nautobot · gertzakis · Nov 15, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024
@@ -3,7 +3,7 @@
 # See https://pre-commit.com for more information
 repos:
   - repo: "https://github.com/pre-commit/pre-commit-hooks"
-    rev: "v4.6.0"
+    rev: "v5.0.0"
     hooks:
       - id: "trailing-whitespace"
       - id: "end-of-file-fixer"
@@ -33,12 +33,12 @@ repos:
           - "docs/"
 
   - repo: "https://github.com/streetsidesoftware/cspell-cli"
-    rev: "v8.15.1"
+    rev: "v8.16.0"
     hooks:
       - id: "cspell"
 
   - repo: "https://github.com/gruntwork-io/pre-commit"
-    rev: "v0.1.23"  # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
+    rev: "v0.1.24"  # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
     hooks:
       - id: "helmlint"
 

@@ -16,6 +16,6 @@ dependencies:
   version: 12.15.0
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.26.0
-digest: sha256:b3fa151d1762cb262367a8fcbdc36adb0a1b583602e7cbee71675e2a74d92293
-generated: "2024-10-18T09:06:48.023158023+03:00"
+  version: 2.27.0
+digest: sha256:3b3d075f4c99531c211670fe76b74b1e2ee53a896e6b0cea38241cb21a7b3cd8
+generated: "2024-11-14T13:38:07.814675+01:00"
@@ -6,7 +6,7 @@ annotations:
   artifacthub.io/prerelease: "false"
   artifacthub.io/images: |
     - name: nautobot
-      image: ghcr.io/nautobot/nautobot:2.3.7-py3.11
+      image: ghcr.io/nautobot/nautobot:2.3.11-py3.11
   artifacthub.io/links: |
     - name: Nautobot Documentation
       url: https://docs.nautobot.com/
@@ -30,13 +30,17 @@ annotations:
     - title: Chatops
       url: https://raw.githubusercontent.com/nautobot/nautobot/develop/nautobot/docs/media/ss_plugin_chatops.png
   artifacthub.io/changes: |
+    - kind: added
+      description: Added property to deploy extra k8s objects(manifests)
+    - kind: fixed
+      description: Fixed issue to allow multiple probe types and not only the pre-configured
     - kind: changed
-      description: Upgraded Nautobot from 2.3.6 to 2.3.7
+      description: Upgraded Nautobot from 2.3.7 to 2.3.11
     - kind: changed
-      description: Upgraded Bitnami common subchart from 2.24.0 to 2.26.0
+      description: Upgraded Bitnami common subchart from 2.26.0 to 2.27.0
 apiVersion: "v2"
-appVersion: "2.3.7"
-version: "2.3.4"
+appVersion: "2.3.11"
+version: "2.4.0"
 dependencies:
   - condition: "redis.enabled"
     name: "redis"

@@ -1,6 +1,6 @@
 # nautobot
 
-![Version: 2.3.4](https://img.shields.io/badge/Version-2.3.4-informational?style=flat-square) ![AppVersion: 2.3.7](https://img.shields.io/badge/AppVersion-2.3.7-informational?style=flat-square)
+![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 2.3.11](https://img.shields.io/badge/AppVersion-2.3.11-informational?style=flat-square)
 
 Nautobot is a Network Source of Truth and Network Automation Platform.
 
@@ -162,6 +162,12 @@ See [Uninstall](https://docs.nautobot.com/projects/helm-charts/en/stable/operati
 |-----|------|---------|-------------|
 | <a name="commonAnnotations">[commonAnnotations](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L3)</a> | map[string]string | `{}` | Annotations to be applied to ALL resources created by this chart |
 
+## ExtraObjects Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| <a name="extraObjects">[extraObjects](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L1228)</a> | list | `[]` | Deploy additional Kubernetes manifests |
+
 ## Ingress Values
 
 | Key | Type | Default | Description |
@@ -275,7 +281,7 @@ The `mariadb.*` values configure the upstream chart from Bitnami.  Please see th
 | <a name="nautobot.image.pullSecrets">[nautobot.image.pullSecrets](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L48)</a> | []string | `[]` | List of secret names to be used as image [pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/), common to all deployments |
 | <a name="nautobot.image.registry">[nautobot.image.registry](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L40)</a> | string | `"ghcr.io"` | Nautobot image registry, common to all deployments |
 | <a name="nautobot.image.repository">[nautobot.image.repository](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L42)</a> | string | `"nautobot/nautobot"` | Nautobot image name, common to all deployments |
-| <a name="nautobot.image.tag">[nautobot.image.tag](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L44)</a> | string | `"2.3.7-py3.11"` | Nautobot image tag, common to all deployments |
+| <a name="nautobot.image.tag">[nautobot.image.tag](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L44)</a> | string | `"2.3.11-py3.11"` | Nautobot image tag, common to all deployments |
 | <a name="nautobot.initContainers">[nautobot.initContainers](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L219)</a> | [][Container](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container) | `[]` | [[ref](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)] Add additional init containers to the Nautobot server pods |
 | <a name="nautobot.lifecycleHooks">[nautobot.lifecycleHooks](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L191)</a> | [Lifecycle](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle) | `{}` | lifecycleHooks for the Nautobot container(s) to automate configuration before or after startup |
 | <a name="nautobot.livenessProbe">[nautobot.livenessProbe](https://github.com/nautobot/helm-charts/blob/main/charts/nautobot/values.yaml#L60)</a> | [Probe](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1) | See values.yaml | [[ref](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)] Nautobot liveness probe |

