netbox-best-practiceslisted

# NetBox Best Practices (helm + version deltas) This skill COMPLEMENTS the official `netboxlabs/skills` marketplace (`/plugin marketplace add netboxlabs/skills`). For data modeling, IPAM design, API patterns, Diode ingestion, or validation, consult those skills first — they are maintained upstream and authoritative. This skill covers three areas they do not (as of 2026-06): 1. **netbox-chart (helm) deployment gotchas** → `references/helm-chart-gotchas.md` 2. **NetBox 4.2→4.6 version-delta cheat sheet** → `references/version-deltas.md` 3. **Modeling gaps**: module type profiles (4.3+), port-mapping rework (4.5) → `references/modeling-gaps.md` Evidence labels used throughout: `[source]` = verified against chart/NetBox source code (file:line cited); `[live]` = verified on a production install of chart 8.3.14 / NetBox v4.6.2; `[docs]` = official docs/release notes, adversarially verified (3-vote panel). ## The five rules that prevent the worst failures 1. **Never commit rendered helm templates.** With `superuser.password`, `secretKey`, and `apiTokenPeppers` left empty, every OFFLINE render regenerates them (`lookup` returns nothing without a live cluster), so `helm template` output contains fresh random secret material every time. Gitignore `template-*.yaml`. During a real `helm upgrade` the chart preserves existing values via `lookup`. [source: templates/_helpers.tpl] 2. **Name external Postgres clusters differently from the helm release.** A Zalando/CNPG