--- # ConfigMap with PostgreSQL initialization SQL apiVersion: v1 kind: ConfigMap metadata: name: postgres-init-sql namespace: netbox-enterprise data: init.sql: | -- netbox Database \c netbox; ALTER DATABASE netbox OWNER TO netbox; GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; GRANT ALL PRIVILEGES ON SCHEMA public TO netbox; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO netbox; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO netbox; GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO netbox; -- Grant default privileges for future objects (PostgreSQL 15+ compatibility) ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO netbox; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO netbox; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO netbox; -- diode Database \c diode; ALTER DATABASE diode OWNER TO diode; GRANT ALL PRIVILEGES ON DATABASE diode TO diode; GRANT ALL PRIVILEGES ON SCHEMA public TO diode; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO diode; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO diode; GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO diode; -- Grant default privileges for future objects (PostgreSQL 15+ compatibility) ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO diode; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO diode; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO diode; -- hydra Database \c hydra; ALTER DATABASE hydra OWNER TO hydra; GRANT ALL PRIVILEGES ON DATABASE hydra TO hydra; GRANT ALL PRIVILEGES ON SCHEMA public TO hydra; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO hydra; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO hydra; GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO hydra; -- Grant default privileges for future objects (PostgreSQL 15+ compatibility) ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO hydra; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO hydra; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO hydra; --- # PostgresCluster managed separately (not by NetBox operator) apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: netbox-external-db-postgres namespace: netbox-enterprise spec: postgresVersion: 18 image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-18.1-2550 port: 5432 # Database initialization databaseInitSQL: name: postgres-init-sql key: init.sql # User configuration users: - name: postgres - name: netbox databases: - netbox options: SUPERUSER - name: diode databases: - diode options: SUPERUSER - name: hydra databases: - hydra options: SUPERUSER # Instance configuration instances: - name: instance1 replicas: 1 dataVolumeClaimSpec: accessModes: - ReadWriteOnce resources: requests: storage: 4Gi # Patroni configuration patroni: dynamicConfiguration: postgresql: pg_hba: - host all all all scram-sha-256 ssl: "on" ssl_ca_file: /opt/crunchy/conf/ca.crt ssl_cert_file: /opt/crunchy/conf/server.crt ssl_key_file: /opt/crunchy/conf/server.key leaderLeaseDurationSeconds: 30 port: 8008 syncPeriodSeconds: 10 # Backup configuration backups: pgbackrest: image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.56.0-2550 repos: - name: repo1 volume: volumeClaimSpec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- # NetBoxEnterprise using external PostgreSQL # # When multiple components (Diode, Hydra) connect to the same PostgreSQL server, # define a named profile in postgresqlProfiles so connection details are specified # once and referenced by name. Each component still provides its own password secret. apiVersion: netboxlabs.com/v1alpha1 kind: NetBoxEnterprise metadata: name: netbox-external-db namespace: netbox-enterprise spec: # imagePullSecrets: # - netbox-enterprise-registry # - enterprise-pull-secret # - kotsadm-replicated-registry imagePullPolicy: IfNotPresent # Shared PostgreSQL connection profile — referenced by Diode and Hydra below. # Avoids repeating host/port for every component that uses the same server. postgresqlProfiles: netbox: host: netbox-external-db-postgres-primary.netbox-enterprise.svc port: 5432 netbox: replicas: 1 image: pullPolicy: IfNotPresent worker: replicas: 1 diode: enabled: true config: reconciler: # Reference the shared profile for host/port; supply only the Diode-specific password. # Note: If postgres is omitted entirely, falls back to PGO secret: # {cluster-name}-postgres-pguser-diode postgres: postgresqlProfile: netbox password: name: netbox-external-db-postgres-pguser-diode key: password # Note: Ingester only needs Redis, no PostgreSQL configuration required hydra: # Reference the shared profile for host/port. postgresqlProfile: netbox # When using external PostgreSQL, Hydra secrets must be manually configured. # The operator will not auto-generate these when postgresql.external: true. secrets: # System secret for Hydra encryption (auto-generated by operator during initial creation) system: name: netbox-external-db-diode-hydra-secret key: secretsSystem # Cookie secret for Hydra session management (auto-generated by operator during initial creation) cookie: name: netbox-external-db-diode-hydra-secret key: secretsCookie # Database DSN from PGO-generated user secret (auto-created by PostgresCluster above) dsn: name: netbox-external-db-postgres-pguser-hydra key: uri postgresql: # Mark as external so operator doesn't create its own PostgresCluster external: true # Reference the shared profile for host/port. # All external PostgreSQL config flows through postgresqlProfiles. postgresqlProfile: netbox redis: external: false