Configurable Helm Settings
This reference guide lists the configurable Helm chart parameters and default settings for the NGINX Management Suite platform and modules.
This documentation applies to NGINX Management Suite Instance Manager 2.5.0 and later.
NGINX Management Suite Helm Chart Settings
The following table lists the configurable parameters and default values for the NGINX Management Suite platform when installing from a Helm chart.
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
| Parameter | Description | Default |
|---|---|---|
nms-hybrid.adminPasswordHash |
The hashed value of the password for the admin user. To generate the hash using openssl, run a command similar to the following example: openssl passwd -1 "YouPassword123#" |
N/A |
nms-hybrid.nmsClickhouse.enabled |
Enable this if external ClickHouse is not used. | true |
nms-hybrid.nmsClickhouse.fullnameOverride |
Modify the name of ClickHouse resources. | clickhouse |
nms-hybrid.nmsClickhouse.image.repository |
Repository name and path public ClickHouse image. | clickhouse/clickhouse-server |
nms-hybrid.nmsClickhouse.image.tag |
Tag used for pulling images from registry. | 21.3.20.1-alpine |
nms-hybrid.nmsClickhouse.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.nmsClickhouse.user |
Username to connect to the ClickHouse server as. | N/A |
nms-hybrid.nmsClickhouse.password |
Password for the ClickHouse server. | N/A |
nms-hybrid.nmsClickhouse.service.name |
ClickHouse service name. | clickhouse |
nms-hybrid.nmsClickhouse.service.rpcPort |
ClickHouse service port. | 9000 |
nms-hybrid.nmsClickhouse.resources.requests.cpu |
Minimum required CPU on a node to run ClickHouse server. | 500m |
nms-hybrid.nmsClickhouse.resources.requests.memory |
Minimum required memory on a node to run ClickHouse server. | 1Gi |
nms-hybrid.nmsClickhouse.persistence.enabled |
Use PVCs to persist ClickHouse data. | true |
nms-hybrid.nmsClickhouse.persistence.existingClaim |
Name of an existing Persistent Volume Claim (PVC) to use for ClickHouse persistence | N/A |
nms-hybrid.nmsClickhouse.persistence.storageClass |
Storage Class to use for creating a ClickHouse PVC | |
nms-hybrid.nmsClickhouse.persistence.volumeName |
Name to use a ClickHouse PVC volume | |
nms-hybrid.nmsClickhouse.persistence.accessMode |
PVC access mode for ClickHouse | ReadWriteOnce |
nms-hybrid.nmsClickhouse.persistence.size |
PVC size ClickHouse | 1G |
nms-hybrid.nmsClickhouse.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.externalClickhouse.address |
Address of external ClickHouse service. | |
nms-hybrid.externalClickhouse.user |
User of external ClickHouse service. | |
nms-hybrid.externalClickhouse.password |
Password of external ClickHouse service. | |
nms-hybrid.serviceAccount.annotations |
Set custom annotations for the service account used by NGINX Management Suite. | {} |
nms-hybrid.apigw.name |
Name used for API Gateway resources. | apigw |
nms-hybrid.apigw.tlsSecret |
By default, this helm chart creates its own Certificate Authority (CA) to self-sign the HTTPS server cert key pairs; these are not managed by NGINX Management Suite. You can bring your own NGINX API Gateway certificates for hosting the HTTPS NGINX Management Suite server by setting “tlsSecret” to an existing Kubernetes secret name in the namespace targeted by the chart. The secret should include tls.crt, tls.key, and ca.pem in the data object. We recommend using a self-provisioned “tlsSecret” for production scenarios.For an example, refer to the “Use your own certificates” section in Common Helm Chart Configurations. |
|
nms-hybrid.apigw.image.repository |
Repository name and path for the apigw image. |
apigw |
nms-hybrid.apigw.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.apigw.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.apigw.container.port.https |
Container HTTPS port. | 443 |
nms-hybrid.apigw.service.name |
Service name. | apigw |
nms-hybrid.apigw.service.httpsPort |
Service HTTPS port. | 443 |
nms-hybrid.apigw.resources.requests.cpu |
Minimum required CPU on a node to run core. |
250m |
nms-hybrid.apigw.resources.requests.memory |
Minimum required memory on a node to run core. |
256Mi |
nms-hybrid.apigw.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.core.name |
Name used for API Gateway resources. | core |
nms-hybrid.core.image.repository |
Repository name and path for the core image. |
core |
nms-hybrid.core.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.core.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.core.container.port.http |
Container HTTP port. | 8033 |
nms-hybrid.core.container.port.db |
Container database port. | 7891 |
nms-hybrid.core.container.port.grpc |
Container gRPC port. | 8038 |
nms-hybrid.core.service.httpPort |
Service HTTPS port. | 8033 |
nms-hybrid.core.service.grpcPort |
Service HTTPS port. | 8038 |
nms-hybrid.core.resources.requests.cpu |
Minimum required CPU on a node to run core. |
500m |
nms-hybrid.core.resources.requests.memory |
Minimum required memory on a node to run core. |
512Mi |
nms-hybrid.core.persistence.enabled |
Enable persistence for core service. |
true |
nms-hybrid.core.persistence.claims |
An array of persistent volume claims for Dqlite and secrets, can be modified to use an existing PVC. | See Dqlite and Secrets |
nms-hybrid.core.persistence.storageClass |
Storage Class to use for creating a core PVC |
|
nms-hybrid.core.persistence.volumeName |
Name to use a core PVC volume |
|
nms-hybrid.core.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.dpm.name |
Name used for dpm. |
dpm |
nms-hybrid.dpm.image.repository |
Repository name and path for the dpm image. |
dpm |
nms-hybrid.dpm.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.dpm.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.dpm.container.port.http |
Container HTTP port. | 8034 |
nms-hybrid.dpm.container.port.nats |
Container database port. | 9100 |
nms-hybrid.dpm.container.port.db |
Container database port. | 7890 |
nms-hybrid.dpm.container.port.grpc |
Container gRPC port. | 8036 |
nms-hybrid.dpm.service.name |
Service name. | nms |
nms-hybrid.dpm.service.httpPort |
Service HTTPS port. | 8034 |
nms-hybrid.dpm.service.grpcPort |
Service HTTPS port. | 8036 |
nms-hybrid.dpm.service.natsPort |
Service HTTPS port. | 9100 |
nms-hybrid.dpm.resources.requests.cpu |
Minimum required CPU on a node to run dpm. |
500m |
nms-hybrid.dpm.resources.requests.memory |
Minimum required memory on a node to run dpm. |
512Mi |
nms-hybrid.dpm.persistence.enabled |
Enable persistence for dpm service. |
true |
nms-hybrid.dpm.persistence.claims |
An array of persistent volume claims for Dqlite and NATS, can be modified to use an existing PVC. | See Dqlite and NATS streaming |
nms-hybrid.dpm.persistence.storageClass |
Storage Class to use for creating a dpm PVC |
|
nms-hybrid.dpm.persistence.volumeName |
Name to use a dpm PVC volume |
|
nms-hybrid.dpm.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.ingestion.name |
Name used for ingestion. |
ingestion |
nms-hybrid.ingestion.image.repository |
Repository name and path for the dpm image. |
ingestion |
nms-hybrid.ingestion.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.ingestion.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.ingestion.replicaCount |
Number of replicas of ingestion to run. |
1 |
nms-hybrid.ingestion.container.port.grpc |
Container HTTP port. | 8035 |
nms-hybrid.ingestion.service.name |
Service name. | nms |
nms-hybrid.ingestion.service.grpcPort |
Service HTTPS port. | 8035 |
nms-hybrid.ingestion.resources.requests.cpu |
Minimum required CPU on a node to run ingestion. |
500m |
nms-hybrid.ingestion.resources.requests.memory |
Minimum required memory on a node to run ingestion. |
512Mi |
nms-hybrid.ingestion.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.integrations.name |
Name used for integrations. |
integrations |
nms-hybrid.integrations.image.repository |
Repository name and path for the integrations image. |
integrations |
nms-hybrid.integrations.image.tag |
Tag used for pulling images from registry. | latest |
nms-hybrid.integrations.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-hybrid.integrations.container.port.http |
Container HTTP port. | 8037 |
nms-hybrid.integrations.container.port.db |
Container database port. | 7892 |
nms-hybrid.integrations.service.name |
Service name. | nms |
nms-hybrid.integrations.service.httpPort |
Service HTTPS port. | 8037 |
nms-hybrid.integrations.resources.requests.cpu |
Minimum required CPU on a node to run integrations. |
500m |
nms-hybrid.integrations.resources.requests.memory |
Minimum required memory on a node to run integrations. |
512Mi |
nms-hybrid.integrations.persistence.enabled |
Enable persistence for integrations service. |
true |
nms-hybrid.integrations.persistence.claims |
An array of persistent volume claims for Dqlite, can be modified to use an existing PVC. | See Dqlite - size is 1Gi |
nms-hybrid.integrations.persistence.storageClass |
Storage Class to use for creating a integrations PVC |
|
nms-hybrid.integrations.persistence.volumeName |
Name to use a integrations PVC volume |
|
nms-hybrid.integrations.tolerations |
List your Kubernetes tolerations, if any | See Kubernetes Taints And Tolerations |
nms-hybrid.nic |
To enable NGINX Ingress Controller Virtual Server | See NGINX Ingress Controller Virtual Server for details |
Instance Manager Dqlite Storage Configuration
- name: dqlite
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce
Instance Manager Secrets Storage Configuration
- name: secrets
existingClaim:
size: 128Mi
accessMode: ReadWriteOnce
Instance Manager NATS Storage Configuration
- name: nats-streaming
existingClaim:
size: 1Gi
accessMode: ReadWriteOnce
Kubernetes Taints and Tolerations
The following example snippet shows a toleration on an Instance Manager APIGW deployment. In this example, Kubernetes will tolerate the “NoExecute” effect for 60 seconds before evicting the pod from the tainted node.
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 60
- key: "node.kubernetes.io/network-unavailable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 60
For more information, refer to the official Kubernetes Taints and Tolerations documentation.
NGINX Ingress Controller Virtual Server
Example snippet to enable a NGINX Ingress Controller Virtual Server with Instance Manager service as an upstream.
nic:
# set to true to configure NGINX Ingress Controller VirtualServer.
enabled: true
# Optional. Defaults to "nms" otherwise.
name: nms
# required
host: hello.example.com
# Optional
httpSnippets:
# Optional
serverSnippets:
# Optional
ingressClassName: nginx
# Optional. A default upstream to NGINX Instance Manager APIGW service is created for you.
# If you have a need to configure other upstreams, list here.
upstreams: []
# Optional
routes:
- path: /
action:
proxy:
upstream: ${NGINX_Instance_Manager_Service_Name}
# Optional
policies: []
API Connectivity Manager Helm Chart Settings
The following table lists the configurable parameters and default values used by the API Connectivity Manager chart when installing from a Helm chart.
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
| Parameter | Description | Default |
|---|---|---|
nms-acm.acm.logLevel |
Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug |
info |
nms-acm.acm.image.repository |
Repository name and path for the acm image. |
acm |
nms-acm.acm.image.tag |
Tag used for pulling images from registry. | latest |
nms-acm.acm.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-acm.acm.container.port.http |
TCP port for the pod to listen on. | 8037 |
nms-acm.acm.container.port.db |
Port to use for Dqlite. | 9300 |
nms-acm.acm.service.httpPort |
TCP port for the service to listen on. | 8037 |
nms-acm.acm.resources.requests.cpu |
CPU resource limits to allow for the acm pods. |
500m |
nms-acm.acm.resources.requests.memory |
Memory resource limits to allow for the api pods. |
512Mi |
nms-acm.acm.persistence.enabled |
Optionally disable persistent storage, used for database data. | true |
nms-acm.acm.persistence.claims |
An array of persistent volume claims, can be modified to use an existing PVC. | See the Dqlite configuration section below. |
nms-acm.acm.devportal.credentials.enabled |
Enables the Create Credentials Endpoint on the Developer Portal | false |
nms-acm.acm.devportal.credentials.ssl |
This should be set to true if mTLS has been configured between ACM and the Developer Portal, for more information see Create Credentials Endpoint on the Developer Portal | false |
nms-acm.acm.devportal.client.caSecret.name |
This should be set if an unknown Certificate Authority is needed for communication with the Developer Portal in order to provide a CA certificate. This should be set to the name of the secret in the release namespace that contains the CA certificate. | Blank |
nms-acm.acm.devportal.client.caSecret.key |
This should be set if an unknown Certificate Authority is needed for communication with the Developer Portal in order to provide a CA certificate. This should be set to the key of the secret in the release namespace that contains the CA certificate. | Blank |
API Connectivity Manager Dqlite Storage Configuration
- name: dqlite
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce
App Delivery Manager Helm Chart Settings
This topic documents an early access feature. These features are provided for you to try before they are generally available. You shouldn't use early access features for production purposes.
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
The following table lists the configurable parameters and default values used by the App Delivery Manager chart when installing from a Helm chart.
| Parameter | Description | Default |
|---|---|---|
nms-adm.adm.logLevel |
Set the log level for the backend API service. The log level can be fatal, error, warning, info, or debug |
info |
nms-adm.adm.image.repository |
Repository name and path for the adm image. |
adm |
nms-adm.adm.image.tag |
Tag used for pulling images from registry. | latest |
nms-adm.adm.image.pullPolicy |
Image pull policy. | IfNotPresent |
nms-adm.adm.container.port.http |
TCP port for the pod to listen on. | 8039 |
nms-adm.adm.container.port.db |
Port to use for Dqlite. | 7811 |
nms-adm.adm.service.httpPort |
TCP port for the service to listen on. | 8039 |
nms-adm.adm.resources.requests.cpu |
CPU resource limits to allow for the adm pods. |
500m |
nms-adm.adm.resources.requests.memory |
Memory resource limits to allow for the api pods. |
512Mi |
nms-adm.adm.persistence.enabled |
Optionally disable persistent storage, used for database data. | true |
nms-adm.adm.persistence.claims |
An array of persistent volume claims, can be modified to use an existing PVC. | See Dqlite and Templates. |
App Delivery Manager Dqlite Configuration
- name: dqlite
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce
App Delivery Manager Templates Configuration
The following volume persists the App Delivery Manager templates' directories and preserves the new files a user may add to the templates directory.
- name: templates
existingClaim:
size: 500Mi
accessMode: ReadWriteOnce