From 68a09812d1dbc399b7c55932e3b597255f18b064 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=C3=A4der?= <cimnine@users.noreply.github.com>
Date: Wed, 9 Oct 2019 12:11:01 +0200
Subject: [PATCH] Copied over the relevant parts from the README

---
 Deployment.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 Deployment.md

diff --git a/Deployment.md b/Deployment.md
new file mode 100644
index 0000000..1820927
--- /dev/null
+++ b/Deployment.md
@@ -0,0 +1,39 @@
+**Important: Also consider [the advice about configuring Netbox for production](configuration#configure-for-production) above!**
+
+You may run this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, but this is advanced level.
+
+In this case, we encourage you to statically configure Netbox by starting from [Netbox's example config file][default-config], and mounting it into your container in the directory `/etc/netbox/config/` using the mechanism provided by your container platform (i.e. [Docker Swarm configs][swarm-config], [Kubernetes ConfigMap][k8s-config], [OpenShift ConfigMaps][openshift-config]).
+
+But if you rather continue to configure your application through environment variables, you may continue to use [the built-in configuration file][docker-config].
+**We discourage storing secrets in environment variables**, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.
+
+Therefore we *strongly advise* to make use of the secrets mechanism provided by your container platform (i.e. [Docker Swarm secrets][swarm-secrets], [Kubernetes secrets][k8s-secrets], [OpenShift secrets][openshift-secrets]).
+[The configuration file][docker-config] and [the entrypoint script][entrypoint] try to load the following secrets from the respective files.
+If a secret is defined by an environment variable and in the respective file at the same time, then the value from the environment variable is used.
+
+* `SUPERUSER_PASSWORD`: `/run/secrets/superuser_password`
+* `SUPERUSER_API_TOKEN`: `/run/secrets/superuser_api_token`
+* `DB_PASSWORD`: `/run/secrets/db_password`
+* `SECRET_KEY`: `/run/secrets/secret_key`
+* `EMAIL_PASSWORD`: `/run/secrets/email_password`
+* `NAPALM_PASSWORD`: `/run/secrets/napalm_password`
+* `REDIS_PASSWORD`: `/run/secrets/redis_password`
+* `AUTH_LDAP_BIND_PASSWORD`: `/run/secrets/auth_ldap_bind_password`
+
+[docker-config]: https://github.com/netbox-community/netbox-docker/blob/master/configuration/configuration.py
+[default-config]: https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration.example.py
+[entrypoint]: https://github.com/netbox-community/netbox-docker/blob/master/docker/docker-entrypoint.sh
+[swarm-config]: https://docs.docker.com/engine/swarm/configs/
+[swarm-secrets]: https://docs.docker.com/engine/swarm/secrets/
+[openshift-config]: https://docs.openshift.org/latest/dev_guide/configmaps.html
+[openshift-secrets]: https://docs.openshift.org/latest/dev_guide/secrets.html
+[k8s-secrets]: https://kubernetes.io/docs/concepts/configuration/secret/
+[k8s-config]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
+
+## Community-maintained Deployments
+
+* [bootc/netbox][netbox-helm]
+* [CENGN/netbox-kubernetes][netbox-kubernetes]
+
+[netbox-kubernetes]: https://github.com/CENGN/netbox-kubernetes
+[netbox-helm]: https://github.com/bootc/netbox-chart
\ No newline at end of file