@@ -0,0 +1,8 @@
+{{- range .Values.extraObjects }}
+---
+  {{- if typeIs "string" . }}
+    {{- tpl . $ }}
+  {{- else }}
+    {{- tpl (. | toYaml | nindent 0) $ }}
+  {{- end }}
+{{- end }}
@@ -271,13 +271,19 @@ spec:
           {{- if $nautobot.resources }}
           resources: {{- toYaml $nautobot.resources | nindent 12 }}
           {{- end }}
-          {{- if $nautobot.livenessProbe.enabled }}
+          {{- if and $nautobot.livenessProbe.enabled (or (hasKey $nautobot.livenessProbe "httpGet") (hasKey $nautobot.livenessProbe "tcpSocket")) }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.livenessProbe "enabled" "exec") "context" $) | nindent 12 }}
+          {{- else if $nautobot.livenessProbe.enabled }}
           livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.livenessProbe "enabled") "context" $) | nindent 12 }}
           {{- end }}
-          {{- if $nautobot.readinessProbe.enabled }}
+          {{- if and $nautobot.readinessProbe.enabled (or (hasKey $nautobot.readinessProbe "exec") (hasKey $nautobot.readinessProbe "tcpSocket")) }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.readinessProbe "enabled" "httpGet") "context" $) | nindent 12 }}
+          {{- else if $nautobot.readinessProbe.enabled }}
           readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.readinessProbe "enabled") "context" $) | nindent 12 }}
           {{- end }}
-          {{- if $nautobot.startupProbe.enabled }}
+          {{- if and $nautobot.startupProbe "exec"  (or (hasKey $nautobot.startupProbe "exec") (hasKey $nautobot.startupProbe "tcpSocket")) }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.startupProbe "enabled" "httpGet") "context" $) | nindent 12 }}
+          {{- else if $nautobot.startupProbe.enabled }}
           startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $nautobot.startupProbe "enabled") "context" $) | nindent 12 }}
           {{- end }}
           volumeMounts:

@@ -1197,6 +1197,20 @@
         }
       },
       "description": "List of Nautobot objects (matching the Nautobot spec) to create deployments for"
+    },
+    "extraObjects": {
+      "type": "array",
+      "description": "A property where you can define additional Kubernetes manifests that are deployed along the other Kubernetes manifests generated by this Helm Chart.",
+      "items": {
+        "anyOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      }
     }
   }
 }
@@ -41,7 +41,7 @@ nautobot:
     # -- Nautobot image name, common to all deployments
     repository: "nautobot/nautobot"
     # -- Nautobot image tag, common to all deployments
-    tag: "2.3.7-py3.11"
+    tag: "2.3.11-py3.11"
     # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/), common to all deployments valid values: `Always`, `Never`, or `IfNotPresent`
     pullPolicy: "Always"
     # -- ([]string) List of secret names to be used as image [pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/), common to all deployments
@@ -1223,3 +1223,6 @@ postgresqlha:
 rabbitmq:
   # -- Enable deployment of the [Bitnami RabbitMQ](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq) chart, all other `rabbitmq.*` parameters will be passed directly to that chart
   enabled: false
+
+# -- Deploy additional Kubernetes manifests
+extraObjects: []
@@ -0,0 +1,216 @@
+# Applying Extra Kubernetes Objects
+
+Certain deployments require additional Kubernetes objects that are not deployed
+as a part of this Helm Chart.
+
+The following are some of the use cases:
+
+- Admin credentials are generated and stored in a secret manager such as
+  HashiCorp Vault or AWS Secrets Manager. These credentials must be injected
+  to Pods as a Kubernetes secret.
+- Additional Ingresses must be deployed to expose Nautobot on a different hostname.
+- Additional Kubernetes Jobs must be executed to perform additional checks or
+  to provision certain aspects of Nautobot deployment.
+
+Let's focus on the use case for admin credentials. Once the credentials are
+stored in HashiCorp Vault, for example, you can use the ExternalSecrets
+operator to fetch those credentials and create the Kubernetes Secret object.
+The following snippet shows an example:
+
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: my-secret
+  namespace: nautobot
+spec:
+  data:
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: secrets/nautobot/superuser
+        metadataPolicy: None
+        property: SUPERUSER_PASSWORD
+      secretKey: SUPERUSER_PASSWORD
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: secrets/nautobot/superuser
+        metadataPolicy: None
+        property: API_TOKEN
+      secretKey: API_TOKEN
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: my-secret
+    template:
+      data:
+        NAUTOBOT_SUPERUSER_PASSWORD: "{{ `{{ .SUPERUSER_PASSWORD | toString }}` }}"
+        NAUTOBOT_SUPERUSER_API_TOKEN: "{{ `{{ .API_TOKEN | toString }}` }}"
+      engineVersion: v2
+      mergePolicy: Replace
+```
+
+The operator will fetch credentials from Vault and it will create a Kubernetes
+Secret, after this object is deployed. The Helm Chart values will then specify
+the existing secret name such as this:
+
+```yaml
+nautobot:
+  superUser:
+    existingSecret: "my-secret"
+```
+
+To apply additional Kubernetes objects, such as the one above, you
+must use an external tool, such as FluxCD, ArgoCD, Ansible, or something else.
+
+To simplify this process, the Nautobot Helm Chart supports an additional
+property called `extraObjects`. This property is a list of Kubernetes manifests
+that must be deployed along to Nautobot objects generated from this Helm Chart.
+This allows you to omit using external tools to deploy any extra Kubernetes
+objects.
+
+The following snippet shows how the Helm Chart values would look in this
+case:
+
+```yaml
+---
+nautobot:
+  superUser:
+    existingSecret: "my-secret"
+
+extraObjects:
+  - |
+    apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+      name: my-secret
+      namespace: nautobot
+    spec:
+      data:
+        - remoteRef:
+            conversionStrategy: Default
+            decodingStrategy: None
+            key: secrets/nautobot/superuser
+            metadataPolicy: None
+            property: SUPERUSER_PASSWORD
+          secretKey: SUPERUSER_PASSWORD
+        - remoteRef:
+            conversionStrategy: Default
+            decodingStrategy: None
+            key: secrets/nautobot/superuser
+            metadataPolicy: None
+            property: API_TOKEN
+          secretKey: API_TOKEN
+      refreshInterval: 1h
+      secretStoreRef:
+        kind: ClusterSecretStore
+        name: vault
+      target:
+        creationPolicy: Owner
+        deletionPolicy: Retain
+        name: my-secret
+        template:
+          data:
+            NAUTOBOT_SUPERUSER_PASSWORD: "{{ `{{ .SUPERUSER_PASSWORD | toString }}` }}"
+            NAUTOBOT_SUPERUSER_API_TOKEN: "{{ `{{ .API_TOKEN | toString }}` }}"
+          engineVersion: v2
+          mergePolicy: Replace
+```
+
+Helm will also deploy the `ExternalSecret` object when the release with these
+values is deployed. The Nautobot Pods require the `my-secret` Secret,
+so they will not start until the ExternalSecrets operator creates the Secret.
+
+You must be aware that these manifests are deployed in order defined by Helm.
+So, there is no guarantee, that certain manifests will be deployed before others.
+In cases where you need certain manifests (such as a Job for example), you
+will still need a third-party tool.
+
+The manifests can be defined as a string or as a dictionary, as shown in the
+following example:
+
+```yaml
+extraObjects:
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: database-host
+      namespace: nautobot
+    data:
+      DATABASE_HOST: database.example.com
+  - |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: database-user
+      namespace: nautobot
+    data:
+      DATABASE_USER: db-admin
+```
+
+You can also use Go templating language to define certain parts of a manifest.
+All variables from the Helm Chart values file are available. You can also
+use functions that are available in Go templating language.
+
+The following example shows how you can specify namespace dynamically, and
+how to define the secret name on a single place.
+
+```yaml
+---
+nautobot:
+  superUser:
+    existingSecret: "my-secret"
+
+extraObjects:
+  - |
+    apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+      name: {{ .Values.nautobot.superUser.existingSecret }}
+      namespace: {{ .Release.Namespace }}
+    spec:
+      data:
+        - remoteRef:
+            conversionStrategy: Default
+            decodingStrategy: None
+            key: secrets/nautobot/superuser
+            metadataPolicy: None
+            property: SUPERUSER_PASSWORD
+          secretKey: SUPERUSER_PASSWORD
+        - remoteRef:
+            conversionStrategy: Default
+            decodingStrategy: None
+            key: secrets/nautobot/superuser
+            metadataPolicy: None
+            property: API_TOKEN
+          secretKey: API_TOKEN
+      refreshInterval: 1h
+      secretStoreRef:
+        kind: ClusterSecretStore
+        name: vault
+      target:
+        creationPolicy: Owner
+        deletionPolicy: Retain
+        name: {{ .Values.nautobot.superUser.existingSecret }}
+        template:
+          data:
+            NAUTOBOT_SUPERUSER_PASSWORD: "{{ `{{ .SUPERUSER_PASSWORD | toString }}` }}"
+            NAUTOBOT_SUPERUSER_API_TOKEN: "{{ `{{ .API_TOKEN | toString }}` }}"
+          engineVersion: v2
+          mergePolicy: Replace
+```
+
+Please note that these objects are processed in a template. So make sure that
+you don't use the same syntax as used for Go templating. You can use back quotes
+to "escape" strings in those cases. The following is an example:
+
+```yaml
+NAUTOBOT_SUPERUSER_PASSWORD: "{{ `{{ .SUPERUSER_PASSWORD | toString }}` }}"
+```
+
+The resulting manifest will be: `NAUTOBOT_SUPERUSER_PASSWORD: {{ .SUPERUSER_PASSWORD | toString }}`