NetBox Configuration
Configure the NetBox web application and background workers under netboxEnterprise.spec.netbox.
Application Deployment
| Key | Type | Default | Description |
|---|---|---|---|
netbox.replicas | uint8 | 1 | Number of NetBox web application replicas (0-255) |
netbox.httpPort | uint16 | 8080 | HTTP port for the NetBox web interface |
netbox.statusPort | uint16 | 8081 | Deprecated. Formerly the nginx unit health check port; ignored since the granian transition in nbe-core 4.5.x. |
netbox.imagePullPolicy | string | IfNotPresent | Image pull policy |
Image
| Key | Type | Default | Description |
|---|---|---|---|
netbox.image.registry | string | proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io | Proxied container registry |
netbox.image.repository | string | netboxlabs/nbe-core | Image repository |
netbox.image.tag | string | Chart-dependent | Image tag |
netbox.image.digest | string | - | Optional digest for image pinning |
Resources
Resources are specified in millicores (CPU) and mebibytes (memory):
| Key | Type | Default | Description |
|---|---|---|---|
netbox.resources.cpu | int | 200 | CPU request in millicores |
netbox.resources.memory | int | 750 | Memory request in MiB |
netbox.limits.cpu | int | 1000 | CPU limit in millicores |
netbox.limits.memory | int | 1500 | Memory limit in MiB |
Storage
| Key | Type | Default | Description |
|---|---|---|---|
netbox.mediaStorageSize | string | 10Gi | PVC size for uploaded media files |
netbox.scriptsStorageSize | string | 1Gi | PVC size for custom scripts |
netbox.storageClassName | string | - | Storage class (uses cluster default if not set) |
URLs
| Key | Type | Default | Description |
|---|---|---|---|
netbox.urls | list | - | External URLs for the NetBox service. Used to configure ingress. |
Example:
netbox:
urls:
- "https://netbox.example.com"
Environment Variables
| Key | Type | Default | Description |
|---|---|---|---|
netbox.env | list | HTTP proxy defaults | Kubernetes EnvVar list for NetBox containers |
netbox.yamlEnv | string | - | YAML string of environment variables |
Worker Configuration
Background workers process asynchronous tasks such as webhooks, reports, and scripts.
| Key | Type | Default | Description |
|---|---|---|---|
netbox.worker.replicas | uint8 | 1 | Number of worker replicas |
netbox.worker.resources.cpu | int | 100 | CPU request in millicores |
netbox.worker.resources.memory | int | 128 | Memory request in MiB |
netbox.worker.limits.cpu | int | 1000 | CPU limit in millicores |
netbox.worker.limits.memory | int | 1500 | Memory limit in MiB |
netbox.worker.env | list | HTTP proxy defaults | Environment variables for worker pods |
netbox.worker.yamlEnv | string | - | YAML string of environment variables |
Application Config
Settings under netbox.config control NetBox application behavior.
| Key | Type | Default | Description |
|---|---|---|---|
netbox.config.allowedHosts | list | ['*'] | Django allowed hosts |
netbox.config.metricsEnabled | bool | false | Expose Prometheus metrics at /metrics |
netbox.config.customPythonConfig | string | - | Inline custom Python configuration |
netbox.config.customPythonConfigRef | object | - | ConfigMap reference for custom Python config |
Superuser
If provided, all four fields must be set. Each references a Kubernetes Secret:
netbox:
config:
superuser:
username:
name: netbox-superuser
key: username
email:
name: netbox-superuser
key: email
password:
name: netbox-superuser
key: password
apiToken:
name: netbox-superuser
key: api_token
If no superuser is configured, the operator auto-generates credentials with the username admin and a random password.
Retrieving Auto-Generated Credentials
The auto-generated superuser secret follows the naming pattern <netboxenterprise-name>-netbox-superuser. For the default NetBoxEnterprise name netbox:
kubectl -n netbox get secret netbox-netbox-superuser \
-o jsonpath='{.data.password}' | base64 -d ; echo
To retrieve the auto-generated API token:
kubectl -n netbox get secret netbox-netbox-superuser \
-o jsonpath='{.data.api_token}' | base64 -d ; echo
Secret Key
The Django secret key is auto-generated if not provided. To use a specific key:
netbox:
config:
secretKey:
name: netbox-django-secret
key: secret_key
S3 Media Storage
Store uploaded files in S3-compatible object storage instead of local PVCs:
netbox:
config:
storage:
s3:
enabled: true
bucketName: netbox-media
regionName: us-east-1
endpointUrl: https://s3.example.com # for MinIO, Garage, etc.
accessKeyId:
name: netbox-s3-creds
key: access_key
secretAccessKey:
name: netbox-s3-creds
key: secret_key
S3 TLS Configuration
For S3-compatible endpoints with custom CA certificates or mTLS, use the tlsConfig field which references certificates from the cluster's tlsKeychain:
netbox:
config:
storage:
s3:
enabled: true
bucketName: netbox-media
endpointUrl: https://minio.internal:9000
tlsConfig:
keychainCaCertificates:
- minio-ca
keychainClientCertificate: minio-client # for mTLS
| Key | Type | Default | Description |
|---|---|---|---|
storage.s3.tlsConfig.insecureSkipVerify | bool | false | Skip SSL certificate verification |
storage.s3.tlsConfig.keychainCaCertificates | list | - | CA names from tlsKeychain for custom CA verification |
storage.s3.tlsConfig.keychainClientCertificate | string | - | Client cert name from tlsKeychain for mTLS |
Scaling Guidance
NetBox replica counts may be constrained by your license tier:
- Community / Starter: Up to the tier's replica limit
- Professional / Premium: Higher limits or uncapped
The operator respects these limits and surfaces warnings in the NetBoxEnterprise status if the configured replica count exceeds the licensed maximum.
Next Steps
- PostgreSQL - Database configuration
- Monitoring - Enable application metrics
- NetBoxEnterprise CRD - Full spec reference