diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index c863a48e..b6012c5f 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: netbox -version: 5.0.57 +version: 5.1.0 # renovate: image=ghcr.io/netbox-community/netbox appVersion: "v4.2.6" type: application @@ -34,6 +34,8 @@ annotations: artifacthub.io/images: | - name: netbox image: ghcr.io/netbox-community/netbox:v4.2.6 + - name: kubectl + image: docker.io/bitnami/kubectl:1.32.2-debian-12-r3 - name: busybox image: docker.io/busybox:1.37.0 artifacthub.io/license: Apache-2.0 diff --git a/charts/netbox/templates/worker/deployment.yaml b/charts/netbox/templates/worker/deployment.yaml index 3dcf1f19..523f1b40 100644 --- a/charts/netbox/templates/worker/deployment.yaml +++ b/charts/netbox/templates/worker/deployment.yaml @@ -39,8 +39,33 @@ spec: {{- if .Values.worker.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} - {{- if .Values.worker.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | trim | nindent 8 }} + {{- if or .Values.worker.initContainers .Values.worker.waitForBackend.enabled }} + initContainers: + {{- if .Values.worker.waitForBackend.enabled }} + - name: wait-for-backend + image: {{ include "common.images.image" (dict "imageRoot" .Values.worker.waitForBackend.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.worker.waitForBackend.image.pullPolicy | quote }} + {{- if .Values.worker.waitForBackend.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.command "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.worker.waitForBackend.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.args "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.worker.waitForBackend.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.waitForBackend.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.worker.waitForBackend.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.worker.waitForBackend.resources "context" $) | nindent 12 }} + {{- else if ne .Values.worker.waitForBackend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.worker.waitForBackend.resourcesPreset) | nindent 12 }} + {{- end }} + env: + - name: DEPLOYMENT_NAME + value: {{ include "common.names.fullname" . }} + {{- end }} + {{- if .Values.worker.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | nindent 8 }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-worker diff --git a/charts/netbox/values.schema.json b/charts/netbox/values.schema.json index 62863f59..f2df85ea 100644 --- a/charts/netbox/values.schema.json +++ b/charts/netbox/values.schema.json @@ -1625,6 +1625,99 @@ } }, "type": "object" + }, + "waitForBackend": { + "properties": { + "args": { + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "enabled": { + "type": "boolean" + }, + "podSecurityContext": { + "properties": { + "enabled": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "supplementalGroups": { + "type": "array" + }, + "sysctls": { + "type": "array" + } + }, + "type": "object" + }, + "resources": { + "properties": {}, + "type": "object" + }, + "resourcesPreset": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "privileged": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": {}, + "type": "object" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" } }, "type": "object" diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index 81b40d49..73722892 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -827,7 +827,7 @@ startupProbe: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 - failureThreshold: 10 + failureThreshold: 100 successThreshold: 1 ## @param customLivenessProbe Override default liveness probe for containers ## @@ -1504,7 +1504,7 @@ worker: readOnlyPersistence: false ## @param worker.automountServiceAccountToken Mount Service Account token in pod ## - automountServiceAccountToken: false + automountServiceAccountToken: true ## @param worker.affinity Affinity for worker pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set @@ -1627,3 +1627,96 @@ worker: ## command: ['sh', '-c', 'echo "init"'] ## initContainers: [] + ## Init containers parameters: + ## wait-for-backend: Wait for NetBox backend before running workers + ## + waitForBackend: + ## @param waitForBackend.enabled Wait for NetBox backend before running workers + ## + enabled: true + ## @param waitForBackend.image.registry [default: REGISTRY_NAME] Init container wait-for-backend image registry + ## @param waitForBackend.image.repository [default: REPOSITORY_NAME/kubectl] Init container wait-for-backend image name + ## @param waitForBackend.image.tag Init container wait-for-backend image tag + ## @param waitForBackend.image.digest Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param waitForBackend.image.pullPolicy Init container wait-for-backend image pull policy + ## @param waitForBackend.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/kubectl + tag: 1.32.2-debian-12-r3 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param waitForBackend.command The command to execute in the wait-for-backend container + ## + command: + - /bin/bash + - -ec + ## @param waitForBackend.args Override wait-for-backend container args + ## + args: + - | + deployment=${DEPLOYMENT_NAME:?deployment name is missing} + return_code=0 + + echo "Waiting for deployment \"${deployment}\" to be successfully rolled out..." + kubectl rollout status deployment "$deployment" 2>&1 || return_code=$? + echo "Rollout exit code: '${return_code}'" + exit $return_code + ## waitForBackend containers' Security Context (init container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param waitForBackend.containerSecurityContext.enabled Enabled containers' Security Context + ## @param waitForBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param waitForBackend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param waitForBackend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param waitForBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param waitForBackend.containerSecurityContext.privileged Set container's Security Context privileged + ## @param waitForBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param waitForBackend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param waitForBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param waitForBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Init container resource requests and limits. + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param waitForBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackend.resources is set (waitForBackend.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param waitForBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {}