Add netbox_deploy Ansible role for deploying NetBox via Argo CD

ansible/roles/netbox_deploy/defaults/main.yml

@@ -0,0 +1 @@
+netbox_deploy_tmp_dir: "{{ artifacts_path }}/netbox_deploy"

ansible/roles/netbox_deploy/meta/argument_specs.yml

@@ -0,0 +1,23 @@
+argument_specs:
+  main:
+    short_description: Deploy NetBox Argo CD Application into the k3s cluster
+    description: >
+      Renders and applies an Argo CD Application manifest for the NetBox Helm
+      chart, using environment-scoped paths and inventory-driven configuration.
+    options:
+      netbox_deploy_superuser_password:
+        type: str
+        required: true
+        description: Password for the NetBox superuser account.
+      netbox_deploy_secret_key:
+        type: str
+        required: true
+        description: Django secret key for NetBox.
+      k8s_validator_kubeconfig:
+        type: raw
+        required: true
+        description: Kubeconfig path or dict used to connect to the target cluster.
+      k8s_validator_context:
+        type: str
+        required: true
+        description: Kubernetes context name to use with the provided kubeconfig.

ansible/roles/netbox_deploy/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+- name: Assert required NetBox deployment inputs are defined
+  ansible.builtin.assert:
+    that:
+      - k8s_validator_kubeconfig is defined
+      - k8s_validator_context is defined
+      - netbox_deploy_superuser_password is defined
+      - netbox_deploy_secret_key is defined
+      - k8s_validator_kubeconfig | string | length > 0
+      - k8s_validator_context | length > 0
+      - netbox_deploy_superuser_password | length > 0
+      - netbox_deploy_secret_key | length > 0
+    fail_msg: |
+      k8s_validator_kubeconfig
+      k8s_validator_context
+      netbox_deploy_superuser_password
+      netbox_deploy_secret_key
+      ...must be defined for netbox_deploy.
+
+- name: Ensure NetBox deployment tmp directory exists
+  ansible.builtin.file:
+    path: "{{ netbox_deploy_tmp_dir }}"
+    state: directory
+    mode: "0755"
+
+- name: Render NetBox Argo CD Application manifest
+  ansible.builtin.template:
+    src: netbox-application.yml.j2
+    dest: "{{ netbox_deploy_tmp_dir }}/netbox-application.yml"
+    mode: "0644"
+  register: netbox_deploy_application_file
+
+- name: Render NetBox Homepage ingress manifest
+  ansible.builtin.template:
+    src: netbox-homepage-ingress.yml.j2
+    dest: "{{ netbox_deploy_tmp_dir }}/netbox-homepage-ingress.yml"
+    mode: "0644"
+  register: netbox_deploy_homepage_ingress_file
+
+- name: Apply NetBox Argo CD Application manifest
+  ansible.builtin.import_role:
+    name: k8s_object_manager
+  vars:
+    k8s_object_manager_src: "{{ netbox_deploy_application_file.dest }}"
+    k8s_object_manager_state: present
+    k8s_object_manager_apply: true
+    k8s_object_manager_wait: true
+
+- name: Apply NetBox Homepage ingress manifest
+  ansible.builtin.import_role:
+    name: k8s_object_manager
+  vars:
+    k8s_object_manager_src: "{{ netbox_deploy_homepage_ingress_file.dest }}"
+    k8s_object_manager_state: present
+    k8s_object_manager_apply: true
+
+- name: Clean up NetBox deployment tmp directory
+  ansible.builtin.file:
+    path: "{{ netbox_deploy_tmp_dir }}"
+    state: absent
+
+- name: Persist netbox_deploy artifacts
+  ansible.builtin.import_role:
+    name: role_artifacts
+  vars:
+    # noqa: var-naming
+    calling_role_name: "netbox_deploy"
+    calling_role_artifacts_inputs:
+      kubeconfig: "{{ k8s_validator_kubeconfig }}"
+      context: "{{ k8s_validator_context }}"
+      application_file: "{{ netbox_deploy_application_file.dest }}"

ansible/roles/netbox_deploy/templates/netbox-application.yml.j2

@@ -0,0 +1,65 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: netbox
+  namespace: argocd
+spec:
+  project: coachlight-k3s-infra
+  source:
+    repoURL: https://netbox-community.github.io/netbox-chart
+    chart: netbox
+    targetRevision: "5.0.0-beta.145"
+    helm:
+      valuesObject:
+        superuser:
+          email: "admin@netbox.local"
+          password: "{{ netbox_deploy_superuser_password }}"
+
+        secretKey: "{{ netbox_deploy_secret_key }}"
+
+        persistence:
+          enabled: true
+          storageClass: "local-path"
+
+        postgresql:
+          enabled: true
+          primary:
+            persistence:
+              enabled: true
+              storageClass: "local-path"
+
+        redis:
+          enabled: true
+          master:
+            persistence:
+              enabled: true
+              storageClass: "local-path"
+          replica:
+            persistence:
+              enabled: true
+              storageClass: "local-path"
+
+        service:
+          annotations:
+            tailscale.com/expose: "true"
+            tailscale.com/hostname: "netbox"
+            tailscale.com/tags: "tag:k8s,tag:infra-monitoring"
+
+        ingress:
+          enabled: true
+          className: tailscale
+          hosts:
+            - host: netbox
+              paths:
+                - path: /
+                  pathType: Prefix
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: netbox
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

ansible/roles/netbox_deploy/templates/netbox-homepage-ingress.yml.j2

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netbox-homepage
+  namespace: netbox
+  annotations:
+    gethomepage.dev/enabled: "true"
+    gethomepage.dev/name: "NetBox"
+    gethomepage.dev/description: "Network Source of Truth"
+    gethomepage.dev/group: "Infrastructure"
+    gethomepage.dev/icon: "netbox.png"
+spec:
+  ingressClassName: tailscale
+  rules:
+    - host: netbox
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: netbox
+                port:
+                  number: 80