LibreNMS-Helm deploys LibreNMS on Kubernetes using Helm, including optional supporting services.
Run the installer script:
sudo -i
curl -fsSL https://raw.githubusercontent.com/LoveSkylark/LibreNMS-Installer/main/LibreNMS-Install | sudo bashThe script installs:
- Git
- SNMP client
- K3s
- K9s
- Helm
- LibreNMS stack
After installation or when using a fresh chart copy, update dependencies:
cd /data/vault/LibreNMS-Helm
helm dependency updateThis downloads chart dependencies used by the LibreNMS app chart.
After installation, open a new terminal and run:
sudo -i
nms startWhen prompted, set these values first:
storage.pathapplication.host.FQDNapplication.host.volumeSizemariadb.host.volumeSizemariadb.credentials.rootPasswordmariadb.credentials.usermariadb.credentials.password
Save in the editor with a, then Esc, then :wq.
Use one of these TLS modes. The main LibreNMS chart now manages the application-layer cert-manager resources when TLS automation is enabled.
Set:
ingress.https=trueingress.tls.secretName=<secret-name>
Create the secret:
kubectl create secret tls <secret-name> \
--cert=<certificate-file> \
--key=<key-file> \
--namespace <namespace>If you already installed a wildcard certificate secret, set:
ingress.https=trueingress.tls.existingSecretName=<wildcard-secret-name>
Optional:
ingress.redirectToHttps.enabled=true
When ingress.tls.existingSecretName is set, the chart uses that secret and skips the Let's Encrypt issuer flow.
Prerequisite: cert-manager installed and an Issuer or ClusterIssuer already created.
Set:
ingress.https=trueingress.letsEncrypt.enabled=trueingress.letsEncrypt.createIssuer=falseingress.letsEncrypt.issuerKind=ClusterIssuer(orIssuer)ingress.letsEncrypt.issuerName=letsencrypt-prodingress.tls.secretName=<certificate-secret-name>
Prerequisites:
- cert-manager installed in the cluster
- Secret with ACME-DNS credentials exists in the namespace expected by the issuer you reference
- Secret contains key
acme-dns-account.json
Set:
ingress.https=trueingress.letsEncrypt.enabled=trueingress.letsEncrypt.createIssuer=trueingress.letsEncrypt.issuerKind=ClusterIssuer(orIssuer)ingress.letsEncrypt.issuerName=letsencrypt-prodingress.letsEncrypt.email=admin@example.comingress.letsEncrypt.acmeDns.host=auth.example.comingress.letsEncrypt.acmeDns.accountSecretName=acme-dns-credentialsingress.tls.secretName=<certificate-secret-name>
Manual secret creation example:
kubectl create secret generic acme-dns-credentials \
--from-file=acme-dns-account.json=/data/certs/acme-dns-account.json \
-n cert-managerRun these in order to avoid CRD race conditions:
# 1) Install cert-manager controller + CRDs once
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install cert-manager jetstack/cert-manager \
-n cert-manager --create-namespace --set crds.enabled=true
# 2) Install LibreNMS app chart
helm upgrade --install librenms . \
-n librenms -f /data/lnms-config.yamlValidate:
kubectl get crd | grep cert-manager
kubectl get clusterissuer
kubectl get certificate -n librenms
kubectl get secret https-cert -n librenmsOpen another shell and run:
sudo k9sWith K9s you can:
- Open a shell in pods
- View logs
- Restart or delete pods during troubleshooting
This project is still in active development and improvements are ongoing.