netbox

app-of-apps/netbox.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: netbox
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: netbox
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: netbox
+    repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git
+    targetRevision: HEAD

netbox/README.md

@@ -0,0 +1,2 @@
+# Netbox
+## Ip Address Management

netbox/backup.yaml

@@ -0,0 +1,90 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-csi-hourly
+  namespace: velero
+spec:
+  schedule: "0 15-22 * * *"
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: ["netbox"]
+    ttl: 8h
+    snapshotVolumes: true
+    defaultVolumesToFsBackup: false
+    csiSnapshotTimeout: 10m
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-csi-daily
+  namespace: velero
+spec:
+  schedule: "0 0 * * *"
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: ["netbox"]
+    ttl: 168h
+    snapshotVolumes: true
+    defaultVolumesToFsBackup: false
+    csiSnapshotTimeout: 10m
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-csi-weekly
+  namespace: velero
+spec:
+  schedule: "0 0 * * 1"
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: ["netbox"]
+    ttl: 730h
+    snapshotVolumes: true
+    defaultVolumesToFsBackup: false
+    csiSnapshotTimeout: 10m
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-daily
+  namespace: velero
+spec:
+  schedule: "30 2 * * *"            # tous les jours 02:30
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: [netbox]
+    storageLocation: default
+    ttl: 336h                       # ~14 jours
+    snapshotVolumes: false
+    defaultVolumesToFsBackup: true
+
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-weekly
+  namespace: velero
+spec:
+  schedule: "0 3 * * 0"             # chaque dimanche 03:00
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: [netbox]
+    storageLocation: default
+    ttl: 1344h                      # ~8 semaines
+    snapshotVolumes: false
+    defaultVolumesToFsBackup: true
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: netbox-monthly
+  namespace: velero
+spec:
+  schedule: "0 4 1 * *"          # 1er du mois 04:00
+  useOwnerReferencesInBackup: true
+  template:
+    includedNamespaces: [netbox]
+    storageLocation: default
+    ttl: 8760h                   # ~12 mois
+    snapshotVolumes: false
+    defaultVolumesToFsBackup: true

netbox/db.yaml

@@ -0,0 +1,168 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: db
+  namespace: netbox
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: cephfs-hyper
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db
+  namespace: netbox
+  labels:
+    app: db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db
+  template:
+    metadata:
+      labels:
+        app: db
+    spec:
+      containers:
+      - name: db
+        image: postgres
+        imagePullPolicy: "IfNotPresent"
+        ports:
+        - name: mysql
+          containerPort: 5432
+        env:
+        - name: MARIADB_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: netbox-db
+              key: root.pw
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: netbox-db
+              key: username
+              optional: false
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: netbox-db
+              key: user.pw
+              optional: false
+        - name: POSTGRES_DB
+          value: netbox
+        - name: POSTGRES_INITDB_ARGS
+          value: "--lc-collate=C --lc-ctype=C --encoding=UTF8"
+        #livenessProbe:
+        #  exec:
+        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+        #  initialDelaySeconds: 120
+        #  periodSeconds: 10
+        #  timeoutSeconds: 1
+        #  successThreshold: 1
+        #  failureThreshold: 3
+        #readinessProbe:
+        #  exec:
+        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+        #  initialDelaySeconds: 30
+        #  periodSeconds: 10
+        #  timeoutSeconds: 1
+        #  successThreshold: 1
+        #  failureThreshold: 3
+        volumeMounts:
+        - mountPath: /var/lib/postgresql
+          name: data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: db
+          readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: db
+  namespace: netbox
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv6
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: postgres
+    port: 5432
+    protocol: TCP
+    targetPort: 5432
+  selector:
+    app: db
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: db-backup
+  namespace: netbox
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi
+  storageClassName: cephfs-hyper
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db-backup
+  namespace: netbox
+  labels:
+    app: db-backup
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db-backup
+  template:
+    metadata:
+      labels:
+        app: db-backup
+    spec:
+      containers:
+      - name: db-backup
+        image: prodrigestivill/postgres-backup-local
+        imagePullPolicy: "IfNotPresent"
+        env:
+        - name: SCHEDULE
+          value: "@daily"
+        - name: BACKUP_KEEP_DAYS
+          value: "7"
+        - name: POSTGRES_DB
+          value: "netbox"
+        - name: POSTGRES_HOST
+          value: db
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: netbox-db
+              key: root.pw
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: netbox-db
+              key: username
+              optional: false
+        - name: HEALTHCHECK_PORT
+          value: "8080"
+        volumeMounts:
+        - mountPath: /backups
+          name: backup
+      volumes:
+      - name: backup
+        persistentVolumeClaim:
+          claimName: db-backup
+          readOnly: false

netbox/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netbox
+  namespace: netbox
+  annotations:
+    kubernetes.io/ingress.class: nginx    
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/proxy-body-size: "16g"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+
+spec:
+  tls:
+  - hosts:
+    - netbox.apps.undercloud.dev
+    secretName: netbox-tls
+  rules:
+  - host: netbox.apps.undercloud.dev
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netbox
+            port:
+              number: 80

netbox/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: netbox
+  labels:
+    prometheus: prometheus

netbox/netbox.yaml

@@ -0,0 +1,111 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: netbox
+  namespace: netbox
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 64Gi
+  storageClassName: cephfs-hyper
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netbox
+  namespace: netbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: netbox
+  template:
+    metadata:
+      labels:
+        app: netbox
+    spec:
+      containers:
+        - name: netbox
+          image: netboxcommunity/netbox:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http
+          env:
+            - name: DB_NAME
+              value: netbox
+            - name: DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: netbox-db
+                  key: username
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: netbox-db
+                  key: user.pw
+            - name: DB_HOST
+              value: db
+            - name: DB_PORT
+              value: "5432"
+
+            - name: REDIS_HOST
+              value: redis
+            - name: REDIS_PORT
+              value: "6379"
+
+            - name: REDIS_CACHE_HOST
+              value: redis
+            - name: REDIS_CACHE_PORT
+              value: "6379"
+
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: netbox-secrets
+                  key: SECRET_KEY
+
+            # optional but often useful behind ingress
+            - name: ALLOWED_HOSTS
+              value: "*"
+          volumeMounts:
+            - name: netbox-data
+              mountPath: /opt/netbox/netbox/media
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 8080
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8080
+            initialDelaySeconds: 60
+      volumes:
+        - name: netbox-data
+          persistentVolumeClaim:
+            claimName: netbox
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: netbox
+  namespace: netbox
+  labels:
+    app: netbox
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv6
+    - IPv4
+  ipFamilyPolicy: PreferDualStack
+  type: ClusterIP
+  selector:
+    app: netbox
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 8080

netbox/redis.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  namespace: netbox
+  labels:
+    app: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: redis
+              containerPort: 6379
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: netbox
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv6
+    - IPv4
+  ipFamilyPolicy: PreferDualStack
+  ports:
+    - name: redis
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis
+  type: ClusterIP

netbox/secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: netbox-secrets
+  namespace: netbox
+type: Opaque
+stringData:
+  DB_PASSWORD: netbox
+  SECRET_KEY: "super-secret-key-change-me"