k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8331042f4496a946af8059bdfdf41556407e6fd7
apps/netbox/main.yaml
Philip Haupt c8c04f6756 netbox config
2025-10-21 01:26:24 +02:00

1005 lines
27 KiB
YAML
Raw Blame History

apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
rules:
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- replicasets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: netbox
subjects:
- kind: ServiceAccount
name: netbox
namespace: netbox
---
apiVersion: v1
data:
configuration.py: |2-
"""
This file serves as a base configuration for Netbox
https://netboxlabs.com/docs/netbox/en/stable/configuration/
"""
import os
import re
from pathlib import Path
import yaml
def _deep_merge(source, destination):
"""Inspired by https://stackoverflow.com/a/20666342"""
for key, value in source.items():
dst_value = destination.get(key)
if isinstance(value, dict) and isinstance(dst_value, dict):
_deep_merge(value, dst_value)
else:
destination[key] = value
return destination
def _load_yaml() -> None:
"""Load YAML from files"""
extra_config_base = Path("/run/config/extra")
config_files = [Path("/run/config/netbox/netbox.yaml")]
config_files.extend(sorted(extra_config_base.glob("*/*.yaml")))
for config_file in config_files:
with open(config_file, "r", encoding="utf-8") as f:
config = yaml.safe_load(f)
_deep_merge(config, globals())
def _read_secret(secret_name: str, secret_key: str, default: str | None = None) -> str | None:
"""Read secret from file"""
try:
secret = open(
f"/run/secrets/{secret_name}/{secret_key}",
"r",
encoding="utf-8",
)
except EnvironmentError:
return default
with secret:
return secret.readline().strip()
CORS_ORIGIN_REGEX_WHITELIST = []
DATABASES = {}
EMAIL = {}
REDIS = {}
_load_yaml()
provided_secret_name = os.getenv("SECRET_NAME", "netbox")
DATABASES["default"]["PASSWORD"] = _read_secret(provided_secret_name, "db_password")
EMAIL["PASSWORD"] = _read_secret(provided_secret_name, "email_password")
REDIS["tasks"]["PASSWORD"] = _read_secret(provided_secret_name, "tasks_password")
REDIS["caching"]["PASSWORD"] = _read_secret(provided_secret_name, "cache_password")
SECRET_KEY = _read_secret(provided_secret_name, "secret_key")
# Post-process certain values
CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in CORS_ORIGIN_REGEX_WHITELIST]
if "SENTINELS" in REDIS["tasks"]:
REDIS["tasks"]["SENTINELS"] = [tuple(x.split(r":")) for x in REDIS["tasks"]["SENTINELS"]]
if "SENTINELS" in REDIS["caching"]:
REDIS["caching"]["SENTINELS"] = [tuple(x.split(r":")) for x in REDIS["caching"]["SENTINELS"]]
if ALLOWED_HOSTS_INCLUDES_POD_ID:
ALLOWED_HOSTS.append(os.getenv("POD_IP"))
netbox.yaml: |-
ALLOWED_HOSTS: ["*"]
ALLOWED_HOSTS_INCLUDES_POD_ID: true
DATABASES:
default:
HOST: "cnpg-netbox-cluster-rw"
USER: "netbox"
NAME: "netbox"
PORT: 5432
ENGINE: "django.db.backends.postgresql"
OPTIONS:
sslmode: prefer
target_session_attrs: read-write
CONN_MAX_AGE: 300
DISABLE_SERVER_SIDE_CURSORS: false
ADMINS: []
ALLOW_TOKEN_RETRIEVAL: false
AUTH_PASSWORD_VALIDATORS: []
ALLOWED_URL_SCHEMES: ["file","ftp","ftps","http","https","irc","mailto","sftp","ssh","tel","telnet","tftp","vnc","xmpp"]
BANNER_TOP: ""
BANNER_BOTTOM: ""
BANNER_LOGIN: ""
BASE_PATH: ""
CHANGELOG_RETENTION: 90
CUSTOM_VALIDATORS: {}
DEFAULT_USER_PREFERENCES: {}
CORS_ORIGIN_ALLOW_ALL: false
CORS_ORIGIN_WHITELIST: []
CORS_ORIGIN_REGEX_WHITELIST: []
CSRF_TRUSTED_ORIGINS: []
DATA_UPLOAD_MAX_MEMORY_SIZE: 2621440
DEBUG: false
DEFAULT_LANGUAGE: "en-us"
EMAIL:
SERVER: "mxe965.netcup.net"
PORT: 587
USERNAME: "philip.haupt@borninpain.de"
USE_SSL: true
USE_TLS: false
SSL_CERTFILE: ""
SSL_KEYFILE: ""
TIMEOUT: 10
FROM_EMAIL: "noreply@borninpain.de"
ENFORCE_GLOBAL_UNIQUE: true
EXEMPT_VIEW_PERMISSIONS: []
FIELD_CHOICES: {}
FILE_UPLOAD_MAX_MEMORY_SIZE: 2621440
GRAPHQL_ENABLED: true
HTTP_PROXIES: {}
INTERNAL_IPS: ["127.0.0.1","::1"]
JOB_RETENTION: 90
LOGGING: {}
LOGIN_PERSISTENCE: false
LOGIN_REQUIRED: false
LOGIN_TIMEOUT: 1209600
LOGOUT_REDIRECT_URL: "home"
MAINTENANCE_MODE: false
MAPS_URL: "https://maps.google.com/?q="
MAX_PAGE_SIZE: 1000
MEDIA_ROOT: /opt/netbox/netbox/media
STORAGES: {}
METRICS_ENABLED: false
PAGINATE_COUNT: 50
PLUGINS: []
PLUGINS_CONFIG: {}
POWERFEED_DEFAULT_AMPERAGE: 15
POWERFEED_DEFAULT_MAX_UTILIZATION: 80
POWERFEED_DEFAULT_VOLTAGE: 120
PREFER_IPV4: false
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT: 22
RACK_ELEVATION_DEFAULT_UNIT_WIDTH: 220
REMOTE_AUTH_ENABLED: true
REMOTE_AUTH_BACKEND: ["social_core.backends.open_id_connect.OpenIdConnectAuth"]
REMOTE_AUTH_HEADER: "HTTP_REMOTE_USER"
REMOTE_AUTH_USER_FIRST_NAME: "HTTP_REMOTE_USER_FIRST_NAME"
REMOTE_AUTH_USER_LAST_NAME: "HTTP_REMOTE_USER_LAST_NAME"
REMOTE_AUTH_USER_EMAIL: "HTTP_REMOTE_USER_EMAIL"
REMOTE_AUTH_AUTO_CREATE_USER: false
REMOTE_AUTH_AUTO_CREATE_GROUPS: false
REMOTE_AUTH_DEFAULT_GROUPS: []
REMOTE_AUTH_DEFAULT_PERMISSIONS: {}
REMOTE_AUTH_GROUP_SYNC_ENABLED: false
REMOTE_AUTH_GROUP_HEADER: "HTTP_REMOTE_USER_GROUP"
REMOTE_AUTH_SUPERUSER_GROUPS: []
REMOTE_AUTH_SUPERUSERS: []
REMOTE_AUTH_STAFF_GROUPS: []
REMOTE_AUTH_STAFF_USERS: []
REMOTE_AUTH_GROUP_SEPARATOR: "|"
RELEASE_CHECK_URL: ""
REDIS:
tasks:
HOST: "valkey.valkey.svc.cluster.local"
PORT: 6379
USERNAME: ""
DATABASE: 3
SSL: false
INSECURE_SKIP_TLS_VERIFY: false
CA_CERT_PATH: ""
caching:
HOST: "valkey.valkey.svc.cluster.local"
PORT: 6379
USERNAME: ""
DATABASE: 4
SSL: false
INSECURE_SKIP_TLS_VERIFY: false
CA_CERT_PATH: ""
REPORTS_ROOT: /opt/netbox/netbox/reports
RQ_DEFAULT_TIMEOUT: 300
SCRIPTS_ROOT: /opt/netbox/netbox/scripts
CSRF_COOKIE_NAME: "csrftoken"
SESSION_COOKIE_NAME: sessionid
ENABLE_LOCALIZATION: false
TIME_ZONE: "CET"
DATE_FORMAT: "N j, Y"
SHORT_DATE_FORMAT: "Y-m-d"
TIME_FORMAT: "g:i a"
SHORT_TIME_FORMAT: "H:i:s"
DATETIME_FORMAT: "N j, Y g:i a"
SHORT_DATETIME_FORMAT: "Y-m-d H:i"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
---
apiVersion: v1
data:
secret_key: R19RQGVZSy1+dG9we3w6PVZEY0tVOHAnQjRkUShQLDsrVGFSc259WXNdIzBCUiFcJlZrN3MjIDxvPDpr
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-config
namespace: netbox
type: Opaque
---
apiVersion: v1
data:
api_token: YzI4ZmQyZDUtYjhhMS00M2MxLWJiZWQtNTNiYzRmNzQzZDg0
email: YWRtaW5AYm9ybmlucGFpbi5kZQ==
password: OGhSTktFVnRkQg==
username: YWRtaW4=
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-superuser
namespace: netbox
type: kubernetes.io/basic-auth
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
spec:
ports:
- name: http
nodePort: null
port: 80
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: netbox
app.kubernetes.io/instance: netbox
app.kubernetes.io/name: netbox
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-media
namespace: netbox
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: netbox
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox
namespace: netbox
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: netbox
app.kubernetes.io/instance: netbox
app.kubernetes.io/name: netbox
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 518377a27b37c4f3eaae50680f5306472640fbac84f2ddca358fafe23f25ca7e
checksum/secret: 348f4ad1c8feaaef20c677da4b4914417ec4b430856cdbb4aebcec63b0d9bcf0
labels:
app.kubernetes.io/component: netbox
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
spec:
automountServiceAccountToken: false
containers:
- env:
- name: SUPERUSER_NAME
valueFrom:
secretKeyRef:
key: username
name: netbox-superuser
- name: SUPERUSER_EMAIL
valueFrom:
secretKeyRef:
key: email
name: netbox-superuser
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: ghcr.io/netbox-community/netbox:v4.4.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /status/applications/netbox/processes/running
port: nginx-status
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: netbox
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8081
name: nginx-status
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /login/
port: http
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 750m
ephemeral-storage: 2Gi
memory: 1536Mi
requests:
cpu: 500m
ephemeral-storage: 50Mi
memory: 1024Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 100
httpGet:
path: /login/
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/netbox/config/configuration.py
name: config
readOnly: true
subPath: configuration.py
- mountPath: /run/config/netbox
name: config
readOnly: true
- mountPath: /run/secrets/netbox
name: secrets
readOnly: true
- mountPath: /run/config/extra/0
name: extra-config-0
readOnly: true
- mountPath: /tmp
name: netbox-tmp
- mountPath: /opt/netbox/netbox/media
name: media
subPath: ""
- mountPath: /opt/unit
name: optunit
- mountPath: /run/secrets/superuser_password
name: secrets
readOnly: true
subPath: superuser_password
- mountPath: /run/secrets/superuser_api_token
name: secrets
readOnly: true
subPath: superuser_api_token
initContainers:
- command:
- /bin/sh
- -c
- mkdir -p /opt/unit/state /opt/unit/tmp
image: docker.io/busybox:1.37.0
imagePullPolicy: IfNotPresent
name: init-dirs
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /opt/unit
name: optunit
securityContext:
fsGroup: 1000
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: netbox
volumes:
- configMap:
name: netbox
name: config
- name: secrets
projected:
sources:
- secret:
items:
- key: secret_key
path: secret_key
name: netbox-config
- secret:
items:
- key: email-password
path: email_password
name: netbox
- secret:
items:
- key: password
path: superuser_password
- key: api_token
path: superuser_api_token
name: netbox-superuser
- secret:
items:
- key: password
path: db_password
name: cnpg-netbox-cluster-app
- secret:
items:
- key: kv-password
path: tasks_password
name: netbox
- secret:
items:
- key: kv-password
path: cache_password
name: netbox
- name: extra-config-0
secret:
items:
- key: oidc-secret
path: oidc_secret.yaml
optional: false
secretName: netbox
- emptyDir:
medium: Memory
name: netbox-tmp
- emptyDir:
medium: Memory
name: optunit
- name: media
persistentVolumeClaim:
claimName: netbox-media
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: worker
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-worker
namespace: netbox
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: worker
app.kubernetes.io/instance: netbox
app.kubernetes.io/name: netbox
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 02de8b4c4a16f16fcc43e93fab33e80bb92c925c4d6cbea6b1161ea8920fca4d
checksum/secret: 8ba4f922187d43cd5c28126ada22d47851885c3eec144599f72b10c7868d9d04
labels:
app.kubernetes.io/component: worker
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
spec:
automountServiceAccountToken: true
containers:
- command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
image: ghcr.io/netbox-community/netbox:v4.4.4
imagePullPolicy: IfNotPresent
name: netbox-worker
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/netbox/config/configuration.py
name: config
readOnly: true
subPath: configuration.py
- mountPath: /run/config/netbox
name: config
readOnly: true
- mountPath: /run/secrets/netbox
name: secrets
readOnly: true
- mountPath: /run/config/extra/0
name: extra-config-0
readOnly: true
- mountPath: /tmp
name: netbox-tmp
- mountPath: /opt/netbox/netbox/media
name: media
readOnly: false
subPath: ""
initContainers:
- args:
- rollout
- status
- deployment
- $(DEPLOYMENT_NAME)
command:
- /bin/kubectl
env:
- name: DEPLOYMENT_NAME
value: netbox
image: docker.io/rancher/kubectl:v1.34.1
imagePullPolicy: IfNotPresent
name: wait-for-backend
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
securityContext:
fsGroup: 1000
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: netbox
volumes:
- configMap:
name: netbox
name: config
- name: secrets
projected:
sources:
- secret:
items:
- key: secret_key
path: secret_key
name: netbox-config
- secret:
items:
- key: email-password
path: email_password
name: netbox
- secret:
items:
- key: password
path: superuser_password
- key: api_token
path: superuser_api_token
name: netbox-superuser
- secret:
items:
- key: password
path: db_password
name: cnpg-netbox-cluster-app
- secret:
items:
- key: kv-password
path: tasks_password
name: netbox
- secret:
items:
- key: kv-password
path: cache_password
name: netbox
- name: extra-config-0
secret:
items:
- key: oidc-secret
path: oidc_secret.yaml
optional: false
secretName: netbox
- emptyDir:
medium: Memory
name: netbox-tmp
- name: media
persistentVolumeClaim:
