diff --git a/README.md b/README.md index fcb86a1..f5bffdc 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,26 @@ Please also consider [the advice about running NetBox in production](#production [k8s-secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ [k8s-config]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ +#### Example Kubernetes Deployment + +Check out the project: +``` +git clone https://github.com/ninech/netbox-docker.git +cd netbox-docker/kubernetes +``` + +Fill in the configuration parameters: + * In `netbox.yaml`, + * Set environment variables in the `netbox-netbox-env` ConfigMap and the `netbox-netbox-secrets` Secret. Secrets must be base64 encoded first (see the inline comments). + * Change the `DB_HOST` environment parameter to be the DNS name (from inside the cluster) for the postgres db. This probably just involves adding the namespace. + * Set the `storageClassName` if required in your cluster. + * In `postgres,yaml`, set the `POSTGRES_PASSWORD` to match `netbox.yaml`. + +Deploy to kubernetes: +``` +kubectl apply -f . +``` + ### NAPALM Configuration Since v2.1.0 NAPALM has been tightly integrated into NetBox. diff --git a/kubernetes/netbox.yaml b/kubernetes/netbox.yaml new file mode 100644 index 0000000..a1cb708 --- /dev/null +++ b/kubernetes/netbox.yaml @@ -0,0 +1,115 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netbox-netbox-env +data: + ALLOWED_HOSTS: '*' + DB_HOST: netbox-postgres.default.svc.cluster.local # default should be changed to deploymenent namespace + DB_NAME: netbox + DB_USER: netbox + EMAIL_FROM: netbox@bar.com + EMAIL_PORT: "25" + EMAIL_SERVER: localhost + EMAIL_TIMEOUT: "10" + EMAIL_USERNAME: foo + NETBOX_USERNAME: guest + SUPERUSER_EMAIL: admin@example.com + SUPERUSER_NAME: admin + NAPALM_USERNAME: rancid + NAPALM_TIMEOUT: '30' +--- +apiVersion: v1 +kind: Secret +metadata: + name: netbox-netbox-secrets +type: Opaque +data: + SUPERUSER_PASSWORD: YWRtaW4= # echo -n 'admin' | base64 + SUPERUSER_API_TOKEN: MDEyZWU4NzY4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzNDU2Nw== # echo -n '012ee87689abcdef0123456789abcdef01234567' | base64 + DB_PASSWORD: SjVickhyb2RqZHU0aWYwSw== # echo -n 'J5brHrodjdu4if0K' | base64 + SECRET_KEY: cjhPd0QkJWohRkdjaQ== # echo -n 'r8OwD$%j!FGci' | base64 + EMAIL_PASSWORD: YWRtaW4= # echo -n 'admin' | base64 + NETBOX_PASSWORD: YWRtaW4= # echo -n 'admin' | base64 + NAPALM_PASSWORD: YWRtaW4= # echo -n 'admin' | base64 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: netbox-static-files + labels: + pvcname: netbox-static-files +spec: + accessModes: + - ReadWriteMany +# storageClassName: gluster-storage # May neet to be removed/changed + resources: + requests: + storage: 100Mi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbox + labels: + backend: netbox + app: netbox +spec: + replicas: 1 + revisionHistoryLimit: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + backend: netbox + app: netbox + template: + metadata: + labels: + backend: netbox + app: netbox + spec: + containers: + - name: netbox + image: ninech/netbox:latest-ldap + ports: + - containerPort: 8001 + envFrom: + - secretRef: + name: netbox-netbox-secrets + - configMapRef: + name: netbox-netbox-env + volumeMounts: + - name: netbox-nginx-config + mountPath: /etc/netbox-nginx/ + - name: netbox-static-files + mountPath: /opt/netbox/netbox/static + restartPolicy: Always + dnsPolicy: ClusterFirst + volumes: + - name: netbox-nginx-config + configMap: + name: netbox-nginx-conf + - name: netbox-static-files + persistentVolumeClaim: + claimName: netbox-static-files + +--- +apiVersion: v1 +kind: Service +metadata: + name: netbox + labels: + backend: netbox + app: netbox +spec: + ports: + - name: nbox + port: 8001 + targetPort: 8001 + selector: + app: netbox + backend: netbox diff --git a/kubernetes/nginx.yaml b/kubernetes/nginx.yaml new file mode 100644 index 0000000..6c4dd48 --- /dev/null +++ b/kubernetes/nginx.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netbox-nginx-conf +data: + nginx.conf: | + worker_processes 1; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + gzip on; + server_tokens off; + server { + listen 80; + server_name localhost; + access_log off; + location /static/ { + alias /opt/netbox/netbox/static/; + } + location / { + # default should be changed to deploymenent namespace + proxy_pass http://netbox.dev.svc.cluster.local:8001; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"'; + } + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbox-nginx + labels: + frontend: nginx + app: netbox +spec: + replicas: 1 + revisionHistoryLimit: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + frontend: nginx + app: netbox + template: + metadata: + labels: + frontend: nginx + app: netbox + spec: + containers: + - name: nginx + image: nginx:1.12-alpine + ports: + - containerPort: 80 + command: ["nginx"] + args: ["-c", "/etc/netbox-nginx/nginx.conf","-g", "daemon off;"] + volumeMounts: + - name: netbox-static-files + mountPath: /opt/netbox/netbox/static + - name: netbox-nginx-config + mountPath: /etc/netbox-nginx + restartPolicy: Always + volumes: + - name: netbox-static-files + persistentVolumeClaim: + claimName: netbox-static-files + - name: netbox-nginx-config + configMap: + name: netbox-nginx-conf + +--- +apiVersion: v1 +kind: Service +metadata: + name: netbox-nginx + labels: + frontend: nginx + app: netbox +spec: + type: ClusterIP + ports: + - name: "80" + port: 80 + targetPort: 80 + selector: + frontend: nginx diff --git a/kubernetes/postgres.yaml b/kubernetes/postgres.yaml new file mode 100644 index 0000000..6e63769 --- /dev/null +++ b/kubernetes/postgres.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netbox-postgres-env +data: + POSTGRES_DB: netbox + POSTGRES_USER: netbox +--- +apiVersion: v1 +kind: Secret +metadata: + name: netbox-postgres-secrets +type: Opaque +data: + POSTGRES_PASSWORD: SjVickhyb2RqZHU0aWYwSw== # echo -n 'J5brHrodjdu4if0K' | base64 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbox-postgres + labels: + backend: postgres + app: netbox +spec: + replicas: 1 + revisionHistoryLimit: 2 + strategy: + type: Recreate + selector: + matchLabels: + backend: postgres + app: netbox + template: + metadata: + labels: + backend: postgres + app: netbox + spec: + restartPolicy: Always + containers: + - image: postgres:9.6-alpine + name: postgres + ports: + - containerPort: 5432 + envFrom: + - secretRef: + name: netbox-postgres-secrets + - configMapRef: + name: netbox-postgres-env +--- +apiVersion: v1 +kind: Service +metadata: + name: netbox-postgres + labels: + backend: postgres + app: netbox +spec: + clusterIP: None + ports: + - name: headless + port: 5432 + targetPort: 5432 + selector: + backend: postgres + app: netbox