diff --git a/app-of-apps/netbox.yaml b/app-of-apps/netbox.yaml new file mode 100644 index 0000000..e41008a --- /dev/null +++ b/app-of-apps/netbox.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: netbox + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: netbox + server: https://kubernetes.default.svc + project: default + source: + path: netbox + repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git + targetRevision: HEAD \ No newline at end of file diff --git a/netbox/README.md b/netbox/README.md new file mode 100644 index 0000000..a247b36 --- /dev/null +++ b/netbox/README.md @@ -0,0 +1,2 @@ +# Netbox +## Ip Address Management \ No newline at end of file diff --git a/netbox/backup.yaml b/netbox/backup.yaml new file mode 100644 index 0000000..1856062 --- /dev/null +++ b/netbox/backup.yaml @@ -0,0 +1,90 @@ +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-csi-hourly + namespace: velero +spec: + schedule: "0 15-22 * * *" + useOwnerReferencesInBackup: true + template: + includedNamespaces: ["netbox"] + ttl: 8h + snapshotVolumes: true + defaultVolumesToFsBackup: false + csiSnapshotTimeout: 10m +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-csi-daily + namespace: velero +spec: + schedule: "0 0 * * *" + useOwnerReferencesInBackup: true + template: + includedNamespaces: ["netbox"] + ttl: 168h + snapshotVolumes: true + defaultVolumesToFsBackup: false + csiSnapshotTimeout: 10m +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-csi-weekly + namespace: velero +spec: + schedule: "0 0 * * 1" + useOwnerReferencesInBackup: true + template: + includedNamespaces: ["netbox"] + ttl: 730h + snapshotVolumes: true + defaultVolumesToFsBackup: false + csiSnapshotTimeout: 10m +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-daily + namespace: velero +spec: + schedule: "30 2 * * *" # tous les jours 02:30 + useOwnerReferencesInBackup: true + template: + includedNamespaces: [netbox] + storageLocation: default + ttl: 336h # ~14 jours + snapshotVolumes: false + defaultVolumesToFsBackup: true + +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-weekly + namespace: velero +spec: + schedule: "0 3 * * 0" # chaque dimanche 03:00 + useOwnerReferencesInBackup: true + template: + includedNamespaces: [netbox] + storageLocation: default + ttl: 1344h # ~8 semaines + snapshotVolumes: false + defaultVolumesToFsBackup: true +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: netbox-monthly + namespace: velero +spec: + schedule: "0 4 1 * *" # 1er du mois 04:00 + useOwnerReferencesInBackup: true + template: + includedNamespaces: [netbox] + storageLocation: default + ttl: 8760h # ~12 mois + snapshotVolumes: false + defaultVolumesToFsBackup: true diff --git a/netbox/db.yaml b/netbox/db.yaml new file mode 100644 index 0000000..3062717 --- /dev/null +++ b/netbox/db.yaml @@ -0,0 +1,168 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: db + namespace: netbox +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 8Gi + storageClassName: cephfs-hyper +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: db + namespace: netbox + labels: + app: db +spec: + replicas: 1 + selector: + matchLabels: + app: db + template: + metadata: + labels: + app: db + spec: + containers: + - name: db + image: postgres + imagePullPolicy: "IfNotPresent" + ports: + - name: mysql + containerPort: 5432 + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: netbox-db + key: root.pw + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: netbox-db + key: username + optional: false + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: netbox-db + key: user.pw + optional: false + - name: POSTGRES_DB + value: netbox + - name: POSTGRES_INITDB_ARGS + value: "--lc-collate=C --lc-ctype=C --encoding=UTF8" + #livenessProbe: + # exec: + # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + # initialDelaySeconds: 120 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + # failureThreshold: 3 + #readinessProbe: + # exec: + # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + # failureThreshold: 3 + volumeMounts: + - mountPath: /var/lib/postgresql + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: db + readOnly: false +--- +apiVersion: v1 +kind: Service +metadata: + name: db + namespace: netbox +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv6 + ipFamilyPolicy: SingleStack + ports: + - name: postgres + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: db + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: db-backup + namespace: netbox +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 