Enterprise
NetBox Enterprise Helm - Private Registry Configuration
Beta Notice: These Helm charts are currently in beta. While stable for testing and development environments, please thoroughly test in your specific environment before production deployment. For the most up-to-date information, please refer to the main documentation.
NetBox Enterprise Private Registry Setup
This guide provides detailed instructions for configuring NetBox Enterprise to use a private container registry, ideal for restricted environments or organizations with strict security requirements.
Overview
Private registry configurations enable NetBox Enterprise deployment in environments where:
- Direct internet access is restricted or prohibited
- Corporate policies require all container images to be sourced from internal registries
- Support restricted environment deployments
Configuration Files
Private Registry Values Template
Here's the private-registry.yaml values template for private registry configuration:
# NetBox Enterprise - Private Registry Configuration
# For environments with restricted internet connectivity
netbox:
image:
registry: 'your-private-registry.com'
repository: 'netbox-enterprise/netbox-enterprise'
tag: 'v1.11.5'
pullPolicy: IfNotPresent
worker:
image:
registry: 'your-private-registry.com'
repository: 'netbox-enterprise/netbox-enterprise-worker'
tag: 'v1.11.5'
pullPolicy: IfNotPresent
# Image pull secrets for private registry authentication
imagePullSecrets:
- name: private-registry-secret
# PostgreSQL (if using internal database)
postgresql:
enabled: true
image:
registry: 'your-private-registry.com'
repository: 'postgresql'
tag: '14'
# Redis
redis:
enabled: true
image:
registry: 'your-private-registry.com'
repository: 'redis'
tag: '7'
# Additional components
diode:
enabled: true
image:
registry: 'your-private-registry.com'
repository: 'netbox-enterprise/diode'
tag: 'v1.11.5'
# Private registry authentication secret (create separately)
# kubectl create secret docker-registry private-registry-secret \
# --docker-server=your-private-registry.com \
# --docker-username=your-username \
# --docker-password=your-password \
# --docker-email=your-email@example.com \
# --namespace=netbox-enterprise
Private Registry Image Mirroring Script
Here's the private-registry.sh script for mirroring NetBox Enterprise images to your private registry:
private-registry.sh
#!/bin/bash
# =============================================================================
# NetBox Enterprise Private Registry Image Mirroring Script
# =============================================================================
# This script automates the process of mirroring NetBox Enterprise container
# images from the NetBox Labs proxy registry to your private registry.
# Use cases:
# - Corporate security policies requiring internal container registries
# - Organizations that require all container images to be hosted internally
# Prerequisites:
# - Docker installed and running
# - Network access to both source and target registries
# - Valid NetBox Enterprise credentials (USERNAME and LICENSE_ID environment variables)
# - Docker registry credentials configured for target registry
# Usage:
# export USERNAME="your-email@company.com"
# export LICENSE_ID="your-license-id"
# ./private-registry.sh registry.company.com/netbox-enterprise
# Examples:
# ./private-registry.sh harbor.internal.com/netbox
# ./private-registry.sh 123456789012.dkr.ecr.us-east-1.amazonaws.com/netbox
# ./private-registry.sh registry.company.com:5000/netbox-enterprise
# =============================================================================
# Exit on any error for safety and debugging
set -e
# =============================================================================
# CONFIGURATION
# =============================================================================
# NetBox Labs proxy registry (source)
NETBOX_PROXY_REGISTRY="proxy.enterprise.netboxlabs.com"
NETBOX_ENTERPRISE_REGISTRY="registry.enterprise.netboxlabs.com"
# NetBox Enterprise Helm chart version to mirror images for
# Update this to match your desired chart version
CHART_VERSION="1.11.5"
# Container images that need to be mirrored for NetBox Enterprise
# These are the core images required for a complete NetBox Enterprise deployment
IMAGES=(
"netbox-enterprise/beta/netbox-enterprise:${CHART_VERSION}"
"netbox-enterprise/beta/netbox-enterprise-worker:${CHART_VERSION}"
"redis:7-alpine"
"postgres:15-alpine"
"nginx:1.25-alpine"
)
# =============================================================================
# OUTPUT FORMATTING
# =============================================================================
# ANSI color codes for clear, readable output
RED='\033[0;31m' # Error messages
GREEN='\033[0;32m' # Success messages
YELLOW='\033[1;33m' # Warning messages
BLUE='\033[0;34m' # Informational messages
NC='\033[0m' # Reset to default color
# =============================================================================
# LOGGING FUNCTIONS
# =============================================================================
# Log informational messages (blue)
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
# Log success messages (green)
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
# Log warning messages (yellow)
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
# Log error messages (red)
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# =============================================================================
# INPUT VALIDATION
# =============================================================================
# Validate private registry URL is provided
if [ -z "$1" ]; then
log_error "Private registry URL is required"
echo ""
echo "Usage: $0 <private-registry-url>"
echo ""
echo "Examples:"
echo " $0 registry.company.com/netbox-enterprise"
echo " $0 harbor.internal.com/netbox"
echo " $0 123456789012.dkr.ecr.us-east-1.amazonaws.com/netbox"
echo " $0 registry.company.com:5000/netbox-enterprise"
echo ""
echo "Prerequisites:"
echo " - Set USERNAME environment variable: export USERNAME='your-email@company.com'"
echo " - Set LICENSE_ID environment variable: export LICENSE_ID='your-license-id'"
echo " - Ensure Docker is running and you're authenticated to both registries"
exit 1
fi
PRIVATE_REGISTRY="$1"
# Validate that USERNAME is set (required for NetBox Labs registry access)
if [ -z "$USERNAME" ]; then
log_error "USERNAME environment variable is not set"
echo "This is required for authenticating with NetBox Labs container registry"
echo "Set it with: export USERNAME='your-email@company.com'"
exit 1
fi
# Validate that LICENSE_ID is set (required for NetBox Labs registry access)
if [ -z "$LICENSE_ID" ]; then
log_error "LICENSE_ID environment variable is not set"
echo "This is required for authenticating with NetBox Labs container registry"
echo "Set it with: export LICENSE_ID='your-license-id'"
exit 1
fi
# =============================================================================
# PREREQUISITE CHECKS
# =============================================================================
log_info "🔍 Checking prerequisites..."
# Check if Docker is installed and running
if ! command -v docker &> /dev/null; then
log_error "Docker is not installed or not in PATH"
echo "Please install Docker: https://docs.docker.com/get-docker/"
exit 1
fi
# Check if Docker daemon is running
if ! docker info &> /dev/null; then
log_error "Docker daemon is not running"
echo "Please start Docker and try again"
exit 1
fi
log_success "Docker is installed and running"
# =============================================================================
# AUTHENTICATION
# =============================================================================
log_info "🔐 Authenticating with NetBox Labs registry..."
# Authenticate with NetBox Labs proxy registry using provided credentials
if docker login "$NETBOX_PROXY_REGISTRY" -u "$USERNAME" -p "$LICENSE_ID" &> /dev/null; then
log_success "Successfully authenticated with NetBox Labs proxy registry"
else
log_error "Failed to authenticate with NetBox Labs proxy registry"
echo "Please verify your USERNAME and LICENSE_ID are correct"
echo "USERNAME: $USERNAME"
echo "LICENSE_ID: ${LICENSE_ID:0:8}..."
exit 1
fi
# Also authenticate with the main enterprise registry
if docker login "$NETBOX_ENTERPRISE_REGISTRY" -u "$USERNAME" -p "$LICENSE_ID" &> /dev/null; then
log_success "Successfully authenticated with NetBox Labs enterprise registry"
else
log_warn "Could not authenticate with NetBox Labs enterprise registry (this may be normal)"
fi
# =============================================================================
# IMAGE MIRRORING PROCESS
# =============================================================================
echo ""
echo "======================================================================"
echo "STARTING IMAGE MIRRORING PROCESS"
echo "======================================================================"
log_info "Source registries: $NETBOX_PROXY_REGISTRY, $NETBOX_ENTERPRISE_REGISTRY"
log_info "Target registry: $PRIVATE_REGISTRY"
log_info "Chart version: $CHART_VERSION"
log_info "Number of images to mirror: ${#IMAGES[@]}"
echo ""
# Track statistics
SUCCESSFUL_MIRRORS=0
FAILED_MIRRORS=0
# Process each image in the list
for IMAGE in "${IMAGES[@]}"; do
echo "----------------------------------------------------------------------"
log_info "🔄 Processing image: $IMAGE"
# Determine source registry based on image path
if [[ "$IMAGE" == netbox-enterprise/* ]]; then
SOURCE_REGISTRY="$NETBOX_ENTERPRISE_REGISTRY"
else
SOURCE_REGISTRY="$NETBOX_PROXY_REGISTRY"
fi
SOURCE_IMAGE="$SOURCE_REGISTRY/$IMAGE"
TARGET_IMAGE="$PRIVATE_REGISTRY/$IMAGE"
log_info "Source: $SOURCE_IMAGE"
log_info "Target: $TARGET_IMAGE"
# Step 1: Pull the image from source registry
log_info "📥 Pulling image from source registry..."
if docker pull "$SOURCE_IMAGE"; then
log_success "Successfully pulled $SOURCE_IMAGE"
else
log_error "Failed to pull $SOURCE_IMAGE"
FAILED_MIRRORS=$((FAILED_MIRRORS + 1))
continue
fi
# Step 2: Tag the image for the target registry
log_info "🏷️ Tagging image for target registry..."
if docker tag "$SOURCE_IMAGE" "$TARGET_IMAGE"; then
log_success "Successfully tagged image as $TARGET_IMAGE"
else
log_error "Failed to tag image as $TARGET_IMAGE"
FAILED_MIRRORS=$((FAILED_MIRRORS + 1))
continue
fi
# Step 3: Push the image to the target registry
log_info "📤 Pushing image to target registry..."
if docker push "$TARGET_IMAGE"; then
log_success "Successfully pushed $TARGET_IMAGE"
SUCCESSFUL_MIRRORS=$((SUCCESSFUL_MIRRORS + 1))
else
log_error "Failed to push $TARGET_IMAGE"
log_warn "This could be due to:"
echo " - Authentication issues with target registry"
echo " - Network connectivity problems"
echo " - Insufficient permissions on target registry"
echo " - Storage quota exceeded on target registry"
FAILED_MIRRORS=$((FAILED_MIRRORS + 1))
continue
fi
# Step 4: Clean up local images to save disk space
log_info "🧹 Cleaning up local images..."
docker rmi "$SOURCE_IMAGE" "$TARGET_IMAGE" &> /dev/null || true
echo ""
done
# =============================================================================
# COMPLETION SUMMARY
# =============================================================================
echo "======================================================================"
echo "📊 IMAGE MIRRORING SUMMARY"
echo "======================================================================"
log_info "Total images processed: ${#IMAGES[@]}"
log_success "Successful mirrors: $SUCCESSFUL_MIRRORS"
if [ $FAILED_MIRRORS -gt 0 ]; then
log_error "Failed mirrors: $FAILED_MIRRORS"
else
log_info "Failed mirrors: $FAILED_MIRRORS"
fi
echo ""
if [ $FAILED_MIRRORS -eq 0 ]; then
log_success "✓ All images successfully mirrored to private registry!"
echo ""
echo "NEXT STEPS:"
echo ""
echo "1. Create image pull secret for your private registry:"
echo " kubectl create secret docker-registry private-registry-secret \\"
echo " --docker-server=$PRIVATE_REGISTRY \\"
echo " --docker-username=<your-registry-username> \\"
echo " --docker-password=<your-registry-password> \\"
echo " --docker-email=<your-email> \\"
echo " --namespace=netbox-enterprise"
echo ""
echo "2. Create and customize the private registry values file:"
echo " # Copy the private-registry.yaml template from the documentation"
echo " # and save it as values-private-registry.yaml, then edit to match your registry"
echo ""
echo "3. Deploy NetBox Enterprise using your private registry:"
echo " helm install netbox-enterprise \\"
echo " oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \\"
echo " --values netbox-enterprise-values.yaml \\"
echo " --values values-private-registry.yaml \\"
echo " --version $CHART_VERSION \\"
echo " --namespace netbox-enterprise \\"
echo " --create-namespace"
echo ""
else
log_error "⚠️ Some images failed to mirror. Please check the errors above and retry."
echo ""
echo "🔍 Common issues and solutions:"
echo " - Authentication failures: Verify registry credentials"
echo " - Network timeouts: Check connectivity to both registries"
echo " - Permission denied: Ensure write access to target registry"
echo " - Insufficient disk space"
echo " - Private registry storage quota exceeded"
echo ""
echo "Tip: Try running the script again after resolving the issues above."
exit 1
fi
Note: The complete script includes comprehensive image mirroring functionality with authentication, error handling, and progress reporting.
