Configurable Helm Settings

This reference guide lists the configurable Helm chart parameters and default settings for the NGINX Management Suite platform and modules.


This documentation applies to NGINX Management Suite Instance Manager 2.5.0 and later.


NGINX Management Suite Helm Chart Settings

The following table lists the configurable parameters and default values for the NGINX Management Suite platform when installing from a Helm chart.

To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.

Parameter Description Default
nms-hybrid.adminPasswordHash The hashed value of the password for the admin user.
To generate the hash using openssl, run a command similar to the following example: openssl passwd -1 "YouPassword123#"
N/A
nms-hybrid.nmsClickhouse.enabled Enable this if external ClickHouse is not used. true
nms-hybrid.nmsClickhouse.fullnameOverride Modify the name of ClickHouse resources. clickhouse
nms-hybrid.nmsClickhouse.image.repository Repository name and path public ClickHouse image. clickhouse/clickhouse-server
nms-hybrid.nmsClickhouse.image.tag Tag used for pulling images from registry. 21.3.20.1-alpine
nms-hybrid.nmsClickhouse.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.nmsClickhouse.user Username to connect to the nms ClickHouse server as. N/A
nms-hybrid.nmsClickhouse.password Password for nms ClickHouse server. N/A
nms-hybrid.nmsClickhouse.service.name ClickHouse service name. clickhouse
nms-hybrid.nmsClickhouse.service.rpcPort ClickHouse service port. 9000
nms-hybrid.nmsClickhouse.resources.requests.cpu Minimum required CPU on a node to run ClickHouse server. 500m
nms-hybrid.nmsClickhouse.resources.requests.memory Minimum required memory on a node to run ClickHouse server. 1Gi
nms-hybrid.nmsClickhouse.persistence.enabled Use PVCs to persist ClickHouse data. true
nms-hybrid.nmsClickhouse.persistence.existingClaim Name of an existing Persistent Volume Claim (PVC) to use for ClickHouse persistence N/A
nms-hybrid.nmsClickhouse.persistence.storageClass Storage Class to use for creating a ClickHouse PVC
nms-hybrid.nmsClickhouse.persistence.volumeName Name to use a ClickHouse PVC volume
nms-hybrid.nmsClickhouse.persistence.accessMode PVC access mode for ClickHouse ReadWriteOnce
nms-hybrid.nmsClickhouse.persistence.size PVC size ClickHouse 1G
nms-hybrid.externalClickhouse.address Address of external ClickHouse service.
nms-hybrid.externalClickhouse.user User of external ClickHouse service.
nms-hybrid.externalClickhouse.password Password of external ClickHouse service.
nms-hybrid.serviceAccount.annotations Set custom annotations for the service account used by NMS. {}
nms-hybrid.apigw.name Name used for API Gateway resources. apigw
nms-hybrid.apigw.tlsSecret To bring your own NGINX API Gateway certificates for hosting HTTPS NMS server, set “tlsSecret” to an existing kubernetes secret name in the same namespace as the chart. We recommend to set “tlsSecret” for production use case to manage certs. By default, this helm chart creates it’s own CA to self-sign HTTPS server cert key pair. These are not managed.
nms-hybrid.apigw.image.repository Repository name and path for the apigw image. apigw
nms-hybrid.apigw.image.tag Tag used for pulling images from registry. latest
nms-hybrid.apigw.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.apigw.container.port.https Container https port. 443
nms-hybrid.apigw.service.name Service name. apigw
nms-hybrid.apigw.service.httpsPort Service https port. 443
nms-hybrid.apigw.resources.requests.cpu Minimum required CPU on a node to run core. 250m
nms-hybrid.apigw.resources.requests.memory Minimum required memory on a node to run core. 256Mi
nms-hybrid.core.name Name used for API Gateway resources. core
nms-hybrid.core.image.repository Repository name and path for the core image. core
nms-hybrid.core.image.tag Tag used for pulling images from registry. latest
nms-hybrid.core.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.core.container.port.http Container http port. 8033
nms-hybrid.core.container.port.db Container database port. 7891
nms-hybrid.core.container.port.grpc Container grpc port. 8038
nms-hybrid.core.service.httpPort Service https port. 8033
nms-hybrid.core.service.grpcPort Service https port. 8038
nms-hybrid.core.resources.requests.cpu Minimum required CPU on a node to run core. 500m
nms-hybrid.core.resources.requests.memory Minimum required memory on a node to run core. 512Mi
nms-hybrid.core.persistence.enabled Enable persistence for core service. true
nms-hybrid.core.persistence.claims An array of persistent volume claims for Dqlite and secrets, can be modified to use an existing PVC. See Dqlite and Secrets
nms-hybrid.core.persistence.storageClass Storage Class to use for creating a core PVC
nms-hybrid.core.persistence.volumeName Name to use a core PVC volume
nms-hybrid.dpm.name Name used for dpm. dpm
nms-hybrid.dpm.image.repository Repository name and path for the dpm image. dpm
nms-hybrid.dpm.image.tag Tag used for pulling images from registry. latest
nms-hybrid.dpm.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.dpm.container.port.http Container http port. 8034
nms-hybrid.dpm.container.port.nats Container database port. 9100
nms-hybrid.dpm.container.port.db Container database port. 7890
nms-hybrid.dpm.container.port.grpc Container grpc port. 8036
nms-hybrid.dpm.service.name Service name. nms
nms-hybrid.dpm.service.httpPort Service https port. 8034
nms-hybrid.dpm.service.grpcPort Service https port. 8036
nms-hybrid.dpm.service.natsPort Service https port. 9100
nms-hybrid.dpm.resources.requests.cpu Minimum required CPU on a node to run dpm. 500m
nms-hybrid.dpm.resources.requests.memory Minimum required memory on a node to run dpm. 512Mi
nms-hybrid.dpm.persistence.enabled Enable persistence for dpm service. true
nms-hybrid.dpm.persistence.claims An array of persistent volume claims for Dqlite and NATS, can be modified to use an existing PVC. See Dqlite and NATS streaming
nms-hybrid.dpm.persistence.storageClass Storage Class to use for creating a dpm PVC
nms-hybrid.dpm.persistence.volumeName Name to use a dpm PVC volume
nms-hybrid.ingestion.name Name used for ingestion. ingestion
nms-hybrid.ingestion.image.repository Repository name and path for the dpm image. ingestion
nms-hybrid.ingestion.image.tag Tag used for pulling images from registry. latest
nms-hybrid.ingestion.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.ingestion.replicaCount Number of replicas of ingestion to run. 1
nms-hybrid.ingestion.container.port.grpc Container http port. 8035
nms-hybrid.ingestion.service.name Service name. nms
nms-hybrid.ingestion.service.grpcPort Service https port. 8035
nms-hybrid.ingestion.resources.requests.cpu Minimum required CPU on a node to run ingestion. 500m
nms-hybrid.ingestion.resources.requests.memory Minimum required memory on a node to run ingestion. 512Mi
nms-hybrid.integrations.name Name used for integrations. integrations
nms-hybrid.integrations.image.repository Repository name and path for the integrations image. integrations
nms-hybrid.integrations.image.tag Tag used for pulling images from registry. latest
nms-hybrid.integrations.image.pullPolicy Image pull policy. IfNotPresent
nms-hybrid.integrations.container.port.http Container http port. 8037
nms-hybrid.integrations.container.port.db Container database port. 7892
nms-hybrid.integrations.service.name Service name. nms
nms-hybrid.integrations.service.httpPort Service https port. 8037
nms-hybrid.integrations.resources.requests.cpu Minimum required CPU on a node to run integrations. 500m
nms-hybrid.integrations.resources.requests.memory Minimum required memory on a node to run integrations. 512Mi
nms-hybrid.integrations.persistence.enabled Enable persistence for integrations service. true
nms-hybrid.integrations.persistence.claims An array of persistent volume claims for Dqlite, can be modified to use an existing PVC. See Dqlite - size is 1Gi
nms-hybrid.integrations.persistence.storageClass Storage Class to use for creating a integrations PVC
nms-hybrid.integrations.persistence.volumeName Name to use a integrations PVC volume
NIM Dqlite storage configuration
  - name: dqlite
    existingClaim:
    size: 500Mi
    accessMode: ReadWriteOnce
NIM Secrets storage configuration
  - name: secrets
    existingClaim:
    size: 128Mi
    accessMode: ReadWriteOnce
NIM NATS storage configuration
  - name: nats-streaming
    existingClaim:
    size: 1Gi
    accessMode: ReadWriteOnce


