Skip to main content

NetBox Enterprise Helm - Private Registry Configuration

Beta Notice: These Helm charts are currently in beta. While stable for testing and development environments, please thoroughly test in your specific environment before production deployment. For the most up-to-date information, please refer to the main documentation.

This guide provides detailed instructions for configuring NetBox Enterprise to use a private container registry, ideal for air-gapped environments or organizations with strict security requirements.

Need the basics first? See Installation Guide for standard installation steps, or Prerequisites for system requirements.

Overview

Using a private registry allows you to:

  • Host images in your own infrastructure
  • Comply with security policies requiring image scanning
  • Support air-gapped deployments
  • Have full control over image versions and updates

Complete Private Registry Setup

Image List for Private Registry

The following images need to be mirrored to your private registry:

# Core NetBox Enterprise images
registry.replicated.com/netbox-enterprise/beta/netbox-enterprise:1.11.4
registry.replicated.com/netbox-enterprise/beta/netbox-enterprise-worker:1.11.4
registry.replicated.com/netbox-enterprise/beta/netbox-enterprise-nginx:1.11.4

# Database images
postgres:13
redis:7-alpine

# Infrastructure images
nginx/nginx-ingress:3.4.0
bitnami/postgresql:13
bitnami/redis:7.0

Automated Registry Population Script

Create a script to automate the image mirroring process:

#!/bin/bash
# private-registry-setup.sh

set -e

REPLICATED_REGISTRY="registry.replicated.com"
PRIVATE_REGISTRY="your-private-registry.com"
VERSION="1.11.4"

# NetBox Enterprise images
IMAGES=(
  "netbox-enterprise/beta/netbox-enterprise:${VERSION}"
  "netbox-enterprise/beta/netbox-enterprise-worker:${VERSION}"
  "netbox-enterprise/beta/netbox-enterprise-nginx:${VERSION}"
)

# External dependencies
EXTERNAL_IMAGES=(
  "postgres:13"
  "redis:7-alpine"
  "nginx/nginx-ingress:3.4.0"
  "bitnami/postgresql:13"
  "bitnami/redis:7.0"
)

echo "Setting up private registry with NetBox Enterprise images..."

# Login to Replicated registry
echo "Logging into Replicated registry..."
echo "${REPLICATED_PASSWORD}" | docker login ${REPLICATED_REGISTRY} -u ${REPLICATED_USERNAME} --password-stdin

# Login to private registry
echo "Logging into private registry..."
echo "${PRIVATE_REGISTRY_PASSWORD}" | docker login ${PRIVATE_REGISTRY} -u ${PRIVATE_REGISTRY_USERNAME} --password-stdin

# Process NetBox Enterprise images
for image in "${IMAGES[@]}"; do
  echo "Processing ${image}..."
  
  # Pull from Replicated
  docker pull ${REPLICATED_REGISTRY}/${image}
  
  # Tag for private registry
  docker tag ${REPLICATED_REGISTRY}/${image} ${PRIVATE_REGISTRY}/${image}
  
  # Push to private registry
  docker push ${PRIVATE_REGISTRY}/${image}
done

# Process external images
for image in "${EXTERNAL_IMAGES[@]}"; do
  echo "Processing ${image}..."
  
  # Pull from Docker Hub
  docker pull ${image}
  
  # Tag for private registry
  docker tag ${image} ${PRIVATE_REGISTRY}/${image}
  
  # Push to private registry
  docker push ${PRIVATE_REGISTRY}/${image}
done

echo "Private registry setup complete!"

Running the Setup Script

# Make script executable
chmod +x private-registry-setup.sh

# Set environment variables
export REPLICATED_USERNAME="your-replicated-username"
export REPLICATED_PASSWORD="your-replicated-password"
export PRIVATE_REGISTRY_USERNAME="your-registry-username"
export PRIVATE_REGISTRY_PASSWORD="your-registry-password"

# Run the script
./private-registry-setup.sh

Kubernetes Configuration

Create Image Pull Secret

# Create secret for private registry authentication
kubectl create secret docker-registry private-registry-secret \
  --docker-server=your-private-registry.com \
  --docker-username=your-username \
  --docker-password=your-password \
  --docker-email=your-email@example.com

Values File for Private Registry

Create a values-private-registry.yaml file:

# values-private-registry.yaml
global:
  imageRegistry: "your-private-registry.com"
  imagePullSecrets:
    - name: "private-registry-secret"

netbox:
  image:
    registry: "your-private-registry.com"
    repository: "netbox-enterprise/beta/netbox-enterprise"
    tag: "1.11.4"

worker:
  image:
    registry: "your-private-registry.com"
    repository: "netbox-enterprise/beta/netbox-enterprise-worker"
    tag: "1.11.4"

nginx:
  image:
    registry: "your-private-registry.com"
    repository: "netbox-enterprise/beta/netbox-enterprise-nginx"
    tag: "1.11.4"

postgresql:
  image:
    registry: "your-private-registry.com"
    repository: "bitnami/postgresql"
    tag: "13"

redis:
  image:
    registry: "your-private-registry.com"
    repository: "bitnami/redis"
    tag: "7.0"

# Additional configuration for air-gapped environments
imagePullPolicy: "IfNotPresent"

Installation with Private Registry

Deploy NetBox Enterprise

# Install using private registry values
helm install netbox-enterprise \
  oci://registry.replicated.com/netbox-enterprise/beta/netbox-enterprise \
  --version 1.11.4 \
  --values values-private-registry.yaml

# Verify all pods are running
kubectl get pods -l app=netbox-enterprise

Verify Image Sources

# Check that pods are using your private registry
kubectl describe pods -l app=netbox-enterprise | grep "Image:"

Common Private Registry Platforms

Harbor Registry

# values-harbor.yaml
global:
  imageRegistry: "harbor.example.com/netbox"
  imagePullSecrets:
    - name: "harbor-secret"

# Create Harbor secret
kubectl create secret docker-registry harbor-secret \
  --docker-server=harbor.example.com \
  --docker-username=admin \
  --docker-password=harbor-password

Amazon ECR

# values-ecr.yaml
global:
  imageRegistry: "123456789012.dkr.ecr.us-east-1.amazonaws.com/netbox"
  imagePullSecrets:
    - name: "ecr-secret"

# Create ECR secret
kubectl create secret docker-registry ecr-secret \
  --docker-server=123456789012.dkr.ecr.us-east-1.amazonaws.com \
  --docker-username=AWS \
  --docker-password=$(aws ecr get-login-password --region us-east-1)

Azure Container Registry

# values-acr.yaml
global:
  imageRegistry: "myregistry.azurecr.io/netbox"
  imagePullSecrets:
    - name: "acr-secret"

# Create ACR secret
kubectl create secret docker-registry acr-secret \
  --docker-server=myregistry.azurecr.io \
  --docker-username=service-principal-id \
  --docker-password=service-principal-password

Troubleshooting

Common Issues

ImagePullBackOff Errors:

# Check pod events
kubectl describe pod <pod-name>

# Verify secret exists
kubectl get secret private-registry-secret

# Test registry connectivity
docker pull your-private-registry.com/netbox-enterprise/beta/netbox-enterprise:1.11.4

Authentication Failures:

# Recreate the secret with correct credentials
kubectl delete secret private-registry-secret
kubectl create secret docker-registry private-registry-secret \
  --docker-server=your-private-registry.com \
  --docker-username=correct-username \
  --docker-password=correct-password

Validation Script

#!/bin/bash
# validate-private-registry.sh

REGISTRY="your-private-registry.com"
IMAGES=(
  "netbox-enterprise/beta/netbox-enterprise:1.11.4"
  "netbox-enterprise/beta/netbox-enterprise-worker:1.11.4"
  "netbox-enterprise/beta/netbox-enterprise-nginx:1.11.4"
)

echo "Validating private registry setup..."

for image in "${IMAGES[@]}"; do
  echo "Checking ${REGISTRY}/${image}..."
  if docker pull ${REGISTRY}/${image}; then
    echo "✓ ${image} is available"
  else
    echo "✗ ${image} is not available"
  fi
done

echo "Validation complete!"

Next Steps

Related Topics
NetBoxConfigurationSecurity