Configurable Helm Settings
This reference guide lists the configurable Helm chart parameters and default settings for the NGINX Management Suite platform and modules.
This documentation applies to NGINX Management Suite Instance Manager 2.5.0 and later.
NGINX Management Suite Helm Chart Settings
The following table lists the configurable parameters and default values for the NGINX Management Suite platform when installing from a Helm chart.
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
| Parameter | Description | Default |
|---|---|---|
nms-hybrid.adminPasswordHash |
The hashed value of the password for the admin user. To generate the hash using openssl, run a command similar to the following example: openssl passwd -1 "YouPassword123#" |
N/A |
nms-hybrid.nmsClickhouse.enabled |
Enable this if external ClickHouse is not used. | true |
nms-hybrid.nmsClickhouse.fullnameOverride |
Modify the name of ClickHouse resources. | clickhouse |
nms-hybrid.nmsClickhouse.image.repository |
Repository name and path public ClickHouse image. | clickhouse/clickhouse-server |
nms-hybrid.nmsClickhouse.image.tag |
Tag used for pulling images from registry. | 21.3.20.1-alpine |
nms-hybrid.nmsClickhouse.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.nmsClickhouse.user |
Username to connect to the nms ClickHouse server as. | N/A |
nms-hybrid.nmsClickhouse.password |
Password for nms ClickHouse server. | N/A |
nms-hybrid.nmsClickhouse.service.name |
ClickHouse service name. | clickhouse |
nms-hybrid.nmsClickhouse.service.rpcPort |
ClickHouse service port. | 9000 |
nms-hybrid.nmsClickhouse.resources.requests.cpu |
Minimum required CPU on a node to run ClickHouse server. | 500m |
nms-hybrid.nmsClickhouse.resources.requests.memory |
Minimum required memory on a node to run ClickHouse server. | 1Gi |
nms-hybrid.nmsClickhouse.persistence.enabled |
Use PVCs to persist ClickHouse data. | true |
nms-hybrid.nmsClickhouse.persistence.existingClaim |
Name of an existing Persistent Volume Claim (PVC) to use for ClickHouse persistence | N/A |
nms-hybrid.nmsClickhouse.persistence.storageClass |
Storage Class to use for creating a ClickHouse PVC | |
nms-hybrid.nmsClickhouse.persistence.volumeName |
Name to use a ClickHouse PVC volume | |
nms-hybrid.nmsClickhouse.persistence.accessMode |
PVC access mode for ClickHouse | ReadWriteOnce |
nms-hybrid.nmsClickhouse.persistence.size |
PVC size ClickHouse | 1G |
nms-hybrid.externalClickhouse.address |
Address of external ClickHouse service. | |
nms-hybrid.externalClickhouse.user |
User of external ClickHouse service. | |
nms-hybrid.externalClickhouse.password |
Password of external ClickHouse service. | |
nms-hybrid.serviceAccount.annotations |
Set custom annotations for the service account used by NMS. | {} |
nms-hybrid.apigw.name |
Name used for API Gateway resources. | apigw |
nms-hybrid.apigw.tlsSecret |
To bring your own NGINX API Gateway certificates for hosting HTTPS NMS server, set “tlsSecret” to an existing kubernetes secret name in the same namespace as the chart. We recommend to set “tlsSecret” for production use case to manage certs. By default, this helm chart creates it’s own CA to self-sign HTTPS server cert key pair. These are not managed. | |
nms-hybrid.apigw.image.repository |
Repository name and path for the apigw image. |
apigw |
nms-hybrid.apigw.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.apigw.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.apigw.container.port.https |
Container https port. | 443 |
nms-hybrid.apigw.service.name |
Service name. | apigw |
nms-hybrid.apigw.service.httpsPort |
Service https port. | 443 |
nms-hybrid.apigw.resources.requests.cpu |
Minimum required CPU on a node to run core. |
250m |
nms-hybrid.apigw.resources.requests.memory |
Minimum required memory on a node to run core. |
256Mi |
nms-hybrid.core.name |
Name used for API Gateway resources. | core |
nms-hybrid.core.image.repository |
Repository name and path for the core image. |
core |
nms-hybrid.core.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.core.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.core.container.port.http |
Container http port. | 8033 |
nms-hybrid.core.container.port.db |
Container database port. | 7891 |
nms-hybrid.core.container.port.grpc |
Container grpc port. | 8038 |
nms-hybrid.core.service.httpPort |
Service https port. | 8033 |
nms-hybrid.core.service.grpcPort |
Service https port. | 8038 |
nms-hybrid.core.resources.requests.cpu |
Minimum required CPU on a node to run core. |
500m |