Complete Private Registry Setup
Step 1: Generate Private Registry Configuration
Use the image mirroring script to generate your registry configuration:
# Make the script executable
chmod +x private-registry.sh
# Generate configuration for your registry
./private-registry.sh registry.company.com/netbox-enterprise
Image List for Private Registry
The following images need to be mirrored to your private registry:
# Core NetBox Enterprise images
proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/netboxlabs/nbe-utils:7
proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/diode-reconciler-pro:1.0.0
proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/ghcr.io/netboxlabs/nbe-core:4.2.9_main-191
proxy.enterprise.netboxlabs.com/proxy/netbox-enterprise/index.docker.io/netboxlabs/nbe-utils:7
# Database images
proxy.enterprise.netboxlabs.com/anonymous/registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.9-2520
proxy.enterprise.netboxlabs.com/anonymous/registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0
proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/bitnami/redis:7.4.3-debian-12-r0
# Infrastructure images
proxy.enterprise.netboxlabs.com/anonymous/ghcr.io/stakater/reloader:v1.4.4
proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/library/busybox:1.37
proxy.enterprise.netboxlabs.com/anonymous/index.docker.io/replicated/replicated-sdk:1.7.0
proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/controller:v1.12.1
proxy.enterprise.netboxlabs.com/anonymous/registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2
Automated Registry Population
Use the private-registry.sh script provided above to automate the image mirroring process. The script handles:
- Authentication with NetBox Labs proxy registry
- Pulling required NetBox Enterprise images
- Tagging images for your private registry
- Pushing images to your private registry
Usage
# 1. Set your credentials
export USERNAME='your-email@company.com'
export LICENSE_ID='your-license-id'
# 2. Copy the complete private-registry.sh script from above and save it as private-registry.sh
# 3. Make executable and run
chmod +x private-registry.sh
./private-registry.sh registry.company.com/netbox-enterprise
Kubernetes Configuration
Create Image Pull Secret
# Create secret for private registry authentication
kubectl create secret docker-registry private-registry-secret \
--docker-server=your-private-registry.com \
--docker-username=your-username \
--docker-password=your-password \
--docker-email=your-email@example.com
Private Registry Values Configuration
Create your values-private-registry.yaml file using the complete template provided above:
# Copy the complete private-registry.yaml template from above
# and save it as values-private-registry.yaml, then customize as needed
vim values-private-registry.yaml
The template includes:
- Global registry settings for all images
- Image pull secrets configuration
- Container-specific registry overrides
- Restricted environment settings (
pullPolicy: Never)
Installation with Private Registry
Standard Installation (Internet Access to Chart Registry)
If you can access the NetBox Labs chart registry but need to use private container images:
# Install with multiple values files (base + private registry configuration)
helm install netbox-enterprise \
oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-private-registry.yaml \
${CHART_VERSION:+--version $CHART_VERSION} \
--create-namespace \
--namespace netbox-enterprise
Offline Installation (Restricted Environments)
For completely restricted environments, download the Helm chart offline:
# 1. Download the chart (from internet-connected system)
export CHART_VERSION="1.11.5"
helm pull oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--version $CHART_VERSION
# 2. Transfer the chart file to restricted environment
# 3. Install from downloaded chart
helm install netbox-enterprise ./netbox-enterprise-${CHART_VERSION}.tgz \
--values netbox-enterprise-values.yaml \
--values values-private-registry.yaml \
--create-namespace \
--namespace netbox-enterprise
Note: You can chain multiple values files. Later files override values from earlier files, allowing you to layer base configuration, environment-specific settings, and private registry overrides.
