Merge branch 'main' into leo/update/crd

charts/netbox-operator/Chart.yaml

@@ -17,11 +17,11 @@ maintainers:
 dependencies:
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: ^2.28.0
+    version: ^2.29.0
     tags:
       - bitnami-common
   - name: netbox
-    version: ^5.0.6
+    version: ^5.0.16
     repository: oci://ghcr.io/netbox-community/netbox-chart
     condition: netbox.enabled
 annotations:

charts/netbox/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: netbox
-version: 5.0.6
+version: 5.0.16
 # renovate: image=ghcr.io/netbox-community/netbox
-appVersion: "v4.1.10"
+appVersion: "v4.2.1"
 type: application
 kubeVersion: ^1.25.0-0
 description: IP address management (IPAM) and data center infrastructure management (DCIM) tool
@@ -19,18 +19,23 @@ maintainers:
 dependencies:
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: ^2.28.0
+    version: ^2.29.0
     tags:
       - bitnami-common
   - name: postgresql
-    version: ^16.3.4
+    version: ^16.4.2
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: redis
-    version: ^20.6.1
+    version: ^20.6.3
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled
 annotations:
+  artifacthub.io/images: |
+    - name: netbox
+      image: ghcr.io/netbox-community/netbox:v4.2.1
+    - name: busybox
+      image: docker.io/busybox:1.37.0
   artifacthub.io/license: Apache-2.0
   artifacthub.io/links: |
     - name: Upstream Project

charts/netbox/README.md

@@ -155,6 +155,7 @@ The following table lists the configurable parameters for this chart and their d
 | `remoteAuth.ldap.serverUri`                     | see [django-auth-ldap](https://django-auth-ldap.readthedocs.io)     | `""`                                         |
 | `remoteAuth.ldap.startTls`                      | if StarTLS should be used                                           | *see values.yaml*                            |
 | `remoteAuth.ldap.ignoreCertErrors`              | if Certificate errors should be ignored                             | *see values.yaml*                            |
+| `remoteAuth.ldap.caCertDir`                     | CA certificate directory                                            | *see auth.md*                                |
 | `remoteAuth.ldap.caCertData`                    | CA certificate data                                                 | *see auth.md*                                |
 | `remoteAuth.ldap.bindDn`                        | Distinguished Name to bind with                                     | `""`                                         |
 | `remoteAuth.ldap.bindPassword`                  | Password for bind DN                                                | `""`                                         |

charts/netbox/templates/configmap.yaml

@@ -170,6 +170,9 @@ data:
     AUTH_LDAP_BIND_DN: {{ .Values.remoteAuth.ldap.bindDn | quote }}
     AUTH_LDAP_START_TLS: {{ toJson .Values.remoteAuth.ldap.startTls }}
     LDAP_IGNORE_CERT_ERRORS: {{ toJson .Values.remoteAuth.ldap.ignoreCertErrors }}
+    {{- if .Values.remoteAuth.ldap.caCertDir }}
+    LDAP_CA_CERT_DIR: {{ .Values.remoteAuth.ldap.caCertDir | quote }}
+    {{- end }}
     {{- if .Values.remoteAuth.ldap.caCertData }}
     LDAP_CA_CERT_FILE: /etc/netbox/config/ldap/ldap_ca.crt
     {{- end }}

charts/netbox/values.schema.json

@@ -1008,6 +1008,9 @@
             "ignoreCertErrors": {
               "type": "boolean"
             },
+            "caCertDir": {
+              "type": "string"
+            },
             "caCertData": {
               "type": "string"
             },
@@ -1057,10 +1060,10 @@
               "type": "boolean"
             },
             "mirrorGroups": {
-              "type": "boolean"
+              "type": ["boolean", "string", "array"]
             },
             "mirrorGroupsExcept": {
-              "type": "string"
+              "type": ["null", "string", "array"]
             },
             "cacheTimeout": {
               "type": "integer"

charts/netbox/values.yaml

@@ -384,6 +384,7 @@ remoteAuth:
     serverUri: ldap://example.com
     startTls: true
     ignoreCertErrors: false
+    caCertDir: ""
     caCertData: ""
     bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com
     bindPassword: ""
@@ -402,7 +403,7 @@ remoteAuth:
       - CN=Domain Admins,CN=Users,DC=example,dc=com
     findGroupPerms: true
     mirrorGroups: true
-    mirrorGroupsExcept: ""
+    mirrorGroupsExcept: []
     cacheTimeout: 3600
     attrFirstName: givenName
     attrLastName: sn

docs/auth.md

@@ -238,12 +238,24 @@ remoteAuth:
     # and ALL the other remoteAuth.ldap.* settings from values.yaml
 ```
 
-Note: in order to use anonymous LDAP binding set `bindDn` and `bindPassword`
-to an empty string as in the example above.
+> [!NOTE]
+> In order to use anonymous LDAP binding, set `bindDn` and `bindPassword`
+> to an empty string as in the example above.
 
+### LDAP Certificate Verification
 If you need to specify your own CA certificate, follow the instructions below.
 
-In your `values.yaml` file define your CA certificate content in `caCertData`:
+Option 1. In your `values.yaml` file define the directory already containing your CA certificate:
+
+```yaml
+  ldap:
+    serverUri: 'ldap://domain.com'
+    startTls: true
+    ignoreCertErrors: false
+    caCertDir: /etc/ssl/certs
+```
+
+Option 2. In your `values.yaml` file define your CA certificate content in `caCertData`:
 
 ```yaml
   ldap: