Advanced Installation
If you need to customize the installation beyond what the Basic Installation provides, the Advanced Installation method offers more configurability through direct values file manipulation.
When to Use Advanced Installation
The Basic Installation method is strongly recommended for most deployments. Consider Advanced Installation only if you require:
- Custom database configurations
- Advanced networking setups
- Specific security compliance requirements
- Integration with existing infrastructure
- Environments with restricted connectivity or private registry deployments
Prerequisites
Before starting advanced installation:
- Ensure you meet all prerequisites
- Have your license information ready
- Access to container registries
- Kubernetes cluster admin access
Configuration
Authentication and Registry Setup
export SERVICE_ACCOUNT_TOKEN="your-service-account-token"
export USERNAME="your-email@company.com"
# Authenticate with NetBox Labs registries
docker login proxy.netboxlabs.com -u $USERNAME -p $SERVICE_ACCOUNT_TOKEN
helm registry login registry.netboxlabs.com -u $USERNAME -p $SERVICE_ACCOUNT_TOKEN
Download and Customize Values
# Download the base values template
curl -O https://netboxlabs.com/docs/files/values-extra.yaml
# Edit the values file for your environment
vim values-extra.yaml
Installation in Environments with Restricted Connectivity
For environments with restricted internet access, you'll need to:
- Mirror container images to your private registry
- Create a private registry configuration file
- Update image references in your values file
Step 1: Mirror Images to Private Registry
Download the image mirroring script:
curl -O https://netboxlabs.com/docs/files/private-registry.sh
chmod +x private-registry.sh
Example workflow for mirroring images:
# Set your private registry URL
export MY_REGISTRY="mycompany.jfrog.io/nbe"
# Pull all required images (see complete list in prerequisites)
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/nbe-core:4.2.9_main-90
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/netboxlabs/nbe-utils:4
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/docker.io/netboxlabs/diode-auth:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/netboxlabs/diode-ingester:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/netboxlabs/diode-reconciler:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/bitnami/redis:7.4.2-debian-12-r4
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/oryd/hydra:v2.3.0
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/oryd/hydra-maester:v0.0.36
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/library/busybox:1.37
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/busybox:latest
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/registry.replicated.com/library/replicated-sdk-image:1.5.3
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/controller:v1.12.1
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2
# Tag and push to your registry
docker tag proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/nbe-core:4.2.9_main-90 \
$MY_REGISTRY/netbox-enterprise/nbe-core:4.2.9_main-90
docker push $MY_REGISTRY/netbox-enterprise/nbe-core:4.2.9_main-90
# Repeat for all images...
Step 2: Generate Private Registry Configuration
Download the private registry template:
curl -O https://netboxlabs.com/docs/files/private-registry.yaml
Update the template with your registry URL:
# Manual method (recommended for production)
sed -e 's|MY_REGISTRY|mycompany.jfrog.io/nbe|g' private-registry.yaml > my-private-registry.yaml
# Alternative: Use the script helper for troubleshooting
./private-registry.sh mycompany.jfrog.io/nbe > my-private-registry.yaml
Important: The manual sed
approach is recommended for production deployments as it gives you full control over the configuration. The script is provided as a troubleshooting aid.
Step 3: Install with Private Registry
# Download Helm charts for offline installation
helm pull oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise --version 1.11.4
helm pull oci://registry.netboxlabs.com/netbox-enterprise/beta/prometheus-operator-crds --version 13.0.2
# Install with private registry configuration
helm install netbox-enterprise ./netbox-enterprise-1.11.4.tgz \
--values netbox-enterprise-values.yaml \
--values my-private-registry.yaml \
--create-namespace \
--namespace netbox-enterprise
# Install Prometheus CRDs if needed
helm install prometheus-operator-crds ./prometheus-operator-crds-13.0.2.tgz \
--create-namespace \
--namespace netbox-enterprise
External Database Configuration
For production deployments, you may want to use an external PostgreSQL database:
# Add to your values file
postgresql:
enabled: false
externalDatabase:
host: "postgres.example.com"
port: 5432
database: "netbox"
username: "netbox"
password: "your-secure-password"
sslMode: "require" # Optional: require, prefer, disable
Custom Ingress Configuration
Configure ingress for your environment:
# Add to your values file
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: netbox.company.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: netbox-tls
hosts:
- netbox.company.com
Installation Process
Pre-flight Checks
Install and run preflight checks to validate your cluster:
# Install preflight plugin
curl https://krew.sh/preflight | bash
# Run preflight checks
helm template ./netbox-enterprise-1.11.4.tgz | kubectl preflight -
Install Commands
# Standard installation with custom values
helm install netbox-enterprise \
oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--version 1.11.4 \
--create-namespace \
--namespace netbox-enterprise
# For installations in environments with restricted connectivity
helm install netbox-enterprise ./netbox-enterprise-1.11.4.tgz \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--values my-private-registry.yaml \
--create-namespace \
--namespace netbox-enterprise
Operations
Backup Procedures
# Create database backup
kubectl exec -n netbox-enterprise deployment/netbox-enterprise -- \
pg_dump -h postgres-service -U netbox netbox > netbox-backup.sql
# Backup persistent volumes
kubectl get pv -o yaml > persistent-volumes-backup.yaml
Upgrade Procedures
# Check current version
helm list -n netbox-enterprise
# Upgrade to new version
helm upgrade netbox-enterprise \
oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--version 1.11.5 \
--namespace netbox-enterprise
Scaling
# Scale web pods
kubectl scale deployment netbox-enterprise --replicas=3 -n netbox-enterprise
# Scale worker pods
kubectl scale deployment netbox-enterprise-worker --replicas=2 -n netbox-enterprise
Advanced Configuration Options
Resource Allocation
# Production sizing recommendations
netbox:
resources:
requests:
cpu: "500m"
memory: "2Gi"
limits:
cpu: "2000m"
memory: "4Gi"
worker:
resources:
requests:
cpu: "250m"
memory: "512Mi"
limits:
cpu: "1000m"
memory: "2Gi"
High Availability
# Multi-replica deployment
netbox:
replicaCount: 3
worker:
replicaCount: 2
# Pod disruption budgets
podDisruptionBudget:
enabled: true
minAvailable: 1
Security Configuration
# Security contexts
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
# Network policies
networkPolicy:
enabled: true
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
Troubleshooting Advanced Deployments
For troubleshooting advanced deployments, see the Troubleshooting guide which includes:
- Deployment issues in environments with restricted connectivity
- Private registry configuration problems
- External database connectivity
- Performance optimization
- Support bundle generation
Next Steps
After successful installation:
- Verify deployment - Check all pods are running
- Configure ingress - Set up external access
- Set up monitoring - Configure alerts and metrics
- Plan backups - Implement backup strategy
- Review security - Audit security settings
For ongoing operations and maintenance, refer to the complete installation guide for detailed procedures.