Verify Image Sources
# Check that pods are using your private registry
kubectl describe pods -l app=netbox-enterprise -n netbox-enterprise | grep "Image:"
# Verify no image pull errors
kubectl get events -n netbox-enterprise --field-selector type=Warning
Common Private Registry Platforms
Harbor Registry
# values-harbor.yaml
global:
imageRegistry: "harbor.example.com/netbox"
imagePullSecrets:
- name: "harbor-secret"
# Create Harbor secret
kubectl create secret docker-registry harbor-secret \
--docker-server=harbor.example.com \
--docker-username=admin \
--docker-password=harbor-password
Amazon ECR
# values-ecr.yaml
global:
imageRegistry: "123456789012.dkr.ecr.us-east-1.amazonaws.com/netbox"
imagePullSecrets:
- name: "ecr-secret"
# Create ECR secret
kubectl create secret docker-registry ecr-secret \
--docker-server=123456789012.dkr.ecr.us-east-1.amazonaws.com \
--docker-username=AWS \
--docker-password=$(aws ecr get-login-password --region us-east-1)
Azure Container Registry
# values-acr.yaml
global:
imageRegistry: "myregistry.azurecr.io/netbox"
imagePullSecrets:
- name: "acr-secret"
# Create ACR secret
kubectl create secret docker-registry acr-secret \
--docker-server=myregistry.azurecr.io \
--docker-username=service-principal-id \
--docker-password=service-principal-password
Troubleshooting
Common Issues
ImagePullBackOff Errors:
# Check pod events
kubectl describe pod <pod-name>
# Verify secret exists
kubectl get secret private-registry-secret
# Test registry connectivity
docker pull your-private-registry.com/netbox-enterprise/beta/netbox-enterprise:1.11.5
Authentication Failures:
# Recreate the secret with correct credentials
kubectl delete secret private-registry-secret
kubectl create secret docker-registry private-registry-secret \
--docker-server=your-private-registry.com \
--docker-username=correct-username \
--docker-password=correct-password
Configuration Validation Script
Before deploying NetBox Enterprise with a private registry, use this validation script to verify your configuration and cluster readiness:
validate-config.sh
#!/bin/bash
# =============================================================================
# NetBox Enterprise Helm Configuration Validation Script
# =============================================================================
# This script performs comprehensive pre-deployment validation for NetBox
# Enterprise Helm installations to catch configuration issues early.
# What it validates:
# - Helm values file syntax and structure
# - Kubernetes cluster connectivity and permissions
# - Required tools (kubectl, helm) availability
# - Environment variable configuration
# - Namespace existence and permissions
# - Helm chart template rendering
# Benefits:
# - Prevents failed deployments due to configuration errors
# - Saves time by catching issues before helm install
# - Provides clear guidance for fixing validation issues
# - Ensures all prerequisites are met before installation
# Usage:
# ./validate-config.sh --values values-production.yaml
# ./validate-config.sh --values values-production.yaml --namespace my-namespace
# =============================================================================
# Exit immediately if any command fails - ensures validation failures are caught
set -e
# =============================================================================
# DEFAULT CONFIGURATION
# =============================================================================
VALUES_FILE="" # Path to Helm values file (required)
NAMESPACE="netbox-enterprise" # Default Kubernetes namespace
VERBOSE=false # Enable detailed output
# =============================================================================
# OUTPUT FORMATTING
# =============================================================================
# ANSI color codes for clear, readable validation output
RED='\033[0;31m' # Error messages
GREEN='\033[0;32m' # Success messages
YELLOW='\033[1;33m' # Warning messages
NC='\033[0m' # Reset to default color
# =============================================================================
# LOGGING FUNCTIONS
# =============================================================================
# Standardized logging functions with color coding for clear output
# Log informational messages (green)
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
# Log warning messages (yellow) - issues that don't block installation
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
# Log error messages (red) - critical issues that block installation
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Display help information with usage examples
usage() {
cat << EOF
🛠️ NetBox Enterprise Helm Configuration Validator
DESCRIPTION:
Validates NetBox Enterprise Helm configuration before deployment to catch
issues early and ensure successful installation.
