Skip to main content

Advanced Installation

If you need to customize the installation beyond what the Basic Installation provides, the Advanced Installation method offers more configurability through direct values file manipulation.

When to Use Advanced Installation

The Basic Installation method is strongly recommended for most deployments. Consider Advanced Installation only if you require:

  • Custom database configurations
  • Advanced networking setups
  • Specific security compliance requirements
  • Integration with existing infrastructure
  • Environments with restricted connectivity or private registry deployments

Prerequisites

Before starting advanced installation:

  • Ensure you meet all prerequisites
  • Have your license information ready
  • Access to container registries
  • Kubernetes cluster admin access

Configuration

Authentication and Registry Setup

export SERVICE_ACCOUNT_TOKEN="your-service-account-token"
export USERNAME="your-email@company.com"

# Authenticate with NetBox Labs registries
docker login proxy.netboxlabs.com -u $USERNAME -p $SERVICE_ACCOUNT_TOKEN
helm registry login registry.netboxlabs.com -u $USERNAME -p $SERVICE_ACCOUNT_TOKEN

Download and Customize Values

# Download the base values template
curl -O https://netboxlabs.com/docs/files/values-extra.yaml

# Edit the values file for your environment
vim values-extra.yaml

Installation in Environments with Restricted Connectivity

For environments with restricted internet access, you'll need to:

  1. Mirror container images to your private registry
  2. Create a private registry configuration file
  3. Update image references in your values file

Step 1: Mirror Images to Private Registry

Download the image mirroring script:

curl -O https://netboxlabs.com/docs/files/private-registry.sh
chmod +x private-registry.sh

Example workflow for mirroring images:

# Set your private registry URL
export MY_REGISTRY="mycompany.jfrog.io/nbe"

# Pull all required images (see complete list in prerequisites)
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/nbe-core:4.2.9_main-90
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/netboxlabs/nbe-utils:4
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/docker.io/netboxlabs/diode-auth:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/netboxlabs/diode-ingester:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/netboxlabs/diode-reconciler:1.2.0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/bitnami/redis:7.4.2-debian-12-r4
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/oryd/hydra:v2.3.0
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/oryd/hydra-maester:v0.0.36
docker pull proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/library/busybox:1.37
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/busybox:latest
docker pull proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/registry.replicated.com/library/replicated-sdk-image:1.5.3
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/controller:v1.12.1
docker pull proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2

# Tag and push to your registry
docker tag proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/nbe-core:4.2.9_main-90 \
$MY_REGISTRY/netbox-enterprise/nbe-core:4.2.9_main-90
docker push $MY_REGISTRY/netbox-enterprise/nbe-core:4.2.9_main-90

# Repeat for all images...

Step 2: Generate Private Registry Configuration

Download the private registry template:

curl -O https://netboxlabs.com/docs/files/private-registry.yaml

Update the template with your registry URL:

# Manual method (recommended for production)
sed -e 's|MY_REGISTRY|mycompany.jfrog.io/nbe|g' private-registry.yaml > my-private-registry.yaml

# Alternative: Use the script helper for troubleshooting
./private-registry.sh mycompany.jfrog.io/nbe > my-private-registry.yaml

Important: The manual sed approach is recommended for production deployments as it gives you full control over the configuration. The script is provided as a troubleshooting aid.

Step 3: Install with Private Registry

# Download Helm charts for offline installation
helm pull oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise --version 1.11.4
helm pull oci://registry.netboxlabs.com/netbox-enterprise/beta/prometheus-operator-crds --version 13.0.2

# Install with private registry configuration
helm install netbox-enterprise ./netbox-enterprise-1.11.4.tgz \
--values netbox-enterprise-values.yaml \
--values my-private-registry.yaml \
--create-namespace \
--namespace netbox-enterprise

# Install Prometheus CRDs if needed
helm install prometheus-operator-crds ./prometheus-operator-crds-13.0.2.tgz \
--create-namespace \
--namespace netbox-enterprise

External Database Configuration

For production deployments, you may want to use an external PostgreSQL database:

# Add to your values file
postgresql:
enabled: false

externalDatabase:
host: "postgres.example.com"
port: 5432
database: "netbox"
username: "netbox"
password: "your-secure-password"
sslMode: "require" # Optional: require, prefer, disable

Custom Ingress Configuration

Configure ingress for your environment:

# Add to your values file
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: netbox.company.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: netbox-tls
hosts:
- netbox.company.com

Installation Process

Pre-flight Checks

Install and run preflight checks to validate your cluster:

# Install preflight plugin
curl https://krew.sh/preflight | bash

# Run preflight checks
helm template ./netbox-enterprise-1.11.4.tgz | kubectl preflight -

Install Commands

# Standard installation with custom values
helm install netbox-enterprise \
oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--version 1.11.4 \
--create-namespace \
--namespace netbox-enterprise

# For installations in environments with restricted connectivity
helm install netbox-enterprise ./netbox-enterprise-1.11.4.tgz \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--values my-private-registry.yaml \
--create-namespace \
--namespace netbox-enterprise

Operations

Backup Procedures

# Create database backup
kubectl exec -n netbox-enterprise deployment/netbox-enterprise -- \
pg_dump -h postgres-service -U netbox netbox > netbox-backup.sql

# Backup persistent volumes
kubectl get pv -o yaml > persistent-volumes-backup.yaml

Upgrade Procedures

# Check current version
helm list -n netbox-enterprise

# Upgrade to new version
helm upgrade netbox-enterprise \
oci://registry.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-extra.yaml \
--version 1.11.5 \
--namespace netbox-enterprise

Scaling

# Scale web pods
kubectl scale deployment netbox-enterprise --replicas=3 -n netbox-enterprise

# Scale worker pods
kubectl scale deployment netbox-enterprise-worker --replicas=2 -n netbox-enterprise

Advanced Configuration Options

Resource Allocation

# Production sizing recommendations
netbox:
resources:
requests:
cpu: "500m"
memory: "2Gi"
limits:
cpu: "2000m"
memory: "4Gi"

worker:
resources:
requests:
cpu: "250m"
memory: "512Mi"
limits:
cpu: "1000m"
memory: "2Gi"

High Availability

# Multi-replica deployment
netbox:
replicaCount: 3
worker:
replicaCount: 2

# Pod disruption budgets
podDisruptionBudget:
enabled: true
minAvailable: 1

Security Configuration

# Security contexts
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000

# Network policies
networkPolicy:
enabled: true
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx

Troubleshooting Advanced Deployments

For troubleshooting advanced deployments, see the Troubleshooting guide which includes:

  • Deployment issues in environments with restricted connectivity
  • Private registry configuration problems
  • External database connectivity
  • Performance optimization
  • Support bundle generation

Next Steps

After successful installation:

  1. Verify deployment - Check all pods are running
  2. Configure ingress - Set up external access
  3. Set up monitoring - Configure alerts and metrics
  4. Plan backups - Implement backup strategy
  5. Review security - Audit security settings

For ongoing operations and maintenance, refer to the complete installation guide for detailed procedures.