End of Sale Notice:
F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.
F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.
See our End of Sale announcement for more details.
Deployment Options for Developer Portal Helm
This guide lists and describes the parameters you can set when deploying the Developer Portal from a Helm chart.
Default Developer Portal Helm Settings
This topic lists the default values that are used when installing the Developer Portal from a Helm chart. You can change these values to meet your specific needs.
The values.yaml file within the nginx-devportal Helm chart contains the deployment configuration for the Developer Portal.
You can update these fields directly in the values.yaml file or by specifying the --set flag when running helm install.
To modify a configuration for an existing release, run the helm upgrade command and use the --set flag or -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
The following table lists the configurable parameters and default values used by the Developer Portal chart when installing from a Helm chart.
| Parameter | Description | Default |
|---|---|---|
api.acm.client.caSecret.name |
This secret can be used in order to provide a custom CA certificate when communicating from API Connectivity Manager to the Developer Portal via a TLS secured http connection. This should be set to the name of the secret in the release namespace that contains the CA certificate. | "" |
api.acm.client.caSecret.key |
Key used in the secret to specify the CA file content (to add multiple certificates, chain them into one file). | "" |
api.container.port |
TCP port for the pod to listen on. | 8080 |
api.container.securityContext |
Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | {} |
api.db.external |
PostgreSQL server can be external. | false |
api.db.host |
PostgreSQL server to use; defaults to the internal deployment service name. | postgres.devportal.svc |
api.db.name |
Database schema name to use. | devportal |
api.db.pass |
Password to use for PostgreSQL. | nginxdm |
api.db.port |
Port to use for PostgreSQL. If api.db.external is true, the port PostgreSQL is listening on. If api.db.external is false, the port the internal PostgreSQL should listen on. |
5432 |
api.db.tls.secretName |
User-provided secret containing TLS CA certificate for database server validation. An optional certificate/key when using client certificates can also be provided. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. |
"" |
api.db.tls.verifyMode |
TLS verification modes for connecting to PostgreSQL. Options are disable, require, verify-ca, or verify-full |
require |
api.db.type |
Database type to use with the Developer Portal api service. The database type can be sqlite or psql (for PostgreSQL) |
psql |
api.db.user |
Username to use for PostgreSQL. | nginxdm |
api.image.pullPolicy |
Image pull policy. | IfNotPresent |
api.image.repository |
Repository name and path for the api image. |
api |
api.image.tag |
Tag used for pulling images from registry. | latest |
api.logLevel |
Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug |
info |
api.name |
Set the deployment name of the api. | devportal-api |
api.podSecurityContext |
Allows user to set security-related configurations at pod level, defining how the pod should run and what privileges it should have. | {} |
api.persistence.claims.accessMode |
Claim access mode. Can be ReadWriteOnce or ReadWriteMany |
ReadWriteOnce |
api.persistence.claims.accessMode |
Claim access mode. Can be ReadWriteOnce or ReadWriteMany |
ReadWriteOnce |
api.persistence.claims.size |
Size of claim to allocate. | 250Mi |
api.persistence.enabled |
Optionally disable persistent storage, used for database data. | true |
api.replicas |
Set the number of API replicas in the deployment. This can be scaled above 1 only when api.db.type is psql. |
1 |
api.resources.requests.cpu |
Initial CPU resource requests for the api pods. |
125m |
api.resources.requests.memory |
Initial Memory resource requests for the api pods. |
128Mi |
api.service.port |
TCP port for the api service to listen on. This port maps to the API Connectivity Manager Environment ServiceTarget Listener port. For example, you may change this to 8443 when running the api with TLS. |
8080 |
api.tls.clientNames |
Common Names of client certificates to allow in a space separated list. | "" |
api.tls.clientValidation |
Verify client certificates if sent with CA file. | false |
api.tls.secretName |
User provided secret containing TLS certificate/key pair and optional CA when using client certificates. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. |
"" |
apigw.container.port |
TCP port for the pod to listen on. | 80 |
apigw.container.securityContext |
Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | {} |
apigw.controlPlane.host |
The API Connectivity Manager control plane IP address or hostname. | 127.0.0.1 |
apigw.controlPlane.instanceGroup |
The API Connectivity Manager control plane instance group for this agent to become a member of. | devportal |
apigw.image.pullPolicy |
Image pull policy. | IfNotPresent |
apigw.image.repository |
Repository name and path for the apigw image. |
apigw |
apigw.image.tag |
Tag used for pulling images from the registry. | latest |
apigw.ingress.enabled |
Optionally enable ingress via an Ingress Controller. | false |
apigw.ingress.host |
Host to apply ingress rules to. | localhost |
apigw.name |
Set the deployment name of the API Gateway. | devportal-gateway |
apigw.podSecurityContext |
Allows user to set security-related configurations at a pod level, defining how the pod should run and what privileges it should have. | {} |
apigw.persistence.claims.accessMode |
Claim access mode. Can be ReadWriteOnce or ReadWriteMany |
ReadWriteOnce |
apigw.persistence.claims.existingClaim |
Enable reuse of an existing claim. | false |
apigw.persistence.claims.size |
Size of claim to allocate. | 250Mi |