USAGE:
$0 --values <values-file> [OPTIONS]
REQUIRED ARGUMENTS:
--values <file> Path to your Helm values file (e.g., values-production.yaml)
OPTIONAL ARGUMENTS:
--namespace <name> Kubernetes namespace (default: netbox-enterprise)
--verbose Enable detailed validation output
--help Show this help message
EXAMPLES:
# Basic validation with default namespace
$0 --values values-production.yaml
# Validation with custom namespace
$0 --values values-production.yaml --namespace my-netbox
# Verbose validation for troubleshooting
$0 --values values-production.yaml --verbose
PREREQUISITES:
- kubectl installed and configured
- helm 3.x installed
- Access to target Kubernetes cluster
- Valid NetBox Enterprise values file
EOF
}
# =============================================================================
# COMMAND LINE ARGUMENT PARSING
# =============================================================================
# Process command line arguments and validate input parameters
while [[ $# -gt 0 ]]; do
case $1 in
--values)
# Path to Helm values file (required)
VALUES_FILE="$2"
shift 2
;;
--namespace)
# Kubernetes namespace for deployment
NAMESPACE="$2"
shift 2
;;
--verbose)
# Enable detailed validation output for troubleshooting
VERBOSE=true
shift
;;
--help)
# Show usage information and exit
usage
exit 0
;;
*)
# Handle unknown/invalid options
log_error "Unknown option: $1"
echo ""
usage
exit 1
;;
esac
done
# =============================================================================
# INPUT VALIDATION
# =============================================================================
# Validate that required arguments are provided and files exist
# Check that values file path is provided (required argument)
if [[ -z "$VALUES_FILE" ]]; then
log_error "Values file is required - use --values <path-to-values-file>"
echo ""
usage
exit 1
fi
# Verify that the values file actually exists and is readable
if [[ ! -f "$VALUES_FILE" ]]; then
log_error "Values file not found or not readable: $VALUES_FILE"
echo ""
echo "Tip: Make sure the file path is correct and you have read permissions"
exit 1
fi
# =============================================================================
# VALIDATION PROCESS INITIALIZATION
# =============================================================================
echo "======================================================================"
echo "🔍 NETBOX ENTERPRISE HELM CONFIGURATION VALIDATOR"
echo "======================================================================"
log_info "Starting comprehensive pre-deployment validation"
log_info "Values file: $VALUES_FILE"
log_info "Target namespace: $NAMESPACE"
log_info "Verbose mode: $VERBOSE"
echo ""
# =============================================================================
# PREREQUISITE TOOL VALIDATION
# =============================================================================
log_info "🛠️ Checking required tools and dependencies..."
# Verify kubectl is installed and accessible
# kubectl is required for cluster connectivity and namespace operations
if ! command -v kubectl &> /dev/null; then
log_error "kubectl is not installed or not in PATH"
echo "Tip: Install kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl"
exit 1
fi
log_info "✅ kubectl found: $(kubectl version --client --short 2>/dev/null || echo "version check failed")"
# Verify Helm is installed and accessible
# Helm 3.x is required for NetBox Enterprise deployment
if ! command -v helm &> /dev/null; then
log_error "helm is not installed or not in PATH"
echo "Tip: Install Helm: https://helm.sh/docs/intro/install/"
exit 1
fi
log_info "✅ Helm found: $(helm version --template='Version: {{.Version}}' 2>/dev/null || echo "version check failed")"
# Test Kubernetes cluster connectivity
# Ensures we can communicate with the target cluster
log_info "🔗 Testing Kubernetes cluster connectivity..."
if ! kubectl cluster-info &> /dev/null; then
log_error "Cannot connect to Kubernetes cluster"
echo ""
echo "🔍 Common connectivity issues:"
echo " - kubeconfig file not configured: run 'kubectl config view'"
echo " - Wrong cluster context: run 'kubectl config current-context'"
echo " - Network connectivity issues to cluster API server"
echo " - Expired or invalid authentication credentials"
exit 1
fi
log_info "✅ Kubernetes cluster connectivity verified"
# =============================================================================
# VALUES FILE VALIDATION
# =============================================================================
log_info "📄 Validating Helm values file structure and syntax..."
# Validate YAML syntax using Python (most reliable YAML parser)
# Invalid YAML will cause Helm deployment to fail immediately
if ! python3 -c "import yaml; yaml.safe_load(open('$VALUES_FILE'))" 2>/dev/null; then
log_error "Invalid YAML syntax in values file: $VALUES_FILE"
echo ""
echo "🔍 Common YAML issues:"
echo " - Incorrect indentation (use spaces, not tabs)"
echo " - Missing quotes around special characters"
echo " - Unbalanced brackets or parentheses"
echo "Tip: Validate YAML syntax online: https://yamllint.com/"
exit 1
fi
log_info "✅ Values file has valid YAML syntax"
# =============================================================================
# NAMESPACE VALIDATION
# =============================================================================
log_info "🏷️ Checking target namespace: $NAMESPACE"
if kubectl get namespace "$NAMESPACE" &> /dev/null; then
log_info "✅ Namespace '$NAMESPACE' exists"
else
log_warn "⚠️ Namespace '$NAMESPACE' does not exist"
echo " It will be created automatically during Helm installation"
fi
# =============================================================================
# HELM CHART VALIDATION
# =============================================================================
log_info "📦 Validating Helm chart template rendering..."