claimName: netbox-media
readOnly: false
---
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: housekeeping
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-housekeeping
namespace: netbox
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 5
jobTemplate:
metadata:
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
spec:
template:
metadata:
labels:
app.kubernetes.io/component: housekeeping
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
spec:
automountServiceAccountToken: false
containers:
- command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- housekeeping
image: ghcr.io/netbox-community/netbox:v4.4.4
imagePullPolicy: IfNotPresent
name: netbox-housekeeping
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/netbox/config/configuration.py
name: config
readOnly: true
subPath: configuration.py
- mountPath: /run/config/netbox
name: config
readOnly: true
- mountPath: /run/secrets/netbox
name: secrets
readOnly: true
- mountPath: /run/config/extra/0
name: extra-config-0
readOnly: true
- mountPath: /tmp
name: netbox-tmp
- mountPath: /opt/netbox/netbox/media
name: media
readOnly: false
subPath: ""
restartPolicy: OnFailure
securityContext:
fsGroup: 1000
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: netbox
volumes:
- configMap:
name: netbox
name: config
- name: secrets
projected:
sources:
- secret:
items:
- key: secret_key
path: secret_key
name: netbox-config
- secret:
items:
- key: email-password
path: email_password
name: netbox
- secret:
items:
- key: password
path: db_password
name: cnpg-netbox-cluster-app
- secret:
items:
- key: kv-password
path: tasks_password
name: netbox
- secret:
items:
- key: kv-password
path: cache_password
name: netbox
- name: extra-config-0
secret:
items:
- key: oidc-secret
path: oidc_secret.yaml
optional: false
secretName: netbox
- emptyDir:
medium: Memory
name: netbox-tmp
- name: media
persistentVolumeClaim:
claimName: netbox-media
readOnly: false
schedule: 0 0 * * *
successfulJobsHistoryLimit: 5
suspend: false
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/component: database-ping-test
name: cnpg-netbox-cluster-ping-test
namespace: netbox
spec:
template:
metadata:
labels:
app.kubernetes.io/component: database-ping-test
name: cnpg-netbox-cluster-ping-test
spec:
containers:
- args:
- -c
- apk add postgresql-client && psql "postgresql://$PGUSER:$PGPASS@cnpg-netbox-cluster-rw.netbox.svc.cluster.local:5432/${PGDBNAME:-$PGUSER}"
-c 'SELECT 1'
command:
- sh
env:
- name: PGUSER
valueFrom:
secretKeyRef:
key: username
name: cnpg-netbox-cluster-app
- name: PGPASS
valueFrom:
secretKeyRef:
key: password
name: cnpg-netbox-cluster-app
- name: PGDBNAME
valueFrom:
secretKeyRef:
key: dbname
name: cnpg-netbox-cluster-app
optional: true
image: alpine:3.17
name: alpine
restartPolicy: Never
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
labels:
app.kubernetes.io/instance: cnpg-netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cluster
app.kubernetes.io/part-of: cloudnative-pg
helm.sh/chart: cluster-0.3.1
name: cnpg-netbox-cluster
namespace: netbox
spec:
affinity:
topologyKey: kubernetes.io/hostname
bootstrap:
initdb:
database: netbox
owner: netbox
enablePDB: true
enableSuperuserAccess: true
imageName: ghcr.io/cloudnative-pg/postgresql:17
imagePullPolicy: IfNotPresent
instances: 3
logLevel: info
monitoring:
disableDefaultQueries: false
enablePodMonitor: false
postgresGID: 26
postgresUID: 26
postgresql: null
primaryUpdateMethod: switchover
primaryUpdateStrategy: unsupervised
storage:
size: 10Gi
storageClass: openebs-hostpath
walStorage:
size: 1Gi
storageClass: openebs-hostpath
---
apiVersion: v1
kind: Pod
metadata:
annotations:
helm.sh/hook: test
labels:
app.kubernetes.io/instance: netbox
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: netbox
app.kubernetes.io/version: v4.4.4
helm.sh/chart: netbox-7.1.11
name: netbox-test-connection
spec:
containers:
- args:
- netbox:80
command:
- wget
image: busybox:1.37.0
imagePullPolicy: IfNotPresent
name: wget
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
restartPolicy: Never
Reference in New Issue View Git Blame Copy Permalink