context
## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param init.securityContext.runAsUser User ID for the init container
## @param init.securityContext.runAsGroup Group ID for the init container
## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container
## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container
##
securityContext:
enabled: true
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
## @section Test parameters
test:
## @param test.image.registry [default: REGISTRY_NAME] test container volume-permissions image registry
## @param test.image.repository [default: REPOSITORY_NAME/os-shell] test container volume-permissions image name
## @param test.image.tag test container volume-permissions image tag
## @param test.image.digest test container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param test.image.pullPolicy test container volume-permissions image pull policy
## @param test.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: busybox
tag: 1.37.0
digest: ""
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## test container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param test.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if test.resources is set (test.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param test.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## test container' Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below test.securityContext.runAsUser
## @param test.securityContext.enabled Enabled containers' Security Context
## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param test.securityContext.runAsUser User ID for the test container
## @param test.securityContext.runAsGroup Group ID for the test container
## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container
## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container
##
securityContext:
enabled: false
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
## @section Cron housekeeping job parameters
## Configuration of Cron settings
##
housekeeping:
## @param housekeeping.enabled Enable housekeeping job
##
enabled: true
## @param housekeeping.schedule Schedule in Cron format to save snapshots
## See https://en.wikipedia.org/wiki/Cron
##
schedule: "0 0 * * *"
## @param housekeeping.timezone Set time zone for cron job
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones
##
timezone: ""
## @param housekeeping.historyLimit Number of successful finished jobs to retain
##
successfulJobsHistoryLimit: 5
## @param housekeeping.failedHistoryLimit Number of failed finished jobs to retain
##
failedJobsHistoryLimit: 5
## @param housekeeping.command The command to execute in the housekeeping job
## To append another command, e.g. in order to shut down a DB sidecar container, use something like
## - /bin/bash
## - -c
## - >
## /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
## && curl -X POST http://localhost:9190/quitquitquit"
##
command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- housekeeping
## @param housekeeping.args Override default housekeeping args
##
args: []
## @param housekeeping.podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## K8s Security Context for Housekeeping Cronjob pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param housekeeping.podSecurityContext.enabled Enable security context for InfluxDB&trade; housekeeping pods
## @param housekeeping.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param housekeeping.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param housekeeping.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param housekeeping.podSecurityContext.fsGroup Group ID for the InfluxDB&trade; filesystem
##
podSecurityContext:
enabled: true
fsGroup: 1000
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
## K8s Security Context for Housekeeping Cronjob containers
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param housekeeping.securityContext.enabled Enabled containers' Security Context
## @param housekeeping.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param housekeeping.securityContext.runAsUser Set containers' Security Context runAsUser
## @param housekeeping.securityContext.runAsGroup Set containers' Security Context runAsGroup
## @param housekeeping.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param housekeeping.securityContext.privileged Set container's Security Context privileged
## @param housekeeping.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param housekeeping.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param housekeeping.securityContext.capabilities.drop List of capabilities to be dropped
## @param housekeeping.securityContext.seccompProfile.type Set container's Security Context seccomp profile
securityContext:
enabled: true
seLinuxOptions: {}
seccompProfile:
type: "RuntimeDefault"
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
## @param housekeeping.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## @param housekeeping.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param housekeeping.readOnlyPersistence Whether to mount media, script, and report directories as read-only
##
readOnlyPersistence: false
## @param housekeeping.extraEnvs Extra environment variables to be set on containers
## E.g:
## extraEnvs:
## - name: FOO
## valueFrom:
## secretKeyRef:
## key: FOO
## name: secret-resource
extraEnvs: []
## @param housekeeping.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for housekeeping containers
##
extraEnvVarsCM: ""
## @param housekeeping.extraEnvVarsSecret Name of existing Secret containing extra env vars for housekeeping containers
##
extraEnvVarsSecret: ""
## @param housekeeping.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
## e.g:
## extraVolumes:
## - name: kv-ca
## secret:
## secretName: kv-ca
##
extraVolumes: []
## @param housekeeping.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
## e.g:
## extraVolumeMounts:
## - name: kv-ca
## mountPath: /tmp/kv-ca
## subPath: kv_ca
## readOnly: true
##
extraVolumeMounts: []
## @param housekeeping.sidecars Add additional sidecar containers to the pod
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param housekeeping.initContainers Add additional init containers to the pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "init"']
##
initContainers: []
## @param housekeeping.affinity Housekeeping&trade; Affinity for housekeeping pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param housekeeping.nodeSelector Housekeeping&trade; Node labels for housekeeping pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param housekeeping.tolerations Housekeeping&trade; Tolerations for housekeeping pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param housekeeping.podLabels Extra labels for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
concurrencyPolicy: Forbid
restartPolicy: OnFailure
suspend: false
## @section Worker for Netbox parameters
## Worker for Netbox
## Only required for Netbox Jobs, e.g. Webhooks
##
worker:
## @param worker.enabled Enable worker job
##
enabled: true
## @param worker.command The command to execute in the worker container
##
command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
## @param worker.args Override worker container args
##
args: []
## @param worker.replicaCount Number of replicas to deploy
## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1