apigw.persistence.enabled |
Optionally disable persistent storage used for OIDC session data. | true |
apigw.resources.requests.cpu |
Initial CPU resource requests for the apigw pods. |
125m |
apigw.resources.requests.memory |
Initial Memory resource requests for the apigw pods. |
128Mi |
apigw.service.annotations |
Annotations to apply to the apigw service. |
{} |
apigw.service.port |
TCP port for the apigw service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to 443 when running the apigw with TLS. |
80 |
apigw.service.type |
The type of Service to expose for the devportal-apigw, options are ClusterIP, NodePort & LoadBalancer. |
ClusterIP |
apigw.service.nodePortHttp |
When it’s type NodePort, use nodePortHttp to set a static value. If left empty, Kubernetes will generate an ephemeral NodePort. |
"" |
apigw.service.externalIPs |
List of external IP addresses to apply to this service. | [] |
apigw.acmService.annotations |
Annotations to apply to the apigw service. |
{} |
apigw.acmService.enabled |
Enables a service for the API Connectivity Manager DevPortal service. | false |
apigw.acmService.port |
TCP port for the apigw service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to 443 when running the apigw with TLS. |
80 |
apigw.acmService.type |
The type of Service to expose for the devportal-apigw, options are ClusterIP, NodePort & LoadBalancer. |
ClusterIP |
apigw.acmService.nodePortHttp |
When it’s type NodePort, use nodePortHttp to set a static value. If left empty, Kubernetes will generate an ephemeral NodePort. |
"" |
apigw.acmService.externalIPs |
List of external IP addresses to apply to this service. | [] |
embeddedPostgres.container.securityContext |
Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | {} |
embeddedPostgres.image.pullPolicy |
Image pull policy. | IfNotPresent |
embeddedPostgres.image.repository |
Repository name and path for the image used by embedded Postgres. | postgres |
embeddedPostgres.image.tag |
Tag used for pulling images from the registry for embedded Postgres. | 12-alpine |
embeddedPostgres.podSecurityContext |
Allows user to set security-related configurations at a pod level, defining how the pod should run and what privileges it should have. | {} |
fullnameOverride |
Override the full name of the Developer Portal chart. | devportal |
imagePullSecrets |
List of secrets to use for pulling images. | [] |
nameOverride |
Override the name of the Developer Portal chart. | devportal |
serviceAccount.annotations |
Annotations to apply to the service account. | {} |
serviceAccount.name |
Name of the service account to use. | devportal |
Common Deployment Configurations
Deploy Developer Portal with an SQLite database
You can use an SQLite database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a PersistentVolumeClaim (PVC) for storage of the SQLite data files.
To use SQLite database, you need the following:
- An installed, licensed, and running version of API Connectivity Manager
- Access to a Kubernetes (or similar) cluster
Set the following configuration options to use a SQLite database:
| Parameter | Value |
|---|---|
api.db.external |
false |
api.db.type |
sqlite |
Deploy Developer Portal with an embedded PostgreSQL database
You can use an embedded PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a PersistentVolumeClaim (PVC) for storage of the the PostgreSQL data files. Access between the backend API service and the database is secured using auto-generated client TLS certificates.
To use an embedded PostgreSQL database, you need the following:
- An installed, licensed, and running version of API Connectivity Manager
- Access to a Kubernetes (or similar) cluster
Set the following configuration options to use an embedded PostgreSQL database:
| Parameter | Value |
|---|---|
api.db.external |
false |
api.db.pass |
nginxdm |
api.db.type |
psql |
api.db.user |
nginxdm |
api.persistence.claims.accessMode |
ReadWriteOnce |
api.persistence.claims.existingClaim |
false |
api.persistence.claims.size |
250Mi |
api.persistence.enabled |
true |
Deploy Developer Portal with an external PostgreSQL database
You can use an external PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. Access between the backend API service and the database can be secured using TLS server certificates and optional client TLS certificates.
To use an external PostgreSQL database, you need the following:
- An installed, licensed, and running version of API Connectivity Manager
- Access to a Kubernetes (or similar) cluster
- A PostgreSQL service that your Kubernetes cluster can connect to using the required TCP port
- (Optional) a TLS CA certificate for verifying PostgreSQL server TLS certificates
- (Optional) a TLS client certificate and key for authenticating with the PostgreSQL server
Set the following configuration options to use an external PostgreSQL database:
| Parameter | Value |
|---|---|
api.db.external |
true |
api.db.host |
pg.nginx.com |
api.db.pass |
nginxdm |
api.db.tls.secretName |
db-certs |
api.db.tls.verifyMode |
verify-full |
api.db.type |
psql |
api.db.user |
nginxdm |
Deploy Developer Portal using TLS for the backend API service
When deploying the Developer Portal using a helm chart, you can configure TLS to secure communication between the NGINX API Gateway and backend API service.
To use TLS with the backend API service, you need the following:
- An installed, licensed, and running version of API Connectivity Manager
- Access to a Kubernetes (or similar) cluster
- (Optional) A TLS CA certificate to verify NGINX API Gateway client TLS certificates
- (Optional) A TLS server certificate and key pair for validation with the NGINX API Gateway
Set the following configuration options to use TLS with the backend API service:
| Parameter | Value |
|---|---|
api.db.external |
false |
api.db.type |
sqlite |
api.tls.clientNames |
`` |
api.tls.clientValidation |
true |
api.tls.secretName |
test |