nms-hybrid.core.resources.requests.memory |
Minimum required memory on a node to run core. |
512Mi |
nms-hybrid.core.persistence.enabled |
Enable persistence for core service. |
true |
nms-hybrid.core.persistence.claims |
An array of persistent volume claims for Dqlite and secrets, can be modified to use an existing PVC. | See Dqlite and Secrets |
nms-hybrid.core.persistence.storageClass |
Storage Class to use for creating a core PVC |
|
nms-hybrid.core.persistence.volumeName |
Name to use a core PVC volume |
|
nms-hybrid.dpm.name |
Name used for dpm. |
dpm |
nms-hybrid.dpm.image.repository |
Repository name and path for the dpm image. |
dpm |
nms-hybrid.dpm.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.dpm.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.dpm.container.port.http |
Container http port. | 8034 |
nms-hybrid.dpm.container.port.nats |
Container database port. | 9100 |
nms-hybrid.dpm.container.port.db |
Container database port. | 7890 |
nms-hybrid.dpm.container.port.grpc |
Container grpc port. | 8036 |
nms-hybrid.dpm.service.name |
Service name. | nms |
nms-hybrid.dpm.service.httpPort |
Service https port. | 8034 |
nms-hybrid.dpm.service.grpcPort |
Service https port. | 8036 |
nms-hybrid.dpm.service.natsPort |
Service https port. | 9100 |
nms-hybrid.dpm.resources.requests.cpu |
Minimum required CPU on a node to run dpm. |
500m |
nms-hybrid.dpm.resources.requests.memory |
Minimum required memory on a node to run dpm. |
512Mi |
nms-hybrid.dpm.persistence.enabled |
Enable persistence for dpm service. |
true |
nms-hybrid.dpm.persistence.claims |
An array of persistent volume claims for Dqlite and NATS, can be modified to use an existing PVC. | See Dqlite and NATS streaming |
nms-hybrid.dpm.persistence.storageClass |
Storage Class to use for creating a dpm PVC |
|
nms-hybrid.dpm.persistence.volumeName |
Name to use a dpm PVC volume |
|
nms-hybrid.ingestion.name |
Name used for ingestion. |
ingestion |
nms-hybrid.ingestion.image.repository |
Repository name and path for the dpm image. |
ingestion |
nms-hybrid.ingestion.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.ingestion.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.ingestion.replicaCount |
Number of replicas of ingestion to run. |
1 |
nms-hybrid.ingestion.container.port.grpc |
Container http port. | 8035 |
nms-hybrid.ingestion.service.name |
Service name. | nms |
nms-hybrid.ingestion.service.grpcPort |
Service https port. | 8035 |
nms-hybrid.ingestion.resources.requests.cpu |
Minimum required CPU on a node to run ingestion. |
500m |
nms-hybrid.ingestion.resources.requests.memory |
Minimum required memory on a node to run ingestion. |
512Mi |
nms-hybrid.integrations.name |
Name used for integrations. |
integrations |
nms-hybrid.integrations.image.repository |
Repository name and path for the integrations image. |
integrations |
nms-hybrid.integrations.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.integrations.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.integrations.container.port.http |
Container http port. | 8037 |
nms-hybrid.integrations.container.port.db |
Container database port. | 7892 |
nms-hybrid.integrations.service.name |
Service name. | nms |
nms-hybrid.integrations.service.httpPort |
Service https port. | 8037 |
nms-hybrid.integrations.resources.requests.cpu |
Minimum required CPU on a node to run integrations. |
500m |
nms-hybrid.integrations.resources.requests.memory |
Minimum required memory on a node to run integrations. |
512Mi |
nms-hybrid.integrations.persistence.enabled |
Enable persistence for integrations service. |
true |
nms-hybrid.integrations.persistence.claims |
An array of persistent volume claims for Dqlite, can be modified to use an existing PVC. | See Dqlite - size is 1Gi |
nms-hybrid.integrations.persistence.storageClass |
Storage Class to use for creating a integrations PVC |
|
nms-hybrid.integrations.persistence.volumeName |
Name to use a integrations PVC volume |
NIM Dqlite storage configuration
- name: dqlite
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce
NIM Secrets storage configuration
- name: secrets
existingClaim:
size: 128Mi
accessMode: ReadWriteOnce
NIM NATS storage configuration
- name: nats-streaming
existingClaim:
size: 1Gi
accessMode: ReadWriteOnce
API Connectivity Manager Helm Chart Settings
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
The following table lists the configurable parameters and default values used by the API Connectivity Manager chart when installing from a Helm chart.
| Parameter | Description | Default |
|---|---|---|
nms-acm.acm.logLevel |
Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug |
info |
nms-acm.acm.image.repository |
Repository name and path for the acm image. |
acm |
nms-acm.acm.image.tag |
Tag used for pulling images from registry. | latest |
nms-acm.acm.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-acm.acm.container.port.http |
TCP port for the pod to listen on. | 8037 |
nms-acm.acm.container.port.db |
Port to use for Dqlite. | 9300 |
nms-acm.acm.service.httpPort |
TCP port for the service to listen on. | 8037 |
nms-acm.acm.resources.requests.cpu |
CPU resource limits to allow for the acm pods. |
500m |
nms-acm.acm.resources.requests.memory |
Memory resource limits to allow for the api pods. |
512Mi |
nms-acm.acm.persistence.enabled |
Optionally disable persistent storage, used for database data. | true |
nms-acm.acm.persistence.claims |
An array of persistent volume claims, can be modified to use an existing PVC. | See Dqlite(#dqlite-configuration) |
nms-acm.acm.devportal.credentials.enabled |
Enables the Create Credentials Endpoint on the Developer Portal | false |
nms-acm.acm.devportal.credentials.ssl |
This should be set to true if mTLS has been configured between ACM and the Developer Portal, for more information see Create Credentials Endpoint on the Developer Portal | false |
nms-acm.acm.devportal.client.caSecret.name |
This should be set if an unknown Certificate Authority is needed for communication with the Devloper Portal in order to provide a CA certificate. This should be set to the name of the secret in the release namespace that contains the CA certificate. | `` |
nms-acm.acm.devportal.client.caSecret.key |
This should be set if an unknown Certificate Authority is needed for communication with the Devloper Portal in order to provide a CA certificate. This should be set to the key of the secret in the release namespace that contains the CA certificate. | `` |
ACM Dqlite configuration
- name: dqlite
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce
Developer Portal Helm Chart Settings
The values.yaml file within the nginx-devportal Helm chart contains the deployment configuration for the Developer Portal.
You can update these fields directly in the values.yaml file or by specifying the --set flag when running helm install.
To modify a configuration for an existing release, run the helm upgrade command and use the --set flag or -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
The following table lists the configurable parameters and default values used by the Developer Portal chart when installing from a Helm chart.
| Parameter | Description | Default |
|---|---|---|
api.acm.client.caSecret.name |
This secret can be used in order to provide a custom CA certificate when communicating from ACM to the Developer Portal via a TLS secured http connection. This should be set to the name of the secret in the release namespace that contains the CA certificate. | "" |
api.acm.client.caSecret.key |
Key used in the secret to specify the CA file content (to add multiple certificates, chain them into one file). | "" |
api.container.port |
TCP port for the pod to listen on. | 8080 |
api.db.external |
PostgreSQL server can be external. | false |
api.db.host |
PostgreSQL server to use; defaults to the internal deployment service name. | postgres.devportal.svc |
api.db.name |
Database schema name to use. | devportal |
api.db.pass |
Password to use for PostgreSQL. | nginxdm |
api.db.port |
Port to use for PostgreSQL. If api.db.external is true, the port PostgreSQL is listening on. If api.db.external is false, the port the internal PostgreSQL should listen on. |
5432 |
api.db.tls.secretName |
User-provided secret containing TLS CA certificate for database server validation. An optional certificate/key when using client certificates can also be provided. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. |
"" |
api.db.tls.verifyMode |
TLS verification modes for connecting to PostgreSQL. Options are disable, require, verify-ca, or verify-full |
require |
api.db.type |
Database type to use with the Developer Portal api service. The database type can be sqlite or psql (for PostgreSQL) |
psql |
api.db.user |
Username to use for PostgreSQL. | nginxdm |
api.image.pullPolicy |
Image pull policy. | IfNotPresent |
api.image.repository |
Repository name and path for the api image. |
api |
api.image.tag |
Tag used for pulling images from registry. | latest |
api.logLevel |
Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug |
info |
api.name |
Set the deployment name of the api. | api |
api.persistence.claims.accessMode |
Claim access mode. Can be ReadWriteOnce or ReadWriteMany |
ReadWriteOnce |
api.persistence.claims.existingClaim |
Enable reuse of an existing claim. | false |
api.persistence.claims.size |
Size of claim to allocate. | 250Mi |
api.persistence.enabled |
Optionally disable persistent storage, used for database data. | true |
api.replicas |
Set the number of API replicas in the deployment. This can be scaled above 1 only when api.db.type is psql. |
1 |
api.resources.requests.cpu |
CPU resource limits to allow for the api pods. |
125m |
api.resources.requests.memory |
Memory resource limits to allow for the api pods. |
128Mi |
api.service.port |
TCP port for the api service to listen on. This port maps to the ACM Environment ServiceTarget Listener port. For example, you may change this to 8443 when running the api with TLS. |
8080 |
api.tls.clientNames |
Common Names of client certificates to allow in a space seperated list. | "" |
api.tls.clientValidation |
Verify client certificates if sent with CA file. | false |
api.tls.secretName |
User provided secret containing TLS certificate/key pair and optional CA when using client certificates. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. |
"" |
apigw.container.port |
TCP port for the pod to listen on. | 80 |
apigw.controlPlane.host |
The ACM control plane IP address or hostname. | 127.0.0.1 |
apigw.controlPlane.instance_group |
The ACM control plane instance_group for this agent to become a member of. | devportal |
apigw.image.pullPolicy |
Image pull policy. | IfNotPresent |
apigw.image.repository |
Repository name and path for the apigw image. |
apigw |
apigw.image.tag |
Tag used for pulling images from the registry. | latest |
apigw.ingress.enabled |
Optionally enable ingress via an Ingress Controller. | false |
apigw.ingress.host |
Host to apply ingress rules to. | localhost |
apigw.name |
Set the deployment name of the API Gateway. | apigw |
apigw.persistence.claims.accessMode |
Claim access mode. Can be ReadWriteOnce or ReadWriteMany |
ReadWriteOnce |
apigw.persistence.claims.existingClaim |
Enable reuse of an existing claim. | false |
apigw.persistence.claims.size |
Size of claim to allocate. | 250Mi |
apigw.persistence.enabled |
Optionally disable persistent storage used for OIDC session data. | true |
apigw.resources.requests.cpu |
CPU resource limits to allow for the apigw pods. |
125m |
apigw.resources.requests.memory |
Memory resource limits to allow for the apigw pods. |
128Mi |
apigw.service.annotations |
Annotations to apply to the apigw service. |
{} |
apigw.service.port |
TCP port for the apigw service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to 443 when running the apigw with TLS. |
80 |
fullnameOverride |
Override the full name of the Developer Portal chart. | devportal |
imagePullSecrets |
List of secrets to use for pulling images. | [] |
nameOverride |
Override the name of the Developer Portal chart. | devportal |
serviceAccount.annotations |
Annotations to apply to the service account. | {} |
serviceAccount.name |
Name of the service account to use. | devportal |