This repo contains terraform and kubernetes configuration to install netbox into an empty GCP project.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
This project is designed to easily deploy netbox into an GCP project in an opinonated way.
Features:
- Deploy netbox onto GKE autpilot cluster using the bootc helm chart: https://github.com/bootc/netbox-chart
- Use a CloudSQL posgresql for database
- Use a GCP memorystore for redis instance
- Create DNS records in managed zone
- Create SSL certs using Letsencrypt and cert-manager
- Setup and configure necessary infrastructure to support Okta authentication
- ingress-nginx
- vouch-proxy
- Creates Okta OIDC application configuration via terraform
- creates a standard set of groups in netbox after deployment
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
-
Homebrew on Mac
brew tap garden-io/garden brew install garden-cli
-
Installation instructions: https://docs.garden.io/getting-started/1-installation
-
Homebrew on Mac
brew install --cask google-cloud-sdk
-
For other Operating system follow the directions here: https://cloud.google.com/sdk/docs/install
-
Setting up the Google Cloud SDK
gcloud init
-
Make sure to login with your account and set the default login
gcloud auth login gcloud auth application-default login
- Follow the directions here to create a gcp project: Creating a project
- this step is required if you want to setup a hostname to access netbox
- Create a public zone
- Clone the repo
git clone https://github.com/TakeoffTech/netbox-gcp-deployment.git
The current setup allows you to deploy netbox to empty gcp project.
| Garden Variable | ENV Variable | Description | Default | Required |
|---|---|---|---|---|
| google_project_id | GOOGLE_PROJECT | Google Project ID to deploy netbox too | "" |
yes |
| google_compute_region | GOOGLE_REGION | Google Region to deploy netbox too | "us-central1" |
no |
| google_managed_zone | MANAGED_ZONE | Google managed zone name (not the domain name) | "" |
no |
| google_dns_project_id | GOOGLE_DNS_PROJECT | Google Project ID that hosts the managed zone | google_project_id |
no |
| cert_registration_email | CERT_REG_EMAIL | Letsencrypt Certification registratiobn email | "user@example.com" |
yes |
| disable_okta__auth | DISABLE_OKTA_AUTH | Flag to enable or disable okta oidc authentication | true |
no |
| okta_org_name | OKTA_ORG_NAME | Okta Org name | "" |
yes (if disable_okta_auth is false) |
| okta_base_url | OKTA_BASE_URL | Okta base url | "oktapreview.com" |
no |
| okta_name_prefix | OKTA_NAME_PREFIX | Prefix to apply to all okta resources | "" |
no |
| okta_assignment_group_name | OKTA_ASSIGNMENT_GROUP_NAME | Group to assign to the application and add to the read-only group | "Everyone" | no |
| (ENV only variable for the okta terraform provider) | OKTA_API_TOKEN | Okta API token | "" |
yes (if disable_okta_auth is false) |
To set these variable before running garden deploy you have two options:
- simply set the ENV variable in your shell:
export ENV_VARIABLE=myconfig- create a garden.env or garden..env file: Variable files (varfiles)
echo garden_variable_name=myconfig >> garden.envWe automatically create dns records for netbox using the google_managed_zone domain.
If you are deploying into the prod environment, it will create netbox.<google_managed_zone.domain>.
If the dns zone contains netbox. we assume google_managed_zone is a subdomain for netbox (ie netbox.domain.local) and will create a record just for <google_managed_zone.domain>.
When you have disable_okta_auth set to false we will create a record for vouch-proxy for clients and okta to access and they are created like this vouch.<google_managed_zone.domain> if it's a netbox. subdomain.
If it's not a subdomain it will create vouch-netbox.<google_managed_zone.domain> for vouch-proxy.
For development environment, replace netbox with netbox-user-<local.username>
- Your google project ID
export GOOGLE_PROJECT=<project_id>
- We default everything to the
us-central1region. You can override this with theGOOGLE_REGIONenvironment variable. You can find the list of GCP regions here: https://cloud.google.com/compute/docs/regions-zones#availableexport GOOGLE_REGION=regionID
- Run garden deploy
garden deploy
- Delete the environment
garden delete env
- Currently we do not destroy the GKE cluster when deleting the environment, run this to cleanup the project and GKE cluster
garden plugins terraform destroy-root
- [] Feature 1
- [] Feature 2
- [] Feature 3
- [] Nested Feature
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt for more information.
Project Link: https://github.com/TakeoffTech/netbox-gcp-deployment