# Use helm template to validate that the chart can be rendered with the values
# This catches many configuration issues before actual deployment
if $VERBOSE; then
log_info "Running detailed Helm template validation..."
helm template netbox-enterprise-test \
oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values "$VALUES_FILE" \
--dry-run --debug 2>&1 | head -20
fi
if helm template netbox-enterprise-test \
oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values "$VALUES_FILE" \
--dry-run &> /dev/null; then
log_info "✅ Helm chart template validation passed"
else
log_error "❌ Helm chart template validation failed"
echo ""
echo "🔍 This usually indicates:"
echo " - Invalid configuration values in your values file"
echo " - Missing required configuration options"
echo " - Incompatible chart version with your values"
echo ""
echo "Tip: Try running with --verbose for detailed error output"
exit 1
fi
# =============================================================================
# AUTHENTICATION VALIDATION
# =============================================================================
log_info "🔐 Checking NetBox Labs authentication credentials..."
# Check for USERNAME environment variable (required for registry access)
if [[ -z "$USERNAME" ]]; then
log_warn "⚠️ USERNAME environment variable not set"
echo " This is required for accessing NetBox Labs container registry"
echo " Set with: export USERNAME='your-email@company.com'"
else
log_info "✅ USERNAME environment variable configured: $USERNAME"
fi
# Check for LICENSE_ID environment variable (required for registry access)
if [[ -z "$LICENSE_ID" ]]; then
log_warn "⚠️ LICENSE_ID environment variable not set"
echo " This is required for accessing NetBox Labs container registry"
echo " Set with: export LICENSE_ID='your-license-key'"
else
log_info "✅ LICENSE_ID environment variable configured: ${LICENSE_ID:0:8}..."
fi
# =============================================================================
# VALIDATION SUMMARY
# =============================================================================
echo ""
echo "======================================================================"
echo "✓ VALIDATION COMPLETED SUCCESSFULLY"
echo "======================================================================"
log_info "✅ All critical validation checks passed"
log_info "✅ Configuration is ready for NetBox Enterprise deployment"
echo ""
echo "NEXT STEPS:"
echo ""
echo "1. Deploy NetBox Enterprise:"
echo " helm install netbox-enterprise \\"
echo " oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \\"
echo " --values $VALUES_FILE \\"
echo " --namespace $NAMESPACE \\"
echo " --create-namespace"
echo ""
echo "2. Monitor deployment status:"
echo " kubectl get pods -n $NAMESPACE -w"
echo ""
echo "3. Access NetBox Enterprise:"
echo " kubectl port-forward -n $NAMESPACE svc/netbox-enterprise 8080:80"
echo " Then visit your NetBox instance at the forwarded port (default: 8080)"
echo ""
echo "For more information, see the installation guide:"
echo " https://netboxlabs.com/docs/helm/netbox-enterprise-helm-install"
Use the validation script provided above:
# Copy the complete validate-config.sh script from above and save it as validate-config.sh
chmod +x validate-config.sh
./validate-config.sh --values netbox-enterprise-values.yaml
The validation script checks:
- Required Files: Verifies
netbox-enterprise-values.yamland optionalvalues-extra.yamlexist - YAML Syntax: Validates all YAML files for syntax errors
- Kubernetes Connectivity: Ensures you can connect to your cluster
- Registry Authentication: Tests NetBox Labs and private registry access
- Helm Template: Validates the complete Helm template renders correctly
- Resource Requirements: Checks cluster has sufficient CPU/memory
- Storage Classes: Verifies persistent storage is available
Quick Usage
# 1. Copy the complete validate-config.sh script from above and make executable
chmod +x validate-config.sh
# 2. Set your credentials
export USERNAME='your-email@company.com'
export LICENSE_ID='your-license-id'
# 3. Run validation
./validate-config.sh --values netbox-enterprise-values.yaml
# 4. Install if validation passes (using your private registry values)
helm install netbox-enterprise \
oci://registry.enterprise.netboxlabs.com/netbox-enterprise/beta/netbox-enterprise \
--values netbox-enterprise-values.yaml \
--values values-private-registry.yaml \
--version 1.11.5 \
--namespace netbox-enterprise \
--create-namespace
Next Steps
- Configure External Database for production deployments
- Set up High Availability for production environments
- Configure CI/CD Pipeline for automated deployments
- Validate your deployment to ensure everything is working correctly