API Connectivity Manager Helm Chart Settings

To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.

The following table lists the configurable parameters and default values used by the API Connectivity Manager chart when installing from a Helm chart.

Parameter Description Default
nms-acm.acm.logLevel Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug info
nms-acm.acm.image.repository Repository name and path for the acm image. acm
nms-acm.acm.image.tag Tag used for pulling images from registry. latest
nms-acm.acm.image.pullPolicy Image pull policy. IfNotPresent
nms-acm.acm.container.port.http TCP port for the pod to listen on. 8037
nms-acm.acm.container.port.db Port to use for Dqlite. 9300
nms-acm.acm.service.httpPort TCP port for the service to listen on. 8037
nms-acm.acm.resources.requests.cpu CPU resource limits to allow for the acm pods. 500m
nms-acm.acm.resources.requests.memory Memory resource limits to allow for the api pods. 512Mi
nms-acm.acm.persistence.enabled Optionally disable persistent storage, used for database data. true
nms-acm.acm.persistence.claims An array of persistent volume claims, can be modified to use an existing PVC. See Dqlite(#dqlite-configuration)
nms-acm.acm.devportal.credentials.enabled Enables the Create Credentials Endpoint on the Developer Portal false
nms-acm.acm.devportal.credentials.ssl This should be set to true if mTLS has been configured between ACM and the Developer Portal, for more information see Create Credentials Endpoint on the Developer Portal false
nms-acm.acm.devportal.client.caSecret.name This should be set if an unknown Certificate Authority is needed for communication with the Devloper Portal in order to provide a CA certificate. This should be set to the name of the secret in the release namespace that contains the CA certificate. ``
nms-acm.acm.devportal.client.caSecret.key This should be set if an unknown Certificate Authority is needed for communication with the Devloper Portal in order to provide a CA certificate. This should be set to the key of the secret in the release namespace that contains the CA certificate. ``
ACM Dqlite configuration
  - name: dqlite
    existingClaim:
    size: 500Mi
    accessMode: ReadWriteOnce


Developer Portal Helm Chart Settings

The values.yaml file within the nginx-devportal Helm chart contains the deployment configuration for the Developer Portal.

