NGINX sidecar¶
When using Nginx container as a sidecar to Nautobot, requests are being proxied from Nginx to Nautobot.
In order to deploy this, you have to enable nginx under nautobot key in values.yaml similar to the below:
With that configuration it is achieved to use the native (socket) uwsgi protocol as described in uwsgi's docs.
Warning
Default readiness Probes for Nautobot Pods are going to fail.
The cause for the failure of probes is that now Nautobot's uwsgi server doesn't expose HTTP/8080 ports to do httpGet requests against it, and uwsgi's socket is not behaving like normal TCP socket to use a probe of kind tcpSocket.
To overcome it you have either to disable the probes for Nautobot pods or configure them to use exec similar to the example below:
nautobot:
readinessProbe:
enabled: true
exec:
command:
- "bash"
- "-c"
- "nautobot-server health_check"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 15
failureThreshold: 3
successThreshold: 1
Custom Nginx configuration¶
You can pass a custom Nginx configuration similar with nautobot_config.py and uwsgi.ini files. As an example to pass it through file you can use --set-file nautobot.nginx.config=nginx.config when installing the chart.
Custom certificates¶
There is an extra initContainer that copies the certificates from Nautobot containers into a shared volume that Nginx sidecar is using to get the certificates for TLS termination. If you have internal PKI, you somehow store those certificates into the container. You can specify the path (without the trailing slash /) of the directory with the certificates_path value. Keep in mind that the files must be named nautobot.crt and nautobot.key.