Alternative installation instructions for NetBox using Kubernetes. The main value is the netbox configurations but postgresql and redis instructions briefly provided via helm charts.
- The netbox deployment will work with existing redis and postgresql installations, just ensure that the configurations are changed in
netbox-configmap.yamlandnetbox-deployment.yaml - Relevant places that will need to be changed are indicated by the inline comment
#changeme - The manifests were tested against the following:
- NetBox: 2.6.3
- Postgresql: 11.4.0
- Redis: 5.0.5
- Kubernetes: 1.13.2
To get NetBox up and running on a Kubernetes cluster:
- Deploy
netbox-namespace.yaml- If the namespace is changed, ensure all manifests are updated accordingly
- Deploy Postgres. One way to do this is via a helm chart. Make sure to change the password!
helm install --name netbox-community --namespace netbox-community stable/postgresql --set postgresqlPassword=changeme,postgresqlDatabase=netbox,postgresqlUsername=netbox,persistence.enabled=true,persistence.storageClass=rook-ceph-block,persistence.size=10Gi- storageClass should reflect the appropriate storage class for the environment
- Further configuration can be seen here: https://github.com/helm/charts/tree/master/stable/postgresql
- Deploy Redis. One way to do this is via a helm chart:
helm install --name netbox-redis --namespace netbox-community stable/redis -f redis-values.yaml- storageClass should reflect the appropriate storage class for the environment
- Further configuration can be seen here: https://github.com/helm/charts/tree/master/stable/redis
- Change the values you need in the
netbox-configMap.yamlandnetbox-secrets.yaml- This would include any host, DB name, user changes that would be needed
- The
AUTH_LDAP_BIND_PASSWORDpassword would also need to change depending on the AUTH_LDAP_BIND_DN chosen - The
AUTH_LDAP_BIND_DNis the Distinguished Name (DN) of the service account that will be making queries when a user requests login - Update the
AUTH_LDAP_SERVER_URIto point to your LDAP server - If the DNS resolution for the LDAP server doesn't work use the IP address of your LDAP server
- Any password changes will need to be reflected in
netbox-secrets.yaml - Change appropriate values for DB, Email, and Redis to reflect your environment
- Edit the volumeMount for the media-files. To allow for HA across your pods, ensure that the mount allows for multiple pods to attach to it, such as through the use of a shared filesystem
kubectl apply -f netbox-deployment.yaml- NetBox will initialize the needed tables into the DB
- The readiness probe will check and ensure that the service is up and running
kubectl apply -f netbox-service.yaml- Usual deployment is via an Ingress but if needed, change the service to use NodePort in order to access it from outside the cluster
- A netbox instance is up and running with multiple pods
- A PostgreSQL DB for netbox is up and running with all the necessary schema
- Redis caching enabled and working
This isn't necessary for just testing. If you don't want to deploy the ingress resource, you should switch the service to use a NodePort so you can access it. nginx-ingress was used as the Ingress Controller in this example
- Change the
netbox-ingress.yamlfile to your subdomain and TLS certificate for https- Consider using cert-manager to manage certificates: https://github.com/jetstack/cert-manager
kubectl apply -f netbox-ingress.yaml
- You can navigate to your netbox instance via a FQDN
- https enabled with the certificate configured
The manifests were generated against a prometheus/grafana deployment deployed via the kube-prometheus project. Consider checking them out at https://github.com/coreos/kube-prometheus
kubectl apply -f netbox-monitoring-rbac.yaml- Necessary if RBAC is enabled on the cluster
kubectl apply -f netbox-monitoring.yaml- This will create a ServiceMonitor object that you can see when navigating to Prometheus/Targets
- Grafana dashboard # 9528 can be used to display the exposed Django metrics: https://grafana.com/grafana/dashboards/9528
- Prometheus target exists and is reporting ready for all pods deployed
- Dashboard should report information regarding the metrics from Django backend