netbox: Improve secrets handling, default probes
This commit is contained in:
Alexander Olofsson
parent
aeebc6aa3e
commit
4d99ea41f9
6 changed files with 46 additions and 13 deletions
|
|
@ -10,7 +10,7 @@ icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/proje
|
|||
appVersion: 3.5.1
|
||||
|
||||
type: application
|
||||
version: 5.2.2
|
||||
version: 5.3.0
|
||||
maintainers:
|
||||
- name: Alexander Olofsson
|
||||
email: ace@haxalot.com
|
||||
|
|
|
|||
|
|
@ -40,13 +40,13 @@ spec:
|
|||
name: {{ .Values.redis.auth.existingSecret | default (include "netbox.redis.fullname" .) }}
|
||||
key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }}
|
||||
{{- end }}
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
{{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.postgresql.existingSecret }}
|
||||
name: {{ .Values.postgresql.existingSecret }}
|
||||
key: password
|
||||
{{- if .Values.postgresql.auth.existingSecret }}
|
||||
name: {{ .Values.postgresql.auth.existingSecret }}
|
||||
key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
|
||||
{{- else }}
|
||||
name: {{ include "netbox.postgresql.fullname" . }}
|
||||
key: password
|
||||
|
|
@ -57,6 +57,9 @@ spec:
|
|||
name: {{ include "netbox.fullname" . }}
|
||||
- secretRef:
|
||||
name: {{ include "netbox.fullname" . }}
|
||||
{{- with .Values.extraEnvFrom -}}
|
||||
{{ . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.housekeeping.resources | nindent 12 }}
|
||||
{{- if or .Values.extraConfiguration .Values.extraPlugins }}
|
||||
|
|
|
|||
|
|
@ -42,13 +42,13 @@ spec:
|
|||
name: {{ .Values.redis.auth.existingSecret | default (include "netbox.redis.fullname" .) }}
|
||||
key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }}
|
||||
{{- end }}
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
{{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.postgresql.existingSecret }}
|
||||
name: {{ .Values.postgresql.existingSecret }}
|
||||
key: password
|
||||
{{- if .Values.postgresql.auth.existingSecret }}
|
||||
name: {{ .Values.postgresql.auth.existingSecret }}
|
||||
key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
|
||||
{{- else }}
|
||||
name: {{ include "netbox.postgresql.fullname" . }}
|
||||
key: password
|
||||
|
|
@ -59,6 +59,9 @@ spec:
|
|||
name: {{ include "netbox.fullname" . }}
|
||||
- secretRef:
|
||||
name: {{ include "netbox.fullname" . }}
|
||||
{{- with .Values.extraEnvFrom -}}
|
||||
{{ . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.worker.resources | nindent 12 }}
|
||||
{{- if or .Values.extraConfiguration .Values.extraPlugins }}
|
||||
|
|
|
|||
|
|
@ -53,13 +53,13 @@ spec:
|
|||
name: {{ .Values.existingDjangoSecret }}
|
||||
key: {{ .Values.existingDjangoSecretKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
{{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.postgresql.existingSecret }}
|
||||
name: {{ .Values.postgresql.existingSecret }}
|
||||
key: {{ .Values.postgresql.existingSecretKey }}
|
||||
{{- if .Values.postgresql.auth.existingSecret }}
|
||||
name: {{ .Values.postgresql.auth.existingSecret }}
|
||||
key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
|
||||
{{- else }}
|
||||
name: {{ include "netbox.postgresql.fullname" . }}
|
||||
key: password
|
||||
|
|
@ -70,6 +70,9 @@ spec:
|
|||
name: {{ include "netbox.fullname" . }}
|
||||
- secretRef:
|
||||
name: {{ include "netbox.fullname" . }}
|
||||
{{- with .Values.extraEnvFrom -}}
|
||||
{{ . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
{{ $secret := (lookup "v1" "Secret" .Release.Namespace (include "netbox.fullname" .)) -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
|
@ -17,6 +18,8 @@ data:
|
|||
{{- end }}
|
||||
{{- if .Values.djangoSecret }}
|
||||
SECRET_KEY: {{ .Values.djangoSecret | b64enc }}
|
||||
{{- else if and $secret $secret.data.SECRET_KEY }}
|
||||
SECRET_KEY: {{ $secret.data.SECRET_KEY }}
|
||||
{{- else if not .Values.existingDjangoSecret }}
|
||||
SECRET_KEY: {{ randAlphaNum 50 | b64enc }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -90,6 +90,12 @@ extraEnv: {}
|
|||
# MAX_PAGE_SIZE: 1000
|
||||
# WEBHOOKS_ENABLED: true
|
||||
|
||||
extraEnvFrom: []
|
||||
# - configMapRef:
|
||||
# name: custom-config
|
||||
# - secretRef:
|
||||
# name: custom-secrets
|
||||
|
||||
extraSecrets: {}
|
||||
# EMAIL_PASSWORD: netbox
|
||||
|
||||
|
|
@ -134,6 +140,21 @@ extraVolumes: []
|
|||
|
||||
extraVolumeMounts: []
|
||||
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
port: http
|
||||
path: /
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
port: http
|
||||
path: /
|
||||
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
failureThreshold: 12
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
# existingClaim: netbox-data
|
||||
|
|
|
|||
Loading…
Reference in a new issue