Skip to content

NBE-221: document backup and restore of Diode and Hydra secrets #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

NBE-221: document backup and restore of Diode and Hydra secrets #128

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b950873
docs: rename netbox.pgsql to netbox-enterprise.pgsql
RangerRick Jun 4, 2025
71fdba3
docs: backup and restore diode/hydra secrets
RangerRick Jun 4, 2025
b9a323b
Merge remote-tracking branch 'origin/main' into docs/NBE-221_save_and…
RangerRick Jun 6, 2025
5bfbc4c
docs: add all necessary privileges for restores
RangerRick Jun 6, 2025
3e89657
docs: make secrets backup on un-modified secrets too
RangerRick Jun 9, 2025
6e78cdf
docs: in some cases, force is required
RangerRick Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 51 additions & 2 deletions docs/netbox-enterprise/nbe-backups.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,33 @@ Save it somewhere safe for future restores.

For more details on backing up NetBox databases, see [the official NetBox documentation](https://netboxlabs.com/docs/netbox/en/stable/administration/replicating-netbox/).

#### Diode and Hydra Secrets (NetBox 1.10 and Up)

To ensure that Diode OAuth login information is not lost, you will also need to save the Diode and Hydra secrets from the cluster.

Run this set of commands:

```shell
NETBOX_NAMESPACE="kotsadm" && \
(
kubectl get secrets \
--namespace "${NETBOX_NAMESPACE}" \
--no-headers \
--output name \
| grep secret/diode \
| while read -r SECRET; do \
echo "---" && \
kubectl get \
"${SECRET}" \
--namespace "${NETBOX_NAMESPACE}" \
-o yaml \
| grep -v -E '^ (creationTimestamp|resourceVersion|uid):'; \
done \
) > netbox-enterprise-diode-secrets.yaml
```

Save it alongside your `netbox-enterprise.pgsql` for future restores.

### Restoring Your Backups

Restoring is almost as simple as backing up.
Expand Down Expand Up @@ -178,6 +205,20 @@ cat netbox-data.tar.gz | kubectl exec ${NETBOX_RESTORE_POD} \
-C /opt/netbox/netbox
```

#### Diode and Hydra Secrets (NetBox 1.10 and Up)

To restore from a secrets yaml file, pass it to `kubectl apply` like so:

```shell
# add/replace existing diode secrets
NETBOX_NAMESPACE="kotsadm" && \
kubectl apply \
--server-side \
--force-conflicts \
--namespace "${NETBOX_NAMESPACE}" \
--filename netbox-enterprise-diode-secrets.yaml
```

#### Built-In PostgreSQL

To restore from a dump file, pipe the `netbox-enterprise.pgsql` created during backup into `psql` in the PostgreSQL pod:
Expand Down Expand Up @@ -223,6 +264,14 @@ while read -r DB; do
-n "${NETBOX_NAMESPACE}" \
-i \
-c database \
-- psql -c "ALTER DATABASE ${DB} OWNER TO ${DB}; GRANT ALL PRIVILEGES ON DATABASE ${DB} TO ${DB};";
-- \
psql --dbname "${DB}" -c "\
ALTER DATABASE ${DB} OWNER TO ${DB}; \
GRANT ALL PRIVILEGES ON DATABASE ${DB} TO ${DB}; \
GRANT CREATE ON SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ${DB}; \
"; \
done
```
```