Enterprise
Helm Values Reference
Complete reference for the nbe-operator values.yaml organized by section. All values below are set at the top level of your values file.
How Helm Values Map to the CRD
The netboxEnterprise section of your values file maps directly to the NetBoxEnterprise custom resource. When you set netboxEnterprise.enabled: true, the chart creates a NetBoxEnterprise CR with the spec field populated from netboxEnterprise.spec.* in your values. For example:
# values.yaml # becomes this CRD spec:
netboxEnterprise: # apiVersion: netboxlabs.com/v1
enabled: true # kind: NetBoxEnterprise
spec: # spec:
netbox: # netbox:
replicas: 2 # replicas: 2
postgresql: # postgresql:
storageSize: "20Gi" # storageSize: "20Gi"
This means you can use either helm install --values or kubectl apply to manage your deployment. See the CRD Reference for the full spec field documentation.
Global Configuration
| Key | Type | Default | Description |
|---|---|---|---|
global.imagePullSecrets | list | [\{name: netbox-enterprise-helm-registry\}, {name: netbox-enterprise-registry}] | Image pull secrets applied to all pods |
global.database.enabled | bool | true | Enable internal PGO-managed PostgreSQL |
global.image.pullPolicy | string | IfNotPresent | Default image pull policy |
global.kubernetesVersion | string | >=1.26.0 | Kubernetes version constraint |
Operator Configuration
| Key | Type | Default | Description |
|---|---|---|---|
operator.enabled | bool | true | Deploy the operator |
operator.image.registry | string | proxy.enterprise.netboxlabs.com/... | Operator image registry |
operator.image.repository | string | netboxlabs/nbe-operator | Operator image repository |
operator.image.tag | string | 2.0-latest | Operator image tag |
operator.image.pullPolicy | string | IfNotPresent | Operator image pull policy |
operator.metricsPort | int | 8080 | Port for metrics endpoint |
operator.healthPort | int | 8081 | Port for health endpoints |
operator.metricsScrapeIntervalSecs | int | 30 | Seconds between metrics scrape operations |
note
The cluster DNS suffix is now configured in the NetBoxEnterprise CRD via spec.clusterDnsSuffix instead of a Helm value.
Operator Logging
| Key | Type | Default | Description |
|---|---|---|---|
operator.logging.level | string | info | Log level using RUST_LOG syntax (e.g., info, debug, info,kube=warn) |
operator.logging.format | string | auto | Log format: auto, json, compact, pretty, gcp, aws, otlp |
operator.logging.otlp.endpoint | string | Default: OTLP on port 4318 | OTLP exporter endpoint URL (when format is otlp) |
operator.logging.otlp.serviceName | string | nbe-operator | Service name for OTLP traces |
Operator Probes
| Key | Type | Default | Description |
|---|---|---|---|
operator.livenessProbe.initialDelaySeconds | int | 15 | Delay before liveness checks start |
operator.livenessProbe.periodSeconds | int | 20 | Interval between liveness checks |
operator.readinessProbe.initialDelaySeconds | int | 5 | Delay before readiness checks start |
operator.readinessProbe.periodSeconds | int | 10 | Interval between readiness checks |
Operator Environment
| Key | Type | Default | Description |
|---|---|---|---|
operator.env | list | [] | Additional environment variables |
operator.envFrom | list | [] | Environment variable sources (ConfigMaps, Secrets) |
operator.config | object | {} | Additional operator configuration |
Service Account & RBAC
| Key | Type | Default | Description |
|---|---|---|---|
serviceAccount.create | bool | true | Create a ServiceAccount for the operator |
serviceAccount.annotations | object | {} | Annotations for the ServiceAccount |
serviceAccount.name | string | "" | Override ServiceAccount name (auto-generated if empty) |
rbac.create | bool | true | Create RBAC resources |
rbac.scope | string | cluster | RBAC scope: cluster or namespace |
Service
| Key | Type | Default | Description |
|---|---|---|---|
service.enabled | bool | true | Create a Service for the operator |
service.type | string | ClusterIP | Service type |
service.metricsPort | int | 8080 | Metrics port exposed by the Service |
service.annotations | object | {} | Service annotations |
Metrics
| Key | Type | Default | Description |
|---|---|---|---|
metrics.enabled | bool | true | Enable Prometheus discovery annotations on the operator pod |
metrics.podAnnotations | bool | true | Add prometheus.io/scrape, prometheus.io/port, prometheus.io/path annotations |
See Monitoring for details on application-level metrics.
