Enterprise
Diode Configuration
Diode provides automated data ingestion into NetBox. It consists of four components:
- Reconciler — Processes change sets and updates NetBox via API
- Ingester — Receives incoming data and writes to Redis streams
- Auth — Authentication service for Diode API clients
- Hydra — Ory Hydra OAuth2/OIDC server for token management
Enable/Disable Diode
| Key | Type | Default | Description |
|---|---|---|---|
diode.enabled | bool | true | Enable the entire Diode stack |
netboxEnterprise:
spec:
diode:
enabled: false # Disable Diode entirely
When disabled, the reconciler, ingester, auth, and Hydra components are not deployed.
Component Configuration
Each component has the same configuration structure for scaling and resources:
Reconciler
| Key | Type | Default | Description |
|---|---|---|---|
diode.reconciler.replicas | uint8 | 1 | Number of reconciler replicas |
diode.reconciler.resources.cpu | int | 100 | CPU request (millicores) |
diode.reconciler.resources.memory | int | 256 | Memory request (MiB) |
diode.reconciler.limits.cpu | int | 500 | CPU limit (millicores) |
diode.reconciler.limits.memory | int | 512 | Memory limit (MiB) |
Ingester
| Key | Type | Default | Description |
|---|---|---|---|
diode.ingester.replicas | uint8 | 1 | Number of ingester replicas |
diode.ingester.resources.cpu | int | 100 | CPU request (millicores) |
diode.ingester.resources.memory | int | 256 | Memory request (MiB) |
diode.ingester.limits.cpu | int | 500 | CPU limit (millicores) |
diode.ingester.limits.memory | int | 512 | Memory limit (MiB) |
Auth
| Key | Type | Default | Description |
|---|---|---|---|
diode.auth.replicas | uint8 | 1 | Number of auth replicas |
diode.auth.resources.cpu | int | 50 | CPU request (millicores) |
diode.auth.resources.memory | int | 128 | Memory request (MiB) |
diode.auth.limits.cpu | int | 200 | CPU limit (millicores) |
diode.auth.limits.memory | int | 256 | Memory limit (MiB) |
Hydra (OAuth2/OIDC)
| Key | Type | Default | Description |
|---|---|---|---|
diode.hydra.replicas | uint8 | 1 | Number of Hydra replicas |
diode.hydra.autoMigrate | bool | true | Run database migrations on startup |
diode.hydra.resources.cpu | int | 100 | CPU request (millicores) |
diode.hydra.resources.memory | int | 256 | Memory request (MiB) |
diode.hydra.limits.cpu | int | 500 | CPU limit (millicores) |
diode.hydra.limits.memory | int | 512 | Memory limit (MiB) |
Hydra secrets (cookie, DSN, system) are auto-generated from the PostgreSQL configuration if not explicitly set.
Application Config
Reconciler Config
| Key | Type | Default | Description |
|---|---|---|---|
diode.config.reconciler.autoApplyChangesets | bool | false | Automatically apply change sets to NetBox |
diode.config.reconciler.logLevel | enum | INFO | Log level: INFO, DEBUG, WARN, ERROR |
diode.config.reconciler.databaseName | string | diode | PostgreSQL database name |
diode.config.reconciler.databaseUser | string | diode | PostgreSQL database user |
diode.config.reconciler.migrationEnabled | bool | true | Run database migrations |
diode.config.reconciler.redisDb | uint8 | 0 | Redis database number |
diode.config.reconciler.redisStreamDb | uint8 | 1 | Redis database for streams |
diode.config.reconciler.rateLimitRps | uint8 | 20 | Rate limit (requests/sec) |
diode.config.reconciler.rateLimitBurst | uint8 | 1 | Rate limit burst size |
diode.config.reconciler.rateLimitNetboxRps | uint8 | 20 | NetBox API rate limit |
diode.config.reconciler.rateLimitNetboxBurst | uint8 | 1 | NetBox API burst size |
Auth Config
| Key | Type | Default | Description |
|---|---|---|---|
diode.config.auth.logLevel | enum | INFO | Log level |
Ingester Config
| Key | Type | Default | Description |
|---|---|---|---|
diode.config.ingester.logLevel | enum | INFO | Log level |
diode.config.ingester.redisStreamDb | uint8 | 1 | Redis database for stream storage |
Telemetry Config
Each component supports telemetry configuration:
| Key | Type | Default | Description |
|---|---|---|---|
telemetryConfig.environment | string | — | Environment name (Diode uses its own default if not set) |
telemetryConfig.metricsEnabled | bool | false | Enable Prometheus metrics |
telemetryConfig.metricsExporter | enum | prometheus | Exporter: prometheus, otlp, console, none |
telemetryConfig.metricsPort | uint16 | — | Metrics endpoint port |
telemetryConfig.traceExporter | enum | none | Trace exporter: otlp, console, none |
Example enabling metrics for all Diode components:
netboxEnterprise:
spec:
diode:
enabled: true
config:
ingester:
telemetryConfig:
metricsEnabled: true
reconciler:
telemetryConfig:
metricsEnabled: true
autoApplyChangesets: true
auth:
telemetryConfig:
metricsEnabled: true
Data Flow
- External agents send data to the Ingester via gRPC
- The Ingester writes to Redis Streams for durable queuing
- The Reconciler reads from streams, processes change sets, and pushes to NetBox via its API
- Auth handles API key validation with Hydra providing OAuth2 token management
Next Steps
- Monitoring — Enable Diode component metrics
- Architecture — Full component topology diagram