##
replicaCount: 1
## Configure PodDisruptionBudget for worker pods
## @param worker.pdb.enabled Enable PodDisruptionBudget for worker pods
## @param worker.pdb.minAvailable Minimum number/percentage of pods that must be available
## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that can be unavailable
## If neither minAvailable nor maxUnavailable is set, a sensible default is applied:
## - Single replica: minAvailable: 1
## - Multiple replicas or HPA enabled: minAvailable: 50%
pdb:
enabled: false
minAvailable: ""
maxUnavailable: ""
## @param worker.podLabels Extra labels for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param worker.podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## K8s Security Context for worker pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param worker.podSecurityContext.enabled Enable security context for InfluxDB&trade; housekeeping pods
## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param worker.podSecurityContext.fsGroup Group ID for the InfluxDB&trade; filesystem
##
podSecurityContext:
enabled: true
fsGroup: 1000
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
## K8s Security Context for worker containers
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param worker.securityContext.enabled Enabled containers' Security Context
## @param worker.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param worker.securityContext.runAsUser Set containers' Security Context runAsUser
## @param worker.securityContext.runAsGroup Set containers' Security Context runAsGroup
## @param worker.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param worker.securityContext.privileged Set container's Security Context privileged
## @param worker.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param worker.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param worker.securityContext.capabilities.drop List of capabilities to be dropped
## @param worker.securityContext.seccompProfile.type Set container's Security Context seccomp profile
securityContext:
enabled: true
seLinuxOptions: {}
seccompProfile:
type: "RuntimeDefault"
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param worker.readOnlyPersistence Whether to mount media, script, and report directories as read-only
##
readOnlyPersistence: false
## @param worker.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param worker.affinity Affinity for worker pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param worker.nodeSelector Node labels for worker pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param worker.tolerations Tolerations for worker pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param worker.priorityClassName Pods' priorityClassName
##
priorityClassName: ""
## @param worker.schedulerName Name of the k8s scheduler (other than default) for pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param worker.terminationGracePeriodSeconds Seconds pods need to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds:
## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template.
## e.g:
## topologySpreadConstraints:
## - maxSkew: 1
## topologyKey: topology.kubernetes.io/zone
## whenUnsatisfiable: DoNotSchedule
## labelSelector:
## matchLabels:
## "app.kubernetes.io/component": netbox
## "app.kubernetes.io/name": netbox
##
topologySpreadConstraints: []
## @param worker.hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param worker.updateStrategy.type Deployment strategy type
## @param worker.updateStrategy.rollingUpdate Deployment rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## @param worker.autoscaling.enabled Enable Horizontal POD autoscaling
## @param worker.autoscaling.minReplicas Minimum number of replicas
## @param worker.autoscaling.maxReplicas Maximum number of replicas
## @param worker.autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage
## @param worker.autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## @param worker.extraEnvs Extra environment variables to be set on containers
## E.g:
## extraEnvs:
## - name: FOO
## valueFrom:
## secretKeyRef:
## key: FOO
## name: secret-resource
extraEnvs: []
## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers
##
extraEnvVarsCM: ""
## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers
##
extraEnvVarsSecret: ""
## @param worker.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
## e.g:
## extraVolumes:
## - name: kv-ca
## secret:
## secretName: kv-ca
##
extraVolumes: []
## @param worker.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
## e.g:
## extraVolumeMounts:
## - name: kv-ca
## mountPath: /tmp/kv-ca
## subPath: kv_ca
## readOnly: true
##
extraVolumeMounts: []
## @param worker.sidecars Add additional sidecar containers to the pod
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param worker.initContainers Add additional init containers to the pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "init"']
##
initContainers: []
## Init containers parameters:
## wait-for-backend: Wait for NetBox backend before running workers
##
waitForBackend:
## @param waitForBackend.enabled Wait for NetBox backend before running workers
##
enabled: true
## @param waitForBackend.image.registry [default: REGISTRY_NAME] Init container wait-for-backend image registry
## @param waitForBackend.image.repository [default: REPOSITORY_NAME/kubectl] Init container wait-for-backend image name
## @param waitForBackend.image.tag Init container wait-for-backend image tag
## @param waitForBackend.image.digest Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param waitForBackend.image.pullPolicy Init container wait-for-backend image pull policy
## @param waitForBackend.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: rancher/kubectl
tag: v1.34.1
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param waitForBackend.command The command to execute in the wait-for-backend container
##
command:
- /bin/kubectl
## @param waitForBackend.args Override wait-for-backend container args
##
args:
- rollout
- status
- deployment
- "$(DEPLOYMENT_NAME)"
## waitForBackend containers' Security Context (init container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param waitForBackend.containerSecurityContext.enabled Enabled containers' Security Context
## @param waitForBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param waitForBackend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param waitForBackend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param waitForBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param waitForBackend.containerSecurityContext.privileged Set container's Security Context privileged
## @param waitForBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param waitForBackend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param waitForBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param waitForBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Init container resource requests and limits.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param waitForBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackend.resources is set (waitForBackend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param waitForBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
Reference in New Issue View Git Blame Copy Permalink