docs(peers): add bootstrap via config file guide#731
Open
SunsetDrifter wants to merge 1 commit intomainfrom
Open
docs(peers): add bootstrap via config file guide#731SunsetDrifter wants to merge 1 commit intomainfrom
SunsetDrifter wants to merge 1 commit intomainfrom
Conversation
New page covering how to pre-populate default.json so NetBird peers register with the right settings on first start in IaC, Docker, and Kubernetes deployments. Documents file location across OSes, common keys (with guidance to leave PrivateKey empty and treat PreSharedKey as optional), runtime setup-key injection with worked Docker and Kubernetes ConfigMap + Secret examples, backup hazards around the embedded WireGuard private key, and how to verify registration via netbird status --check startup, --json, and GET /api/peers. Includes a callout that this workflow is for unattended workloads only -- end-user devices should still enroll via the SSO flow so Zero Trust can re-verify the user identity. Linked from Manage NetBird -> Peers, right after Setup Keys.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/manage/peers/bootstrap-via-config-filecovering how to pre-populatedefault.jsonso NetBird peers come up with the right settings on first start in IaC, Docker, and Kubernetes deployments.PrivateKeyempty and treatPreSharedKeyas optional (WireGuard PSKs are not auto-generated), and the recommendation to derive a template by bootstrapping one peer manually on the target version.NB_SETUP_KEYvia Docker-eand KubernetesConfigMap+Secret.default.jsoncarries the peer's WireGuard private key, and a cloned identity is rejected by management while the original peer is still connected. Recommends re-registration via setup keys, with Ephemeral Peers for short-lived workloads.netbird status --check live|ready|startup,netbird status --json, and fleet-wideGET /api/peerschecks (with a pointer to service users + PATs).