4Gi + storageClassName: cephfs-hyper +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: db-backup + namespace: netbox + labels: + app: db-backup +spec: + replicas: 1 + selector: + matchLabels: + app: db-backup + template: + metadata: + labels: + app: db-backup + spec: + containers: + - name: db-backup + image: prodrigestivill/postgres-backup-local + imagePullPolicy: "IfNotPresent" + env: + - name: SCHEDULE + value: "@daily" + - name: BACKUP_KEEP_DAYS + value: "7" + - name: POSTGRES_DB + value: "netbox" + - name: POSTGRES_HOST + value: db + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: netbox-db + key: root.pw + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: netbox-db + key: username + optional: false + - name: HEALTHCHECK_PORT + value: "8080" + volumeMounts: + - mountPath: /backups + name: backup + volumes: + - name: backup + persistentVolumeClaim: + claimName: db-backup + readOnly: false \ No newline at end of file diff --git a/netbox/ingress.yaml b/netbox/ingress.yaml new file mode 100644 index 0000000..b136b02 --- /dev/null +++ b/netbox/ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: netbox + namespace: netbox + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt + nginx.ingress.kubernetes.io/proxy-body-size: "16g" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + +spec: + tls: + - hosts: + - netbox.apps.undercloud.dev + secretName: netbox-tls + rules: + - host: netbox.apps.undercloud.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: netbox + port: + number: 80 \ No newline at end of file diff --git a/netbox/namespace.yaml b/netbox/namespace.yaml new file mode 100644 index 0000000..6fe122c --- /dev/null +++ b/netbox/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: netbox + labels: + prometheus: prometheus \ No newline at end of file diff --git a/netbox/netbox.yaml b/netbox/netbox.yaml new file mode 100644 index 0000000..18f73dc --- /dev/null +++ b/netbox/netbox.yaml @@ -0,0 +1,111 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: netbox + namespace: netbox +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 64Gi + storageClassName: cephfs-hyper + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbox + namespace: netbox +spec: + replicas: 1 + selector: + matchLabels: + app: netbox + template: + metadata: + labels: + app: netbox + spec: + containers: + - name: netbox + image: netboxcommunity/netbox:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + name: http + env: + - name: DB_NAME + value: netbox + - name: DB_USER + valueFrom: + secretKeyRef: + name: netbox-db + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: netbox-db + key: user.pw + - name: DB_HOST + value: db + - name: DB_PORT + value: "5432" + + - name: REDIS_HOST + value: redis + - name: REDIS_PORT + value: "6379" + + - name: REDIS_CACHE_HOST + value: redis + - name: REDIS_CACHE_PORT + value: "6379" + + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: netbox-secrets + key: SECRET_KEY + + # optional but often useful behind ingress + - name: ALLOWED_HOSTS + value: "*" + volumeMounts: + - name: netbox-data + mountPath: /opt/netbox/netbox/media + readinessProbe: + httpGet: + path: / + port: 8080 + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 60 + volumes: + - name: netbox-data + persistentVolumeClaim: + claimName: netbox +--- +apiVersion: v1 +kind: Service +metadata: + name: netbox + namespace: netbox + labels: + app: netbox +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv6 + - IPv4 + ipFamilyPolicy: PreferDualStack + type: ClusterIP + selector: + app: netbox + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 \ No newline at end of file diff --git a/netbox/redis.yaml b/netbox/redis.yaml new file mode 100644 index 0000000..93257f7 --- /dev/null +++ b/netbox/redis.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: netbox + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:7 + imagePullPolicy: IfNotPresent + ports: + - name: redis + containerPort: 6379 + +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: netbox +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv6 + - IPv4 + ipFamilyPolicy: PreferDualStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app: redis + type: ClusterIP \ No newline at end of file diff --git a/netbox/secrets.yaml b/netbox/secrets.yaml new file mode 100644 index 0000000..65ff145 --- /dev/null +++ b/netbox/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: netbox-secrets + namespace: netbox +type: Opaque +stringData: + DB_PASSWORD: netbox + SECRET_KEY: "super-secret-key-change-me"