Enterprise
Helm Values Reference
Complete reference for the nbe-operator values.yaml organized by section. All values below are set at the top level of your values file.
Global Configuration
| Key | Type | Default | Description |
|---|---|---|---|
global.imagePullSecrets | list | [{name: netbox-enterprise-helm-registry}, {name: netbox-enterprise-registry}] | Image pull secrets applied to all pods |
global.database.enabled | bool | true | Enable internal PGO-managed PostgreSQL |
global.image.pullPolicy | string | IfNotPresent | Default image pull policy |
global.kubernetesVersion | string | >=1.26.0 | Kubernetes version constraint |
Operator Configuration
| Key | Type | Default | Description |
|---|---|---|---|
operator.enabled | bool | true | Deploy the operator |
operator.image.registry | string | proxy.enterprise.netboxlabs.com/... | Operator image registry |
operator.image.repository | string | nbe-netbox-enterprise/netboxlabs/nbe-operator | Operator image repository |
operator.image.tag | string | 2.0.0 | Operator image tag |
operator.image.pullPolicy | string | IfNotPresent | Operator image pull policy |
operator.metricsPort | int | 8080 | Port for metrics endpoint |
operator.healthPort | int | 8081 | Port for health endpoints |
operator.metricsScrapeIntervalSecs | int | 30 | Seconds between metrics scrape operations |
note
The cluster DNS suffix is now configured in the NetBoxEnterprise CRD via spec.clusterDnsSuffix instead of a Helm value.
Operator Logging
| Key | Type | Default | Description |
|---|---|---|---|
operator.logging.level | string | info | Log level using RUST_LOG syntax (e.g., info, debug, info,kube=warn) |
operator.logging.format | string | auto | Log format: auto, json, compact, pretty, gcp, aws, otlp |
operator.logging.otlp.endpoint | string | Default: OTLP on port 4318 | OTLP exporter endpoint URL (when format is otlp) |
operator.logging.otlp.serviceName | string | nbe-operator | Service name for OTLP traces |
Operator Probes
| Key | Type | Default | Description |
|---|---|---|---|
operator.livenessProbe.initialDelaySeconds | int | 15 | Delay before liveness checks start |
operator.livenessProbe.periodSeconds | int | 20 | Interval between liveness checks |
operator.readinessProbe.initialDelaySeconds | int | 5 | Delay before readiness checks start |
operator.readinessProbe.periodSeconds | int | 10 | Interval between readiness checks |
Operator Environment
| Key | Type | Default | Description |
|---|---|---|---|
operator.env | list | [] | Additional environment variables |
operator.envFrom | list | [] | Environment variable sources (ConfigMaps, Secrets) |
operator.config | object | {} | Additional operator configuration |
Service Account & RBAC
| Key | Type | Default | Description |
|---|---|---|---|
serviceAccount.create | bool | true | Create a ServiceAccount for the operator |
serviceAccount.annotations | object | {} | Annotations for the ServiceAccount |
serviceAccount.name | string | "" | Override ServiceAccount name (auto-generated if empty) |
rbac.create | bool | true | Create RBAC resources |
rbac.scope | string | cluster | RBAC scope: cluster or namespace |
Service
| Key | Type | Default | Description |
|---|---|---|---|
service.enabled | bool | true | Create a Service for the operator |
service.type | string | ClusterIP | Service type |
service.metricsPort | int | 8080 | Metrics port exposed by the Service |
service.annotations | object | {} | Service annotations |
Metrics
| Key | Type | Default | Description |
|---|---|---|---|
metrics.enabled | bool | true | Enable Prometheus discovery annotations on the operator pod |
metrics.podAnnotations | bool | true | Add prometheus.io/scrape, prometheus.io/port, prometheus.io/path annotations |
See Monitoring for details on application-level metrics.
ServiceMonitor
| Key | Type | Default | Description |
|---|---|---|---|
serviceMonitor.enabled | bool | false | Create a Prometheus Operator ServiceMonitor |
serviceMonitor.namespace | string | "" | Namespace for the ServiceMonitor (defaults to release namespace) |
serviceMonitor.labels | object | {} | Additional labels for the ServiceMonitor |
serviceMonitor.annotations | object | {} | Additional annotations |
serviceMonitor.interval | string | 30s | Scrape interval |
serviceMonitor.scrapeTimeout | string | 10s | Scrape timeout |
serviceMonitor.scheme | string | http | HTTP scheme (http or https) |
serviceMonitor.tlsConfig | object | {} | TLS config for scraping |
serviceMonitor.honorLabels | bool | true | Honor labels from scraped metrics |
serviceMonitor.relabelings | list | [] | Relabeling configurations |
serviceMonitor.metricRelabelings | list | [] | Metric relabeling configurations |
serviceMonitor.targetLabels | list | [] | Target labels for scraped metrics |
Pod Configuration
| Key | Type | Default | Description |
|---|---|---|---|
replicaCount | int | 1 | Operator replica count |
podAnnotations | object | {} | Additional pod annotations |
podLabels | object | {} | Additional pod labels |
resources.requests.cpu | string | 100m | Operator CPU request |
resources.requests.memory | string | 128Mi | Operator memory request |
resources.limits.cpu | string | 500m | Operator CPU limit |
resources.limits.memory | string | 512Mi | Operator memory limit |
nodeSelector | object | {} | Node selector constraints |
tolerations | list | [] | Pod tolerations |
affinity | object | {} | Pod affinity/anti-affinity rules |
volumes | list | [] | Additional volumes |
volumeMounts | list | [] | Additional volume mounts |
Pod Security
| Key | Type | Default | Description |
|---|---|---|---|
podSecurityContext.runAsNonRoot | bool | true | Enforce non-root |
podSecurityContext.runAsUser | int | 65532 | UID for operator process |
podSecurityContext.fsGroup | int | 65532 | Filesystem group |
securityContext.allowPrivilegeEscalation | bool | false | Block privilege escalation |
securityContext.capabilities.drop | list | [ALL] | Drop all capabilities |
securityContext.readOnlyRootFilesystem | bool | true | Read-only root filesystem |
Dependency Toggles
| Key | Type | Default | Description |
|---|---|---|---|
pgo.enabled | bool | true | Install Crunchy Postgres Operator |
redis-operator.enabled | bool | true | Install Redis Operator |
replicated.enabled | bool | true | Install Replicated SDK |
ingress.enabled | bool | false | Install ingress-nginx controller |
NetBoxEnterprise Configuration
The netboxEnterprise section controls the NetBoxEnterprise custom resource that the operator reconciles. See the dedicated configuration pages for each subsection:
| Key | Type | Default | Description |
|---|---|---|---|
netboxEnterprise.enabled | bool | false | Create a NetBoxEnterprise CR |
netboxEnterprise.name | string | netbox | Name of the NetBoxEnterprise resource |
netboxEnterprise.annotations | object | {} | Annotations merged with defaults |
netboxEnterprise.spec.suspend | bool | false | Suspend reconciliation |
netboxEnterprise.spec.maintenanceMode | bool | false | Enable maintenance mode |
netboxEnterprise.spec.backups | bool | false | Enable Velero backups |
For the full spec reference, see the NetBoxEnterprise CRD documentation.
Quick Links
- NetBox —
netboxEnterprise.spec.netbox.*(app, worker, config) - PostgreSQL —
netboxEnterprise.spec.postgresql.*(internal/external DB) - Redis —
netboxEnterprise.spec.redis.*(internal/external cache) - Diode —
netboxEnterprise.spec.diode.*(data ingestion pipeline) - Ingress & TLS — Networking and certificates
- Monitoring — Metrics and ServiceMonitor