--- # Secret containing NetBox superuser credentials # When you want to provide your own superuser credentials instead of having # the operator auto-generate them, create a secret with all 4 required fields. apiVersion: v1 kind: Secret metadata: name: netbox-superuser-creds namespace: default type: Opaque stringData: # Superuser username (used for login) username: "admin" # Superuser email address email: "admin@example.com" # Superuser password (use a strong password in production!) password: "ChangeMeToAStrongPassword123!" # Superuser API token (40-character hex string) # Generate with: python -c "import secrets; print(secrets.token_hex(20))" api_token: "0123456789abcdef0123456789abcdef01234567" --- # NetBoxEnterprise with user-provided superuser credentials # # This example demonstrates how to provide your own superuser credentials # instead of having the operator auto-generate them. This is useful when: # - You need predictable credentials for automation/CI # - You want to manage credentials externally (Vault, External Secrets, etc.) # - You're migrating from an existing NetBox installation # # IMPORTANT: When providing superuser configuration, ALL 4 fields are required: # - username # - email # - password # - apiToken # # If you omit the superuser configuration entirely (or set it to null), # the operator will auto-generate all credentials and store them in a secret. apiVersion: netboxlabs.com/v1alpha1 kind: NetBoxEnterprise metadata: name: netbox-with-superuser namespace: default spec: imagePullPolicy: IfNotPresent netbox: replicas: 1 image: pullPolicy: IfNotPresent config: # User-provided superuser credentials # All 4 fields must reference secret keys - partial configuration is not allowed superuser: username: name: netbox-superuser-creds key: username email: name: netbox-superuser-creds key: email password: name: netbox-superuser-creds key: password apiToken: name: netbox-superuser-creds key: api_token worker: replicas: 1 # Diode configuration (optional) diode: enabled: false # PostgreSQL configuration (operator-managed) postgresql: external: false # Redis configuration (operator-managed) redis: external: false --- # Alternative: Using separate secrets for different credentials # # You can reference different secrets for each field if needed. # This is useful when credentials come from different sources # (e.g., username/email from ConfigMap, password from Vault). # # apiVersion: v1 # kind: Secret # metadata: # name: netbox-superuser-password # namespace: default # type: Opaque # stringData: # password: "SecretPasswordFromVault" # # --- # apiVersion: v1 # kind: Secret # metadata: # name: netbox-superuser-token # namespace: default # type: Opaque # stringData: # token: "0123456789abcdef0123456789abcdef01234567" # # Then reference them in the NetBoxEnterprise: # # spec: # netbox: # config: # superuser: # username: # name: netbox-superuser-creds # key: username # email: # name: netbox-superuser-creds # key: email # password: # name: netbox-superuser-password # key: password # apiToken: # name: netbox-superuser-token # key: token --- # Using External Secrets Operator # # For production environments, consider using External Secrets Operator # to sync credentials from AWS Secrets Manager, HashiCorp Vault, etc. # # apiVersion: external-secrets.io/v1beta1 # kind: ExternalSecret # metadata: # name: netbox-superuser-creds # namespace: default # spec: # refreshInterval: 1h # secretStoreRef: # name: vault-backend # kind: ClusterSecretStore # target: # name: netbox-superuser-creds # creationPolicy: Owner # data: # - secretKey: username # remoteRef: # key: secret/netbox/superuser # property: username # - secretKey: email # remoteRef: # key: secret/netbox/superuser # property: email # - secretKey: password # remoteRef: # key: secret/netbox/superuser # property: password # - secretKey: api_token # remoteRef: # key: secret/netbox/superuser # property: api_token