You can update these fields directly in the values.yaml file or by specifying the --set flag when running helm install.

To modify a configuration for an existing release, run the helm upgrade command and use the --set flag or -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.

The following table lists the configurable parameters and default values used by the Developer Portal chart when installing from a Helm chart.

Parameter Description Default
api.acm.client.caSecret.name This secret can be used in order to provide a custom CA certificate when communicating from ACM to the Developer Portal via a TLS secured http connection. This should be set to the name of the secret in the release namespace that contains the CA certificate. ""
api.acm.client.caSecret.key Key used in the secret to specify the CA file content (to add multiple certificates, chain them into one file). ""
api.container.port TCP port for the pod to listen on. 8080
api.db.external PostgreSQL server can be external. false
api.db.host PostgreSQL server to use; defaults to the internal deployment service name. postgres.devportal.svc
api.db.name Database schema name to use. devportal
api.db.pass Password to use for PostgreSQL. nginxdm
api.db.port Port to use for PostgreSQL. If api.db.external is true, the port PostgreSQL is listening on. If api.db.external is false, the port the internal PostgreSQL should listen on. 5432
api.db.tls.secretName User-provided secret containing TLS CA certificate for database server validation. An optional certificate/key when using client certificates can also be provided. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. ""
api.db.tls.verifyMode TLS verification modes for connecting to PostgreSQL. Options are disable, require, verify-ca, or verify-full require
api.db.type Database type to use with the Developer Portal api service. The database type can be sqlite or psql (for PostgreSQL) psql
api.db.user Username to use for PostgreSQL. nginxdm
api.image.pullPolicy Image pull policy. IfNotPresent
api.image.repository Repository name and path for the api image. api
api.image.tag Tag used for pulling images from registry. latest
api.logLevel Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug info
api.name Set the deployment name of the api. api
api.persistence.claims.accessMode Claim access mode. Can be ReadWriteOnce or ReadWriteMany ReadWriteOnce
api.persistence.claims.existingClaim Enable reuse of an existing claim. false
api.persistence.claims.size Size of claim to allocate. 250Mi
api.persistence.enabled Optionally disable persistent storage, used for database data. true
api.replicas Set the number of API replicas in the deployment. This can be scaled above 1 only when api.db.type is psql. 1
api.resources.requests.cpu CPU resource limits to allow for the api pods. 125m
api.resources.requests.memory Memory resource limits to allow for the api pods. 128Mi
api.service.port TCP port for the api service to listen on. This port maps to the ACM Environment ServiceTarget Listener port. For example, you may change this to 8443 when running the api with TLS. 8080
api.tls.clientNames Common Names of client certificates to allow in a space seperated list. ""
api.tls.clientValidation Verify client certificates if sent with CA file. false
api.tls.secretName User provided secret containing TLS certificate/key pair and optional CA when using client certificates. Values are tls.crt, tls.key, and ca.crt. If you provide just the TLS certificate/key pair, a kubernetes.io/tls will suffice; otherwise, an opaque secret can be used. ""
apigw.container.port TCP port for the pod to listen on. 80
apigw.controlPlane.host The ACM control plane IP address or hostname. 127.0.0.1
apigw.controlPlane.instance_group The ACM control plane instance_group for this agent to become a member of. devportal
apigw.image.pullPolicy Image pull policy. IfNotPresent
apigw.image.repository Repository name and path for the apigw image. apigw
apigw.image.tag Tag used for pulling images from the registry. latest
apigw.ingress.enabled Optionally enable ingress via an Ingress Controller. false
apigw.ingress.host Host to apply ingress rules to. localhost
apigw.name Set the deployment name of the API Gateway. apigw
apigw.persistence.claims.accessMode Claim access mode. Can be ReadWriteOnce or ReadWriteMany ReadWriteOnce
apigw.persistence.claims.existingClaim Enable reuse of an existing claim. false
apigw.persistence.claims.size Size of claim to allocate. 250Mi
apigw.persistence.enabled Optionally disable persistent storage used for OIDC session data. true
apigw.resources.requests.cpu CPU resource limits to allow for the apigw pods. 125m
apigw.resources.requests.memory Memory resource limits to allow for the apigw pods. 128Mi
apigw.service.annotations Annotations to apply to the apigw service. {}
apigw.service.port TCP port for the apigw service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to 443 when running the apigw with TLS. 80
fullnameOverride Override the full name of the Developer Portal chart. devportal
imagePullSecrets List of secrets to use for pulling images. []
nameOverride Override the name of the Developer Portal chart. devportal
serviceAccount.annotations Annotations to apply to the service account. {}
serviceAccount.name Name of the service account to use. devportal