netbox: Improve secrets handling, default probes

2023-05-08 11:19:26 +02:00 · 2023-05-08 11:19:26 +02:00 · 4d99ea41f9
commit 4d99ea41f9
parent aeebc6aa3e
6 changed files with 46 additions and 13 deletions
--- a/charts/netbox/Chart.yaml
+++ b/charts/netbox/Chart.yaml
@ -10,7 +10,7 @@ icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/proje
 appVersion: 3.5.1
 type: application
-version: 5.2.2
+version: 5.3.0
 maintainers:
  - name: Alexander Olofsson
    email: ace@haxalot.com
--- a/charts/netbox/templates/deployment-housekeeping.yaml
+++ b/charts/netbox/templates/deployment-housekeeping.yaml
@ -40,13 +40,13 @@ spec:
                  name: {{ .Values.redis.auth.existingSecret | default (include "netbox.redis.fullname" .) }}
                  key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }}
          {{- end }}
-          {{- if .Values.postgresql.enabled }}
+          {{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
-                {{- if .Values.postgresql.existingSecret }}
+                {{- if .Values.postgresql.auth.existingSecret }}
-                  name: {{ .Values.postgresql.existingSecret }}
+                  name: {{ .Values.postgresql.auth.existingSecret }}
-                  key: password
+                  key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
                {{- else }}
                  name: {{ include "netbox.postgresql.fullname" . }}
                  key: password
@ -57,6 +57,9 @@ spec:
                name: {{ include "netbox.fullname" . }}
            - secretRef:
                name: {{ include "netbox.fullname" . }}
          {{- with .Values.extraEnvFrom -}}
            {{ . | toYaml | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.housekeeping.resources | nindent 12 }}
          {{- if or .Values.extraConfiguration .Values.extraPlugins }}
--- a/charts/netbox/templates/deployment-worker.yaml
+++ b/charts/netbox/templates/deployment-worker.yaml
@ -42,13 +42,13 @@ spec:
                  name: {{ .Values.redis.auth.existingSecret | default (include "netbox.redis.fullname" .) }}
                  key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }}
          {{- end }}
-          {{- if .Values.postgresql.enabled }}
+          {{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
-                {{- if .Values.postgresql.existingSecret }}
+                {{- if .Values.postgresql.auth.existingSecret }}
-                  name: {{ .Values.postgresql.existingSecret }}
+                  name: {{ .Values.postgresql.auth.existingSecret }}
-                  key: password
+                  key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
                {{- else }}
                  name: {{ include "netbox.postgresql.fullname" . }}
                  key: password
@ -59,6 +59,9 @@ spec:
                name: {{ include "netbox.fullname" . }}
            - secretRef:
                name: {{ include "netbox.fullname" . }}
          {{- with .Values.extraEnvFrom -}}
            {{ . | toYaml | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.worker.resources | nindent 12 }}
          {{- if or .Values.extraConfiguration .Values.extraPlugins }}
--- a/charts/netbox/templates/deployment.yaml
+++ b/charts/netbox/templates/deployment.yaml
@ -53,13 +53,13 @@ spec:
                  name: {{ .Values.existingDjangoSecret }}
                  key: {{ .Values.existingDjangoSecretKey }}
          {{- end }}
-          {{- if .Values.postgresql.enabled }}
+          {{- if (or .Values.postgresql.auth.existingSecret .Values.postgresql.enabled) }}
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
-                {{- if .Values.postgresql.existingSecret }}
+                {{- if .Values.postgresql.auth.existingSecret }}
-                  name: {{ .Values.postgresql.existingSecret }}
+                  name: {{ .Values.postgresql.auth.existingSecret }}
-                  key: {{ .Values.postgresql.existingSecretKey }}
+                  key: {{ .Values.postgresql.auth.existingSecretKey | default "password" }}
                {{- else }}
                  name: {{ include "netbox.postgresql.fullname" . }}
                  key: password
@ -70,6 +70,9 @@ spec:
                name: {{ include "netbox.fullname" . }}
            - secretRef:
                name: {{ include "netbox.fullname" . }}
          {{- with .Values.extraEnvFrom -}}
            {{ . | toYaml | nindent 12 }}
          {{- end }}
          ports:
            - name: http
              containerPort: 8080
--- a/charts/netbox/templates/secrets.yaml
+++ b/charts/netbox/templates/secrets.yaml
@ -1,3 +1,4 @@
 {{ $secret := (lookup "v1" "Secret" .Release.Namespace (include "netbox.fullname" .)) -}}
 ---
 apiVersion: v1
 kind: Secret
@ -17,6 +18,8 @@ data:
 {{- end }}
 {{- if .Values.djangoSecret }}
  SECRET_KEY: {{ .Values.djangoSecret | b64enc }}
 {{- else if and $secret $secret.data.SECRET_KEY }}
  SECRET_KEY: {{ $secret.data.SECRET_KEY }}
 {{- else if not .Values.existingDjangoSecret }}
  SECRET_KEY: {{ randAlphaNum 50 | b64enc }}
 {{- end }}
--- a/charts/netbox/values.yaml
+++ b/charts/netbox/values.yaml
@ -90,6 +90,12 @@ extraEnv: {}
  # MAX_PAGE_SIZE: 1000
  # WEBHOOKS_ENABLED: true
 extraEnvFrom: []
  # - configMapRef:
  #     name: custom-config
  # - secretRef:
  #     name: custom-secrets
 extraSecrets: {}
  # EMAIL_PASSWORD: netbox
@ -134,6 +140,21 @@ extraVolumes: []
 extraVolumeMounts: []
 readinessProbe:
  httpGet:
    port: http
    path: /
 livenessProbe:
  httpGet:
    port: http
    path: /
 startupProbe:
  tcpSocket:
    port: http
  failureThreshold: 12
 persistence:
  enabled: false
  # existingClaim: netbox-data