Deployment Options for Developer Portal Helm

This guide lists and describes the parameters you can set when deploying the Developer Portal from a Helm chart.


This documentation applies to NGINX Management Suite API Connectivity Manager 1.3.0 and later.

Default Developer Portal Helm Settings

This topic lists the default values that are used when installing the Developer Portal from a Helm chart. You can change these values to meet your specific needs.

The values.yaml file within the nginx-devportal Helm chart contains the deployment configuration for the Developer Portal.

You can update these fields directly in the values.yaml file or by specifying the --set flag when running helm install.

To modify a configuration for an existing release, run the helm upgrade command and use the --set flag or -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.

The following table lists the configurable parameters and default values used by the Developer Portal chart when installing from a Helm chart.

Parameter Description Default
api.acm.client.caSecret.name This secret can be used in order to provide a custom CA certificate when communicating from ACM to the Developer Portal via a TLS secured http connection. This should be set to the name of the secret in the release namespace that contains the CA certificate. ""
api.acm.client.caSecret.key Key used in the secret to specify the CA file content (to add multiple certificates, chain them into one file). ""
api.container.port TCP port for the pod to listen on. 8080
api.db.external PostgreSQL server can be external. false
api.db.host PostgreSQL server to use; defaults to the internal deployment service name. postgres.devportal.svc
api.db.name Database schema name to use. devportal
api.db.pass Password to use for PostgreSQL. nginxdm
api.db.port Port to use for PostgreSQL. If api.db.external is true, the port PostgreSQL is listening on. If api.db.external is false, the port the internal PostgreSQL should listen on. 5432
api.db.tls.secretName User-provided secret containing TLS CA certificate for database server validation. An optional certificate/key when using client certificates can also be provided. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. ""
api.db.tls.verifyMode TLS verification modes for connecting to PostgreSQL. Options are disable, require, verify-ca, or verify-full require
api.db.type Database type to use with the Developer Portal api service. The database type can be sqlite or psql (for PostgreSQL) psql
api.db.user Username to use for PostgreSQL. nginxdm
api.image.pullPolicy Image pull policy. IfNotPresent
api.image.repository Repository name and path for the api image. api
api.image.tag Tag used for pulling images from registry. latest
api.logLevel Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug info
api.name Set the deployment name of the api. api
api.persistence.claims.accessMode Claim access mode. Can be ReadWriteOnce or ReadWriteMany ReadWriteOnce
api.persistence.claims.existingClaim Enable reuse of an existing claim. false
api.persistence.claims.size Size of claim to allocate. 250Mi
api.persistence.enabled Optionally disable persistent storage, used for database data. true
api.replicas Set the number of API replicas in the deployment. This can be scaled above 1 only when api.db.type is psql. 1
api.resources.requests.cpu CPU resource limits to allow for the api pods. 125m
api.resources.requests.memory Memory resource limits to allow for the api pods. 128Mi
api.service.port TCP port for the api service to listen on. This port maps to the ACM Environment ServiceTarget Listener port. For example, you may change this to 8443 when running the api with TLS. 8080
api.tls.clientNames Common Names of client certificates to allow in a space seperated list. ""
api.tls.clientValidation Verify client certificates if sent with CA file. false
api.tls.secretName User provided secret containing TLS certificate/key pair and optional CA when using client certificates. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. ""
apigw.container.port TCP port for the pod to listen on. 80
apigw.controlPlane.host The ACM control plane IP address or hostname. 127.0.0.1
apigw.controlPlane.instance_group The ACM control plane instance_group for this agent to become a member of. devportal
apigw.image.pullPolicy Image pull policy. IfNotPresent
apigw.image.repository Repository name and path for the apigw image. apigw
apigw.image.tag Tag used for pulling images from the registry. latest
apigw.ingress.enabled Optionally enable ingress via an Ingress Controller. false
apigw.ingress.host Host to apply ingress rules to. localhost
apigw.name Set the deployment name of the API Gateway. apigw
apigw.persistence.claims.accessMode Claim access mode. Can be ReadWriteOnce or ReadWriteMany ReadWriteOnce
apigw.persistence.claims.existingClaim Enable reuse of an existing claim. false
apigw.persistence.claims.size Size of claim to allocate. 250Mi
apigw.persistence.enabled Optionally disable persistent storage used for OIDC session data. true
apigw.resources.requests.cpu CPU resource limits to allow for the apigw pods. 125m
apigw.resources.requests.memory Memory resource limits to allow for the apigw pods. 128Mi
apigw.service.annotations Annotations to apply to the apigw service. {}
apigw.service.port TCP port for the apigw service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to 443 when running the apigw with TLS. 80
fullnameOverride Override the full name of the Developer Portal chart. devportal
imagePullSecrets List of secrets to use for pulling images. []
nameOverride Override the name of the Developer Portal chart. devportal
serviceAccount.annotations Annotations to apply to the service account. {}
serviceAccount.name Name of the service account to use. devportal

Common Deployment Configurations

Deploy Developer Portal with an SQLite database

You can use an SQLite database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a PersistentVolumeClaim (PVC) for storage of the SQLlite data files.

To use SQLite database, you need the following:

  • An installed, licensed, and running version of API Connectivity Manager
  • Access to a Kubernetes (or similar) cluster

Set the following configuration options to use a SQLite database:

Parameter Value
api.db.external false
api.db.type sqlite

Deploy Developer Portal with an embedded PostgreSQL database

You can use an embedded PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a PersistentVolumeClaim (PVC) for storage of the the PostgreSQL data files. Access between the backend API service and the database is secured using auto-generated client TLS certificates.

To use an embedded PostgreSQL database, you need the following:

  • An installed, licensed, and running version of API Connectivity Manager
  • Access to a Kubernetes (or similar) cluster

Set the following configuration options to use an embedded PostgreSQL database:

Parameter Value
api.db.external false
api.db.pass nginxdm
api.db.type psql
api.db.user nginxdm
api.persistence.claims.accessMode ReadWriteOnce
api.persistence.claims.existingClaim false
api.persistence.claims.size 250Mi
api.persistence.enabled true

Deploy Developer Portal with an external PostgreSQL database

You can use an external PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. Access between the backend API service and the database can be secured using TLS server certificates and optional client TLS certificates.

To use an external PostgreSQL database, you need the following:

  • An installed, licensed, and running version of API Connectivity Manager
  • Access to a Kubernetes (or similar) cluster
  • A PostgreSQL service that your Kubernetes cluster can connect to using the required TCP port
  • (Optional) a TLS CA certificate for verifying PostgreSQL server TLS certificates
  • (Optional) a TLS client certificate and key for authenticating with the PostgreSQL server

Set the following configuration options to use an external PostgreSQL database:

Parameter Value
api.db.external true
api.db.host pg.nginx.com
api.db.pass nginxdm
api.db.tls.secretName db-certs
api.db.tls.verify_mode verify-full
api.db.type psql
api.db.user nginxdm

Deploy Developer Portal using TLS for the backend API service

When deploying the Developer Portal using a helm hcart, you can configure TLS to secure communication between the NGINX API Gateway and backend API service.

To use TLS with the backend API service, you need the following:

  • An installed, licensed, and running version of API Connectivity Manager
  • Access to a Kubernetes (or similar) cluster
  • (Optional) A TLS CA certificate to verify NGINX API Gateway client TLS certificates
  • (Optional) A TLS server certificate and key pair for validation with the NGINX API Gateway

Set the following configuration options to use TLS with the backend API service:

Parameter Value
api.db.external false
api.db.type sqlite
api.tls.client_names ``
api.tls.client_validation true
api.tls.secretName test