ServiceMonitor
| Key | Type | Default | Description |
|---|---|---|---|
serviceMonitor.enabled | bool | false | Create a Prometheus Operator ServiceMonitor |
serviceMonitor.namespace | string | "" | Namespace for the ServiceMonitor (defaults to release namespace) |
serviceMonitor.labels | object | {} | Additional labels for the ServiceMonitor |
serviceMonitor.annotations | object | {} | Additional annotations |
serviceMonitor.interval | string | 30s | Scrape interval |
serviceMonitor.scrapeTimeout | string | 10s | Scrape timeout |
serviceMonitor.scheme | string | http | HTTP scheme (http or https) |
serviceMonitor.tlsConfig | object | {} | TLS config for scraping |
serviceMonitor.honorLabels | bool | true | Honor labels from scraped metrics |
serviceMonitor.relabelings | list | [] | Relabeling configurations |
serviceMonitor.metricRelabelings | list | [] | Metric relabeling configurations |
serviceMonitor.targetLabels | list | [] | Target labels for scraped metrics |
Pod Configuration
| Key | Type | Default | Description |
|---|---|---|---|
replicaCount | int | 1 | Operator replica count |
podAnnotations | object | {} | Additional pod annotations |
podLabels | object | {} | Additional pod labels |
resources.requests.cpu | string | 100m | Operator CPU request |
resources.requests.memory | string | 128Mi | Operator memory request |
resources.limits.cpu | string | 500m | Operator CPU limit |
resources.limits.memory | string | 512Mi | Operator memory limit |
nodeSelector | object | {} | Node selector constraints |
tolerations | list | [] | Pod tolerations |
affinity | object | {} | Pod affinity/anti-affinity rules |
volumes | list | [] | Additional volumes |
volumeMounts | list | [] | Additional volume mounts |
Pod Security
| Key | Type | Default | Description |
|---|---|---|---|
podSecurityContext.runAsNonRoot | bool | true | Enforce non-root |
podSecurityContext.runAsUser | int | 65532 | UID for operator process |
podSecurityContext.fsGroup | int | 65532 | Filesystem group |
securityContext.allowPrivilegeEscalation | bool | false | Block privilege escalation |
securityContext.capabilities.drop | list | [ALL] | Drop all capabilities |
securityContext.readOnlyRootFilesystem | bool | true | Read-only root filesystem |
Dependency Toggles
| Key | Type | Default | Description |
|---|---|---|---|
pgo.enabled | bool | true | Install Crunchy Postgres Operator |
redis-operator.enabled | bool | true | Install Redis Operator |
replicated.enabled | bool | true | Install Replicated SDK |
ingress.enabled | bool | false | Install ingress-nginx controller |
NetBoxEnterprise Configuration
The netboxEnterprise section controls the NetBoxEnterprise custom resource that the operator reconciles. See the dedicated configuration pages for each subsection:
| Key | Type | Default | Description |
|---|---|---|---|
netboxEnterprise.enabled | bool | false | Create a NetBoxEnterprise CR |
netboxEnterprise.name | string | netbox | Name of the NetBoxEnterprise resource |
netboxEnterprise.annotations | object | {} | Annotations merged with defaults |
netboxEnterprise.spec.suspend | bool | false | Suspend reconciliation |
netboxEnterprise.spec.maintenanceMode | bool | false | Enable maintenance mode |
For the full spec reference, see the NetBoxEnterprise CRD documentation.
Quick Links
- NetBox —
netboxEnterprise.spec.netbox.*(app, worker, config) - PostgreSQL —
netboxEnterprise.spec.postgresql.*(internal/external DB) - Redis —
netboxEnterprise.spec.redis.*(internal/external cache) - Diode —
netboxEnterprise.spec.diode.*(data ingestion pipeline) - Ingress & TLS — Networking and certificates
- Monitoring — Metrics and ServiceMonitor