Architecture
The nbe-operator is a Kubernetes operator that manages the full lifecycle of a NetBox Enterprise deployment through a NetBoxEnterprise custom resource.
Operator Reconciliation Flow
When a NetBoxEnterprise resource is created or modified, the operator reconciles the desired state into Kubernetes resources:
The operator uses a debounced watch strategy — rapid changes are batched with a 5-second debounce window to avoid excessive reconciliation.
When spec.suspend is true, the operator skips all reconciliation and sets a Suspended status condition. Existing workloads continue running. This is useful for pausing the operator during troubleshooting — see Suspend Reconciliation.
The cluster DNS suffix used for all operator-generated FQDNs defaults to cluster.local and can be overridden via spec.clusterDnsSuffix in the NetBoxEnterprise resource.
Resource Application Order
Resources are applied in a strict canonical order to respect dependencies:
| Order | Resource Type | Example |
|---|---|---|
| 1 | PostgresCluster | PGO-managed database (skipped if external) |
| 2 | RedisCluster | Operator-managed Redis (skipped if external) |
| 3 | Secret | Application secrets, credentials |
| 4 | ConfigMap | Application configuration |
| 5 | ServiceAccount | RBAC identities |
| 6 | Role | RBAC permissions |
| 7 | RoleBinding | RBAC bindings |
| 8 | PersistentVolumeClaim | Media and script storage |
| 9 | Deployment | NetBox, workers, Diode components |
| 10 | Job | Bootstrap, migrations, setup |
| 11 | Service | Internal and external services |
| 12 | Ingress | External access |
| 13 | VeleroBackup | Backup configuration (enterprise) |
Readiness middleware ensures PostgreSQL and Redis are available before deployments are created.
Component Topology
PostgreSQL and Redis are managed by their own dedicated operators — Crunchy PGO and the Redis operator respectively. The nbe-operator creates the appropriate custom resources (e.g. PostgresCluster) and these operators run their own independent reconciliation loops to provision and manage the underlying clusters. This means database and cache lifecycle operations (failover, scaling, backups) are handled outside the nbe-operator's reconciliation cycle.