use external postgres and redis for nbc helm

jbartus · jbartus · commit 815bcb50a3d3 · 2025-05-30T18:27:34.000-04:00
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ this repo sets up three instances of netbox
 
 # pre-req
 ```
-which terraform aws kubectl
+which terraform aws kubectl helm
 ```
 
 # how to use
diff --git a/nbc-helm.sh b/nbc-helm.sh
@@ -1,11 +1,25 @@
 #!/bin/bash
 
-helm install nbc oci://ghcr.io/netbox-community/netbox-chart/netbox --namespace nbc --create-namespace
+helm install netbox oci://ghcr.io/netbox-community/netbox-chart/netbox \
+  --namespace netbox \
+  --create-namespace \
+  --set persistence.enabled=false \
+  --set postgresql.enabled=false \
+  --set externalDatabase.host=$(terraform output -raw postgres_host) \
+  --set externalDatabase.password=$(terraform output -raw postgres_password) \
+  --set valkey.enabled=false \
+  --set tasksDatabase.host=$(terraform output -raw redis_host) \
+  --set cachingDatabase.host=$(terraform output -raw redis_host)
 
-# sleep 400
-#export POD_NAME=$(kubectl get pods --namespace "nbc" -l "app.kubernetes.io/name=netbox,app.kubernetes.io/instance=nbc" -o jsonpath="{.items[0].metadata.name}")
-#kubectl port-forward $POD_NAME 8080:8080 -n nbc
+kubectl -n netbox create secret generic netbox-valkey \
+  --from-literal=cache_password="" \
+  --from-literal=task_password=""
+
+# admin password
+kubectl -n netbox get secrets netbox-superuser -o jsonpath="{.data.password}" | base64 --decode
+
+# port forward
+# kubectl -n netbox port-forward svc/netbox 8080:80
 
 # cleanup
-# helm -n nbc uninstall nbc
-# kubectl delete pvc -n nbc --all
+# helm -n netbox uninstall netbox
diff --git a/postgres.tf b/postgres.tf
@@ -0,0 +1,44 @@
+resource "aws_db_subnet_group" "postgres" {
+  name       = "postgres-subnet-group"
+  subnet_ids = module.vpc.private_subnets
+}
+
+resource "aws_security_group" "postgres" {
+  vpc_id = module.vpc.vpc_id
+}
+
+resource "aws_vpc_security_group_egress_rule" "postgres_allow_all_out" {
+  security_group_id = aws_security_group.postgres.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "postgres_allow_psql_in" {
+  security_group_id = aws_security_group.postgres.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 5432
+  to_port           = 5432
+  ip_protocol       = "tcp"
+}
+
+resource "aws_db_instance" "postgres" {
+  identifier             = "nb-pg-db"
+  engine                 = "postgres"
+  instance_class         = "db.t3.medium"
+  username               = "netbox"
+  password               = var.postgres_password
+  db_name                = "netbox"
+  allocated_storage      = 20
+  db_subnet_group_name   = aws_db_subnet_group.postgres.name
+  vpc_security_group_ids = [aws_security_group.postgres.id]
+  skip_final_snapshot    = true
+}
+
+output "postgres_host" {
+  value = aws_db_instance.postgres.address
+}
+
+output "postgres_password" {
+  value     = var.postgres_password
+  sensitive = true
+}
diff --git a/redis.tf b/redis.tf
@@ -0,0 +1,37 @@
+resource "aws_elasticache_subnet_group" "redis" {
+  name       = "redis-subnet-group"
+  subnet_ids = module.vpc.private_subnets
+}
+
+resource "aws_security_group" "redis" {
+  name   = "redis"
+  vpc_id = module.vpc.vpc_id
+}
+
+resource "aws_vpc_security_group_egress_rule" "redis_allow_all_out" {
+  security_group_id = aws_security_group.redis.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "redis_allow_redis_in" {
+  security_group_id = aws_security_group.redis.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 6379
+  to_port           = 6379
+  ip_protocol       = "tcp"
+}
+
+resource "aws_elasticache_cluster" "redis" {
+  cluster_id           = "nb-redis"
+  engine               = "redis"
+  node_type            = "cache.t3.micro"
+  num_cache_nodes      = 1
+  parameter_group_name = "default.redis7"
+  subnet_group_name    = aws_elasticache_subnet_group.redis.name
+  security_group_ids   = [aws_security_group.redis.id]
+}
+
+output "redis_host" {
+  value = aws_elasticache_cluster.redis.cache_nodes[0].address
+}
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -1,3 +1,4 @@
 nbe_token            = ""
 nbe_console_password = "6chars"
 nbe_admin_password   = "12characters"
+postgres_password    = "yesql123"
diff --git a/variables.tf b/variables.tf
@@ -12,3 +12,8 @@ variable "nbe_admin_password" {
   type      = string
   sensitive = true
 }
+
+variable "postgres_password" {
+  type      = string
+  sensitive = true
+}

Original file line number	Diff line number	Diff line change
`@@ -12,3 +12,8 @@ variable "nbe_admin_password" {`
`12`	`12`	`type = string`
`13`	`13`	`sensitive = true`
`14`	`14`	`}`
	`15`	`+`
	`16`	`+variable "postgres_password" {`
	`17`	`+ type = string`
	`18`	`+ sensitive = true`
	`19`	`+}`