Enterprise

Standard Installation

Installation Journey

Prerequisites → Standard Installation (you are here) → Configure

This guide walks through a production-ready NetBox Enterprise installation with a custom values file, TLS, resource configuration, and post-install verification.

1. Create a Values File

Create netbox-values.yaml with your configuration:

# Enable the NetBoxEnterprise custom resource
netboxEnterprise:
  enabled: true
  spec:
    # NetBox application
    netbox:
      replicas: 2
      resources:
        cpu: 500
        memory: 1024
      limits:
        cpu: 2000
        memory: 2048
      worker:
        replicas: 2
        resources:
          cpu: 200
          memory: 256
        limits:
          cpu: 1000
          memory: 1500
      config:
        metricsEnabled: true

    # Internal PostgreSQL (default)
    postgresql:
      external: false
      instances: 2          # Redundant with 2 replicas
      storageSize: "20Gi"

    # Internal Redis (default)
    redis:
      external: false
      clusterSize: 3

    # Diode data ingestion
    diode:
      enabled: true
      config:
        reconciler:
          # autoApplyChangesets: true  # false recommended if using Assurance

2. Create the Namespace

kubectl create namespace netbox

3. Configure Superuser (Optional)

By default the operator auto-generates a superuser with the username admin and a random password. To use your own credentials instead, create a secret before installing:

kubectl -n netbox create secret generic netbox-superuser \
  --from-literal=username=admin \
  --from-literal=email=admin@example.com \
  --from-literal=password=<secure-password> \
  --from-literal=api_token=<your-api-token>

Then add to your values file:

netboxEnterprise:
  spec:
    netbox:
      config:
        superuser:
          username:
            name: netbox-superuser
            key: username
          email:
            name: netbox-superuser
            key: email
          password:
            name: netbox-superuser
            key: password
          apiToken:
            name: netbox-superuser
            key: api_token

warning

Superuser credentials are only applied during the initial database setup. If you skip this step, you can retrieve the auto-generated password later.

4. Configure TLS (Optional)

To serve NetBox over HTTPS, create a TLS secret:

kubectl -n netbox create secret tls netbox-tls \
  --cert=path/to/tls.crt \
  --key=path/to/tls.key

Add URLs to your values file so the operator configures ingress:

netboxEnterprise:
  spec:
    netbox:
      urls:
        - "https://netbox.example.com"

See Ingress & TLS for detailed configuration options.

5. Install CRDs

Install the three Custom Resource Definition charts before the operator:

helm install netbox-enterprise-crds \
  oci://registry.enterprise.netboxlabs.com/netbox-enterprise/stable-v2/netbox-enterprise-crds \
  --version 2.1.0 \
  --namespace netbox

helm install netbox-enterprise-crds-pgo \
  oci://registry.enterprise.netboxlabs.com/netbox-enterprise/stable-v2/netbox-enterprise-crds-pgo \
  --version 2.1.0 \
  --namespace netbox

helm install netbox-enterprise-crds-redis \
  oci://registry.enterprise.netboxlabs.com/netbox-enterprise/stable-v2/netbox-enterprise-crds-redis \
  --version 2.1.0 \
  --namespace netbox

6. Install the Operator

helm install netbox-enterprise \
  oci://registry.enterprise.netboxlabs.com/netbox-enterprise/stable-v2/netbox-enterprise \
  --version 2.1.0 \
  --namespace netbox \
  --values netbox-values.yaml

7. Apply Configuration

Apply a NetBoxEnterprise resource manifest. The example manifests use namespace: default, but the manifest must be in the same namespace as your Helm install so that pods can access the image pull secret. Use curl and sed to substitute the namespace in one step:

curl -sL https://netboxlabs.com/docs/files/helm/examples/netbox-managed.yaml \
  | sed 's/namespace: default/namespace: netbox/' \
  | kubectl apply -f -

If you used a different namespace, replace netbox in the sed expression to match.

See the available examples for manifests covering external databases, SSO, object storage, and more — apply the same sed substitution to any of them.

8. Verify the Installation

Check pod status

kubectl -n netbox get pods

All pods should reach Running (or Completed for jobs) within a few minutes.

Check NetBoxEnterprise status

kubectl -n netbox get netboxenterprises -o wide

Inspect detailed status

kubectl -n netbox describe netboxenterprise netbox-managed

Look for the Ready condition with status True:

Conditions:
  Type        Status  Reason
  ----        ------  ------
  Ready       True    AllComponentsReady
  Progressing False   ReconcileComplete

Check operator logs

kubectl -n netbox logs -l app.kubernetes.io/name=nbe-operator --tail=50

Next Steps

Helm Values Reference — Explore all available configuration options
Security — RBAC modes, pod security, and TLS hardening
Monitoring — Set up Prometheus metrics and ServiceMonitor

1. Create a Values File​

2. Create the Namespace​

3. Configure Superuser (Optional)​

4. Configure TLS (Optional)​

5. Install CRDs​

6. Install the Operator​

7. Apply Configuration​

8. Verify the Installation​

Check pod status​

Check NetBoxEnterprise status​

Inspect detailed status​

Check operator logs​

Next Steps​